Security
The vast majority of your life is obscure. That means that most people don’t know your middle name because you never told them, and because most people don’t know where to look up public government records.
Just because your middle name is generally unknown, doesn’t mean it is secure.
He’s a mental picture: I could put One Million Dollars in CASH on my kitchen table and leave all my doors and windows unlocked. So long as no one knows that I have One Million Dollars in CASH on my table (unsecured) then that Million Dollars is perfectly safe.
However, that’s not how security works. Securing something means taking steps to ensure that something remains under your control despite effort to take it out of your control.
In my previous example, locks, security cameras, electric fences, and mal-adjusted rabid Rottweilers make my One Millions Dollars more SECURE than the previous scenario where I rely on the blind ignorance of others to keep my money mine.
In the online world things are different. No one is after YOU. Hackers, viruses, malware, spyware, adware - it is all cold, calculating, and collecting. It doesn’t know who YOU are - because it doesn’t care. The majority of identity theft is not accomplished because someone went after YOU as a PERSON - it’s because they made use of modern methods to take ANY indentity in general - NOT YOURS IN PARTICULAR.
To paint this picture, a “hacker” uses a program to scan millions of computers on the Internet (which includes yours, EVEN IF you have a firewall and anti virus software). That program has two purposes in life: 1. find vulnerable computers (yours) and 2. infect the computer and use that infected computer to scan for other computers which are vulnerable.
Rinse, repeat.
I know a lot of business people who say “I don’t need to worry about security, who’s going to hack me?” Hello numb nuts - NO ONE ATTACKS -YOU-. Hackers seek out and exploit the $400 computer you bought from Best Buy which you dutifully refuse to run Windows Updates and Anti Virus Updates on because you’re too busy sending emails with little animated icons from a toolbar you downloaded which while sending cute smiley faces is also pilfering your customer credit card numbers out of Quickbooks.
What is security? It has nothing to do with *where* your data is. In fact, having your company data on your own systems in your own office is probably the LEAST secure place for your data to live. You let anyone who claims to be “the computer guy” in your front door and right in to your server room. At this point, passwords are useless - physical access to any system IS ACCESS.
In fact, if your firewall doesn’t have the latest updates, a syslog server, and someone (a real BODY) watching it on an hourly basis, it’s pretty much a bump in the wire for the all the junk your employees and your kids (yes, you let your kids use your office computer, don’t you?) are downloading and running. Firewalls are great for keeping the outsite world out (sort of) but once some uneducated user (you and your entire business) download that cutsie little program, your $10,000 firewall is completely ineffective. Yep, your investment crumbles that fast. (Oh, did you catch TEN THOUSAND DOLLARS for a firewall? Yeah, that $60 router/firewall from Best Buy is basically a neon sign advertising “Hack Me - Credit Card Nubmers Here” on the Internet.)
And let me rant about wireless. Folks, if it comes out of a consumer electronics store, then IT IS NOT SECURE. If your wireless was setup by your son’s friend, then it is already being used by every pedophile with a Pringles can inside a 1 mail radius to to download kiddie porn off of YOUR Internet connection. Wonder why you can’t send that email to your accountant or the IRS? Your Internet connection is probably on every watch list in the world and the only reason you’re not in the clink yet is because modern law enforcement hasn’t even figured out how to properly defend a hand-held radar gun citation.
So what’s the answer? There isn’t one. Security threats change EVERYDAY and unless you have a person - or a company - vigilant for your security, then you’re likely hacked and you don’t even know it. Sure, you’ll know when the SEC or VISA comes knocking at your door wanting to know how 100,000 credit card numbers wound up leaking out of your website, ecommerce application, or accounting program, but at that point it’s too late and someone already has a noose sized for your scrotum waiting for the order to hang.