Oregon FBI Tech Tuesday: Building a Digital Defense with Your Communications
The FBI has launched the “Protected Voices” initiative to help 2020 political campaigns and American voters protect against online foreign influence operations and cyber security threats. The Protected Voices campaign includes information and guidance from the FBI, the Department of Homeland Security, and the Office of the Director of National Intelligence.
This FBI Portland Tech Tuesday report is adapted from the Protected Voices initiative with a focus on providing cyber security information to political campaigns as well as businesses and individuals in Oregon. More information on all aspects of the initiative, including video downloads, can be found at www.FBI.gov/ProtectedVoices.
Welcome to the Oregon FBI’s Tech Tuesday segment.
This week: building a digital defense with your communications.
Given the importance of communications in our lives today, it’s no surprise that this particular set of technologies also represent a significant potential vulnerability. Communications can include personal and official email, messaging apps, and social media.
Whether you are running a business or a political campaign, you should be aware of the potential dangers of cyber attacks through these various channels, and you should use the most secure methods of communication to reduce the likelihood of intrusion.?
Keep in mind, most secure does not always mean easiest. Security and convenience often work on a continuum—with the most convenient practices tending to be the least secure. Use your best judgment for what makes sense for you.
Pro-active steps you can take include addressing encryption, message retention, and access.
Let’s start with encryption. Encryption encodes information, making it unreadable to anyone but those who have a key to decode the encrypted data.
There are numerous ways to implement encryption so that even if an attacker gains access to your information, he or she will be unable to use it without a lot of effort.
Look for trusted vendors of encrypted communication services for texting, email, and voice; there are several solutions available, and some are free.
Next: message retention. To help prevent attackers from stealing information, don't keep more than you need.
You can do this by disabling the “archive” and “save old messages” features on your communication devices and applications. These are typically defaulted to automatically save. Disabling this feature is the electronic equivalent of shredding documents.
Finally, depriving attackers of opportunities to attack can greatly improve your defenses.
Ensure only devices with a need to connect are granted access to your systems. This will reduce the resources needed to monitor and defend networks. One way of doing this is to create access control lists.
Access control lists typically consist of “white lists” or “black lists.” Whitelisting is a method of restricting access to only pre-approved devices or connections. Blacklisting involves denying access to devices which are presumed or known to be not trustworthy. Blacklisting regions of the world that don’t have an approved or anticipated relationship with your business or campaign can greatly decrease the amount of threats your organization faces.
Also, communications infrastructure shouldn't be left on 24/7. When you leave for the day, turn off devices and, where possible, turn off your office Wi-Fi networks, which can offer adversaries a potential route into your operations.
Next week, we will talk about how to raise your cyber security stance when your employees or volunteers must use their personal devices in the workplace.
Remember your voice matters, so protect it. Go to www.FBI.gov/ProtectedVoices for more information.