White Ops CEO Tamer Hassan uses the most extreme approach to protecting his personal data.
“I assume compromise, and I wipe my phone every few weeks–I delete everything,” he said.
Hassan also uses a password vault, adding that software alone is not enough.
John Masserini, CISO of Millicom, said that one of the downfalls of being a CISO is paranoia.
“I have multi-factor authentication on every account, and I do all my banking on my iPad, not my work laptop,” he said.
SEE: Cybersecurity: Let’s get tactical (free PDF)
Matt Petrosky, vice president of customer experience at GreatHorn, also keeps his work activities and personal data on separate devices.
“I use a password manager, and I erase my machine every year and start fresh,” he said.
Security professionals at RSA 2020 last week in San Francisco recommended these best practices for protecting personal data from identity theft and fraud.
Auth0’s Chief Security Officer Joan Pepin uses a password manager so that she can have a different password on every account.
“Credential stuffing is the biggest attack vector on the Internet, so if you give your one password to the local pizza shop and it gets hacked, that password will get hackers in to every other site you use,” she said.
She also requires her team to set their iPhones to go to a lock screen after one minute of inactivity and uses a song lyric as her master password, which is “easy to remember, hard to guess.”
Brad Woodward, director of labs at Coalfire, said that he uses a YubiKey for two-factor, passwordless authentication.
“I don’t trust my own machine with my keys,” he said.
Remember who is listening
Russ Mohr, director of sales engineering, Americas for MobileIron, said that he uses WeChat to talk with relatives in China, but he watches his words when using the app.
“I don’t say anything that could get my ten-year visa revoked,” he said.
He also keeps an eye on how many services an app uses.
“Is it too much for a flashlight app to be asking for access to my contacts? Probably,” he said.
Tony Pepper, Egress, said he never downloads conference apps.
“I always check to see what an app connects with because a lot of them ask for the sun, moon, and the stars,” he said.
Segmented networks and VPNs
Two Deloitte colleagues apply their professional experiences to their personal technology choices. Vikram Kunchala, application security leader, and Andrew Morrison, strategy defense response, both segment their home networks, including a guest Wi-Fi, a segment for kids, and a segment for financial activities.
Kunchala said he also uses a VPN at home to further protect his data.
Morrison said that he doesn’t have a presence on any social media sites other than LinkedIn.
“I’ve seen too many compromises happen to my clients with bad actors learning about their behavior, location, family members on social sites,” he said.
Morrison’s and Kunchala’s Twitter presence is the Deloitte Risk and Financial Advisory account.
Never use free Wi-Fi
Michael Sentonas, CTO of CrowdStrike, said he never uses free Wi-Fi, especially at hotels.
“E-crime actors know that when you check into a hotel, they ask for your credit card and ID,” he said. “Tether off your phone and use a VPN, to add another level of protection.”
He also likes the low-tech tactic for protecting sensitive data: privacy screens.