Sunday, January 31, 2021
When it comes to Cybersecurity, humans are the weakest link
working correctly, but also to make sure no one’s accessing them who shouldn’t be.
It may sound like a simple task, but with over 6,000 employees scattered across 70-plus offices in 10 states, it’s not as easy as it sounds. Especially the cybersecurity aspect of it.
Yes, we have firewalls and other gadgets and software watching our systems so I’m not the only guard at the virtual castle gate telling every visitor: “Halt! Who goes there?” But as 2020 showed us in perhaps the most dramatic way possible, our collective workplaces are no longer a physical place that can be defended by virtual fortifications.
Nor are they even like the Iron Ring of castles that King Edward 1st of England built to subdue Wales back in medieval times.
In 2021, the workplace can be anywhere and it can change not only from day-to-day, but even hour-to-hour. The old way of constructing permanent, impenetrable walls around our workplace computer systems is about as useful as Edward’s quaint old castles against a modern army using artillery firing high-explosive rounds.
The key to cybersecurity these days is to protect the data no matter where it is. So instead of focusing on building bigger and better walls, we should instead concentrate on protecting the messengers who carry the king’s missives between his castles and cities.
IT folks like me are already doing this, but the more I learn about how to protect these messengers from the brigands and bandits who lay in wait in the dark alleys off the information superhighway, the more I realize that just throwing more technology at the problem is NOT the answer. In my opinion, it may actually make matters worse.
Adding complexity to any system, means there are more things that can go wrong, and as we’ve learned time and again, hackers are adept at exploiting the tiniest of flaws they find in any system. Adding complexity also makes it harder for regular folks to use and understand it. Human nature being what it is, means that people will then try to find a “quicker and easier” and way to get their work done, often bypassing the thing that’s meant to keep them safe.
And that’s really the biggest challenge in Cybersecurity these days.
The weakest link has – and always will be – the human element.
The average person does not know (or really care) about how technology works. Most only want to know which buttons to press to get a particular task done. The rest to them is magic.
And therein lies the problem.
IT professionals like me need to help to demystify technology and help regular folks understand how the devices they have come to rely on work. I’m not saying the average Joe needs to know how to debug a kernel panic, install an operating system or even swap out a memory module before using a cell phone, sending a text message or ordering pizza or toilet paper online. However, they should be taught how to apply the same basic safety tips and skepticism they use in the real world to the virtual one so they can keep themselves safe.
I know this seems rather obvious, but then again, so does driving a car. The gas pedal makes it go, the brake pedal makes it stop and the steering wheel lets you make turns.
Every kid knows this.
Yet we’d never give car keys to a teenager on their 16th birthday and let them figure out the rest on their own. Instead, we make them learn the rules of the road from a (hopefully) more experienced driver.
And that’s what I want to do over the next 12 months with a majority of my blog posts. I want to help folks learn how to detect possible scams and view every online transaction with the same degree of suspicion they’d have if someone claiming to know them came up to them on the street and asked them for their house or car keys.
I’m hoping this can be an open and interactive discussion, so please feel free to ask any questions, no matter how basic they seem, in the comments below and I’ll do my best to answer them for you either in the comments or in the next month’s post.
I've given the IT folks at my offices heads up every time a Phishing email comes through.
ReplyDeleteKeep it up! It gives them a change to recall those messages from other people's mailboxes who might not realize they are scams or else block any links in those messages.
DeleteThis comment has been removed by the author.
ReplyDeleteJeff,
ReplyDeleteI am a fan of your science fiction writing. I think I have read all of your books and I am looking forward to reading more. I love your character development and it brings back a lot of memories from the D&D days in college. Your books are a lot like the dungeon scenarios we played. I have had a lot of Gary Gygax moments reading your stuff. I have not read much sci fi in quite awhile, but tried some of the stuff they advertise on Facebook, but many of them were very disappointing and I could not bring myself to finish them. Your writing is breath of fresh air or maybe nostalgia air hehe. While your characters are simple I appreciate not having hours of introspection with no action or unreal character flaws. Upon reading your blog I was struck by your Christmas era post about the state of our country and the year 2020. Keep up the writing on both levels. It seems that being able to disagree respectfully is almost nonexistent in todays political arena. Despite being 60 years old I cannot recall this kind of intolerance to peaceful differences of opinion. While I am a strong republican, I find the extremes of both parties almost scary. What happened to cooperation for the greater good. Anyway happy holidays and best wishes in this crazy new year.
Thanks for the holiday wishes and I'm glad you are enjoying these posts and lets pray 2021 brings a New Hope for the world to return to some semblance of sanity!
Delete