5 Basic Security Maxims
Electronic security is a hot topic and always will be. This is just as true in the physical world! While some do go to extremes in attempting to remove themselves from the bulk of the "real world", the fact is you can't opt-out of the physical world. We all accept various levels of personal risk every day. The electronic, virtual world is no different. Consider what it would really take to go "off the grid". Give up owning property of any kind, give up banking, never pay taxes, give up on insurance of any kind, drive untitled and unlicensed... you get the idea. You and your data is online somewhere. What's more dangerous for someone to know, your real world address or your email address?
Concept 1: Security is never perfect in either the physical or electronic world.
This is the first concept to accept before you move forward. There's just a spectrum from less secure to more secure, but nowhere on the spectrum does "perfectly secure" exist.
- People lock their houses and have security systems and yet still get burglarized.
- Banks have more security than 90% of most enterprises and certainly individuals can afford, or in fact "need", but still they get robbed, both in the physical and virtual world.
- Both land-lines and mobile phones have security functions built in, but still calls get intercepted, recorded and exposed.
- PCs, mobile phones, routers, wi-fi, etc. all have security components, but as the news daily attests, data is constantly compromised. Banks, large corporations, governments, militaries and individuals data is successfully assaulted and security efforts thwarted.
Concept 2: Being secure is harder than being insecure.
The fact this page exists and that you are spending even a few seconds perusing it proves the fact. If it was easy, you'd already be as secure as you wished and this content would be of no interest. Being secure takes some thought, planning, ongoing diligence, time and money, though not as much money as you might believe.
Concept 3: You have to trust someone.
This is true in both the physical and electronic world.
- You put letters in the mailbox trusting your neighbors and the USPS to do and not do what they are supposed to do.
- Ever get in a car and drive down the street with oncoming traffic? Those yellow lines actually protect you from those cars or are you trusting complete strangers?
- We all make phone calls communicating the most intimate details of our lives to others.
- Countless phone company employees have the ability to capture or monitor these calls illegally using the same functions legally used by law enforcement with warrants. Not that tough for someone to hack into calls from the phone boxes in your neighborhood.
- Got a bank account? A credit card account? Your funds are more electronic than anything else accessible to dozens if not hundreds of financial institution employees.
Phone companies, cable companies, health care organizations, financial institutions, internet service providers, etc. are all regulated and have dizzying arrays of security controls in place. Problem is that they are staffed by humans and humans are immoral, easily tempted beings, which is why the regulations and security controls are in place. Controls are just that. See Concept 1, above. The postman can easily steal your checks, a phone technician can easily bug your calls, a bank employee can easily transfer your funds elsewhere.
Concept 4: There is no "silver bullet" of security.
Security like staying warm is best accomplished in layers. Consider your favorite heist movie. Financial institutions physically protect assets with locked doors, security guards, video cameras, motion detectors (infra-red, lasers, etc.), dye-packs (video), seriously hardened vaults with still more keys including time release controls, etc. Some of these are not just purely preventative, but:
- Predictive: Identify threat before it penetrates further layers, and
- Forensic: Given Concept 1, it is good to have a leg up in recovering stolen goods!
Concept 5: If someone wants to "get" you, they will.
This is the most difficult reality that most never want to consider. Having worked in the area of IT (Info Tech) security for over 20 years and especially working in selling internet security products, I've been in hundreds of meetings where security discussions dive down the "make us perfectly secure" rabbit-hole. The best way to stop such madness inducing explorations is to point out that all security eventually comes down to physical security. How's that? Someone, be it a crazed junkie or an officer of the law comes up and puts a gun to your head and demands you give up your access credentials, be they physical or virtual keys. What are you going to do? All the firewalls, anti-virus, VPNs, strong passwords, one-time password tokens, fingerprint readers, crypto smart-cards, retina scanners, etc. come down to whether you value the compromise of what those keys protect more than you value your life.
Notice how Concept 5 brings us back around to Concept 1?
So is there any hope for being secure on the internet? Yes, within the constraints of the realities listed above. Hopefully, at this point it is obvious it is as possible in the virtual world as it is in the real world.
One of ProTechCoach's main goals is to help you not only get more out of the technology you are already using, but to do it more securely. Our focus will be on practical security, trying to find that sweet-spot, the balancing point on the security spectrum of solid security with ease of use. This won't be covered in a single article or review or recommendation, but will be an ongoing educational discussion we'll be having here.
If you would like to immediately explore your needs in accomplishing this personally or for your business, please feel free to Contact me for a free, no obligation discussion of if and / or how I can help you.