Here are some basic tips to consider when thinking about your own digital security.
Knowledge is Power Anchor link
Good security decisions begin with having proper knowledge about your own situation. To start, ask yourself the following questions:
- What do I want to protect?
- Who do I want to protect it from?
- How likely is it that I’ll need to protect it?
- How bad are the consequences if I fail?
- How much trouble am I willing to go through to try to prevent potential consequences?
The Weakest Link Anchor link
The old adage that “a chain is only as strong as its weakest link” applies to security too. For example, the best door lock is of no use if you have cheap window latches. Similarly, encrypting your email so it won't get intercepted in transit won't protect the confidentiality of that email if you store an unencrypted copy on your laptop and your laptop is stolen. Think about every part of your information and computer use and try to identify any weak links in your digital security practices.
Simpler is Safer and Easier Anchor link
Some people are tempted by every shiny, new security solution they hear about. But soon they find themselves using so many tools, and trying so many things, that they can’t keep them all straight! Having a complex security system makes it harder to identify the weak links. So keep it simple. Sometimes the safest solution may be the least technical solution. Computers can be great for many things, but sometimes the security issues of a simple pen and notepaper can be easier to understand, and therefore easier to manage.
More Expensive Doesn't Mean More Secure Anchor link
Don't assume that the most expensive security solution is the best; especially if it takes away resources needed elsewhere. Low-cost measures like shredding trash before leaving it on the curb can give you lots of bang for your security buck.
It's Okay To Trust Someone (But Always Know Who You're Trusting) Anchor link
Computer security advice can end up sounding like you should trust absolutely no one but yourself. In the real world, you almost certainly trust plenty of people with at least some of your information, from your close family or companion to your doctor or lawyer. What's tricky in the digital space is understanding who you are trusting, and with what. You might give a list of passwords to your lawyers: but you should think about what power that might give them—or how easily a bad actor could then access your passwords. You might write documents in a cloud service like Dropbox or Google that are only for you: but you're also letting Dropbox and Google access them too. Online or offline, the fewer people you share a secret with, the better chance you have of keeping it private.
There is No One Perfect Security Plan Anchor link
Make a security plan that works for you, and for the risks you face, and for the implementation steps you and your colleagues will take. A perfect security plan on paper won't work if it's too difficult to follow day-to-day.
What's Secure Today May Not Be Secure Tomorrow Anchor link
It is crucially important to continually re-evaluate your security practices. Just because they were secure last year or last week doesn't mean they're still secure! Keep checking sites like SSD, because we will update our advice to reflect changes in our understanding and the realities of digital security. Remember: security is a continual process.