Welcome Welcome to ADMIN Lead image: Lead Image © Rancz Andrei, 123RF.com
Lead Image © Rancz Andrei, 123RF.com
 

Security is Everyone's Problem

I attended a security seminar a few weeks ago, and one of the slides read, "Security is not an IT problem." I laughed when I saw it and gave a smirk to our Security Manager at my new job. He smiled back. When we headed back to the office, I said, "Do you know what my one takeaway from that seminar was? That security is not an IT problem." We all laughed and had a good time ribbing the Security Manager and telling him that the burden of security now falls squarely on him and not on us (IT). Yes, it was funny, but it also isn't funny. I think that in companies of all sizes, security is always "someone else's" responsibility or problem. The reality is that security is everyone's problem. Responsibility for creating a secure work environment is your responsibility whether you're the CEO or an intern working for the summer. It is a burden we all bear.

The problem of security is perception. We assume that if we lock our windows and doors that we are secure in our homes, yet we know that the opposite is true. It's a little better than leaving the doors and windows unlocked but, in reality, not that much better. We assume that our 12-character complex passwords protect us, but they don't. Sure, they might protect you from someone logging into your account, but they don't protect you from hackers who steal millions of user accounts from a site.

A great password, a VPN connection, and an encrypted disk are all excellent tools to help protect your identity, your account information, and your data due to device theft or loss, but it doesn't protect you at all from data stolen from sites that collect your data, such as your beloved social media destinations, news outlets, or sites that you access in private. Your security on sites where you don't have control is only as good as those who support those sites. Sometimes it just isn't enough.

So how do you combat thieves who might steal your passwords from a site en masse? Two-factor authentication. Two-factor authentication is using a password plus an additional method of verifying your identity to a site. For example, when I log in to PayPal, I login with my username and my password, but then I have the system send a text message to my cell phone that contains a numeric code, which I enter on the site to gain access to my account. This extra factor guarantees that, even if someone were to steal PayPal's passwords, they couldn't access my account without also stealing my cell phone. This two-factor – or more appropriately, multifactor authentication – is one method of ensuring that massive site password rips are entertaining to read about but not devastating to experience.

If sites you use offer multifactor authentication options, use them. You should protect your social media sites, banking sites, medical sites, and any sites that could expose your personal information or your passwords with a multifactor authentication option.

Returning to home security, you've known about multifactor authentication for years without calling it that. You lock your doors with a key as a single factor, but if you have an alarm system with a passcode, that's your second factor. If you have a watchdog, you have a third factor. When you leave for the weekend and ask your neighbors to watch your house, you have yet another factor. Your home has multifactor authentication, but not your private information.

Don't depend on anyone to make your information safe. Don't depend on anyone to make your home safe. Security is more than just something to talk about; it's something to do. Implementing security in your transactions, your conversations, your online work, your online leisure time, and your home is your responsibility. You have to make security a priority and teach your family members how to secure themselves. Security requires vigilance, attention, and diligence. Your takeaway from this post is that security is everyone's problem. Be certain that a lack of security isn't your problem.

Ken Hess * ADMIN Senior Editor