CYBER SECURITY
COMMON SENSE SECURITY TIPS FROM F-SECURE
F-Secure’s Erka Koivunen is a champion of a concept he calls “operational security”.
I
TEXT DAVID J. CORD
t’s really simple,” F-Secure’s Chief Information Security Officer explains. “OpSec is bringing common sense to information security. This is about your behaviour. Operational security is how you remain secure in practical settings.”
use if you leave it unlocked in an airport lounge while you get a cup of coffee,” Koivunen says. But even if you do lock down your devices they may not be secure. If you leave them behind in your hotel room, for example, there are ways to see if they have been tampered with.
”Feel free to be creative in creating your “impossible to copy” pattern or seal”
BE CREATIVE
F-Secure is a major cyber security and privacy company based in Helsinki. They offer popular products to individuals and businesses such as antivirus and privacy solutions, such as Freedome, one of the rare VPNs which independent CSIRO researchers say deliver as promised. But these need to be used with common sense. “All those great tools your IT department installed on your laptop will be no
Erka Koivunen F-Secure’s Chief Information Security Officer
34 BUSINESS CLASS October 2017 – January 2018
“Protect your travel gear and documents with tamper-evident bags or tags,” he continues. “Another idea is to create a seal which is impossible to copy. If you cover the screws of your laptop with glitter nail polish, it will dry in a unique pattern. Take a picture when you leave your device and another when you return and compare them. There are even apps which can detect differences between two photos.” “One of our guys crushes a potato chip and scatters the crumbs across his laptop. If someone tampers with his machine they would never be able to put all the crumbs back in the right place. He has
even asked if he can write off potato chips as a business expense,” Koivunen laughs. Another tool which Koivunen recommends is a password manager. F-Secure offers a free version for individuals, F-Secure Key, and an advanced version for companies. He also warns people should be on guard against impersonators and social engineering. If a caller claims to be your CEO and wants you to transfer company money, doublecheck through regular channels. Even be cautious about what you say on social media. “In the past major mergers have been discovered because someone Tweeted about being in an unusual place at an unusual time. People can guess the reason why you are there,” Koivunen says. “It is impossible to prevent all breaches of security, but if you practice good OpSec you can ‘ground’ yourself from potential shocks.” www.f-secure.com