Looking Back to Look Ahead: My Security Resolutions for 2016
Here are my personal security resolutions for 2016, as well as a retrospective look at 2015 in security.
Last year was another headline-making year for cybersecurity, with all types of data being stolen in a series of high profile breaches through the year. Data theft ranged from the usual financial/PII-type data to less common targets like fingerprint data and damaging information related to personal relationships. As a result of these attacks, breach impact went beyond the discussions around loss of market capitalization for companies affected or fees imposed by regulatory agencies and into the realm of relationships or even lives destroyed. As breaches get more invasive and it seems, more heartless, it appears that it's time consumers begin taking matters into their own hands and become hyper-vigilant when online, both in their personal and professional workspaces. Mentally saying “enough is enough,” this attitude frames my personal security resolutions for 2016.
1. I will be a true partner to the security team at my organization.
Each year, security teams at many organizations (including mine) spend a significant chunk of time and resources deploying patches to secure existing software, kick starting new processes and tools to streamline internal processes and issuing guidelines/best practices to ensure digital safety when using multiple devices for work. And each year, all these processes designed to reduce risk are met with customary groaning/eye-rolling. Well, it stops now. This year, I plan on being responsive to any requests from the security team, and to be diligent about ensuring I’m running the latest versions of the zillion platforms/apps that I use every day.
2. I will balance the need to share details of my private life with the need to be safe on the multitude of social platforms I use.
I go through spurts of posting on social media platforms where I’m inactive for long periods and then go into a flurry of activity when I log back in. Oversharing becomes a natural consequence of this behavior, so I’ll need to regulate my activity flow socially and not get into too many details. I mean, do my friends really need to know flight times for my upcoming vacation?
3. I will be cyber aware and vigilant through this year.
This is a particularly tough one, especially as phishing attacks are getting very sophisticated and look almost as genuine as the real thing. Carefully crafted messages or calls tailored to your interest/activities/purchase behavior make it hard to detect the scams - check out this scam that involved Dell customer tech support. Another one was a slew of emails I received recently inviting me to speak to a global conference and requesting I click on multiple links within the email. This immediately raised red flags for me (I know I’m good at what I do, but I’m not that good!) and I went to the event website instead and the site had crashed due to unusually heavy traffic – bingo, my Spidey sense is working just fine for now.
4. I will contribute, even if insignificantly, to being a security evangelist.
This is me being a pain sometimes with my friends and family that don’t work in cybersecurity and don’t see what I see a regular basis – millions of records exposed, PII data stolen, whole corporate networks compromised due to the careless actions of a few, and the subsequent pain and cost of setting things back in order. So if I see anyone in my network send sensitive information or passwords via email, I will call them out if they do. Or insist they use a privacy screen when working on sensitive information while on a flight, or lock their laptops when they’re away from their desks, or not download a mobile app without checking app permissions. There are a dozen other items on the list, but this year I will be vocal about this. Cybercrime is everyone’s business, and not just when it affects us personally. I think of this as a cyber equivalent of a neighborhood crime watch, and hopefully these ripples will spread. I’m not naïve enough to think this can actually stop sophisticated attacks, but it if can help stop one low-level attack in its tracks, I’ll still have done more this year than I have in the past.
The Definitive Guide to DLP
- The seven trends that have made DLP hot again
- How to determine the right approach for your organization
- Making the business case to executives
The Definitive Guide to Data Classification
- Why Data Classification is Foundational
- How to Classify Your Data
- Selling Data Classification to the Business