editione1.0.0
Updated October 9, 2023Your devices carry an inherent security risk themselves. That risk can also change depending on their environment. Risk is like a temperature scale. For example, if you are logging into your PayPal account to check your recent incoming payments, the risk goes from cold to hot in these situations:
Using your desktop computer at home (cold, lowest risk)
Using your mobile device on a partially full train (cool, low risk)
Using your mobile device on a crowded, elbow-to-elbow train (warm, moderate risk)
Using your laptop on public wifi at a cafe (warm, moderate risk)
Using a public computer at the library (hot, highest risk)
Figure: Environment affects risk.
important Your devices have a worth far beyond the monetary value of the hardware itself. A device is as valuable as the data it holds or can access. For example, a laptop may hold copies of your social security number and passport, or copies of business IP and code bases. Just as important are the passwords you have saved to browsers or accounts where you kept yourself logged in. If you don’t wipe the data from your old devices, a future owner may gain access to all this information.
Figure: How you use and share devices affects risk.
How and where you use your devices also matter. List out which devices you use most often to access your data and accounts, and how they move around with you.
exampleCommon scenarios:
Scenario: You have a mobile phone and laptop that are practically glued to you. You use these for both personal and business use, and are logged into a number of personal and business accounts. Or you have even more mobile devices, phones, and tablets!
Scenario: You have a device that you let others in your house or family use. This might have been an old personal device, or might still be one you use to access personal or business accounts.
Scenario: You have a desktop computer that stays in your house or office.
Scenario: You work from public or community spaces often with your mobile devices, like cafes, libraries, or coworking spaces. Occasionally, you might even use the public library or hotel business center computer for printing documents or accessing your accounts.
Scenario: You have an old device and want to sell it or give it to a friend.
There is value in impersonation. As an individual, a business owner, or a decision maker, your voice carries weight. You are the person who can authorize changes, information disclosures, and transactions.
The two most common types of attacks you might face would be requests to your staff to transfer money to an attacker’s account, or requests to your phone provider to transfer your SIM to another phone. Once your SIM is transferred to another phone, password resets or two-step login prompts would go to an attacker’s phone rather than yours. Such attacks are becoming more expensive as we rely on SMS for verification on logins when making large payments.
In the physical world, identity is established through government-issued documentation, such as driver’s licenses, passports, and birth certificates. In the online world, our identities are inferred in the email addresses, usernames, and communication channels we use and share with others—WhatsApp, WeChat, Facebook Messenger, Signal, the examples are endless. You build trust with friends, staff, and business contacts through regular interactions using these digital identities, and they may not second guess any favors or questions that seem to come from you.