Information Security Basics

We get some questions on information security from time to time. Here are some tools for people that may need this info. You typically only need this information if you are at risk while overseas. Here are a few industry secure best practices:

VPN

Always use a VPN if you need to communicate securely. Virtual Private Networks are a way of masking where you are in the world. NordVPN is solid, unless you’re tech savvy then roll your own using Streisand.

Secure Email

For secure email, we recommend LavaBit. Edward Snowden used this when circumventing the NSA in 2013. It may not be as easy to use as Gmail, but it is very secure. For the advanced user, we also recommend using PGP keys along side LavaBit.

Password Manager

Use a Password manager so you can have very complex passwords without having to remember them. 1Password is the best.

Messaging Apps

Use end-to-end encryption messaging services if you must use a messaging app. Signal is currently considered best practice. However tread carefully in this department. The most secure messaging apps tend to change every 6 months because governments tend to circumvent their security protocols.

Two-Factor Authentication

Always use 2FA for all your logins, and never use SMS for 2 Factor Auth. Mobile SMS is insecure because it can be compromised on the cell phone provider side through SIM Jacking and is actually more common than you think. For 2FA Google Authenticator for iOS and Google Authenticator for Android to secure your logins.

Cloud Storage

And finally don't ever use the cloud for storage if it's something sensitive. A cloud is just someone else’s computer. Don’t use Google Drive, don’t use Dropbox for secure information. Always use local drives, and we recommend some form of encryption on your local hard drive.