Building a Digital Fortress

Mounting your Defense

Sam Jadali
9 min readDec 14, 2018

When it comes to technology, there is nothing more important than self-preservation. Developed and developing societies are increasing their dependence on technology but with increased digitization comes increased security risks. The general population is willing to offer information about themselves for free access to applications and websites without hesitation. A prime example of the implications that a data breach could have on one’s life is the Ashley Madison hack.

Ashley Madison is a website that promotes marriage infidelity with most of its users being married men. All of Ashley Madison’s users’ information was stolen during this hack causing real-world consequences and upending the lives of thousands. Case in point, the malicious acquisition of personal information has repercussions.

Although security measures may lag behind current technology, there are resources and specific preventative methods available to bolster security and build a personal digital fortress.

Two-Factor Authentication

Two-Factor Authentication, generally referred to as 2FA, is a multi-step verification process that requires an individual who is trying to access an account to provide an additional piece of information along with a username and password. 2FA enhances protection against keylogging which is the act of recording keystrokes and is a way for hackers to obtain login information. Typically the second form of verification is retrieved from a device that is only accessible to the account holder, such as a cell phone (SMS), an email account, a two-factor authenticator app or a hardware authentication device.

The use of two-factor authentication is commonplace now and is available on most account-based services such as email, social media accounts, cloud service, and many others. When setting up an account, check if 2FA verification is available, usually in the security settings: if possible, add this additional layer of security.

There are multiple devices one can use to authorize a login using 2FA and most of them supply a code for verification. For simplicity, many people choose SMS (text) messaging or an email to receive a 2FA code. Either method works, however, loss of one’s phone or email account can compromise account accessibility and personal information. I recommend using a hardware authentication devices such as the Yubikey.

Another potential mechanism is the use of a two-factor authenticator application on a smartphone or smart device. Time-based One-time Password (TOTP) is a conventional algorithm used by authenticator applications and supplies a one-time code that expires after a particular duration. Some apps may sync with a smartwatch granting further access to the user and also hackers. Other points of vulnerability include mobile device loss or a SIM card breach. Side note: SIM cards can be secured by setting up a password.

The most secure 2FA option is the use of a hardware key. Hardware keys are physical devices that attach directly to a computer. Some hardware keys have a touch-sensitive region to trigger its activation. Following successful username and password entry, the user is prompted to insert the key into the computer. The downside of using a hardware key is that they may be stolen or lost, resulting in account inaccessibility. All 2FA security measures have points of weakness, and the best mechanism for an individual depends on the level of risk they feel is most acceptable.

Password Protection

A synergistic approach to protect account access along with two-factor authentication is the use of password protection software. There is software specifically designed to encrypt passwords and monitor accounts for unwanted access. Other features may include dark web monitoring, document specific encryption, private information encryption and a variety of other features specifically offered by the company or plan used.

Disk Encryption

The act of encrypting information into unreadable code is called disk encryption. Android and iPhones have disk encryption by default. Many computer operating systems (OS) such as OS X (iOS), Windows and Linux have this feature, but it may need to be manually enabled.

To find the encryption status of FileVault, for example, on a Mac operating system or macOS: go to the top left corner of your screen and click on the apple icon. Select the System Preferences tab. Once the System Preferences window is visible, click the on Security & Privacy icon. The Security & Privacy window has multiple tabs towards the top, and one is for FileVault. By clicking the FileVault tab, one can view the status of their disk encryption. Click on the lock to make changes to the status: a login password is required to unlock the Security and Privacy preference after clicking the lock icon.

To find the encryption status of BitLocker on a Windows operating system, access the Control Panel: commonly through the start menu. In the list of icons displayed in the Control Panel window, find the BitLocker Drive Encryption icon and left click. This window illustrates the encryption status and status options.

It is important to note that each operating system may have different access points depending on the encryption software and the version of that operating system: Windows 10 has a different access point for its Control Panel than Windows 8. If there is no encryption software pre-installed, there are third-party software or tools available, be sure to research all software before installation.

For more information about checking encryption status, please click the link:

Internet of Things

In 2015, it was reported that two wireless baby monitors, different brands, had been hacked. In 2017, the FDA forced a recall of 500,000 of St Jude Medical’s Accent MRI pacemakers due to a software flaw: the recall was a noninvasive firmware update for surgically implanted pacemakers. Digitized wireless products such as baby monitors, wireless cameras, wifi light bulbs, thermostats and much more make up the Internet of Things (IoT). The use of wireless products that rely on a single point of internet access is exposed and only so much can be done to reduce vulnerability.

Consistently updating a product’s software as updates become available is a must — most company’s offer regular software updates with bug fixes. Ethical hackers and software specialists often discover software bugs; therefore, someone already knows about the security concern.

There is one device that should always remain updated, a personal router. A wifi router is a portal between the internet and a person’s wifi connected “things.” A wireless network is visible to the smart devices within its range, because of this, it is vital that a wifi password be strong. Also, a router should use the best available encryption protocol: WPA2-AES a particular good whereas WEP, WPA, and WPA2-TKIP are not. A router’s encryption protocol may be found on a router or visible in the Network settings on a personal device. Be sure to consider the security protocol of a router before purchasing or renting one.

Virtual Private Network

Protecting private internet access is indeed a priority, especially in safeguarding against malicious access to smart devices and other wifi integrated products; however, one must also protect their information as it is transmitted across the web. A good way to encrypt and safely transmit information is through the use of a Virtual Private Network.

A Virtual Private Network (VPN) connects a device to a private network through the use of encryption. A VPN can function to allow secure remote access to a company’s network or serve as a secure portal between a computer and web content by connecting to a remote server. Using a Virtual Private Network service not only encrypts data but also increases its user’s privacy and protects their identity. There are free VPN services; however, there may be bandwidth limitations.

Having a VPN service available is a necessary component for building a digital fortress, especially for those who travel and actively use public Wifi networks. Public Wifi networks funnel multiple devices into one central wifi router that may be dispassionate towards security, leaving all users exposed to hackers. A good VPN service can alleviate most issues associated with using public access points.

Security Software

The Stuxnet Worm is the first known computer virus to cause physical damage. This virus found its way into fifteen Iranian Nuclear Facilities and seized control over one facility’s uranium centrifuges causing physical destruction. Although this is an extraordinary incident regarding the implications of a viral attack, computer viruses are a real threat and must be taken seriously. The term virus is often used as a blanket term to describe an infection within a computer; more computer savvy individuals may use the term malware when discussing software facilitated threats. More specifically, various types of malware are defined by their behavior or method of replication, and some are fake threats designed to solicit an action through fear.

  • Infections by behavior include virus, worms, and trojan programs.
  • Behavioral threats include adware, rootkit, bots, dropper programs, and ransomware.
  • Scareware frightens credulous computer users into providing sensitive information by posing as an antivirus program that claims to have found a threat. For more information about, please visit:

There are programs that one can purchase to mitigate many of these threats. Some programs offer real-time surveillance and full computer scans. Threats that are more difficult to detect may require a separate, threat-specific software.

Credit Report Monitoring

In 2017, the credit bureau Equifax was hacked, and 145 million American’s personal information was stolen including social security numbers, birthdays, driver’s license numbers, and addresses: essentially everything required to access one’s credit information. There has never been a more critical time for continuous credit report monitoring, here are some ways to do just that: credit report websites, bank statement, and credit report apps. Credit report monitoring is useful for retroactively catching unwanted activity but does not prevent it from happening.

To proactively prevent unwanted credit inquiries or fraudulent account creation, the most viable option is to implement a credit freeze. A credit freeze is used by individuals to lock creditors from accessing personal information and preventing fraudulent actors from opening credit cards with their information. To initiate a personal credit freeze, one must verify their identity to all three credit bureaus and will receive a PIN upon completion of this verification process: this PIN can then be used to freeze and unfreeze their credit report. This number should remain confidential and accessible. Freezing and unfreezing a credit report once required a small payment, however, as of September 1st, 2018, the Federal Trade Commision announced that such actions are free. For more information on a credit freeze, please visit this website:

Building a digital fortress may seem expensive and cumbersome, depending on the level of desired security, it can be. Every fortress has a weak point, and there is no guarantee that a person’s information, computer, smart device or network is impenetrable. All anyone can do is work towards improving their security infrastructure through awareness and by being proactive.

Token and coin submission for listing is now open, submit your project for review at https://mandalaex.com/listing

--

--

Sam Jadali

I am a cybersecurity researcher and crypto advocate. As the CIO of Mandala, I dedicate my time to creating a safe cryptocurrency trade environment.