The convergence of information and cybersecurity is highly relevant in the context of your reputational and financial concerns, a combination of physical and cyber security applied to your requirements will strengthen your overall security posture and resilience to risk. In this article I am explaining how to protect your digital security and privacy as an individual, but the strategies are equally suited for small businesses as well.

1. MAY 2021 ISSUE 21
MAINTAINING YOUR DIGITAL PRIVACY
OMNIRISC SECURITY NEWSLETTER
In this newsletter we have a change of topic for you, with our focus shifted from physical security to cyber
security. The convergence of information and cyber security is highly relevant to your reputational and
financial concerns. Applying a combination of physical and cyber security to your requirements will
strengthen your overall security profile and resilience to risk.
If you are like us, being cautious or even paranoid about our security concerns, you will take extensive
steps to ensure that your personal digital security is maintained. These include securing your
communications, personal data, credentials, banking details, web browsing activities and of course your
online privacy. In this article, we will discuss ways to protect your digital security and privacy as an
individual though they are equally suited for small businesses as well.
Digital Privacy
2021 is the age of digital surveillance when
everything we do digitally and online is recorded
and archived somewhere unknown to us. This is
not a conspiracy theory but fact. We already know
there are various extensive government
surveillance programs in place, but over and above
Due Diligence
It is common practice in some industries to
conduct a thorough investigation into any
potential new hires, partners, investors or
competitors. The most common investigation
method is OSINT (open-source intelligence)
operations.

2. the obvious privacy challenges that these programs
present are a whole range of other reasons why we
should proactively maintain our digital privacy.
Data brokers, who gather any and all data we
unknowingly leave behind on the internet, present
an ongoing challenge to our digital privacy. Think
about the countless cookies and trackers that most
websites have embedded in them these
days. They can track all our activities when we are
on and even off the particular site. Our data is
collected by the data brokers who then sell that
data (or classifications made based on that data) to
other data brokers, companies or interested parties.
Data brokers never make themselves known to the
people they're collecting data on, so we will never
even know who has access to our personal
information.
To learn more about data brokers read this
excellent article on the subject.
In addition to the data brokers who want to profit
from our data and governments who want to
Open-source intelligence is a methodology for
collecting data from publicly available sources
and analysing in an intelligence or investigative
context. OSINT has been proven to be extremely
effective when conducted against individuals or
organizations who have not taken any steps to
maintain their digital privacy.
For example, if we want to know everything about
your business without you knowing it, we would
gather OSINT on you, your key people and the
organization as a whole. This would include an
exhaustive gathering of data from social media
profiles on LinkedIn, Facebook and others, and
publicly available data like criminal records,
property records and other such archives. Files
would be built on your key people, their
preferences, habits, former employment and
anything else that can be found.
Corporate and personal blogs, including old
archived and deleted blog posts, would be
reviewed. Anything that the targets of an OSINT
investigation have ever touched online will
eventually be found if they have made no real
effort to conceal their activities. With a small
budget, an OSINT investigation can be
supplemented with information bought from data
brokers to paint a comprehensive picture of you,
your key people and your organization. Such
information can include aliases, birthdates,
interests and affiliations, current and previous
addresses, academic background, employment
details, marital status and relationships, financial
conditions, social media profiles, property
records, and even your relatives.
You would be shocked if you ever saw a
comprehensive intelligence analysis report on

3. monitor our online activities, you should also watch
out for those who decide to investigate you and
your company for whatever reason.
yourself, especially if it was drawn up by an
expert with detailed psychological profiling
and a list of your frequently visited locations
obtained from your smartphone GPS.
Protecting Your Digital Privacy
Now that we have “framed the picture” for you,
hopefully you can be motivated and realize it is
time to start protecting your digital privacy. So
let's start with your communications infrastructure
and online footprint.
Encrypt Your Email - Stop using Gmail or Office
365 as your personal and professional email
hosting provider. Anything and everything you
type will be mined by either companies and both
have arrangements with different law
enforcement and intelligence agencies. In short,
your emails are an open book. A far safer
alternative would be ProtonMail. The developer
is based in Switzerland where some of the
world’s strongest digital privacy protections are
enshrined in their law. Their state-of-the-art
technology allows you to simply encrypt your
emails. You can use your own custom domains
for your email address. By default, anything any
employee in your organization sends to one
another will be encrypted. It is easy to also
encrypt emails you send to people outside of
your organization.
Encrypting your emails is a vital first step to
protecting your digital privacy and ensuring that
no third party will ever have access to them,
either in transit or at rest.
Encrypt Your IM/Voice
If you are currently using IM applications like
WhatsApp, FB Messenger or similar then you’d
better stop. Just like email hosting providers, these
applications are mined for data. Your messages
are obtainable via court orders should the
authorities want to read them. It is far more secure
to use a privacy orientated IM application
like Signal or Threema. We
recommend Threema for the the same reason as
ProtonMail because it is based in Switzerland. It
does not require a phone number to sign up for use
nor requires synchronisation of contacts, which is
essential for protecting the identity of you and your
contacts.
As a rule, any voice or text-based conversation
that you want to keep anonymous should be done
on these encrypted platforms to retain your
digital privacy.
Use Different Devices
Many of us use the same device for personal and

4. Secure Your Online Activity
If you are currently using browsers like Chrome
or Edge, then you should stop and assume that
everything you have done on these browsers has
been tracked and recorded.
A more secure alternative, one that contains a
whole host of privacy options, is Mozilla
Firefox. Firefox is an open source browser with a
very good track record regarding user privacy
protection. For a bit of fun, once you have
installed Firefox, test it with the Panopticlick
service from the Electronic Frontier Foundation, it
will tell you how trackable your browser is. You
can compare the results when you test again
after the following steps.
Make sure you secure your Firefox browsing
by configuring the privacy settings properly and
then installing privacy plugins
like NoScript, PrivacyBadger, CookieAutoDelete
and HTTPSeverywhere. It is worth spending a
little time familiarizing yourself with these plugins
and understanding how they protect you from
tracking cookies, pixels, code and anything else
that wants to monitor your online activities.
If you really want to surf the internet in a
completely anonymous way, use browsers
like TorBrowser, to completely dissociate and
isolate your web-browsing from your local
device. This is by far the best way to avoid being
professional affairs out of convenience, but such
convenience could potentially hurt your
privacy. By completely separating your
professional and personal affairs with different
devices, then if a hacker infiltrates one of your
devices, he/she does not have the keys to the
rest of your life. Segmentation of tasks between
devices will help you maintain your digital
privacy. If you are especially paranoid about
privacy, use one set of devices for work and
another set for your private life. Placing a
physical air-gap between them gives you the
ability to lock them down individually.
If you can only use just one laptop or phone, at
the very least use a remote browser for web-
browsing, or install a virtual machine using the
open-source VirtualBox hypervisor. It will let you
setup a virtually separate version of Windows OS
(or any other operating system) on the same
machine. Then you can use that virtual machine
for professional affairs, encrypt and lock it down
properly when you are done. You can then shift
to use the same machine for personal matters.
Check out this interesting article of Hackers
Breach Thousands of Security Cameras,
Exposing Tesla, Jails, Hospitals.
Similarly, how are gaming businesses in Macau
prepared to secure their IT infrastructure in
case of a breach. Can hackers extract the
usernames and passwords of security camera
and take complete control? If you decide
today to take the first step in securing your
digital privacy, it will make it a lot harder for
anyone to gather data on you and use it against
you or your business.

5. tracked through your browser.
How can OMNIRISC assist you...
If you have any questions or wish to perform a
thorough vulnerability and penetration test to
secure your organization from cyberattacks or the
like, please do let us know by email
to info@omnirisc.com
Guise Bule is the founder of secjuice, a non-profit and volunteer-led private members writing club focused on
cybersecurity, information security, network security, social engineering and open source intelligence
(OSINT). He is also the co-founder of WEBGAP, a remote browser isolation cybersecurity start up focused on
cyber defence.
Copyright ©2021, OMNIRISC SECURITY SERVCE (MACAO) LTD, All rights reserved.
26 Avenida De Marciano Baptista
Chong Fok Comercial Centre, 13/H, Macau
Our mailing address is:
info@omnirisc.com
Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.