Lead Image © Rancz Andrei, 123RF.com

Lead Image © Rancz Andrei, 123RF.com

Security is Everyone's Problem

Welcome

Article from ADMIN 36/2016
By
I attended a security seminar a few weeks ago, and one of the slides read, "Security is not an IT problem." I laughed when I saw it and gave a smirk to our Security Manager at my new job.

I attended a security seminar a few weeks ago, and one of the slides read, "Security is not an IT problem." I laughed when I saw it and gave a smirk to our Security Manager at my new job. He smiled back. When we headed back to the office, I said, "Do you know what my one takeaway from that seminar was? That security is not an IT problem." We all laughed and had a good time ribbing the Security Manager and telling him that the burden of security now falls squarely on him and not on us (IT). Yes, it was funny, but it also isn't funny. I think that in companies of all sizes, security is always "someone else's" responsibility or problem. The reality is that security is everyone's problem. Responsibility for creating a secure work environment is your responsibility whether you're the CEO or an intern working for the summer. It is a burden we all bear.

The problem of security is perception. We assume that if we lock our windows and doors that we are secure in our homes, yet we know that the opposite is true. It's a little better than leaving the doors and windows unlocked but, in reality, not that much better. We assume that our 12-character complex passwords protect us, but they don't. Sure, they might protect you from someone logging into your account, but they don't protect you from hackers who steal millions of user accounts from a site.

A great password, a VPN connection, and an encrypted disk are all excellent tools to help protect your identity, your account information, and your data due to device theft or loss, but it doesn't protect you at all from data stolen from sites that collect your data, such as your beloved social media destinations, news outlets, or sites that you access in private. Your security on sites where you don't have control is only as good as those who support those sites. Sometimes it just isn't enough.

So how do you combat thieves who might steal your passwords from a site en masse? Two-factor authentication. Two-factor authentication is using a password plus an additional method of verifying your identity to a site. For example, when I log in to PayPal, I login with my username and my password, but then I have the system send a text message to my cell phone that contains a numeric code, which I enter on the site to gain access to my account. This extra factor guarantees that, even if someone were to steal PayPal's passwords, they couldn't access my account without also stealing my cell phone. This two-factor – or more appropriately, multifactor authentication – is one method of ensuring that massive site password rips are entertaining to read about but not devastating to experience.

If sites you use offer multifactor authentication options, use them. You should protect your social media sites, banking sites, medical sites, and any sites that could expose your personal information or your passwords with a multifactor authentication option.

Returning to home security, you've known about multifactor authentication for years without calling it that. You lock your doors with a key as a single factor, but if you have an alarm system with a passcode, that's your second factor. If you have a watchdog, you have a third factor. When you leave for the weekend and ask your neighbors to watch your house, you have yet another factor. Your home has multifactor authentication, but not your private information.

Don't depend on anyone to make your information safe. Don't depend on anyone to make your home safe. Security is more than just something to talk about; it's something to do. Implementing security in your transactions, your conversations, your online work, your online leisure time, and your home is your responsibility. You have to make security a priority and teach your family members how to secure themselves. Security requires vigilance, attention, and diligence. Your takeaway from this post is that security is everyone's problem. Be certain that a lack of security isn't your problem.

Ken Hess * ADMIN Senior Editor

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Multifactor authentication with Google Authenticator
    Google Authenticator provides one-time passwords to smartphone owners for multifactor authentication, or you can integrate it into other applications, such as blogs.
  • Editorial
    By now you've probably heard that Italy's Hacking Team, a company that sells intrusion and surveillance tools to governments and law enforcement agencies, has had its private information laid bare for the entire world. Almost 400GB of data, published in a single Torrent file, made its way onto the Internet for all to enjoy. The initial entry point for the attack is unclear, but one thing is certain: The Hacking Team needs to attend a seminar on password security.
  • Two-Factor Authentication

    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.

  • Secure remote access and web applications with two-factor authentication
    Making your systems really secure can be a bit more complicated than resorting to the use of regular passwords. In this article, we provide an overview of authentication solutions and present potential approaches for common use cases.
  • Hardware MFA: Death to the password!
    Around since the 1960s, passwords are still the mainstay for authentication. The good news is you have alternatives in hardware multifactor authentication.
comments powered by Disqus