BANGALORE: ‘Absolute security’ exists neither in physical world nor in the virtual world. However, if we take care of some basics, the protection would become better and the harm curtailed but first, let us understand these terms.
Cyber security of one of its variant is often used in the enterprise context or by the governments where the notion is about the processes and technologies to protect a computer network and other critical information in a digital form.
On the other hand, Internet Safety denotes similar notions when we think of an individual using a computer to connect to other computers through the Internet – at home, in a school or college or for that matter, in a cyber café.
Outside a factory, there may be security gate manned by guards who are tasked with verifying the identity of those entering but once inside, the level of security often dips significantly except for some specific locations like treasury or facilities housing the Research & Development activities.
Now, if an intruder somehow makes it past the main gate, roaming within may become easy.
On the way out, inspections are rare and often limited to the physical search. An intruder could comes in with a stolen ID card, destroys or alter something within the premises and walks out undetected or could just observe the prototype of a new product without touching anything.
Isn’t it similar to the case where someone uses a password – stolen or even shared at times and act as impostor who enters your online account and siphons off money to his account or just pores over your transaction records?
When your friend returns the key to your vehicle after a joy ride, you feel that the vehicle is in your control but when we share the password, we may think that the key is still with us but the fact is that the ‘friend’ not only still retains the key but might have even changed the lock and therefore, the key in the form of a changed password and by the time we realize this, it may be too late.
Just like we use keys to lock our houses, cupboards, rooms and vehicles to avoid theft and trespassing, we use the passwords in the cyber space. While we do find it a little burdensome to carry multiple keys of different shapes & sizes – each to fit its own respective lock, we find it difficult to remember different passwords and more often than not, do not even bother to change the password that the service providers send or settle for just ‘password’ – the most popular password in the world.
Simple to remember? Definitely yes, but also simple enough for a miscreant to crack easily!
Security & safety are necessitated not just from other persons and organizations but also within the organization and the family. Numerous research reports have established that when it comes to cyber security, the internal attacks are more dangerous and prevalent. It is due to two reasons – firstly, the security system inside are much weaker and often non-existent and secondly, the insiders are more likely to know the points of laxity in the system.
There are also occasions where the security personnel could also be party to such activities thereby defying the very trust for which they would have been put in place!
Security of storage is often taken as fait accompli while not bothering to secure the entry and exit pathways and chinks in the bolt of a crack in the door or a window. Same is true about information as well.
So, what should one do about it? First, we need to be aware of the usual ploys used and focus on identifying the weakest links in the chain and strengthening those rather than just thickening the strongest link.
If we just take care to change the ‘supplied’ & default passwords or PINs, use special characters like ‘-‘ ‘%’ ‘#’ and numerals as well as local language terms within the passwords, this itself would rid us of much trouble.
Besides, the passwords should be changed once in a while and it is not to be shared with others.
Internet Safety can be easily thought of in 3 easy dimensions, viz. Protect Your PC, Protect Your Information & Protect Your Family. Obviously, enterprise security is useless if there is no safety at individual level and vice versa. This is why it is said that these are two sides of the same coin!
(The author is director of corporate affairs at Microsoft India)