The National Security Administration has been in the news a whole lot lately, and it's been a busy little snoop, spying on virtually every form of communication used by humankind. Those of us who care about our privacy—and small business security—can turn to good, strong open source tools to try to protect our information from snoops. Or at least make it harder for them to get it.
I'm not sure it is possible to foil the National Security Administration, because they have unlimited, unaccountable authority to spy wherever they please, to trade the data they collect with other government agencies, and to get unlimited data dumps of customer data directly from vendors and service providers such as Google, Apple, Facebook, Microsoft, and Verizon. It never hurts to try, though some experts think that trying to protect your communications marks you as suspicious.
At any rate, it's good to understand where your communications are vulnerable, and at the very least protect them from non-government thieves and snoops. All of your Internet activities pass through countless routers and servers, and admins at any of these stops can easily snoop on your data, and even make copies of it. Fortunately, you can stop this sort of nosiness cold.
Figure 1: Spying was more interesting when it involved Mata Hari instead of anonymous computer nerds.
Here are five open source security software tools to help you lock down your data and improve your small business security.
Open Source Email Encryption
People routinely expose all sorts of sensitive information by using unencrypted email, and I'm pretty sure that anyone who wants to exploit your sensitive data is not going to be deterred by those silly legal disclaimers that organizations like to stick in their email footers. You know the ones I'm talking about, they look something like this:
"This e-mail is intended for the addressee shown. It contains information that is confidential and protected from disclosure. Any reviews, dissemination or use of this transmission or its contents by persons or unauthorized employees of the intended organizations are strictly prohibited…blah blah, blah."
If you really want to protect your sensitive business emails, you must encrypt them. The good news: it's not hard to do. The best tool for this is GnuPG, which is the free-of-cost open source implementation of PGP, Pretty Good Privacy. PGP was invented by brainiac Phil Zimmerman way back in the early 1990s for protecting personal Internet communications.
PGP passed through several commercial ventures, and it is now owned by Symantec. The commercial version doesn't do anything the free version can't do, but you get support and nice management tools.
Encryption only protects the contents of your email and not the so-called metadata. This is the routing information, which cannot be encrypted because then it would be undeliverable, like blacking out the address on a paper letter. So any snoops rifling through your email transmissions will know who, where and when…but not what.
Open Source File Encryption
Is there anyone left out there who still doesn't encrypt their important files? How many laptops full of sensitive data are lost or stolen every day? How much information gets poached from servers and workstations? You're not protected if you have a login for your computer because all a thief has to do is remove the hard drive and then plunder it at will. The strongest protection is encrypting entire disk partitions with TrueCrypt, which is a brilliantly easy-to-use yet super-strong encryption program. Best of all, it's open source, it's top-of-the-line, and it's free.
The law requiring people to surrender their encryption keys to law enforcement is not settled, so practice your forgetful act, because if you forgot your super-long super-strong passphrase what are they going to go? Suck it out of your brain? And, TrueCrypt has a cool feature they call plausible deniability. You can hide entire partitions and operating systems so they are not visible to anyone who forces you to give them your password.