Lately I had quite some discussions about IT security. Is it the right thing to cut yourself off the hostile Internet? Corporate data security, data integrity?
As I have mentioned in these posts before, there is a valid risk of corporate spying, data theft, etc. But… Trying to shut yourself out of the Internet is not a solution. Your consumers expects you as much to be on the Internet as they expected you 20 years ago to have a telephone or fax machine. Yes, the Internet is potentially hostile and it is not only reasonable, but also advisable to secure confidential data. But then I must refer to e-Mail encryption. There are other options, such as different file servers for internal data and external access to Internet and e-Mail, firewalled and secured.
A recommendation I lately read said to type off a URL when you get it by e-Mail. That is simply short sighted. Such an idea will simply be ignored by any user for convenience reason. If he does not understand the threat, he will not follow that requirement. If he understands, there is no need for such as the user will be aware and apply the necessary care. There is an impression in IT-support called PEBKAC – the “Problem Exists Between Keyboard And Chair”. The user is the “problem”. There simply is no 100% security in this world. It is a constant risk and value evaluation. So instead of trying to hold back the development of your company, evaluate your risks, reduce them by technical means, as well as by properly training your IT-users.
In 2004, I heard a presentation that questioned the normal user to be simply ignorant to viruses, trojan horses and the most basic other means of Internet security. To date, I get hoaxes forwarded with the best of intentions. What’s a hoax? A fake threat warning. The “best” one saying “There is a virus – to delete it do this and this” and if you do this, your Windows-PC is no longer operating.
Shall I use Internet Explorer? Why is it that even IT security experts keep that browser with known security problems as the standard company browser and not use alternatives like Firefox? There are sometimes good reasons, but that is the exception. Why is it that companies keep sending out Word- and Excel-documents and not PDF? If they’d use Open Office instead of Microsoft’s expensive commercial solution they’d not only save a lot in license fees, they could also immediately “export” into PDF (and with the free PDF import extension Open Office allows even to open and to some extend edit PDSs!). Why don’t companies incorporate S/MIME?
What truly frustrates, even agitates me is short-sighted if not even blind activism. Shut away the Internet, it is hostile. Yes. Don’t breathe, there’s all that dangerous pollution stuff in the air.
The solution is to be careful and increase user awareness. In a time of constant changes in IT, I run quite well when applying simple security measures. But it is part of our daily life and here to stay. Don’t restrict usage and application of new technologies, but emphasize your users to be careful and explain them the risks. But don’t try to shut out life, it won’t work…
Food for thought…