You’re probably familiar with the concept of “trust but verify”.
When it comes to security you do this all the time. Maybe you don’t test the limits of a lot of things (you trust that others have) but you make sure things are secure.
When you go to bed, you make sure your door is locked. When you’re driving your 3-month-old, you make sure their car seat is well-strapped. You trust that safety is working, but do something here or there to make sure you’ve implemented it right.
When it comes to protecting our computer networks, most of us rely solely on trust.
Think about the last time you checked to see that all of your patches had been updated. For most individual’s computers I’ve assessed recently, each and every computer had been missing critical security patches that hackers exploiting TODAY to break into companies.
If you’ve been checking to see that your patches have been updated, kudos to you! But even most of us well-intentioned security-focused computer users let things like this slide simply because we’re all really busy (and we just ‘trust’ that this stuff is being done).
Even when it comes to some of the basics like changing passwords, it’s really hard to keep track of everything. Sometimes we might even be clicking on stuff or downloading sensitive information that we really aren’t aware of. The problem with all this security drift is we often set things places and forget them entirely. If no one ever checks up on issues, we’d likely to continue to work on insecure laptops and desktops with sensitive information hiding in plain sight to hackers looking for any opportunity to breach, steal, or ransom data.
What are we missing?
With the lack of continuous testing—identifying how we’re using our technology and pointing out places that are keeping us vulnerable day in and day out—we lose oversight into how secure our computers, our identities, and our companies are.
In our current crisis, where most of us are working remote and those working in offices are more distracted with current events than ever before, we’re putting ourselves more at risk simply being connected all day than we had prior to COVID-19.
And we’re putting ourselves and our data at risk of being breached, stolen, or exploited.
Has your data ever been breached?
Are you sure that your last employer, your bank, credit card company, Equifax, LabCorp, Facebook, Google, hospital, city government (this list keeps growing) has ever breached your information?
Your passwords? Social Security Number? Medical history? Financial records? What all are items you might store on your computer? What items might your workplace store in what you and they believe to be a secure place?
Think of all of the things you imagine are secure.
Wouldn’t you wish they all be locked in an air-tight safe? Like the one you might have in your closet (or wish you did).
For those of you without a safe, don’t you have documents—your car title, social security card, tax documents, or financials that you wished weren’t just lying on a desk? If someone were to break into your house, wouldn’t you hope that that locked closet door or desk drawer would withstand their prying eyes? Wouldn’t you worry that there really isn’t anything stopping someone from getting to that information (or to your valuables)?
Now think of your computer.
You’re working from home. Is your network secure? How can you tell?
Even at work, is your machine protected from common attacks? What if the lady down the hall clicks on a link that leads to a virus infecting the rest of your machines, how sure can you be that that virus (those hackers) won’t get into your personal files?
Is there a safe protecting that information? Or is it simply placed in a filing cabinet that is either unlocked or can be jimmied open pretty easily?
I know data on our network—even information on our computers—passwords, documents, accounts, etc. can be hard to keep track of. But what if it didn’t have to be that difficult? What if it could be simple?
What if you could tell where sensitive files were, that your computer was as airtight as a safe and your information was all protected without having to simply trust all the time?
What if you could get peace of mind that at a click of your mouse, you could make sure everything was up-to-date on your security and that you don’t have any vulnerabilities being exploited by hackers?
What if you could show any improvements to your system to your insurance company, regulating agency or boss to show that your computer was complying to your company’s security standards?
What if you knew what was going on?
Wouldn’t you want something that was able to:
Test your processes? Understand the details in your protocols and make sure they matched what your policy said?
Test your procedures? Make sure that security procedures were actually getting followed by team members and get them back on track when behaviors don’t match those policies and procedures?
Test your technology? Make sure that information is secure AND backed up and keep an eye on your IT team and give them and you alerting to issues and make sure those issues get fixed through continuous follow up until they’re resolved?
Test your training? Make sure that your training process is getting you more cybersecurity-conscious team members?
What we’ve found is that simply pointing out problems doesn’t work. We need solutions to go with those problems. Solutions that are simple. Solutions that make security better.
99% of the time security doesn’t work results from a broken system. Either technology that isn’t compatible with human behavior or cybersecurity implementation that hasn’t taken into account our business processes and strategy.
What experts are saying is we trust our technology too much. We don’t understand what’s going on and because of that, we’re failing when it comes to protecting our networks, our computers and our data.
What they’re recommending? Getting everyone involved in the solution. Make it a part of our systems and the way we do things?
How? By making cybersecurity and checkups a visible part of how we work and how we do business.
