Security is your business
- David Moore
- Oct 20, 2019
- 3 min read
Computer and online security in this day and age is quite a complete and scary beast for many people.
It is an industry in of itself so I won't be going into great detail here.
This post is about your level of security and how you decide what level of paranoia is right for you.
I've said many times that the only real security for your digital life is to have backups of your critical data.
But backups don't keep things hidden from prying eyes, they just help you when the hacking/ransomware/virus parts of the equation take over your machine so you can get back your important files.
I've also said often that, the only way to be secure in the context of social media, web sites etc. is to NOT put anything you don't want people to see online. Because sooner or later it will be shared or copied in some way.
The only way to never get a virus is to never connect your computer to anything. Never put in a thumb drive, nor a CD/DVD...nothing. Never give it any form of connectivity or input.
Of course this severely limits the usefulness of your computer, and that's the rub - usefulness and convenience versus security.
There's a lot of work involved with being secure. Much like backing up properly, only you can decide how much work you can and want to do to stay secure.
It is quite valid to not want to be bothered at all with security, but that version of the game ends badly for you with your bank accounts empty and your privacy totally erased.
I've seen the other end of the equation too, total security, total system isolation. This often seems to correlate to unreasonable levels of personal paranoia coupled with too much free time.
If you tend towards the paranoid high-effort end of the equation there's a good chance that you'll do such a good job of security that when, not if, something goes wrong, computer people like me may not be able to help you.
After all, the whole point of your security is to keep other people out...including me!
If you've built up a high degree of security with outside help, what happens when that outside help is no longer around? That's another "when" not "if" situation.
If your security is based in a context, be it physical or virtual, how do you unravel it when you have to do it somewhere else or the context changes beyond your control?
That may sound weird, but a simple example is when certain machines ONLY are given access to certain things. When those machines fail or change drastically they no longer ARE the same machine, so they are denied access.
If you've been comfortably trucking along with a particular security strategy it can be easy to forget how it was set up in the first place.
I see this often in the form of forgotten passwords.
Your PC remembers your passwords for you in many contexts that you may not even be aware of.
The most common is your email password.
If I had a dollar for every time I asked someone what their email password was, to only be told "I don't have one. I've never had one.", I'd be a slightly less poor man.
Of course you've always had an email password. It is just that your email program remembered it all those years ago when you first set it up.
One of the often overlooked aspects of security is that for every "give" there's a "take".
By that I mean, to do things properly you need to document what you are doing. Record it somewhere. Know how to get in, know what you've done. The more complex your security systems the better documented they need to be.
This stuff isn't just all going to stay in your head and it isn't just about passwords.
So, then how do you do those documents without compromising your security?
You don't put your passwords on a post it note on your PC screen...do you? Because I still see that a lot! A LOT!!
So in some ways, the more secure you are the more opportunities there are for a breach....which means you need more security...which means....
...and so on to infinity.
You need to consider that, at times, there are reasons why you WILL want and need someone else to get access to your secure things. This will be when you need help from people for one reason or another.
So if your systems are tightly locked down, and you've done a good job of that, there are two possible scenarios:
1) Your documentation of the systems is adequate and the results are good.
2) Nobody can find a way in and the results are bad.
Option 2 is fine if you are happy to cut your losses and move on.
If option 2 doesn't sound like a scenario you'd enjoy then you'd better do a review of just how paranoid your security is and if it needs adjusting...or better documentation.
Happy prepping,
David
Comentarios