karolszafranski.info

Linux geekiness taken professionally

Personal security policy

Notes on what I've done to make sure I am safe from digital threats

Organizations I've worked for spent substantial time, money and effort on building, implemnting and enforcing various security policies. This is a standard in today's business, and since the businesses in most cases rely on IT completely, usually these policies are IT-centric.

Looking at all these policies, being abide by them, helping with testing and deployment of tools and processes around them I've come across an important question.
Both my professional and private life is dependent on IT. Emails, documents, photos, contacts, music, scripts... they may get lost, stolen or damaged. I may become a victim of malware, phishing or identity theft. My privacy is at constant risk as I use digital money, websites I visit profile me and http traffic is easy to wiretap. What should I do to be sure I can sleep in calm?

Am I doing all the right things to protect the digital part of my life?

This question imediately triggered a whole bunch of others. What exactly I want to protect? Against what threats? What is my data and where it is? How should I protect it? Will I need some extra tools? Will it be inconvenient to use them? Do I need to spend money? Do I need to give up something? I realized that this issue could not be addressed by one rule to follow or one piece of software to install, fire up and forget. And so after several approaches to the text editor I compiled up the list of the most important stuff. Is your list similar?

DATA:

Critical data - I need to make sure they are never lost and they are never accessed by an unauthorized party:
My ID documents, birth certificate, school diplomas, tax related documents, medical data, email, passwords, private keys, IM archives, personal notes and documents. SMS and contacts stored on the phone.

Other data I find sensitive or important:
web searches, full configuration of my systems

Worth backing up:
All data on hard disks

RISKS:

I may lose my data
Someone may get access to my data and use it agaist me

Even if some things changed since April 2000, still security is a process. I've taken various steps to address the above in a consistent and effective manner. I wanted all my efforts to be consistent, work as a whole and cover as much areas as possible. I gave them one common name.

Personal security policy

A general set of guidelines and rules I decided to follow to protect myself.

Physical domain

Yes, protection of my digital self starts with physical objects.

Digital domain


Disclaimer: All the above suggestions cover my personal case. They are based on my needs, my views and habits. They may be helpful or inspiring for you (and I publish them hoping they will be!) but my answers to the questions above may be wrong or just completely different than yours. You may have to ask yourself completely different set of questions. My solutions may be incomplete, flawed or not suit you.
Do your homework. Think carefully, do your own research, know the tools you use before you trust your digital self on them. Testing, learning and cracking through new systems or software is easy and safe using virtualization.