Any USB drive or your own materials that reside on company's machine must be protected using suitable encrypting device, such as TrueCrypt. If you suspect keyloggers are planted, use keyfiles with your TrueCrypt volume designed to foil keyloggers from capturing your password.
Any passwords that you need to submit to a site must be managed securely, using tool such as Password Safe, and never allow that to be cached on that machine. If it is convenient to you, it is also convenient to your attacker, who could be your supervisor, as confirmed in the WSJ article. It is important to use this kind of tool that avoids exposing the password to preying eyes.
Always use strong password and if you use things like Password Safe, you should always use the generated password by this tool.
E-Mail communication through the company's channel must be suitably protected. You can use Password Safe's command-line operations:
pwsafe -e filenameTo encrypt the file and
pwsafe -d filenameTo decrypt the file. It is advisable to perform these operations on a TrueCrypt volume to avoid residues being picked up.
A better option is to use the field and time tested free PGP, commercial version or GNU PGP.
Trust no one, no matter how warm the smile appears to be, and treat all environment as hostile are the best advice.
No comments:
Post a Comment