National Cyber Security Month: Simple Ways to Protect Ourselves
I usually write about IT service management (ITSM), but October 2014 is National Cyber Security Month in the USA, so I naturally started to think about cyber security.
We often act as though cyber security and ITSM are completely different areas, with work carried out by different people for different purposes. In fact they both contribute to how we run and manage IT, and they need to work together to provide the protection we need to operate securely in a modern digital age. So I’m still writing about IT service management really, just with a cyber security focus.
It’s all about people, process and technology
When I talk to people about ITSM, I always emphasize the importance of getting the right balance between people, processes, and technology. If you focus on just one or two of these then you’ll never succeed. When you invest in a great ITSM tool you must also invest in people and processes if you want to get the best possible return on your investment. In ITSM we need to make sure that the IT people understand what we are trying to do, that they are able to use the tools and technology properly, and that they focus on customers and outcomes. We don’t usually have to do too much to educate and motivate our customers and users. It turns out that the same thing applies to cyber security, but even more so.
Some of the technology used in cyber security is very complex. It takes really clever people to configure firewalls, encryption, and all the many other security technologies that we rely on to protect ourselves from cyber threats. The trouble is that the best technology, configured by leading experts, can’t protect you if other people in your organization don’t play their part. Good cyber security depends on every single person in the organization doing the right thing, routinely and consistently. This means that we must engage everyone in cyber security in a way that doesn’t apply to ITSM.
We don’t only need cyber security at work, it’s also absolutely essential in our personal lives. I would be devastated if someone hacked my phone, or shared photos of me with no clothes on without my permission or encrypted all my personal files and demanded money to decrypt them again!
Simple ways to protect ourselves
I’m not a cyber security professional, but there are many things that I do to protect myself and my company, and if you don’t already do these, maybe you should think about doing some of them too:
At work
- Make sure you have read and understood your organization’s security policies, and think about what they mean to you.
- Understand the value of any data that you have access to; make sure it is protected appropriately – especially if it is on a portable device that can leave the building.
- NEVER share your password with anybody for any reason. The service desk should never ask for your password, and neither should your manager. If they do, then refer them to the organization’s security policy. (And if the security policy doesn’t support you in this, raise it with the person responsible for it, because the policy is unlikely to be fit for purpose.)
- Be aware of the dangers of phishing attacks. Don’t click links in emails or messages unless you are absolutely confident that they are legitimate.
In your personal life
- Keep all operating systems and applications up-to-date by installing security patches soon after they are released. This applies to phones and tablets as well as computers.
- Enable 2-factor authorization on sites that have this capability. This usually means that the site will send a code to your phone if you try to log in from an unknown location; you have to enter the code to complete the log in. You can do this for Facebook, LinkedIn, Google, Twitter, and many other sites.
- Use a unique password on every site. That way if one site has all its passwords breached you don’t lose everything at the same time.
- I like to use a password manager to manage all my passwords. This lets me have a different really strong password on every site, but I only have to remember one password. Have a look at LastPass, 1Password, RoboForm, or Clipperz for examples of good password managers.
- Be careful what you share online. Make sure your privacy settings only share your personal information with your friends.
So, what are you doing for National Cyber Security Month? Take a few minutes to think about how you can increase cyber security in your personal life, as well as in your work. You know it makes sense.