2021-07-17

Security considerations for buying a new smartphone or tablet

If you're in the market for a new smartphone or tablet, one of your most important criteria should be a long support life of security updates.  When your device stops getting security updates, the longer you continue to use it, the larger the target painted on your back becomes, due to the security vulnerabilities that start accumulating. 

Android versus iOS (iPhone or iPad) is often a personal, quasi-religious choice, but, functionality aside, it's fair to say that iOS is more secure but generally more expensive than Android.

For Android:

This is a great article to help you understand security updates by brand for Android:

8 Best Android Phones (Unlocked, Cheap): Our 2021 Picks | WIRED

Look especially at the number of years of security updates provided, since when the security updates end, your phone or tablet becomes only a good paperweight.  Brands that license Android from Google usually have a shorter support life than Google has for its own devices (Nexus brand).

N.B. The number of years of security updates is from when the device is released to the market, not from when you buy it!  So you have to find the release date for a device you're looking at.  You could do a web search for the brand and model of the device combined with "release date".

For iOS: 

Apple does a better job of providing security updates, so an iOS device will almost always get 4 or 5 years of security updates.  And this year, some 5-year-old iOS devices are getting an extra year of support, for a total of 6 years, but that's unusual.

2021-07-05

My next talk, kind of: July 21 (AMA)

I've done lots of talks, both in-person and online, on various cybersecurity / information security subjects such as passwords and password managers, two-factor authentication (2FA)/MFA, backup and storage, device and network hardening, secure internet use, privacy, and user security/privacy awareness.

But this session is different: the entire purpose is to answer your questions. You'll be able to ask me your questions in the multi-way videoconference.

For SMBs in the Okanagan, this is your chance to ask any questions you have about cybersecurity as well as information security generally.

Details and registration here: 

2021-04-04

Almost free cloud backup

If you're sold on having a full cloud backup of all your data -- and you should be -- but you find the cloud backup services I suggested a bit pricey, there might be an "almost free" option you could use.  It depends, though, on your having access to a lot of space on a cloud storage service like Google Drive, OneDrive, Drobox, iCloud Drive, etc.  You might have this already, say, if you subscribe to Microsoft 365.

This solution will give you as much retention as you want of old file versions and deleted files, and will let you do point-in-time restores.

Here are the pieces of the solution:

  1. A Sync.com Free plan account, which gives you 5 GB for free (and more if you refer other people to the service).
  2. A cloud storage services (as noted above) with enough space for your entire backup. (You'll actually need somewhat more space given the versioning.)
  3. The SyncBackSE backup software, about CAD $62 one-time

Here is what you do:

  1. Divide your files logically -- in your head -- into two piles: Sensitive and Non-Sensitive.
    • Sensitive files are ones that you think need end-to-end encryption (E2EE).
    • Non-Sensitive files are ones that don't need E2EE.
  2. Then separate your files physically -- on your drive -- so that each high-level folder (say, the top level folders under your Documents folder or your Photos folder) contains either Sensitive files or Non-Sensitive files but not both.
    • Sensitive files are limited to the 5 GB or 6 GB or whatever in your Sync.com plan.
    • Non-Sensitive files are limited to whatever you have in your cloud storage plan.
  3. Buy SyncBackSE software (see above).
  4. Configure SyncBackSE to automatically and daily do this:
    • Back up all Sensitive folders to the Sync.com folder, using Versioning
    • Back up all Non-Sensitive folders to the OneDrive folder, using Versioning
If you want to get a bit fancier, you could use SyncBackSE's AES encryption abilities to encrypt files before writing them to the Non-Sensitive cloud storage. Then you don't really need Sync.com.

If you use this referral link to sign up for Sync.com, you'll get an extra 1 GB of storage.  (I will too, but I have no need for any more space.)



2021-03-31

World Backup Day, and suggestions

Today is World Backup Day.  A CBC story.

Data backup is really important so here are a few suggestions:

  1. Ensure that all your important data is backed up to at least one and ideally to two different "places", at least one of which is in the cloud.
  2. For files that live on your computer or an external drive, your first backup should be to a cloud provider.  Your second backup can be cloud or local.
  3. If you have files that live in the cloud, you need at least one backup too, which could be on your computer or an external drive.
  4. Manual backup can work if you're diligent, but automated regular backup is much better.
  5. Cloud sync (often free, e.g., Google Drive) is not the same as cloud backup (usually paid, e.g., Backblaze).  True backup will keep deleted files and old versions of your files for at least, say, a year, supports point-in-time restore, and lets you choose which folders to back up.  Cloud sync providers usually keep these for no more than 30 days, don't support PIT restore, and only back up files you place in the single fixed folder.
  6. For sensitive data consider using a cloud provider with end-to-end encryption (E2EE), also called Zero Knowledge.
  7. For local backups (e.g., to external drives) you probably want to ensure that the data is encrypted.  (But then also ensure that your computer's drive is encrypted.  Windows 10 Home doesn't do that and Windows 10 Pro doesn't do it by default; if an someone steals your computer they'll get all your data.)
  8. For mobile devices you can reduce data backup concerns by ensuring that all important data on your device actually comes from (is synced from) the cloud, or, say in the case of new photos, is automatically backed up to the cloud.

2021-03-30

Browser extensions for privacy and security

This New York Times article lists my favorite three browser extensions for security and privacy:

Tools to Protect Your Digital Privacy

They are:

  1. uBlock Origin
  2. Privacy Badger, and
  3. HTTPS Everywhere.

There is one additional benefit of uBlock Origin not mentioned in the article, namely that advertising can contain or lead you to malware, aka, malvertising.