High-profile executives, billionaires and media tycoons often employ the best technology, services and consultants to keep their private conversations private.
Jeff Bezos is all three of these, and even he apparently fell victim to stolen private text messages.
Bezos and his wife Mackenzie announced on Wednesday that they are divorcing after 25 years of marriage. A bit later, the National Enquirer published private text messages it claims Bezos sent to Lauren Sanchez, whom he’s reportedly been in a relationship with.
Amazon has not commented on the story except to tell CNBC, “Jeff remains focused on and engaged in all aspects of Amazon.”
Bezos didn’t need to have his private messages exposed. For too long, secure texting has been regarded as something “shady” that should invite suspicion. But it’s got plenty of uses: Sharing confidential business plans, responding to breaches and — indeed — expressing private affection for your loved ones.
With this in mind, I’ve compiled a list of suggestions so that you can keep private messages more secure.
Modern secure messaging applications offer many features that can prevent the leak of private data into malicious hands, from multiple angles.
Signal and Wickr are two of my favorites. I also have occasionally used WhatsApp for contacts who only have this option, but with an asterisk because it’s owned by Facebook, and I don’t like the fact that the application shares even a little bit of information with the social media giant. Even WhatsApp’s co-founder has questioned this practice.
All three of these use end-to-end encryption, which means the messages are encrypted even when sent over open channels like public WiFi. They are only readable between the two parties sending them.
Signal and Wickr provide particularly good options for controlling when your messages “disappear” and are discarded. I’ve been particularly impressed with Wickr’s “secure shredder” function that constantly works to overwrite even remnants of deleted data.
Having a cloud backup service can also mess with the effectiveness of these apps’ abilities to truly delete your messages permanently, so you may need to tweak your cloud settings.
These applications are only as good as the password on your device. First, make sure you have one, otherwise anyone who gets your phone can easily see any remaining messages in your messaging applications easily.
Second, avoid using the security login function that requires you to draw a familiar shape. Because while you might not realize it, constantly swiping in a triangle formation has probably left a faint, triangle-shaped smudge on your phone that anyone can easily use to open it. Watch those numbers-based passwords, too — don’t pull a Kanye and make your password “000000.”
Third, even though it’s kind of a hassle, it’s a good idea to enable a password on your secure messaging app in addition to your phone’s main login password. That way, in case someone is able to break into your phone, they still won’t be able to access your messaging application or any saved messages. (All the secure apps mentioned here let you set a password.)
The security of your messages is only as good as the security of the person you’re texting with.
Having a secure messaging application helps because it forces the other person to download the secure app. It also gives you the control of setting a deletion period, which effectively deletes the message permanently from both of your devices, so you don’t have to worry about someone else carrying around your sensitive conversations.
Another strategy — don’t laugh — is using code words. It might sound like a silly endeavor, but it’s actually a low-tech and practical solution that’s often used by cybersecurity professionals themselves.
Cyber pros do this when they’re exchanging sensitive information in the early days of a data breach, so they can avoid tipping off any criminals who may be active on their networks while they are investigating. In fact, the practice is actually codified in the National Institute of Standards in Technology‘s guide for computer incident response. This is why you won’t see them throwing around terms like “breach,” “data loss,” and “hackers” during a breach — instead they’ll give these terms distinct names so they can easily text about it without raising too many red flags.
Having a few choice code words can cut down on everyone’s anxiety, and they can be applied to any sensitive personal or business interaction.
Back in 2016, some observers ridiculed Donald Trump’s suggestion that a cure for cyberattacks may be sending sensitive information by courier. But he was right.
Writing down your message and delivering it to someone else can still expose sensitive information, but it cuts down the data points and transit methods to only one. Data loss can only occur via a stiff breeze or errant bike messenger. You also don’t even have to sign your name.
Face-to-face conversations work well, too.
