Online security: be safe and prosper
- Posted on August 22, 2017
- Estimated reading time 4 minutes
If I can go my whole life without even attempting to understand the intricacies of programming, telecom, robotics, or any other computer science or IT concepts, I will survive and still may remain a high functioning member of the society. Except for one IT-related item, which is information security.
The growing importance of online security
With records of all kinds of our activities being available online and transferred using some form of IT tools, each one of us needs to understand that their information must be secured from malicious use. It would seem simple to propagate this idea to the wider community, but I have found that it is not.
Even if someone doesn't take part in social networking where the personal details are given out willingly, there are too many organisations that collect data to be stored indefinitely. Don't trust me? If you are renting or ever have rented, just look at your physical mailbox (not the electronic) with the amount of mail which is not in your name. Now think about all the places you have ever lived and the amount of mail going out there in your name to those addresses. This is extremely relevant; fraudsters need just three details to steal your identity. Keep this in mind when giving out your name, date of birth and address to an organisation, which may or may not have good security practices.
Not in IT? Even IT professionals are (usually) lax
Last month, I attended a security conference in Hong Kong, which had about 400 delegates participating. Almost all of them were involved with security in their respective fields of work. I would've been surprised if I found any non-security delegates there. In effect, we were all preaching amongst ourselves that online security is good to have. It seems that even IT professionals sometimes do not take security seriously enough. Security conferences need more people who should understand the impact of taking online security lightly. Imagine how difficult it is for us to spread this message to the common man!
Government agencies are doing their bit by trying to protect your privacy. For example:
• Singapore names and shames organisations that do not protect your data.
• If you live in Europe, the soon-to-be-enforced EU General Data Protection Regulation (GDPR) will allow for fines of up to 4% of annual global turnover of the organisation or €20 million (whichever is greater) for a data breach.
• Closer home, the Office of the Australian Information Commissioner (OAIC) has introduced a notification law that mandates breach reporting which comes into effect February 2018.
These legislations are great and give us a sense of being protected. And although these legislations address the organisations behaviour towards protecting sensitive information, there is no guarantee that your data won’t end up in the wrong hands. Like the proverbial horse that has bolted, it is a fix after the damage of your information breach has been done. There is a better way.
If you are an individual:
1. If anyone asks for your full name and date of birth, check why they need that information. Most social networking sites do not need your date of birth for any legitimate reason.
2. Constantly check for secure practices, if someone calls you (even if you are expecting the call) and asks you to verify your details, refuse. My bank usually calls me to confirm something that I have requested, and subsequently tries to verify my personal information. Instead, I try and call them back since I know their number.
3. Be secure online. Do not send out any private documents or details via email. Even email is not secured at most places. Try password protecting your documents.
4. If you are using free wi-fi then be very careful with what you are browsing. Refrain from using banking and social media apps and websites. Remember that the connection between your phone to the nearest Access point is not protected.
If you are in an organisation:
1. Know what privacy laws and regulation affect your organisation.
2. Check if any records that you hold are relevant and required. Old records may have to be securely deleted.
3. Review your organisation’s security policies and encourage they get updated regularly. Use that policy with your contractors when sharing data with them.
4. Attend security conferences or training. You don’t want them ending up paying 4% of your revenue or €20 million for a data breach!
5. Speak to your IT vendors about online security, and find out what practices they follow and what international guidelines they adopt. Avanade, for example, has our security messaging published on our website. We invite you to visit the Avanade Trust Center.
Be safe and prosper, the alternatives are too painful.