Reducing Your Personal Attack Surface

By James Robinson ·

Many of us are consumers of technology, I would consider myself in the upper echelon of this group. I own multiple laptops, desktops, servers, cloud-based workstations, tablets, mobile devices, smart fashionware and social media accounts, to name a few. But, with this enthusiasm and love for the newest gadget or tool to stay connected comes a new risk – one that organizations have been fighting for years, and the consumer is starting to face. This is the risk of your personal attack surface. 

An attack surface is the area where an unauthorized user can enter or extract data from the environment. This could be a targeted attack by an individual or a group, or a random attack where the adversary is hoping to get lucky and find some information they can use to their benefit. 

It would be great if we all could operate in stealth mode and have no attack surface for malicious actors to exploit, but, unfortunately, it is impossible to completely eliminate the chance of an attack. The good news is there are some ways to reduce your personal attack surface, making your information much harder to exploit. 

  1. If you’re not using an application, remove it. The other day I was playing a game on my tablet and thought about an email I needed to send. I jumped over to my phone and sent it off.  Afterwards I thought, “Why didn’t I just send that from my tablet?" I had it right in my hands. The truth was I had not used email on my tablet for a few weeks. In fact I found it was kind of annoying once I thought about it. I realized I had loaded email and calendaring on my device for convenience and really did not need it. Not all of us are in this situation, but I would suspect many of us have applications on our devices we never use.
  2. Turn off tracking information. I boarded a plane a few weeks ago, and when we were taking off proceeded to put my devices in airplane mode. When I did this my smart watch app mentioned it needed to be on to sync. What popped in my mind was, “Do I really need to be a beacon for tracking?” Information on where I am, or where I am not could be used against me by an attacker that could find it opportune to know that I am 1,000 miles away from my home at the moment. 
  3. Use privacy settings and tools. There are many privacy setting in your mobile devices, operating systems and applications you use. Make sure you try to understand those settings. These can include locking screens, limiting the amount of information applications make public, or even using physical tools like a privacy screen for your laptop or mobile device. You never know who may be looking over your shoulder. 
  4. Enable two-factor authentication or two-step verification. I still am surprised when I find an application or system that does not support two-factor authentication or two-step verification. Sometimes this may be a setting that you have to enable yourself, which I would highly recommend. It is a good idea to have two separate components to verify your identification and provide one more hurdle for attackers.  

The above is a short list of the ways individuals can reduce their device’s attack surface. I encourage you to share your experiences where you realized your attack surface was unnecessarily large and what you did to reduce it. I look forward to reading your comments below.

James Robinson

Vice President, Third-Party Risk Management

As vice president, third-party risk management, Robinson oversees Optiv’s Third-Party Risk Management practice which includes the development and operations of TPRM-as-a-Service and Evantix. During his tenure at Optiv, he has worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. He also develops and delivers a comprehensive suite of strategic services and solutions that help chief experience officer (CXO) executives evolve their security strategies through innovation.