Tuesday, December 2, 2008

Stoneage 101

When you mention "Information Security" in front of people, most of them will shrug. "I ain't no computer guy", some might say. Truly, only very few people are "Computer Guys", but there's information anywhere, not just in computer, and so information security is no more "computers" than mice or speakers.

About a year ago, I was standing in line to buy a ticket to some concert. Apparently, the theatre was offering some sweet deal, by which you could pay for part of the ticket using reward-points accumulated with your credit card. As I was moving down the line, I noticed that the cashier was writing down on a piece of paper the credit card number of each buyer who elected to take advantage of this pitch. I raised my phone and took a snap of the cashier, and later, at home, with some image processing, I could easily decipher every number and name on the sheet.

The point of this little story is that had I been a less honest person, this little exercise in negligence could have easily led to a massive shopping spree, and this is a classic electronic fraud which has nothing to do with computers. It's easy to see who's at fault here, but blame aside, the lesson here is that information security flaws could be lurking everywhere. You could be completely computer-illiterate, but still throw out your credit card statements in the trash, thereby exposing yourself to fraud. In fact, one could say that computer-illiterate people are even more at risk than those who use computers all the time. At least when you have one, you would probably be aware of at least some of the dangers involved with open communication lines.

What you can do? 1st of all, open your eyes. Look around you. Do you have yellow notes sticking on your screen with private information that could be used to hurt you? Do you keep a bunch of sensitive documents in that unlocked top drawer in your cabinet? Is your trashcan full of documents that would go out to the public trash tomorrow, and may reveal a lot about you? If some of those are YES, here's your chance to get better. Next, open your spouse, kids, parents, family and friends ears too. Tell them this tale and help them think more critically about their data. Your parents told you when you were little that when you come in or out of the house, you should lock the door, right? That's a basic security measure that seems to go without saying, but it's up to you as a parent (now or in the future) to educate the next generation how to apply security to stuff other than doors and windows.

No comments: