Make no mistake: Professional and state-sponsored cybercriminals are trying to compromise your identity -- either at home, to steal your money; or at work, to steal your employer’s money, sensitive data, or intellectual property.
Most users know the basics of computer privacy and safety when using the internet, including running HTTPS and two-factor authentication whenever possible, and checking haveibeenpwned.com to verify whether their email addresses or user names and passwords have been compromised by a known attack.
But these days, computer users should go well beyond tightening their social media account settings. The security elite run a variety of programs, tools, and specialized hardware to ensure their privacy and security is as strong as it can be. Here, we take a look at this set of tools, beginning with those that provide the broadest security coverage down to each specific application for a particular purpose. Use any, or all, of these tools to protect your privacy and have the best computer security possible.
Everything starts with a secure device
Good computer security starts with a verified secure device, including safe hardware and a verified and intended boot experience. If either can be manipulated, there is no way higher-level applications can be trusted, no matter how bulletproof their code.
Enter the Trusted Computing Group. Supported by the likes of IBM, Intel, Microsoft, and others, TCG has been instrumental in the creation of open, standard-based secure computing devices and boot pathways, the most popular of which are the Trusted Platform Module (TPM) chip and self-encrypting hard drives. Your secure computing experience begins with TPM.
TPM. The TPM chip provides secure cryptographic functions and storage. It stores trusted measurements and private keys of higher-level processes, enabling encryption keys to be stored in the most secure manner possible for general-purpose computers. With TPM, computers can verify their own boot processes, from the firmware level up. Almost all PC manufacturers offer models with TPM chips. If your privacy is paramount, you’ll want to ensure the device you use has an enabled TPM chip.
UEFI. Universal Extensible Firmware Interface is an open standards firmware specification that replaces the far less secure BIOS firmware chips. When enabled, UEFI 2.3.1 and later allow device manufacturers to “lock” in the device’s originating firmware instructions; any future updates must be signed and validated in order to update the firmware. BIOS, on the other hand, can be corrupted with a minimum number of malicious bytes to “brick” the system and make it unusable until sent back to the manufacturer. Without UEFI, sophisticated malicious code can be installed to bypass all your OS’s security protections.
Unfortunately, there is no way to convert from BIOS to UEFI, if that’s what you have.
Sign up for CIO Asia eNewsletters.