In the press: Infosecurity – Do you eat your own dog food?
Last updated on April 16th, 2020
How many traffic policemen never exceed the speed limit when off duty?
How many vicars don’t swear? And how many IT security professionals practice what they preach? No, seriously, do you eat your own dog food? That’s the question Davey Winder has been asking of infosec professionals in an attempt to determine just how secure security experts really are away from the office?
An Inconvenient Truth
Surely, at home, the infosec professional will sometimes opt for convenience over absolute security? For example, what about mobile banking? It offers great convenience, but everyone in the security field knows there are risks attached.
Robert Rutherford is Chief Executive of IT consultancy QuoStar Solutions and was very honest when he admitted that he does risk analysis on the fly, telling us that “you just have to balance the impact of something happening against the likelihood of that something happening. If I need to connect a personal device to an unsecured wireless network while on holiday or in a hotel to do some internet banking, then I will, and I don’t think about it”.
That said, Rutherford also revealed that it’s unlikely he would access his internet banking at a shared cyber-café, due to the blatant risk of keyloggers, screen recorders and other spyware – so all is not lost.
“At the end of the day there is a risk in everything”, Rutherford concludes. “You can argue that nowhere is truly safe, but that’s life, and you can’t be paralyzed by fear. I don’t take unnecessary risks, of course, and do take sensible precautions. For example, I’ll VPN into work with two-factor authentication, nothing is stored locally on my devices unprotected, the devices are firewalled, encrypted, have protection systems in-place, and so on.”
John Knowles, MD of DMW Information Security, also admits to using online banking via a hardware token for authentication, which reduces the risk, but not completely. “I bank only from one device, which I don’t use for other purposes”, Knowles explains. “This reduces the risk again. I don’t keep any passwords or account details on a PC, instead I use a secure USB stick with Password Safe on it. I bank with a bank that has online banking guarantees, and I read my statements carefully”.
Knowles also makes a point of not using cloud services for primary storage of key stuff like photos or home videos, although his home backups are cloud-based and encrypted. “Backup is so essential”, Knowles warns. “The automation and the fact the data is out of the house even caters to the doomsday scenario of house fires.”
Being informed goes pretty much hand in hand with being mobile these days, to the point where we put it to our panel of experts that it isn’t really advisable, or even possible, to separate home from work when it comes to information security. Robert Rutherford was first to answer, responding that “you shouldn’t typically be using home devices to access corporate systems, neither should you allow others to use your corporate devices for personal use.”
He argues that the consumerization of IT is, as far as uncontrolled BYOD (bring your own device) is concerned, “typically madness”. After all, Rutherford says, “how do you enforce encryption from the corporate level on someone’s personal phone? How do you know that the home PC you are connecting into the business on isn’t riddled with trojans and spyware?” He concludes that “on virtually every level, it’s better to split home life and work.”
See the full original article here: Infosecurity.com
9 red flags to help you spot an email scam
Every day hundreds of thousands of scam emails flow into the inboxes of users all across the world. While it’s painfully obvious that some are completely fraudulent, phishing emails – particularly those targeted at businesses – are becoming much more sophisticated, and increasing numbers of users are being tricked into sharing valuable company information. Unfortunately, […]
The Optimisation Contradiction: One key thing manufacturers forget when optimising their factory
It is well known that inefficient operations reduce margins and weaken your competitive position in the global market. It is also well known that manufacturers are famous for their dedication to cutting out inefficiencies wherever they can in their operations. But whilst the shop floor has received the benefits of technologies such as robotics, softer […]
What is cloud email archiving?
Cloud email archiving is the process of storing a log of all email communications on a cloud storage platform. This enables businesses to have a secure, long term way to store emails for either legal, regulatory or documentation reasons. The main benefits of a cloud email archiving solution are that it reduces the costs of […]