Hidden amidst the physical cleanup and repairs necessary after a mob of rioters stormed and occupied the US Capitol are significant cybersecurity concerns. At Wired, Lily Hay Newman writes about the cybersecurity implications of the invasion, explaining some of the breaches that happened and discussing others that could have happened if foreign intelligence agents piggybacked on the takeover.
Jake Williams, founder of Rendition Infosec, wasn’t surprised, noting, “You have to step back and realize that foreign intelligence could have looked at this and said, ‘Yeah, this is going to be an opportunity.’” Other experts commented on the massive amount of work needed to assess the damage and remediate or monitor any potentially compromised accounts, devices, and networks.
We should all take to heart the words of Kelvin Coleman, executive director of the National Cyber Security Alliance, who said, “Any time there’s a physical breach of a space, I automatically assume it was a digital compromise as well.”
After all, if someone’s going to break into your house, exposed data and account credentials may be more valuable than your personal belongings. For data protection, Apple’s FileVault drive encryption system, particularly when running on a Mac with a T2 security chip, guarantees that data cannot be extracted (iPhones and iPads are similarly protected). Turn it on in System Preferences > Security & Privacy > FileVault. Also, be sure to use a password manager like 1Password or LastPass instead of recording passwords in a physical notebook that could be stolen.