[ricg]

For those who scan and file digitally:

Are you worried about data security/malware at all? How do you protect your data?

Maybe I listened to too many Darknet Diaries episodes, but recently I've been thinking more about how to protect my personal digital documents. All it takes is one bad link or fishing email. Once a virus/trojan/ransomware is on the system, the attacker has a lot of leverage with everything scanned and neatly filed.

My idea is to use a separate laptop for archiving digital documents that is never connected to the Internet. Still a thought experiment at this point so I can't speak to the practicality (backups, etc.) of this yet.

[tjansen]

> Are you worried about data security/malware at all?

Not really. I scan everything I get on paper, and put everything on Google Drive.

But it would be quite a lot of effort to dig through my hundreds (thousands?) of PDF documents that I have on that drive, and to find something that can actually be exploited and is worth more than what an attacker could get by just having access to my computer. An attacker can get my credit card numbers when I shop online, access to bank accounts when I am using online banking, get all my tax data when I file income taxes... I think that's far worse than anything that can be found on my Google Drive.

So I think having a separate laptop is overkill, unless you have something that's really more at risk than the data on the internet-connected computer.

[ricg]

> what an attacker could get by just having access to my computer

That's what I was referring to. Let's assume you store your scanned PDFs on your personal laptop and that gets compromised. Now the attacker has your medical history, tax and bank statements, contracts, ... your whole life to pick and choose the ransom amount.

I'm getting more and more to the conclusion that if you do not want something to be published on the Internet, do not put it on an Internet-connected device, smartphone or laptop -- or put the other way around: "expect anything that you keep on an Internet connected device (or cloud) to be potentially stolen from you". Too paranoid?

[tjansen]

> Now the attacker has your medical history, tax and bank statements, contracts, ... your whole life to pick and choose the ransom amount.

But can't the attacker get most of that even without your PDFs? If the attacker can get access to my computer, the attacker can directly log into my bank account, access my insurance contracts... there is no need to access the PDFs, you can get most of the stuff directly by logging into the right site (or intercepting the session while I am logging in).

[bosie]

If an attacker has access to your computer, he should not be able to directly log into your bank account or insurance contracts. For me, both of those logins require the attacker having access to my 1Password account AND somehow have access to my phone (2fa). Please rethink your strategy if an attacker having access to your computer equals having access to your digital life.

[tjansen]

If the attacker is on your computer, he can access your bank account while you are being logged in (and possibly after that, if he disabled the logoff). He just needs to copy your session cookies and use your computer as proxy to use your IP address. 2FA doesn't really help in that scenario.

2FA 'only' prevents attackers from breaking in without having access to your computer, and you being logged in. If an action needs to be confirmed using 2FA (like a transfer of money), it can prevent this as well.

[ricg]

Well, the alternative would be to either not scan the documents at all and keep them in the basement as hardcopies or to scan them and protect them somehow (for example by keeping them on a device that is not connected to the Internet).

[softwarebeware]

VeraCrypt