Non-Traditional Security in a Digital World
Cybersecurity is really the hot topic of the day. Issues related to it impact virtually all of us in both our personal and business lives. Barely a month goes by without a high-profile instance of a corporate firewall being breached with the theft of all kinds of personal and individual financial information – and this is only what we hear about. There are likely thousands of minor breaches, thefts of digital information and internet fraud going on daily. What is one to do, in either their personal or business world?
This may sound blasphemous, but the problem of internet security will never be solved “once and for all.” The battle between securing technology and those wanting to penetrate secure barriers will never end. Certainly, holes are being found and plugged but there is relentless activity going on by “the bad guys” looking for new ways of penetrating security systems. The back and forth battle is very analogous to the military’s problem of protecting tanks and anti-tank weapon systems. Each defensive measure leads to a new round of inventive countermeasures, and on and on without end.
Here are some thoughts about living in an insecure, cyber world:
1. Assume your information is NEVER secure on the internet
As individuals, there have been so many breaches of companies and government agencies, so you must assume the “bad guys” have access to anything they want to know about you or can get such access. If you have not been the victim of a fraud at this point, it is because the felons have access to virtually millions of accounts. On a random basis, they can’t leverage all the data they have. Also, consider the return on investment for the felon. It makes more sense to commit fraud against someone with lucrative accounts rather than someone who is highly leveraged. If the felons do not have access to your information, it is likely because it is not worth the effort to penetrate or leverage your accounts.
What is a person to do? I am reminded of the old saying that “a lock is there to keep an honest person honest.” Do the best you can with password control and multi-level authentication. Some of the newer implementations on mobile devices use biometrics. This can help but I suspect, that given enough resources and time, even these barriers can be broken.
2. Mobile and connected devices can be hacked
There was a recent case where an iPhone was recovered and the authorities wanted to access the content. Apple refused to provide access to the device. No problem. The FBI found another way to hack into the device. There is ALWAYS a way if the need is great enough. Cyclotrons used by the Iranian government for enrichment of uranium were hacked to self-destruct. High cost and high risk to hack these, but they are high value hacks.
So, why should I allow IoT sensing end points in my home? Think of risk reward. If your network is not being hacked to get in through your mobile devices, it is because the effort and time required to hack into your house is simply not worth it for the return. If it were, assume the “bad guys” will find a way in.
What is the strategy here? It is very similar to the prior example. Setup high level wireless security on your network. Change passwords periodically and make them hard to guess. Consider the source for your IoT devices. Is the manufacturer providing security and security updates? Is this foolproof? No but it will help “keep an honest person honest.” If a product unfortunately offers an easy “back door” into your network, realize that you may or may not be a victim of a fraud. Just because someone has the ability to penetrate your network does not mean they will exercise that option. Assume one is always at risk of random “mischief” even if major crime is not the end result. Of course, you can always decline the use of IoT devices and WiFi. As an individual, you must do the calculus of risk vs. reward.
3. In the digital age, look for non-digital methods for securing sensitive information
Be very careful about transmitting financial information, passwords or account information via email or text means. Such messaging can be intercepted and filtered for key information types. If you need to transmit such information, consider sending it in “hard copy” via a carrier with delivery confirmation combined with a need to authenticate via a phone call. It is not “sexy” to think of snail mail these days, but physical media sent in a secure manner can provide a layer of protection (of course such media needs to be protected but that is a lot easier to do than to ensure a secure a digital transfer). While not perfect, it is harder to intercept and interact in an analog communication stream than to have a device hanging out in a server bank somewhere monitoring all traffic for key words/phrases, etc.
We live in an insecure world with a continuous flow of digital information. While the means for securing this data are evolving and improving, the hackers too are getting more sophisticated in their abilities to penetrate security barriers. While there is no one right answer for anything more than the immediate present, keeping your systems up to date with the latest security updates and managing your access protocols can help. When all else fails, think out of the box. Are there “old school,” non-digital methods you can use to protect your most sensitive information in your personal and business lives?