Digital technology and cloud services are so ubiquitous today we often take easy access to services for granted without considering our information security first. As we begin 2019, it’s time to start making more informed choices about security to prevent a data breach before it happens.
What are we not informed about?
Cheap and easy access to technology can’t be that bad, can it? Let’s take a cursory look at what many people are notinformed about when it comes to fancy devices and seemingly helpful services.
Some of the security choices we don’t know we are making are seen with cheap smartphones, voice assistants and lax practices such as using the same password for a multitude of cloud services.
Problems arise when malware steals data from your phone; voice assistants snoop on you and share conversations with marketers and law enforcement; and one password compromise leads to all your cloud services being accessed without your knowledge.
We don’t need to be paranoid about digital or shun it completely, we just need to be more aware of the choices we make and implications of them. By being better informed, we can avoid or mitigate security issues before it’s too late.
The ‘free’ illusion
If it sounds too good to be true it probably is, or so the saying goes.
A huge problem today is many people rely on ‘free’ IT services without considering the security implications.
Consider the free Wi-Fi conundrum. When people – including business people – travel overseas it is not uncommon for them to use a free Wi-Fi service operated by a hotel or coffee shop.
I know of one case where a traveller in an Asian country decided to connect to a free Wi-Fi service instead of a paid-for option. The problem was the “free” Wi-Fi was operated by criminal syndicate (access points can have exactly the same name) which siphoned all the network traffic from the person’s notebook stealing sensitive information.
If the person was better informed of the cost-risk equation for using free Wi-Fi then paying for a more trusted service would have been an easy choice. Is $10 per day a lot compared with a sensitive data breach? No, it isn’t.
There is another saying we should all think about when weighing up our security choices: “If the product is free then you are the product.”
Free services, including all our favourite social networks, do a good job of talking you into signing up to a free service and take that as an agreement to share your data.
They are trying to coerce you into not make a rational choice about your data security. Similar to when people choose to use the same passwords, they are not understanding what making that choice means. Handing over sensitive information to a social network can result in a lot more inconvenience to you rather than the provider.
Don’t throw in the towel
A question I’m often asked is why should I bother about security if even big companies are suffering from data breaches?
The same way we make choice to own care with airbag or alarm, being sure about the choices you make and the ramifications of them can go a long way to minimising harm. The companies offering online services understand we might not make the choice to use the service if we are properly informed, so it’s our right to protect our information wherever possible.
We also shouldn’t wait for government legislation to force companies to act. Australia now has data breach legislation, but there have already been cases where companies have not acted on the advice and been breached. For many companies, security can be a “tick in the box” for compliance reasons rather than keeping data safe.
In 2019 we need to be able to understand we are making sensible security choices and use technology and services to minimise our exposure.
People will still not keep things secure and, however astonishingly, will still be surprised when breaches happen or digital assistants start speaking out offers to you.
Resist as long as possible because it’s not fun when you’re the victim of a data breach.
Don’t wait until it’s too late to make better security choices. While we might never live in a world free from cyber attacks and the resulting fraud, making it all too easy for attackers only proliferates the problem.
About the author
Phil Kernick, Co-Founder and Chief Technology Officer at CQR Consulting