The Principle
The strongest encryption is useless if someone can physically access your device. Physical security is the foundation of all digital security.
Security Maxim
"If an attacker has physical access to your device, it's not your device anymore."
Device Protection
All Devices
- Enable full disk encryption
- Use strong passwords (not just PINs)
- Enable automatic screen lock
- Disable lock screen notifications
- Set up remote wipe capability
- Never leave devices unattended
Laptops
- Use Kensington lock in public
- Disable ports when not in use (USB, Thunderbolt)
- Cover webcam when not in use
- Use privacy screens in public
Travel Security
Border Searches
Devices can be searched at borders in many countries
Hotel WiFi
Often monitored, sometimes by state actors
Hotel Safe
Staff have master keys; not truly secure
Recommendations
- Travel with minimal, clean devices (travel laptop)
- Backup and wipe before travel, restore after
- Use hidden volumes (VeraCrypt)
- Know your rights (varies by country)
- Use VPN on all public networks
- Keep devices with you, not in checked bags
Environment Security
Camera Awareness
Know surveillance camera locations
AwarenessAudio Security
Smart devices can listen
HomeShoulder Surfing
Others watching your screen
PublicDumpster Diving
Shred sensitive documents
DisposalSecure Disposal
Documents
- Cross-cut shred all sensitive documents
- Burn extremely sensitive materials
Devices
- Secure erase before sale/disposal
- Physical destruction for highly sensitive devices
- Remove and destroy storage devices (SSD/HDD)
Duress Situations
Prepare for situations where you may be forced to unlock devices:
- Use hidden volumes with decoy data
- Set up duress passwords (erase on entry)
- Know your legal rights (varies by jurisdiction)
- Consider: password beats biometrics (can't be compelled in some places)
Legal Note: Laws regarding compelled decryption vary greatly. Consult a lawyer for your specific jurisdiction.