Yes, you'll get hacked! When and how?

Your army is deployed on the perimeter walls, armed and ready. Your walls are high and solid and a deep trench defends them. All access points are fiercely defended and strictly monitored. The monsters are out there, getting ready to attack and destroy and you know there will be no prisoners..

You’re confident that your walls will hold long enough for backup troops to join the party and sweep the attackers away. Sadly a wicked insider told your enemies about a vulnerability in your walls, a tunnel running below the main wall, the existence of which had been long forgotten.

The bad guys place explosive charges in there and, when the battle reaches its peak, a kamikaze rushes towards the tunnel handing a torch to blast them. You suddenly got what your enemies wanted to do, but too late. The kamikaze dies, hit by your arrows, but he can still get his dirty job done.

Banngggg!!!! The bad guys are in!

How many of you visualize a castle surrounded by a trench and layers of walls when you think of information security? Well, I got a bad news for you: this concept is outdated and you’ll get hacked sooner or later, just like the defendants in the Lord of The Rings' Helm’s Deep battle.

Static defensive lines are ineffective, like history has widely proven (think of the French Maginot Line, for example).

What’s important today isn’t only to keep the bad guys out, but also to make sure that, might they be able to break in, they make as least harm as possible. Some companies had to call quits because of a major security breach but, luckily, there are methods to minimize the negative consequences of an intrusion.

1. Keep on your local hard drive only the data you can afford to lose: I recently wiped up my iMac and now I keep my files both on the cloud and on two external hard drives that I never connect to the computer. On the first hard drive I keep the last Time Machine backups before reinstalling, and on the other hard drive I store a trusted image of my OS X. I don’t even bother backing up my HD with Time Machine because, should something go wrong, I can re-image my OS in half an hour and be operational in the twinkling of an eye. Bad guys can get to my computer somehow, but they can’t surely get to my external hard drives. A 100% security level isn’t feasible, but you can realize a solid security implementation whereas you don’t rely solely on the Internet and keep backups off-site, as well.
2. Don't trust WI-Fi hotspots: If you're in a hotel or in stores offering free WI-Fi, such as Starbucks, be extremely cautious. It's very easy for hackers to setup a fake access point and see all incoming and outgoing packets, or to hack in, as no or weak encryption is often used. If you just need to connect real quick to check something, use specific programs, such as Hotspot Shield or HTTPS Everywhere, to encrypt your connection. If possible, don't conduct any financial transaction online by using insecure networks. You might think this is pretty obvious but, according to a poll,32 percent of the more than 1,600 respondents said that they commonly use public wireless networks, regardless of whether the networks have encryption enabled.
3. Use virtualization programs such as Deep Freeze or Sandboxie: Deep Freeze locks your operating system to a trusted configuration, allowing only changes approved by the system administrator. Anything you (or your users) install or change will be canceled with a simple reboot. I have personally tested it in college; I created a Windows 7 VM for one of my classes and, when I got back to class some days later and accessed that same client, my virtual machine had completely gone. In case of malware or other incidents, it’s much easier and time effective to re-image the machine than to analyze and troubleshoot it. If you want a free solution, you can use Sandboxie and get the same result. Sandboxie allows to install and test any software in a protected environment and, in case of infection or other issues, you can delete all the files in your sandbox and call it a day. For more details, check my post: Sandboxie - free the explorer in you. An alternative solution is to create a virtual machine of your physical OS with a free software such as VirtualBox. I have an OS X VM for this purpose, created with Parallels Desktop. For corporate environments, I recommend Deep Freeze (or similar products) because it works smoothly and you only need a reboot to restore your PC configuration back as brand new.
   
4. Keep your files on an external SSD to use as an active partition: You can buy an external SSD to use as an active partition (i.e. the one where the BIOS, or UEFI for Mac systems, looks for an operating system to boot), keeping your internal HD for backup/storage or decoy purposes only. The advantage of this solution is you can have a super-fast computer and you can disconnect your external drive at the end of your working day. Without the active partition, all attackers could access is your internal hard drive, where you keep nothing important. You can also create a honeypot with such a solution. With OS X systems, you can easily select which partition to use as Startup Disk by going to System Preferences/Startup Disk. For Windows, you need to tweak your BIOS Setup options and select your SSD as the first device in the boot priority order.
   
5. Encrypt your hard drive: If you have valuable information on your hard drive, you may consider to use file system encryption. On OS X you can activate FileVault from System Preferences/Security & Privacy/ FileVault. With Windows Systems, you can utilize BitLocker, in two different ways: a) by means of a specific chip mounted on the motherboard, called TPM (Trusted Platform Module), or b) by using an encryption key, stored on a USB device, to boot Windows. I'm not big on these methods because, should something go South, you can't access your hard drive any longer and may be forced to re-image your OS (have a look here for more details on FileVault and here for BitLocker). In my case it's not worthwhile but you might want to consider it.
   

Thanks for your time. This is my first post ever on LinkedIn and I hope you enjoyed it. I can't wait to have your feedback! If you want to check my previous posts, you can visit my blog: One Tip A Day Tech Blog.