How would you like to know if someone was going through your files or emails?
Security is sadly lacking not just for end users but for many businesses as well. Even worse, it isn’t for lack of money but for lack of knowledge in how to protect yourself. We’ve talked about antivirus in the past (please oh please use it) and we’ve gone over how to detect and avoid malware, but today we’re going to show you something new: let’s check out laying “tripwires” in your files and your emails to know right away if someone is going through your data.
First off, a shout-out to Station X
Station X has been a leading provider of cyber security services to companies of all sizes worldwide since 1996. Nathan House, CEO/Founder of Station X, set up the system we’ll be looking at today as a free service for individuals and companies to aid in the pursuit of better security. (He also has some awesome courses covering basic to advanced cybersecurity concepts over at Udemy!)
Now then, let’s take a quick look at what we’ll cover
(no TLDR here. This is important)
You read that correctly. This is 100% free and set up as a service for you. And better yet, unlike most “free” things, this one actually functions very well.
Better security than exists for most small businesses (and some of the larger ones too…). Be alerted as soon as any of your traps are sprung.
Peace of Mind
It’s hard to put a price on knowing that your data is secure. Of course, nothing is 100% but this goes a long way towards letting you know if anything is amiss.
What on earth is a canary token? Good question. A canary token is the “tripwire” we’ve been referencing. Think of it like a house’s alarm system. A burglar might not know which houses have alarms and which do not. When they enter a protected home, the alarm goes off and the owner is notified. Yes, the burglar could still cause damage but you can now proactively react to protect yourself. These tokens work the same way. Placed into files or emails, they protect you with alerts as soon as someone tries to access them.
Now that you have an idea what these tokens are, let’s look at how they work. This is where it gets a little more complicated. These tokens are a little piece of information that link to a specific website but are embedded into a file or email (like when you get an email and have to hit “load images” to see what pictures are within the email). Those images aren’t stored in the email but on remote web pages. In this case, a server is set to watch for the token website and report to you when a computer tries to access it. You get an immediate email telling you which token was activated and by which IP address. Neat!
Let’s Get Started
Worried this might be difficult? Don’t be! It’s quite simple and we’ll walk you through each step of the way. The button below will get you to where you generate the tokens. Read on to see how easy it is to use them!
Step 1: Hit the “start creating tokens” button (and note the info below the button to see what hackers are actually looking for).
Step 2: Enter the email address you want notifications to go to and a memo for where you are using that token (ex: “my computer” or “personal email”). Leave DNS/HTTP as your selected option.
Step 3: Download the correct token for your needs (generally either a word/pdf file or a web bug). See below on implementing these tokens.
OK, you’ve gone through step 2 and now you’re looking at the screen pictured on the right (all images in this example can be clicked on to enlarge). As we mentioned earlier, the options you will want are going to be “web bugs,” “MS Word,” or “Acrobat Reader PDF.” Word/PDF is for generating files with tokens while web bug applies to emails. Just a note, if you put the bug in the same email which gets the alert, whoever is in your email will see the alert as well. And obviously, there are many more options here as these tokens have more use than just this but that is outside the scope of this Article.
Let’s start with Word/PDF files. Select either option from that list and hit download. You’ll see the file downloads with a random file name. Go ahead and rename this to something enticing (for example: my passwords). Now, open that download and stick some fake information into the file for the hacker to think is useful and search for. After all, the longer they spend there, the less time they spend with legitimate files. Note that you just got a notification for opening the file. It’s working! You’ll get a notification every time the file is opened; it isn’t a one-time trap. See an example alert to the left. Want to know where that IP goes to? You can trace it here.
Emails are a little more difficult but still not too bad. Our example here is based on Outlook but the steps should be similar for other mail clients. The first thing you’ll need to do is select “web bug” and copy that URL. Now, pull up your mail client and create a new email to whichever address you want protected. Again, fill the email with fake information. Toss that link in somewhere for good measure. To actually “tripwire” the email, you’ll need to insert the link as an invisible image. On Outlook, this is done by going to the insert tab and selecting picture. Paste the URL into the filename field and then hit the arrow next to the insert button and select “link to file.” Now, when someone opens the email, their computer will try to load that invisible picture automatically and you’ll be alerted.
And there you have it. A free, simple tool which provides an impressive new layer of security to protect what’s important to you and the peace of mind that accompanies that. Just think about those large companies you’ve seen in news stories stating they only now found out they were breached a year ago. Had they only implemented this simple safeguard, they could have stopped the damage right away. But now you have the power and knowledge to safeguard your files and in so doing will have greater protection than many corporations.
Time to Start Generating Your Own Tokens!
Questions? Comments? Let us know below!
Need help getting set up with these tokens? Contact Us
And again, a big thanks to Station X for providing this service.
*We will never spam you or share/sell your information. We take privacy seriously and are providing these Articles 100% for you.*