If you’re like us, your entire life is on your computer. And if someone wanted to steal your life, or access your bank account, there’s no better roadmap for doing it than the files on your computer.
We carry everything from our resumes to our tax returns on our laptops. It’s hard to understate the damage a knowledgeable criminal could do with that information. And while we’re careful not to store bank account information or passwords anywhere, it is ridiculously easy to hack into many online accounts once you have control of someone’s computer. In a minute, we’ll show you just how easy and how you can protect yourself.
For a long while we harbored a somewhat false sense of security that all of our computer’s sensitive data was safe as long as our laptops stayed at home, secured behind weak door locks and easily breakable windowpane glass. Of course they were never really safe there either, but a man’s home is his castle, even if only an illusionary one.
Hotels offer no such illusion of security. They’re places where plenty of people have daily access to your room and your unguarded luggage. If you travel with your primary computer, as we do, they’ll have access to that as well.
And while we never thought too much about these issues in the past, soon we’ll be traveling full-time while carrying all of our worldly possessions on our backs. The possibility of having our bags lifted off of a train or even off of our persons has gotten us thinking a bit more deeply about the data we carry with us. These are the steps we’re taking to keep it secure.
Step One: Take a Deep Breath
Even though this is an article about keeping your data safe, our first piece of advice is to avoid going overboard with security. You can’t ever protect something against every conceivable attack so it is pointless to try. Your objective shouldn’t be to thwart the NSA or some super cyber villain but the common criminal. Mostly what you need to do is simply make your information harder than average to access. Even a flimsy bag lock will thwart most crimes of opportunity. And that brings us to our first security precaution.
Step Two: Lock Your Bags
When we set off for two months in Central America we invested a total of $10 in a couple of luggage locks and a lightweight bike chain to secure our backpacks whenever we left the hotel. Locking your bags like this won’t stop a determined thief but will prevent someone from casually rifling through your stuff or simply walking off with your bag. You can spend about 10x as much for a more elaborate PacSafe security system, but we choose not to. After all, if a criminal comes equipped to cut our bags or bike chain, he very likely can cut the PacSafe cable too.
Step Three: Password Protect Your Computer and Phone
Once your computer falls into the wrong hands, its first line of defense is the password built into its operating system. It serves a critical function, but will only work if you enable it.
It’s important to know that the operating system password doesn’t protect your files (we’ll talk about doing that in a minute). It does, however, prevent someone from using the computer as you. That’s important because once someone logs-in as you, they may have access to your email accounts, browser history and any number of other useful resources not easily available in other ways.
Step Four: Don’t Use Auto Login for Anything, Even Your E-Mail Account
I’m not a hacker, but even I have a fighting chance of getting access to your online bank accounts once I have your un-password protected laptop. That’s especially true if your browser is set to automatically log-in to your e-mail and other accounts.
Here’s how I’d get access to your bank account:
The first thing I’d do is go into your e-mail account and change your password to lock you out. Then I’d search your e-mails for messages coming from financial institutions to see what accounts are linked to that e-mail address. I’d then go to that financial institution’s website and (assuming your browser didn’t log in to the account automatically) request a password reset. The financial institution will then send a new password to the e-mail address they have on file, which I now control. With that, I’d have full access to your financial account.
Many institutions are trying to thwart such attacks by adopting a “Two Step Authentication” process where they send a special code to your phone that you need to enter before your password is reset. If you have accounts asking you to enable “Two Step Authentication” you should definitely do it. But even with that, I still might be able to work around this protection by having your calls and texts forwarded to a phone I control. If your browser automatically logs in to your wireless account, you’ve made my life really easy.
Of course I wouldn’t even need to bother with any of that if I lifted your phone along with your laptop and you ignored Step Three completely by not password protecting both devices.
Step Four: Encrypt Your Most Sensitive Data
The operating system password doesn’t protect the files on your hard drive. Anyone with the most basic understanding of computers can boot up your laptop with an alternate operating system and have full access to your files. To keep those files from prying eyes you need to specifically encrypt them.
There are probably dozens of ways to encrypt your files but none we’ve found do everything we’d like. We don’t endorse any particular system but here are a few options that get the job done.
One of the highest rated encryption programs among tech geeks is TrueCrypt. It’s completely free, open-source software that allows you to encrypt entire volumes of data. The downside of TrueCrypt is that it is designed for more sophisticated users so its interface isn’t the friendliest. That may be a real consideration when encrypting your data and possibly reason enough to skip TrueCrypt. You don’t want to make any mistakes that permanently lock you out of your own files.
Folder Lock, meanwhile, does basically the same thing TrueCrypt does but with a far more intuitive and polished interface. That ease of use comes at a price, though: $39.95 for the un-restricted version, to be exact.
Both TrueCrypt and Folder Lock also have a nifty little “Stealth Mode” feature that hides the program and its associated files. The idea is that if would-be cyber thieves don’t even know the files exist, they can’t decrypt them.
If you think that feature is a bit of overkill (and it probably is) the free 7-Zip software is a much simpler option. While 7-Zip’s primary function is to compress files, it also allows you to password protect them using strong AES-256 encryption.
Of the three choices mentioned here, 7-Zip is by far the easiest to implement. Its downside is that whenever you want to save changes to a file you have to extract it from the encrypted volume and then re-encrypt. That might be fine for finalized documents that never change, like your 2012 tax return, but it is a bit of a PITA for things like financial records that you constantly update.
TrueCrypt and Folder Lock, meanwhile, allow you to access and update your files as you normally would once you provide the correct password.
Step Six: Encrypt Your Cloud Storage
Online data storage (also known as “The Cloud”) is a great way to back up your documents. It’s particularly helpful for full-time travelers like us who don’t have any other place to store hard copies or back up electronic files remotely. We do plan to carry an external hard drive as a backup for our laptops, but if our bags get lost we’ll lose our backup too.
As useful as online storage may be, we’re still reluctant to upload our most important files into the internet ether. Cloud services like Dropbox have some robust security of their own, but that security is always being tested by hackers looking for a way in. What to do?
If you’re already using TrueCrypt or Folder Lock to protect files on your hard drive, you can also use them to create an encrypted volume within Dropbox. Doing so is simple but requires you to download and install the Dropbox desktop application. With that app you can create a folder on your computer that automatically synchronizes and uploads its contents to a similar folder in the Dropbox cloud. If you encrypt a volume in that folder with TrueCrypt or Folder Lock the same encrypted volume gets uploaded to Dropbox as well.
One potential problem with this approach is that to open your Dropbox files encrypted with TrueCrypt or Folder Lock you need to have a computer with those programs already installed. That doesn’t do you much good if you lose your bag on the road and are trying to download copies of your passports on a generic hotel computer.
What you can do, instead, is use 7-Zip to create an encrypted self-extracting zip file and upload that file to Dropbox. That file will be protected but doesn’t require special software to open. All you need is the original password to get your documents.
Considering the various benefits and drawbacks of the different encryption programs, we’ve decided to use a mix of them. We use TrueCrypt to protect both a volume on our hard drive and a Dropbox backup. In these volumes we keep all our sensitive material. For anything we think we might need in an emergency on the road, we’ve created a self-extracting 7-Zip file and uploaded that to Dropbox as well.