How to Keep Top-Secret Documents Off the Internet

I don’t know about you, but I don’t have any top-secret documents.  But, suppose you use Quicken.   Suppose you have a secret plan to become the world’s next billionaire.  Suppose you don’t want the NSA prying into the photo collection of your, um, kids.  Well, don’t connect your computer to the Internet.

Some people may think this is a little extreme.  But here’s the truth: the ONLY 100% guaranteed way to keep top-secret data safe is to isolate it from the internet. (Kind of like abstinence is the only 100% guaranteed way to prevent pregnancy.) Computer security is an arms race between hackers and developers, and no matter how vigilant you are, there’s just no telling what they will come up with next.

Remember Mister Rogers telling kids about watching TV: If there is something scary on TV, you can turn it off .  Apply the same principle to the Internet: If there is something scary on the Internet (there is), you can simply disconnect.  Or, if you feel like you have to connect, connect for a very short time, then disconnect when you are done.  The less time you are connected to the Internet, the better (at least on your PC that has sensitive information on it).

For companies that handle extremely sensitive data (such as medical records which are protected by HIPPA), it makes sense to store these records on a separate internal server. But what about individuals just trying to protect stuff on their home computers?

Here is one possibility: buy two computers, one to connect to the Internet, and one to keep off the Internet.  Computers are relatively cheap nowadays.  Put your sensitive information on the computer that never connects to the Internet.  If you consider your financial data sensitive (you want to keep it private), do your Quicken on that computer, and then close Quicken.  Swivel in your chair, and start typing on your computer that connects to the Internet, and browse to your favorite websites. If you want some software on your top-secret PC, and it is available as a download, download the software on your Internet-connected PC, and use “sneaker net” to transfer the download to your top-secret PC.

If you can’t afford two computers, consider keeping your most sensitive files on an external hard drive, or even a USB drive, instead of your PC. Only plug the external drive into your computer when your computer is offline.

If the computer or drive which stores your top secret files never connects to the Internet, you don’t need to worry about anyone accessing the data, not even the NSA (unless they break into your home and steal your computer).  If you want to protect even against that, get some type of hard-disk encryption.  If you encrypt your hard disk, you will be able to read it and use it (with the appropriate password), but other people won’t.  See some ideas in the “What to do” section below.

To access your encrypted hard-disk, you will need a password.  Don’t forget that password.  (My daughter had a classmate at Stanford who lost his encryption password and wasn’t able to access his thesis research. The archetypical absent-minded genius…) Write the password down somewhere, but hide the piece of paper so other people don’t find it.  Don’t put it on a sticky note on the monitor; if the thief takes your monitor, they will have your password too.

Or, use KeePass, another great piece of free software for storing your passwords.  Using KeePass, you can create a file of your passwords, and easily generate random, hard-to-guess passwords, one for each website you have an account at.  You only have to remember one MASTER password.

Here are my recommendations for keeping top secret data safe:

a)      Buy a new computer, and connect that to the Internet.  It will have the newer security features, so it will be less likely to get infected.  SEE BELOW for instruction for HOW to plug a new computer into the Internet so it won’t get infected right away.

b)      Unplug your old computer from the Internet.  If it is infected, the malware won’t be able to send any of your top-secret information anywhere (at least once it is unplugged), and you won’t inadvertently become part of a botnet.  

c)       If you want to encrypt your hard drive, check to see if your computer already supports it:

  1. For PCs: Bit Locker Drive Encryption
  2. For Macs: FileVault drive encryption

d)         If your computer doesn’t come with built-in encryption, you still have a couple of options:

  1. For Linux, you can encrypt part of your hard disk with TrueCrypt
  2. If your PC or Mac doesn’t have built-in encryption, use TrueCrypt.

d)      Don’t forget the encryption password.  If you forget your encryption password, your encrypted data will be gone forever. Caveat: I have not encrypted my hard disk.  It is not the highest thing on my list.

 

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>