I came to the digital and/or information security world in a Kevin Bacon sort of way. Six degrees of separation, if you will, got me here. In those reasons and events I found out why I should care. So as the story teller I am, I’m going to tell you stories in all my In The Weeds explorations into the InfoSec World. To begin, here are six vignettes on digital/information/cyber security that made me realize how important it is. However, they are not in any order of importance, because, as you will find, everything is important when it comes to digital security.
- No One Is Safe. As with any kind of security, it is not absolute. You can only do your best to follow guidelines for protection; but, absolute safety is a misnomer. Even if you have tons of resources, as I found out the hard way, you are at risk. I’m a former soldier and federal government employee. It’s one of the places I learned about cyber security because I worked for a branch of the military. It’s also where my most private data, to include security clearance paperwork that included other people’s information was hacked. This wasn’t my fault. I couldn’t have prevented it. However, the government set up a monitoring program and I log into it weekly to make sure that my private data hasn’t been compromised.
- If It’s On The Internet, It’s Not Private. Personally, I’m an open book for the most part. I’ve gotten better about not wearing my emotions on my sleeves, but many people who navigate in the online world, have their heads, or rather, their data in the cloud(s). That Instagram photo, or Snapchat, or even your device photos automatically sync’d to Google or iCloud are at risk. One of my children’s classmates had an issue where a compromising photo was snapped in a fit of hormonal teenage impulsiveness. It was deleted off the device, but then the cloud app was hacked. The image they thought was gone forever was not. There’s unending news stories about celebrities or politicians doing the same. No one is immune.
- Don’t Pass On Updates. During my freelance life I dabbled in web design and web content. It’s an ugly tennis-match role to play, especially for small businesses. Twice I advised small businesses that their security on their web site was either weak or non-existent. Both of them had very embarrassing pay-for-click hacks attached to their sites seemingly moments after I warned them the software wasn’t up to date, or the site had ZERO security. No, I wasn’t responsible. Sure, it can be annoying, to have automatic updates turned on. They don’t always come at the most convenient times; but, if you’re a person who uses computers or the internet like a toaster, it might be your best bet. Or if you’re like me and constantly get interrupted by teenagers, pets, or the good-idea fairy, you might want to turn auto update on. Granted, that can be a vulnerability, too. But, that’s for another article.
- Back Ups Are Paramount To Breathing. I’m not talking about a document you have – although, if you don’t back up to the cloud or a secondary thumb drive or encrypted drive for something like say, a short story, or a letter to your local municipality, you may be sorry. However, little harm is done. I’m referring to those that deal in data. Spreadsheets, inventory, and the like. Individuals may not deal with that heavily, but we do sometimes store sensitive information on our machines, that maybe we should back up elsewhere. My friend’s laptop was hacked and ransomware was put on it (her son used her machine and wasn’t careful online). She had a document on it that had ALL her information, passwords, account numbers, etc. It was there so that if something happened to her, her executor could access her online presence. She thought she was being smart. If she had that document on an encrypted drive, she’d be better off. Password management tools are available, but refer back to item number one on this list. Again, that’s another article. Friend’s identity was compromised, and it was a long six-plus months before she got everything straightened out. But, the amount of time and resources to straighten it out could have been saved if she’d had an encrypted thumb drive to store it on and placed it in the family’s safety deposit box (the latter suggestion is awkward when passwords change, however. But that’s another post).
- Computer Systems Control Just About Everything. Power Grids. Satellites. Air Traffic. Smart Homes. Smart Phones. Smart Cars. Heck, we pay our bills online, and order our coffees online. And every computer system is hackable. Every one. Protecting the vulnerabilities (because with every hardware or software update, new ones are discovered) is a full-time job for many a IT geek. I often think back to my days on the ground at the Pentagon following the 9/11 attack. Nothing worked. No cell service. Electricity was out for a good chunk of the Pentagon. Air Traffic was stopped. Communication reverted at moments to old-school military hand signals, or radio waves. It was spooky. Then in the winter of 2006, my family and I lived through The Big Blow. A wind storm so powerful here in the Pacific Northwest that millions of people were without power, for longer than anyone could have imagined it. We enjoyed 15 days without power. Five kids in the house not being able to watch tv, play video games, even chat with their friends (we are a household that hasn’t had a house phone since about 2005) was not a pretty sight. I remember my husband commenting that this is what would happen if someone hacked the power grid. It was an eye opener. At one point I drove into a section of Seattle that got power before the rest of us slobs so my oldest girl could charge her cell phone and I could do laundry. It’s an experience I won’t soon forget. Sure it was a first-world problem, but it was a problem all the same.
- Intellectual Property and Industrial Espionage is a Thing. As a former soldier, I was trained to recognize espionage. On a national level it’s such a concept I viewed as rather Hollywood initially, especially since I never witnessed it outside of the example cases the Department of Army or Defense used for training (those whose main mission is to prevent such a thing would say their programs and strategies work). When my spouse and I got together one of the main focuses of his job at the time was to protect the company he worked for from those who would steal its design and operational secrets. I was a bit befuddled that the same tactics on both sides (bad guy/good guy) were used in the corporate world, too. He wore khakis and Hawaiian shirts at the time, and not fatigues. But the fight was the same.
Most list-articles you find online have an air of authority that sometimes is difficult to vet. These are just my stories, but I can tell you they are truth with great authority. Now tell me your stories. What event in your own history made you realize that digital security is important? Are you currently dealing with something? Write about it here. Who knows? Maybe your story will provide a new In The Weeds exploration.