Blog

  • Why Security Awareness Matters To You

    Why Security Awareness Matters To You

    In the last few years, the idea of security awareness has risen to at least being on the radar of many CIOs. However, the general concepts around this topic are not seen as important enough to many outside of the IT world. The threat of cyber-based attacks is a reality for all of us. That alone makes this a subject we all should be concerned about. It is worth our time and investment to put a good program in place.

    Security Awareness is Affordable

    I find that too often security implementation and its high costs are confused with awareness. This is similar to thinking that educating people on health issues is the same as treating those issues. However, there are substantial security awareness programs like Ninjio, Know Be 4, Secure ED, Security IQ, and Media Pro that are professionally created, high-quality, and cost around a few dollars a month per person. Think about those costs. A family of four could take advantage of a SA program for roughly ten dollars a month. You may laugh at the family idea but how many children now are almost always connected and have access to texts, email, and social sites?

    The cost of falling into a scammer trap can quickly climb to scary heights in time and money. That risk alone should make you rethink the value of a SA program. Likewise, the fortune you save may be your own.

    It Is Constantly Evolving

    Even IT professionals can fall for phishing scams. Yes, read that again. Your daily work in the IT world does not make you automatically protected from scams. There is always a new scam out there, and knowledge is critical to avoiding them. For example, have you heard of scams where people buy a house and find out they did not buy a house? Instead, scammers walked off with the money. There are too many new ways for people to trick you to keep up with the latest approaches. That is where SA comes in. You have people working to inform you of the latest scams, test your knowledge, and even test that you paid attention to the material.

    How Does It Work?

    At this point, I hope you are at least considering checking out some security awareness programs or asking your IT leadership to do so. That means you are wondering what to expect with such services. The good and bad news is that they are all very similar. That is good because of so many excellent options. It is bad because it can be hard to choose. Most programs send material on roughly a monthly basis. This is often an email of some sort, and most include a video tutorial that goes over the latest things to look for. This may seem tedious and boring. However, the videos are usually ten minutes or less and can be highly entertaining. Some are even produced by entertainment writers like those that put together the shorts on Saturday Night Live and similar television shows.

    The videos/content is just part of a good program. You will also periodically be sent phishing emails, phone calls, or texts to help expose you to the kind of things to watch out for. If you fall for the scam, then you are sent a “you should not have clicked” form of email or message that educates you on how to avoid such things in the future. This combination of educational material and practical testing has been shown to reduce the effectiveness of all forms of scams dramatically.

    I Want To Learn More

    Here are a few links to help you get up to speed on security awareness programs and vendors.

    https://www.itgovernanceusa.com/security-awareness-program

    https://www.infosecinstitute.com/iq/awareness/

    https://www.knowbe4.com/

    https://ninjio.com/

    https://www.mediapro.com/security-awareness-trainingpack/

  • Effective Planning For The New Year

    Effective Planning For The New Year

    Ah yes, another new year has come upon us. I have spent a lot of time on our mentoring site (https://develpreneur.com) talking about the value of steady progress and intention as we strive to meet goals. Although there is much to be said about effective planning and review on a regular basis, the beginning of a year often seems the most comfortable starting point.

    Invest Time For Effective Planning

    The first thing that is important and natural to do at the beginning of a year if planning. It is one thing to list out some goals. As you know, it is quite another to create a plan for achieving those same goals. Nevertheless, this is a necessary and healthy process. When we take the steps to pull goals out of the clouds and ground them in reality, our path becomes clearer and those milestones have a greater meaning. This can be lost in corporate planning sessions where big is the word of the day. Thus, we should follow our “what” with a realistic “how.”

    For example, we can set a goal to increase our customer base by fifty percent this year. That is admirable and looks good on paper. However, how are we going to achieve that? There will likely need to be quarterly goals that will keep us on track as well as service, product, and resource adjustments that come with such a goal. Once we look at the reality of achieving that goal, it may be almost out of reach.

    Grow As A Body

    That is a challenge in growing a business. There is almost never only one or two factors in growth. A business grows as a whole. It is like a human body. You would have a tough time if your legs grew from birth to adult size before the other parts of the body did. Our professional goals are often similar. We have to grow in multiple areas in concert. It does not make sense to have an incredible product but no sales or marketing resources. Likewise, a world-class marketing team is going to struggle in selling a non-existent (or highly inferior) product.

    Steady Steps Can Carry You Great Distances

    These challenges are where effective planning pays a solid dividend. Those impressive goals have a number of prerequisites we will need to tackle to achieve success. Our planning will help us validate our plan and plot a course that seems much more realistic. This is the idea of eating an elephant a bite at a time. When we break down the big goals into the smaller steps we can break them down further into weekly or even daily steps and milestones. This approach avoids a feeling of some sort of death march and gives us regular “wins” to keep a sense of progress throughout the project It is a way of thinking that makes many software teams choose an Agile approach. However, this works for much more than IT projects alone.

  • The Next Big Privacy Concern

    The Next Big Privacy Concern

    The social media news around Facebook and data breaches we hear about each week have sparked concern over our data. We are starting to worry about what is out there and who has access to it. There are obvious concerns about hackers selling our data for nefarious reasons. Likewise, there are issues like the social score used by China that can impact every facet of life. Nevertheless, there appears to be a larger wave coming. These changes are worth considering before you jump into the latest fad devices. It appears that our next big privacy concern is going to be our health-related data.

    The Warning Signs

    The popularity and power of wearable devices like the Apple Watch and Fitbit products is the first step in being able to access enormous amounts of data. There have been a few voices of caution, but generally, they have been pushed aside. We find it far too useful to be able to see how many steps we took each day. We can also see where our morning jog took us. Technology is awesome like that. However, when you look at the companies that are gathering that data and their capabilities you have to wonder where that will go next. Any time big business gets involved it should spark a big privacy concern.

    The least surprising purchase of the year is Alphabet (i.e. Google) buying Fitbit. The popularity of Amazon’s Alexa products and the Apple Watch made it almost a guarantee that Google would dive into the wearable market. Add to that recent news about Project Nightingale. It is impossible to deny that “They” are coming for your medical data. The industry has long worried about the privacy of this data (e.g., HIPAA) but I do not find many people being overly concerned about such things. As with all technology and data, there are some pros and cons to this data being available en masse.

    The Benefits Of Masses of Medical Data

    Medical research lives and dies (no pun intended) on health data. There are reasons why health care professionals almost always start an encounter with taking your temperature, your blood pressure. Then they gather some general data about how you are feeling. These data points become part of the recommendation for how to treat your situation. You can see some dramatic examples of this in television shows about forensics and medical mysteries like House M.D. The ability for vast amounts of data to provide useful medical insights is not just the stuff of dramas and serials. There are all manners of health-related issues that can be addressed and prevented based on research into the data. That data may lead to a cure for cancer as well as dramatically reduced times for hospital stays and even lower-cost treatments.

    Why This is a Big Privacy Concern

    You might be saying, “wow, sign me up to help!”. While that is very considerate, you should also consider the downsides. The wearable devices we have and the ability for organizations like Amazon, Google, Apple, and others to store and process that data has other uses. Marketing is always a way to utilize what we know about each other. For example, what id the ads you are fed become adjusted to how you are feeling. You may suddenly get a flurry of car ads if your heart rate picks up while watching one. That may seem only slightly annoying. What about ads and services being sold to you based on sexual or religious preferences? When I know your rough (or precise) location and attitude through the week, I can tell whether you are turned on or off by all manner of environments and people.

    Think about a mood ring that is far more detailed and accessible to a broad range of people in your life. What if your employer is able to access how you are doing during the day. They might be able to determine when you are focused or not? What if your boss knows roughly what you really think about him? The ability to use medical data is mind-boggling. It becomes more so when you start to look at how our statistics (blood pressure, heart rate, etc.) fluctuate in different situations. Think about it as if you were wearing a lie detector on your wrist throughout the day. Everyone you meet might not have access to that data. However, I am sure there are those that you would want to keep it from.

    How To Proceed

    While this type of data is worth our concern and worry, it may be hard to avoid the risks. The OTG (off-the-grid) life that eschews devices and services with tracking and data gathering capabilities has just become a little harder to adopt. There are all sorts of rewards dangled in front of us if we will give up a little data and privacy. We also are assured that our data will be kept private and not used without our permission. How has that worked out for us so far? The recent history has shown us that these sorts of things should be a big privacy concern.