Skip to main content

Reducing Your Personal Attack Surface

February 11, 2016

Many of us are consumers of technology, I would consider myself in the upper echelon of this group. I own multiple laptops, desktops, servers, cloud-based workstations, tablets, mobile devices, smart fashionware and social media accounts, to name a few. But, with this enthusiasm and love for the newest gadget or tool to stay connected comes a new risk – one that organizations have been fighting for years, and the consumer is starting to face. This is the risk of your personal attack surface.

An attack surface is the area where an unauthorized user can enter or extract data from the environment. This could be a targeted attack by an individual or a group, or a random attack where the adversary is hoping to get lucky and find some information they can use to their benefit.

It would be great if we all could operate in stealth mode and have no attack surface for malicious actors to exploit, but, unfortunately, it is impossible to completely eliminate the chance of an attack. The good news is there are some ways to reduce your personal attack surface, making your information much harder to exploit.

  1. If you’re not using an application, remove it. The other day I was playing a game on my tablet and thought about an email I needed to send. I jumped over to my phone and sent it off. Afterwards I thought, “Why didn’t I just send that from my tablet?" I had it right in my hands. The truth was I had not used email on my tablet for a few weeks. In fact I found it was kind of annoying once I thought about it. I realized I had loaded email and calendaring on my device for convenience and really did not need it. Not all of us are in this situation, but I would suspect many of us have applications on our devices we never use.
  2. Turn off tracking information. I boarded a plane a few weeks ago, and when we were taking off proceeded to put my devices in airplane mode. When I did this my smart watch app mentioned it needed to be on to sync. What popped in my mind was, “Do I really need to be a beacon for tracking?” Information on where I am, or where I am not could be used against me by an attacker that could find it opportune to know that I am 1,000 miles away from my home at the moment.
  3. Use privacy settings and tools. There are many privacy setting in your mobile devices, operating systems and applications you use. Make sure you try to understand those settings. These can include locking screens, limiting the amount of information applications make public, or even using physical tools like a privacy screen for your laptop or mobile device. You never know who may be looking over your shoulder.
  4. Enable two-factor authentication or two-step verification. I still am surprised when I find an application or system that does not support two-factor authentication or two-step verification. Sometimes this may be a setting that you have to enable yourself, which I would highly recommend. It is a good idea to have two separate components to verify your identification and provide one more hurdle for attackers.

The above is a short list of the ways individuals can reduce their device’s attack surface. I encourage you to share your experiences where you realized your attack surface was unnecessarily large and what you did to reduce it. I look forward to reading your comments below.

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

March 22, 2018

Intelligence Bulletin – MinionGhost Reemerges

At approximately 9:30am EDT on 20 March 2018, hacktivist collective, MinionGhost, announced planned cyber attacks against unspecified Asian entities. ...

See Details

February 07, 2018

Intelligence Bulletin – When Cryptomining Attacks

Optiv has seen a continuation of attacks based off the usage of CryptoNight miner, in this case likely mining Monero cryptocurrency for the attackers....

See Details

January 12, 2018

Regarding Spectre and Meltdown

On January 3, 2018, the Graz University of Technology released their papers on identified vulnerabilities dubbed “Meltdown” and “Spectre” via the webs...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


July 14, 2017

Endpoint Security Solutions

Learn how we help you identify your endpoint security gaps and find the right solutions.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.