I Am Your Luminescent Lightbulb...7/9/2009
What would you be doing?
Have you ever thought about it?
Do you even remember what life was like without a computer?
Imagine, stacks of paper, mountains of it... all needing filed away... somewhere.
Look around you, where would it all go?
Years and years of paperwork, sitting, ...collecting dust, but it MUST be kept for audit purposes, legal purposes, etc.
Reduced Waste / Clutter
Computer's have done a lot for space management, and waste reduction.
Where there were once aisles of filing cabinets, there are now nice plants, or other aesthetics.
Trees are happily absorbing carbon gases, sunlight ,and moisture from their environment never aware of the mayhem and destruction diverted from them.
Expanded Education / Communication / Business Opportunities
Computer's have done a lot for communication and opening the minds of mankind.
Billions of people the world over are communicating more now than in any other era using the internet and wireless technologies.
They are sharing ideas, building futures, and evolving mankind's daily life.
Do Your Part
It's no wonder that securing that frontier is crucial to our existence as we've come to know it.
Respect the tubes, understand the tubes, and enjoy the tubes.
Information on anything you can imagine has never been more available.
If we don't all do our part in ensuring the systems we use to access it are free of infection and malware then we aren't doing our part in keeping the internet safe for everyone.
Before I got into Information Security, I can remember trying to view a website, but got a warning instead.
The website's owner had coded a a browser check into his website, that would redirect a user to a warning page if it had detected the end user had malware infecting their browser.
It directed me to this site: http://www.unmaskparasites.com/malware-warning-guide/
It helped me get rid of some pesky malware I had lurking within my browser and then I was able to view the site that had originally warned me.
I remember writing an e-mail to the site owner thanking them for the education.
It is the job of people working in technology and information security to attempt to educate people about the risks and dangers these technologies present to them.
Many people are unaware of the dangers they are possibly exposed to and promoting on a daily basis.
Everyone must practice secure and safe habits when it comes to handling personal information.
This is why regulation requirements like PCI and SAS70 SSAE16 were developed.
These are regulations to help customers identify that a lot of preparation and thought has gone into handling their data to keep it secure.
Knowing that a company is PCI compliant, or HIPAA compliant isn't enough.
Do some homework and inquire as to how these organizations are safeguarding your information.
Individuals should be taking many of those same practices into consideration.
A cell phone which is linked to Google wallet should be protected just as you would your own credit card information.
Ask questions like:
- Who has access to my information?
- The correct answer to this is only those persons who are assigned specific duties directly related to having responsibility for updating/reviewing that documentation. Not the receptionist, not their janitor, and not Becky in Payroll.
- How is my data disposed of?
- Ensure they are physically shredding any paper/plastic based documents and hard drives.
- How is my data stored?
- For credit card data, this information should not be stored if possible. If it must be stored then it should be encrypted, and/or truncated. Personally Identifiable Information (PII) should be encrypted at the least.
- This is where you should be able to determine if your information is shared with any other affiliates or organizations.
- Do you sell my information?
- If a company sells your information, there is no telling how the third party handles your data. Do not do business with organizations that sell your data.
- How often are your policies updated?
- A good rule of thumb is that all policies should be updated annually.
- Do you comply with any regulatory compliance programs (PCI, SSAE 16, HIPAA, etc)
- Ask the organization which requirements of the compliance program they are compliant with. Ask for their Report on Compliance(RoC), or attestation of compliance(AoC). Most organizations are very covetous of these documents, and may require you to sign an NDA.
If you use third party programs to access your bank accounts and other financial data, and your system gets infiltrated or you lose your ipad or phone, wouldn't you feel a lot better if you had completely encrypted that data? You can isolate sensitive data from the rest of your public data with encrypted containers.
You can use BestCrypt, TrueCrypt, PGP, by creating encrypted containers to store sensitive information. You can also encrypt your entire hard drive, should someone ever steal your laptop, or computer.
I highly suggest at least storing sensitive data in an encrypted container.