Sep
24

Your Cyber Security Strategy is No Match for the NSA, According to New Leaks

Your Cyber Security Strategy is No Match for the NSA, According to New Leaks

September 24
By

The sensitive nature of corporate data means your IT systems are always in some level of jeopardy. If you’ve been keeping up with the IT news cycle, you know that the NSA may very well be the biggest threat to your informational assets. Yep. The gang at America’s number one spy agency are at it again, and this time, they’ve cooked up schemes to circumvent your cyber security technology.

According to a report published by The New York Times, the NSA has discovered a way to break several, if not all of the encryption technologies companies use to safeguard their data from cybercriminals. While the report cited organizations involved in the banking, global commerce, and medical fields as potential targets of the agency’s efforts, these entities are using the same encryption standards used by many businesses across multiple industries. So if they can break down the encrypted walls of high-profile financial institutions, they can probably bypass whatever you use to keep prying eyes from meddling in your business.

But there’s more. Apparently this isn’t something the agency thought up in 2013, 2012, 2011 or anything that can be remotely considered recent. The report claims that the NSA has poured major funds to the tune of $250 million this year alone into the project it’s been hammering out since 2000. So how did they do it? They supposedly used a mix of supercomputers, court orders (bully tactics), and the back doors similar to those hackers use to compromise information systems. These beans were spilled by former NSA employee Edward Snowden, who blew the whistle on the agency’s efforts to spy on phone records this past spring.

Strengthening the Wall Around Your Data

Should the latest NSA data scandal have you worried about the privacy and security of your information? I don’t know about all that, but the mere thought of these guys playing around with tools that can plow right through your protective shield is unsettling enough. And who’s to say that the real bad guys can’t get a hold of these encryption secrets and use them for their own malicious motives? Snowden already flew the coupe, what if another NSA worker goes rogue?

You never know who’s trying to get at your data. Therefore, the best thing you can do is approach the issue of cyber security with a trust no one mentality. Be suspicious of everyone and take every measure you can to keep your systems under lock. Here are some tips:

Stick with encryption. Tossing your encryption program out the window just because you heard NSA is on the prowl is probably the worst thing you can do. Without it, you’re pretty much an idle duck. There’s PGP and GPG for email communications, for disk encryption there’s Folder Lock and CryptoForge, and for web connections there’s protocols like Secure Sockets Layer (SSL) and Secure Shell (SSH). Until something better comes along, encryption is always your best bet.

Mask your network. Anonymous networks like Tor aren’t foolproof, nothing is really, but they do make you a lot harder to find. I heard about this toolkit called The Amnesic Incognito Live System or TAILS, that might come in handy. Apparently it’s a live operating system, a Linux distribution actually, that bundles software like Tor, encryption apps, and various other tools to ensure better privacy and anonymity for your network activities. Take caution, though, because I’ve noticed that security holes have been reported in older versions of TAILS.

Don’t forget the cloud. Most cloud service providers implement their own security measures, but since this section is about traveling that extra mile, I’m gonna recommend throwing on an extra lock or two. Boxcryptor is turning heads as one of the best cloud encryption solutions on the market. It’s got great reviews in the major app stores and praise by some pretty high profile clients. The most advanced protection will cost you around $100 bucks a year, but the software is compatible with all popular operating systems, mobile included, and supports cloud services like Dropbox, Google Drive, SkyDrive, and many others.

I hear that using encryption tools from other countries could possibly provide better protection since the NSA has been focusing the bulk of its efforts on local systems, but even if that were true, that whole aspect might be moot by now. The NYT report claimed that the agency is already sharing these secrets with some of its international partners. That list is said to include Australia, Britain, Canada, and New Zealand, who along with the U.S., make up the so-called “Five Eyes”. I don’t wanna speculate about what could happen should America have a falling out with some of its allies, but I think this whole ordeal warrants getting super duper serial (serious) with your cyber security plans.

Studying up on cyber-security? Learn how image-based backups can amp your cyber-security

Photo Credit: Rob Unreall via Compfight cc

[cf]skyword_tracking_tag[/cf]