internet security concerns

[Deleted]

How would you react if someone who was absolutely not part of an online conversation quoted verbatim from a document that you and only a few others had shared with one another online?  I was sorta freaked (OK I am lying, major totally freaked) but not totally surprised.  What is the best way to establish totally secure phone/text/email communications?  Yeah, I know nothing is "totally secure" but what is the closest to that in our real, non-James Bond world?  Desktop has been swept and has all current protections; IPhone and IPad being swept this weekend.  For professional reasons, I must maintain online communication with the website and individual I/we suspect are at the root of this.  

I can certainly set up an alternative email and maybe get a throw-down, pay-as-you-go phone but where does that leave me and others long-term?

TIA and Happy Turkey Day!

[moon/Laura]

I would say that it's more likely someone shared it with the person, rather than them accessing it some other way. In other words, a privacy issue instead of security.

Is there a reason you think that it obtained by some nefarious means?

[Deleted]

Is it a collaborative document so that no one of you has the complete text of what is being shared verbatim?  Because if it is an individual document that could reside on any one of the group's computers and one of those was what was hacked (instead of the webiste), the security issue sounds like it could be a leak anywhere.

Is it a work document?  Can the IT dept there help you?  I ask our IT dept. anything, and they try to help me whether it is school related or not.  They don't spend a lot of TIME trying to help me, but they give me tips on where to start to solve my problem.

Does the document have financial or professional value?  Or are you just freaked that someone is quoting something that they shouldn't have access to?  Don't get me wrong; that would freak me, too.  But it wouldn't qualify as espionage.

Good luck in solving this problem.  

[Deleted]

Yes, there is a reason b/c the person who obtained it is a very vocal and aggressive enemy of those who shared it legally.  And a desperately struggling candidate in a heated political run-off with early balloting beginning next week.  

[ArchietheDragon]

Wrap your phone in tin foil right now unplug your internet. Go to the basement. They are coming. Be ready

[Deleted]

Nov 25, 2015 22:08:17 GMT -5 @bamafan1954 said:

Is it a collaborative document so that no one of you has the complete text of what is being shared verbatim?  Because if it is an individual document that could reside on any one of the group's computers and one of those was what was hacked (instead of the webiste), the security issue sounds like it could be a leak anywhere.

Is it a work document?  Can the IT dept there help you?  I ask our IT dept. anything, and they try to help me whether it is school related or not.  They don't spend a lot of TIME trying to help me, but they give me tips on where to start to solve my problem.

Does the document have financial or professional value?  Or are you just freaked that someone is quoting something that they shouldn't have access to?  Don't get me wrong; that would freak me, too.  But it wouldn't qualify as espionage.

Good luck in solving this problem.  

Not a collaborative doc, just an attachment on personal email shared between 4 people. 

Not work related so no IT dept; no financial or professional value; part of a really ugly local political campaign.  

I am freaked out b/c this attachment was part of a private email conversation between 4 community volunteers.  

I am just seeking the best way to have truly private communications via phone/text/email b/c it's obvious that home-based email in our volunteer group ain't working so well.

[moon/Laura]

I still don't see why you're convinced the person hacked it somehow. Hacking simply isn't that easy, after all.

[Deleted]

Nov 25, 2015 22:11:54 GMT -5 ArchietheDragon said:

Wrap your phone in tin foil right now unplug your internet. Go to the basement. They are coming. Be ready

And I am sending them to your house first, Archie!  So eat your turkey really early before they get there.  

[Deleted]

Nov 25, 2015 22:20:22 GMT -5 moon/Laura said:

I still don't see why you're convinced the person hacked it somehow. Hacking simply isn't that easy, after all.

Perhaps I phrased my OP poorly.  My core question was how can one best protect one's email, phone conversations and texts from an intelligent, highly motivated and aggressive hacker? 

[mmhmm]

There isn't much sure privacy on the internet. That said, I'd be more suspicious of this having been shared than having been hacked. As moonbeam said, it's not that easy.

[ArchietheDragon]

Don't make your email password 1234

[Tiny]

I'm with moombeam on this... that some stranger or semi-stranger didn't 'hack' into your network or email or phone.

This most likely isn't an "internet security" issue - I'd guess one of two things:
1.) someone shared the document (a printed copy or a forwarded electronic copy).  And that's how it got out.    Someone may have unintentionally shared a printed document - when they tossed it in the recycle bin... or left it on their desk. 

OR

2.) If everyone was being strictly confidential - then it's possible that someone left their PC/Laptop/phone unattended and unlocked and someone walked over and helped themselves to the document. If that's the case they may have known ahead of time what to look for - versus just randomly wilfing around hoping to find something juicy.

Where I work (with tons of confidential electronic stuff) we are constantly reminded that all the "security" in the world won't protect the confidential stuff if someone walks away from their desktop without locking their computer (or laptop, or phone, or not having a password protected thumbdrive).   We are discouraged from leaving paperwork on our desks -- we have cabinets/drawers that lock for stuff.  We also have locked shred boxes for when paperwork is to be thrown out.  the computer security people will also accecpt various media to either shred (disks) or destroy (external harddrives -- ok, maybe they just wipe and reformat those not sure).

[mmhmm]

Nov 25, 2015 22:32:05 GMT -5 @donethat said:

Nov 25, 2015 22:20:22 GMT -5 moon/Laura said:

I still don't see why you're convinced the person hacked it somehow. Hacking simply isn't that easy, after all.

Perhaps I phrased my OP poorly.  My core question was how can one best protect one's email, phone conversations and texts from an intelligent, highly motivated and aggressive hacker? 

The vast majority of the time, these things aren't hacked. They're cracked. Somebody gets the password. The best protection is long, very complicated passwords made up of caps, small letters, and special symbols.

[Tiny]

Nov 25, 2015 22:32:05 GMT -5 @donethat said:

Nov 25, 2015 22:20:22 GMT -5 moon/Laura said:

I still don't see why you're convinced the person hacked it somehow. Hacking simply isn't that easy, after all.

Perhaps I phrased my OP poorly.  My core question was how can one best protect one's email, phone conversations and texts from an intelligent, highly motivated and aggressive hacker? 

Use really good passwords (longer than 8 characters - use upper and lower case and numbers and special characters if allowed).  Change your passwords regularly.  

ALWAYS lock your computer when stepping away.   Always lock your phone.  Password protect external drives (like thumbdrives).      Most thefts are "thefts of opportunity" - versus a Mission Impossible "must get specific info" kind of thing.

Don't share your passwords.   Try not to have the computers you work on  allow "auto sign in" to applications - like facebook, email, etc...

As for phone conversations - that's a bit outside my ken.  I  know corporate phone buffers collect all sorts of info about calls - but they don't record conversations. 

I would think the number of people interested in what you are trying to keep confidential is limited.... so you need to protect against opportunities to steal - versus someone doing a concerted effort to 'break in'.

[NoNamePerson]

Post it here on YM and within three post it will be buried with OT stuff and we pEEps going off the rails. Hell, no one will find it then    

[mmhmm]

Actually, if @donethat wishes to do so, she could create a ProBoards forum for these discussions. It would be possible to require registration before the board could be read (there are several ways of doing this) so only those who are acceptable could read anything posted there. The forums are easy to create and don't have to be fancy for this purpose. If the OP chooses to do this, I'd be happy to help make the board as secure as possible. Excellent passwords would still be required. If you really care about security, that's always a must.

[NoNamePerson]

Are you saying the Boards are hack proof!!!       I know you know my post was tongue in cheek   

[mmhmm]

Nov 26, 2015 8:58:52 GMT -5 NoNamePerson said:

Are you saying the Boards are hack proof!!!       I know you know my post was tongue in cheek   

ProBoards forums are about as hackproof as one can get, NNP. These guys know what they're doing! Making all participants staff and putting the board in Maintenance Mode will make it virtually invisible. As I said, there are several ways to "lock down" a forum. I do realize you were kidding with your post; however, this is a way for the OP to involve others in a conversation the participants can feel confident will remain secure - unless one of the participants is a "mole." 

[Opti]

Nov 25, 2015 22:11:13 GMT -5 @donethat said:

Yes, there is a reason b/c the person who obtained it is a very vocal and aggressive enemy of those who shared it legally.  And a desperately struggling candidate in a heated political run-off with early balloting beginning next week.  

Are you certain none of the people who had the doc have been bribed by the other side? Or folks who have access to the devices these people use? I'd think physical access planned or unplanned is more likely than a hacker. FWIW.

[Deleted]

Update time!  Yes, it was traced back to a print copy on a table in a meeting and that's OK. The real concern was not the info which was not inherently secret; it was the possibility that other seriously confidential stuff including personnel salary negotiations, contract bids, etc. might be at risk going forward. 

The idea of a Proboard Forum is really interesting.  That would be a very functional way for 15-20 people to discuss a wide range of topics relevant to our organization.  I am a big transparency advocate and dislike private email or text convos among sub-groups on most issues. In any volunteer group, some people are more aware/involved than others but an online forum would give anyone the ability and opportunity to participate in group discussions to the extent they want to.  No more, "I didn't get cc'd on that email"; if you don't have time, interest or online savvy, well there you are.  

We are not subject to open meetings or open records law so online convos would not be a violation of anything.  And I am very satisfied with the security protocols in place here.  Sadly, my concerns don't lie with the outside world but with former directors and officers    I believe a ProBoards forum provides the capability to instantly shut off access to an individual when their term of office expires and they are no longer a valid part of the conversation.

You folks rock!  I know I can always come here for real-time, real world feedback and solutions.  And monitor-replacing laughter on some threads.  I'm off to YMOT!