Information security begins with you
In this hyper-digital world, information is wealth. However, users of technology are human, and therefore, fallible. With an increase in security-related incidents worldwide, information security is of paramount importance, for both individual users and organizations.
The authors of the acclaimed book ‘Blockchain Revolution’, Don Tapscott and Alex Tapscott, refer to blockchain technology as “the trust protocol” – a platform that helps ensure integrity of transactions.
However, in my opinion, there are disruptive forces all around us, working on the “Devil’s protocol”, seeking to unleash ‘technological ogres’ into the world. People with dubious motives are waiting for opportunities to hack into systems and steal information from us in the virtual world.
This issue was highlighted in a recent movie from South India where the protagonist was the victim of identity theft. In a dire situation, the protagonist was forced to seek the help of a person outside the banking system for an urgent loan. Though the loan was sanctioned, the man’s personal details were handed over to the antagonist, an ace hacker. Pressures on the personal front drive the protagonist to being at the mercy of the hacker.
One of the aspects the movie highlights is the indiscriminate posting of personal information on social media. Though there was a specific reason for this in the movie, these posts made him vulnerable to being tracked by identity thieves.
Personal data that Web users share on social media is analyzed by identity thieves and used to phish (an attempt to try to obtain confidential information from users, usually by sending an e-mail that looks like it was sent by a financial institution, but contains a link to a fake website) information. Users must also be careful not to expose themselves to social engineering (deceiving or manipulating people into sharing confidential or personal information that could be used for fraudulent purposes), while sharing personal information on the Web or otherwise.
The best way to protect ourselves and our organizations from such incidents is to think twice about, and if possible, restrict sharing personal details – especially personal photographs, our whereabouts and sensitive information.
It is also important to believe in and practice effective Information Security Management System (ISMS) policies and practices. At Congruent, where ISMS is integral to our functioning, we believe that the “human wall is stronger than the firewall”.
As active Web and social media users, we have to be aware of the following:
• Banks never ask for your ATM PIN.
• Customer care executives should not ask for your passwords.
• Recruiters should not ask for the details of the business process you are involved with.
Beware of identity thieves and shoulder surfers! (Shoulder surfing is a type of social engineering technique used to obtain information such as PINs, passwords and other confidential data by using direct observation techniques, such as looking over the victim’s shoulder.)
I believe that being cautious about the information we share will definitely help combat ‘ogres’, now and in the future.