Guest blog post: Protecting yourself online
The majority of professionals love technology. It makes not only your personal life easier, but running your small business or CPA firm, too. But when is too much technology just too much? Sageworks asked Don West, a member of the AICPA’s Information Management and Technology Assurance Section’s CITP Credential Committee the best ways to protect one’s self and business online.
– – –
Guest blog post, written by Don West, CPA.CITP.
What were you doing at 7:32 p.m. on April 23, 2011? Chances are that Google, Facebook, Microsoft, Apple, your phone company and your Internet Service Provider know. If you share a computer, all of the other users may know. Your employer may know. As will the government, if it so chooses. And if this isn’t enough, they may even know where you were when you were doing it.
Is this a problem? Well, that depends. Do you like getting bombarded with online ads and email obviously based on your recent surfing habits? Are you researching that perfect gift for your wife or husband, or planning a big surprise party? Perhaps you are pregnant or researching medical symptoms and don’t want anyone to know?
Do you have relatives, friends or co-workers in Ukraine, China or any of the other dozens of perceived dangerous places? Is your business involved in sensitive negotiations, competitive bidding or research? Do you bank online?
Activities such as these are being compromised every day. Luckily there are some things you can do about it.
1. Share less! Think before you post, or sign up for something online. Never give more information than you have to.
2. Use an alternate search engine. Google tracks and warehouses all of your searches. Duck Duck Go doesn’t, and there are several others like it. Startpage Web Search redirects your searches to Google, but only after scrubbing your identifying data to prevent it from being tracked.
3. Use a Virtual Private Network. A VPN is an encrypted connection to another PC or server. This secures your data and disguises your location. TorGuard is one of many options. For a few dollars a month you can make it look as if you are in any of dozens of countries where they have servers. You can do it on one PC or laptop or on a router for multiple users.
4. TOR or The Onion Router is a free, open source VPN solution. TOR randomly routes you through multiple TOR routers, disguising your network address along the way. It also provides access to the Dark Web, where you can use anonymous email and a variety of other tools to protect your privacy.
5. Use a Known Good Computer, or Live CD, such as the Air Force’s Lightweight Portable Security. This is a Linux operating system that boots from a CD. It looks very much like a Windows desktop and comes with Firefox. The beauty of it is that it cannot be infected because it is a write-only CD. Every time you reboot it’s the exact same, secure platform. TAILS, The Amnesic Incognito Live System, is a live CD that only uses TOR for networking, providing a user with both anonymity and security. And similar to the Air Force LPS, it’s free.
6. Use multiple computers for different purposes. Repurpose a retired PC with Linux and fire up several virtual PCs. Use one for shopping, one for watching videos and so on. If one gets corrupted, delete it and bring up a new one.
Sharing less means there is less to know about you online. Using a “no track” search engine means you leave fewer crumbs on your trail. VPNs give you encryption and a level of anonymity. Moreover, Known Good Computers, or Live CDs, such as the Air Force’s Lightweight portable security computer, offer the end user a secure platform that is not vulnerable to infection. Of course, these options come with some drawbacks. Duck Duck Go isn’t as good as Google yet. VPNs are slower and live CDs are a little more work. You have to decide what is right for you. Most of all remember that none of these magically guarantees your security. They just might help though.
Don West, CPA.CITP. Don is a member of the Information Management and Technology Assurance Section’s CITP Credential Committee. He has more than 40 years of experience in project management and information systems and is currently an independent cyber security and business objects consultant. Don graduated from the University of South Carolina. He is also a CPA Ambassador and CITP Champion.