Security should be at the forefront of everything we do. Understanding your critical information is a first step, a necessary first step. Understanding of self is the foundation and we have to build from that. Security is a mind set; looking at things from a critical point of view; challenging preconceived notions and long standing, long held beliefs. Not long ago we thought nothing could overcome an air-gap. Well, we now know that to not be true (www.slate.com; 3 December 2013). We also know of new technologies arising every day that convert household appliances into listening devices. Everything around us is a potential risk. Sounds scary; it doesn’t have to be. Rather, we just have to adjust our mindset and expectations.
Convenience blocks us from achieving a true level of security. The news is all around us and we hear it, but we dismiss it. We know the steps we should take, but we choose to ignore them. We know we shouldn’t join any public network unless we employ appropriate measures. We know that passwords that are easy to remember are ok because you justify in your mind that no one really wants that $150 you have in your bank account. We know all these things. We know the risks. Yet we do them any way. I’m guilty too. I need to check my email and it just so happens that I can join this public hot spot and not use my data. After all my data is close to the limit and I wouldn’t want to spend $15 more because I go over my limit. We do it all the time. And in those instances, the attackers win. We don’t really even challenge them. Here it is, take my information and take whatever you like. Like I said, I’m guilty of it too.
So we have to resolve to change. We have to think about security first and foremost. That doesn’t mean we walk around with aluminum foil umbrellas or hats, but it does mean that we have to question what is before us. We have to question whether this hot spot is really ok. Or if we want to use it, we at least use appropriate security to access it. We have to question our password management. We have to question whether we want the ability to download apps and programs from our work computers because it’s just easier. We have to take the five extra minutes to pick up the phone and call your bank because you got a weird email saying they needed to update your account information.
Counterintelligence is a field often cited, but rarely understood. The definition on google is “activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or other foreign entity.” In other ways, it’s the process of protecting yourself through a variety of offensive and defensive action by understanding how the threat sees you. And to tie it back into the beginning, Counterintelligence starts with an understanding and an awareness of you and your critical information. Whether you are a business or person, how does the threat see you; where are you vulnerable; how do you protect that vulnerability and how do you defend against that. Conduct a self or business vulnerability assessment.
Here is another way to think about things. With much thanks to Edward Snowden, we now know what one government in the world is capable of. And it’s safe to say that while Snowden did tremendous amount of damage to that government, that government probably has much more it can do. So if one country can do it, don’t you think other governments or persons can too? There is not a tech brain drain going on that’s for sure. So if governments can do it, why can’t others.
Start with that principle. If one person can read it, can’t they all? You can hedge your bets that they may not find anything particularly useful in your information, but perhaps they can. Adopt an alert and aware mindset. Become alert and aware of who you are, your critical information, and your surroundings. Security isn’t convenient and it’s not going to be easy. We lapse more than we care to admit, even the best, but it’s an ever vigilant, alert and aware, security focused mindset that sets us apart. It’s understanding when you make mistakes and how you can fix it for the next time.
Now is as good of a time as any.