Everyone cares about security

Posted on by Luke Kapustka

Why should you care about security? Don’t get me wrong, there are a million things going on in your life and this seems like yet another one to think about. I get it. I spend quite a bit of time thinking about this very topic, and I usually answer that question before you even ask! I like to answer this from different viewpoints because there is no one, best way to do it.

Success for me is helping someone avoid a loss or improving security habits. To raise the bar. To be proactive not reactive. I’ll give a quick overview of each role for now. Then, I’ll go into more detail later throughout the months on each of these roles.

1. Everyone

Life is hectic! Technology was the promise to make our lives easier, entertained, more informed, educated and safe. For the most part, it does this, yet technology comes with its own set of issues. This role also applies to many others following below. So why should you care about security?

Good habits like strong, difficult to guess, and unique passwords keep accounts secure. Keeping technology updated makes sure they’re less vulnerable to malware and the muck floating around on the internet. Learning about privacy keeps you and your family’s information safe. This information can be used against your reputation or to enrich someone else. Having a backup plan with computers, phones and other devices helps you get back to your routine with the least amount of stress. Knowing about popular scams helps you avoid being a victim, but no one person can know everything.

Time is valuable and we just want to plug something in, make it work, and move on. Technology is designed this way. There’s a deliberate effort to make things convenient at the expense of privacy and security. Think of the old saying “an ounce of prevention is worth a pound of cure.” The time you spend learning about protecting yourself is guaranteed to be less than the time you’ll spend cleaning up after a security disaster.

A few pointers:

  • Raise your guard if you see messages proclaiming that you must do something such as update an account, give some information, or whatever seems unnaturally urgent with a sense of doom if you don’t take immediate action.
  • Generally, when you choose something convenient it comes at a cost of security.
  • When you set up some shiny new “smart” device, computer, network camera, printer, etc., get to know it’s settings. Do it soon before you forget. Run the updates when you first set these things up, turn off feature you don’t need.
  • Keep an eye on your social media privacy settings. They change without you knowing and should be reviewed regularly.
  • If it’s free, YOU are the product. I’m not knocking Google. However, when you use certain web search or mapping, the information will better target ads to you and other creepy behavior.

2. Small and Medium Business

You’re busy growing your business, caring for customers, and making sure your people and products are in the right place at the right time. There’s no time to deal with downtime nor extra hassles. Why should you care about security?

Protecting your and your customer’s information is crucial in several ways. One breach of a payment system, customer database, or inventory tracking system can quickly destroy the trust customers put into your business. If you don’t disclose this event and it is eventually discovered (the truth always comes out), the legal and reputation impact will be worse. If you lose utilities, how will you care for your employees, customers, or simply be able to run the business? These are all issues we deal with in an information security world.

Some takeaways:

  • Take the time to understand all of your assets. The building, inventory, people, data, intellectual property, reputation, and more. How can these things be affected?
  • If you, like many businesses, are moving to cloud services. Read the contracts and terms. Be crystal clear on what your responsibilities are in protecting your data and applications.
  • Don’t take the “it won’t happen to me” attitude. Small businesses fall into hackers’ sweet spot. They have more assets to target than an individual consumer. Meanwhile, they have less security than a larger organization.

3. Employee

At work, we often receive a high-intensity on-boarding training when we start with a company. Then, every year, there’s a security awareness training. In between, there’s little or no mention of security. At work, we have an incentive to meet goals and get results. That’s what we’re paid for, right? This sometimes creates a conflict: if security takes longer, slows us down, or somehow gets in the way… employees will find a workaround, policy or not. Why should employees care about security?

For many of the same reasons as a small and medium business, trust is at the foundation of the customer relationship. After a breach, most consumers says they will choose not to do business with the victim company. Security can be embedded into value chain and viewed as a customer-winning requirement, not a cost. Some of the huge breaches we see in the news are caused by someone’s mistake. Maybe training or technology could have saved them, maybe not.

What you can do:

  • Awareness is changing a culture. Do your part by being a good example. Take the moral high ground when ethical situations come up.
  • Take that extra minute to protect your customer (internal or external) and your company. It’s easier than you might think to justify this: it’s for THEIR protection and benefit!
  • Security shouldn’t feel like it gets in the way of productivity. Some process is broken if this is happening. Be the voice of change when that happens.

4. Parents and Students

Education is absolutely centered around technology. Outside of class, technology keeps students connected, it extends the education outside of the class, it keeps everyone on schedule, and entertained for some downtime. In my county, third grader (and higher) are assigned a Chromebook. Most kids have a phone by the time they’re in middle school. Google and the internet are a central part of life. Why should you care about security?

Today’s student is experiencing the riches and risks of the internet at an earlier age than other generations have. The saying “don’t talk to strangers” can be great advice, but it breaks down in our age of global collaboration. For better and worse, the device in your hand or on your desk . Unlike the physical world; posting something to the internet, a message, a picture, video or anything else will last FOREVER. These can be a huge, and kids bearing these consequences is a byproduct of our technologies. A hateful statement, in the heat of the moment, posted to social media by a youth can haunt them later in their adult life. That can certainly include the fallout from sexting and cyberbullying.

The parents have more to think about as well. Monitoring multiple technologies (computers, phones, tablets, etc.) adds to the challenge. Technology is advancing every day and sticking our head in the sand hoping (or ignoring) bad things will go away isn’t going to end well.

Some ideas for you:

  • As a student, open up to your parents about the challenges you face. If they won’t listen, find a trusted adult who will. As a parent, be open to listen to these things without judgment or minimizing. If you don’t listen, there’s a good chance a child predator will.
  • Learn about setting in your apps. Turn off setting that don’t make sense or that you don’t need. Does a game app really need to know your location or contacts?
  • When using a school-owned computer system or network (or Chromebook at home), know that everything you do is monitored. Creepy or not, it’s the school’s right to protect these things from inappropriate content or unnecessary risks. It’s easy to go too far by browsing to very inappropriate sites. Saying “I didn’t know” won’t fly.
luke@lukekapustka.com

Copyright © 2024 Luke Kapustka, all rights reserved

Zerif Lite developed by ThemeIsle