Encryption: Use it, lest ye be thieved.

Each time I go to DEFCON, sniff a network or see an ad for an infosec product, I’m harshly reawakened to the general publics detachment for security concerns. When using a virus scanner, firewall and pop-up blocker, most users seem comforted enough to go about daily business with a satisfactory feeling of a “secure” experience.

A large gap with this frame of thought is of what we’re trying to secure. The most valuable thing on your computer—the stuff you want to secure if nothing else–is your personal data/information, NOT the machine itself. Most white-collar folk, in a worst-case scenario, could cough up the bones to cope with a stolen or broken machine, or re-install the OS after a bad virus attack. The data on that machine, however, may be priceless memories, confidential trade-secrets, or other information which you’d highly prefer to remain private and well backed up. As a resident of Arizona–the new U.S. capital for identity theft (per-capita)–we must recognize that the Bad Guys on the tubes do not have the primary intent to annoy us. They’re trying to make money. Compromising your system is merely a means for collecting sellable usage habits, relaying \/i@gr@ ads, stealing/selling your identity etc. We simply need to recognize that we protect system assets largely to protect our information.

In that vein, one of the largest commonplace no-nos is sending sensitive information over ordinary email. We’ve all done it, and most will continue. Emails can pass through systems that are maintained by people you don’t know and most certainly don’t trust, so don’t be a bonehead: encrypt your email, especially if it’s sensitive material. (If your email client is a horrible bitch-goddess that makes encryption a pain to deal with, please poke the vendor with a sharp stick until they make it trivial.) Mail.app and Keychain Access.app (OS X) make it ridiculously simply to manage and use X.509 public/private keys, which you can obtain for free from Thawte. If you use Mail.app, you’re out of excuses.

Should your machine be stolen, sold, repaired, or otherwise leave your possession, how do you know your not handing over the keys to the kingdom to a complete stranger? You can wipe the drive, but that isn’t convenient if the machine will be returned to you. A simply way is to use TrueCrypt for Windows, encrypted .dmg files for OS X, or encrypt your entire freaking home directory with FileVault. (OS X).

OS X users have no excuse but to encrypt everything. Linux and Windows users may have difficulties, but easy wins are still possible. Encrypt your email. Encrypt your backups. Encrypt your calendar. Encrypt your address book. Encrypt your financials. Encrypt your music. Encrypt your photos. Encrypt your life.

Encrypt everything.