PC security, NSA-style: 7 tips from the spymasters

Some of the agency's countersurveillance tips are easy for anyone to implement.

Was it really just a few months ago that your biggest computer-privacy concern was making sure your employer didn't find the college photo of you sucking on a beer bong on your Facebook page? That seems cute now. With the recent revelations that the National Security Agency may have been involved in everything from spying on U.S. residents to cracking online encryption to collecting global financial data, computer privacy has taken on all the cloak-and-dagger intrigue of a John le Carré novel.

If you're like most users, you take your privacy seriously. So we went right to the experts--the NSA itself--and pored over the agency's security tips and recommendations for its Department of Defense and intelligence-community customers. From there, we identified seven measures that both consumers and small businesses can easily implement to protect themselves from hackers and cybercriminals--and perhaps even from the NSA.

Enable automatic software updates

It isn't the coolest counterintelligence technique, but good security starts with the basics, and nothing is more basic than making sure that your operating system is up-to-date. So it's no surprise that the NSA recommends enabling automatic updates in Windows.

Doing so is easy enough: First, simply navigate to System and Security from the Windows Control Panel. Click Turn automatic update on and off, and select Install updates automatically.

Encrypt your hard drive

Recommended in the NSA's rundown of security highlights in Windows 7 (PDF), BitLocker encryption is built into the Enterprise and Ultimate versions of Windows 7, as well as the Pro and Enterprise versions of Windows 8. When enabled, BitLocker encrypts all of the data kept on a storage volume, and it continues working in the background to protect the contents of a Windows PC from unauthorized access.

BitLocker is an excellent first line of defense that takes just a few clicks to enable. However, if you're concerned that the full-disk encryption technology may have been compromised by a backdoor deal with the NSA (there is no evidence of that, so far), you can find plenty of alternative methods to encrypt your data.

Tape over the webcam

Integrated webcams are great for video chats, but they're also excellent tools for hackers to spy on users. And you would never know that you were being watched: Although the webcam indicator light is supposed to switch on when the camera activates, hackers have found ways to disable the light in certain laptop models.

According to the NSA, a simple, low-tech solution is to tape over your webcam--with black tape, naturally. If you're worried that the sticky residue might damage the webcam, use tape to secure a small piece of paper over the lens.

Disable the built-in microphone

Just as your machine's webcam can give hackers a window into your private world, your laptop's built-in microphone--typically enabled by default--can fall prey to remote hijacking and allow snoops to eavesdrop on all conversations in its vicinity.

To ensure that no one can listen in on your home or office, launch the Sound applet from the Control Panel. Click the Recording tab, select your laptop's built-in microphone, and disable it.

Of course, taking this step doesn't prevent a malicious hacker who has already compromised your laptop from reenabling it. If you're really paranoid, you can disable the built-in microphone permanently simply by poking it with the business end of a needle or paper clip. The espionage game has its casualties.

Disable unnecessary network services

Although it's impossible to lock out hackers completely, you don't have to make their task any easier. Start by disabling network-related protocols and services that you don't use, as attackers and snoops could exploit them to access your files and devices. For small businesses, such services will likely include IPv6, Bluetooth wireless, or even Wi-Fi, if you're primarily using deskbound laptops connected via ethernet. And if you don't share file and printer resources on your PC, be sure to disable sharing for additional security--a step that Microsoft recommends, as well.

Harden your account settings

Spend a few minutes tweaking your Windows account settings. Few security measures offer so much protection for so little effort. A good first step is to disable any guest accounts that are present, ensuring that a password is set for each account, and disabling automatic login.

Next, enable a screensaver and set it to start with a reasonably short inactivity timeout of between 1 and 5 minutes. To do so, right-click the desktop, select Personalize from the menu, and click Screen Saver. Make sure to select the On resume, display logon screen checkbox. Obviously, you will need to have a password configured first for this step to work.

Finally, require that users reenter their system password if the PC has been inactive. Configure this option by clicking Power Options in the Control Panel and selecting Require a password on wakeup in the left column.

Don't read email on an admin account

Web surfing on a user account with administrative rights is kind of like walking through a bad neighborhood with your house keys in one hand, your Social Security card in the other, and your ATM PIN written on your forehead. You're offering up all kinds of sensitive personal information to eager takers.

Because of that risk, the usual advice is to avoid surfing the Web on an admin account to limit the damage if a zero-day exploit happens to compromise your account. Given the growing number of attacks launched via email messages, it's a good idea to extend this precaution to your inbox by reading new email messages only on a nonadministrator account. This practice won't protect you from phishing attempts that try to trick you into giving up your password, though, so be sure to stay on your guard against fake email messages, too.

While adhering to these tips will go a long way toward shielding you and your data from prying eyes, to secure your PC further be sure to check out our tips to avoid the most devious security trapsPrism surveillance, and watchers on the Web. We can't promise that following these measures will make you spyproof, but you will certainly sleep better. Just remember to keep one eye open.

Join the CSO newsletter!

Error: Please check your email address.

Tags hackerscybersecurityNational Security Agencysecuritylegalcybercrimebusiness securityFacebook

More about FacebookMicrosoftNational Security AgencyNSAPrism

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Paul Mah

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place