Upgrade your security in 10 minutes

The text of a 10-minute talk first given to donut-js in November 2016. Here’s a .pdf of the presentation

Where do we start?

Normally, when we talk about security, we have to start with a discussion of a ‘threat model’

‘Threat Model’?

A threat model helps us decide which security measures to use, taking into account:

  • likelihood of attack
  • cost of a successful attack
  • reduction of likelihood given a countermeasure
  • cost of a countermeasure

We won’t be doing that in 10 minutes!

That’s okay, because the countermeasures here are all cheap!

  • Fast setup
  • no $$$ cost
  • no added hassle to doing ‘stuff’ online

Top 5 things to do

  1. Secure your email
  2. Effective Ad-Blocking
  3. (Windows) Automatic updates!
  4. Signal for secure conversations
  5. Secure your other services

1. Use ‘2-factor Authentication’ for email

Why: if someone accesses your email, they can probably get access to everything else

How: for Gmail, you’ll enable 2-factor Authentication, and install the ‘authenticator’ app on your phone.

2. Effective Ad-Blocking

Why: Beyond sites becoming readable, ads are the primary vector for privacy and security problems

How: Switch to Chrome or Firefox and install uBlock Origin

3. (Windows) Update and use Microsoft Antivirus

Why: Most attacks on computer secure target Windows PC’s that are not fully up-to-date

How: A great guide is at decentsecurity.com, but in general:
* upgrade to windows 7 or higher
* use included “Windows Defender”
* enable automatic updates

4. Signal for secure conversations

Why: In a conversation via email or social media, all your security is worthless if the other person has been hacked

How: Search your app store for Signal and use it when you want your conversation to be private

5. 2-factor authorization for other services

Why: Once your email is secure, time to make sure no one can access your Facebook, Twitter, LinkedIn, etc without your permission!

How: A few services only have 2-factor login, including Snapchat and Squarecash, for others Google ‘enable 2 factor authentication on [social network]’

What’s next?

  • check out the EFF guides for different security needs with much better explanation of the how’s and why’s of each of these steps
  • Toby offers security consults to do some personalized threat modeling. These consultations are free if you’re a political activist or fear being targeted by hate groups.

2 thoughts on “Upgrade your security in 10 minutes”

Leave a Reply

Your email address will not be published.