Tech Talk: Security - the right questions to ask

Saturday, May 3, 2014

Security – The Right Questions to Ask
By Brian Boston

We have an illusion of security, we don't have security.
-- Isaac Yeffet, aviation security consultant and former head of security for EL AL.

Answering any Tough Question is Challenging

In a month of talking with people about the HeartBleed bug, and this week’s Internet Explorer security patch, I have had some tough questions. The hardest questions I have encountered have ended with:

 “…Is it secure?  How do I know I am safe?”

I am initially tempted to respond these questions as Mr. Yeffet did. It is a technically correct answer. In his situation, it was his somewhat theatrical opening statement about increasing security measures at U.S. airports.

Putting Safety and Security in Context

In my case, it is a reaction to the notion that online safety and security are conditions achievable by flicking the right switches in the correct order. Your personal sense of security doesn’t operate with clear logical certainty. It is achieved when you feel “safe.”

Some people can cross a busy street, secure in their belief that drivers will see and stop. It would be less risky to cross at a marked crosswalk at an intersection with crossing lights, but unmindful drivers still hit pedestrians at those intersections too. Are those intersections secure?  No … and the only way you know you are safe is after you’ve crossed the street.



Asking the Right Questions

So we need change the questions being asked. In order to feel secure, it is most helpful to develop a ratio of risk versus reward and learn what can be done to mitigate the risk. That is where people like me can help prepare you or direct you toward less risky conditions.

But, that is not the answer to the questions being asked above. So, let's change the questions so you get what you really need.

“What are benefits and risks associated with [fill in the tech feature or service of your choice]?”
“What steps can I take to avoid those risks?”

Using those questions, you can build your own personal sense of security online and elsewhere.

Example: Is Gmail a Security Concern?
Let’s apply these new questions to a popular email service:

“I am uncomfortable sharing personal information online with Gmail. Are they “safe?”

 becomes

“What are the benefits and risks associated with Gmail accounts?”

Getting a Useful Answer

Gmail may be a free email account but your gmail address also opens the door to dozens of free services offered by Google, ranging from a calendar that can be shared, 15 gigabytes of cloud-based storage (Google Drive), a custom phone number (Google Voice) and its own social network, “Google+.”

Google is known for collecting a lot of information about its users, an area of concern for many people. Google is pretty open about this though you have to look in their privacy policy to get the details.

Most actions you take within Google services can result in data collection which helps the company develop new services, and capabilities, and personalize the user interaction. Your information is combined anonymously with data from other users to inform advertisers about who accesses Google services to target the right people with more relevant ads

“What steps can I take to avoid those risks?”

The same privacy policy provides a series of steps and resources you can use to address your concern about sharing information, including:

Google Dashboard provides detail by service what Google is tracking about you and your actions. You can use this area also to manage  or disable various services.

Google Ads show how your actions have allowed Google to assume certain demographic information about you and permits you to correct or opt out of “interest-based” ad targeting.



If this doesn’t improve your sense of security you can always enter false information in your profile. There is nothing stopping you from putting in a different birthday or name or location information. Just be aware that some Google services will “believe” that information and behave as if it is true. For that reason make sure you keep a record of any phony information you supply in case you are asked to repeat it “for security reasons” and be understanding when you receive mistimed birthday greetings!

See how it works?
  • Ask the right questions.
  • Collect information on the risks and benefits
  • Learn how to reduce risk
  • Build your personal sense of security

Remove that “illusion of security”… and take control of your own safety.

The only real security that a man can have in this world is a reserve of knowledge, experience and ability.
Henry Ford, American industrialist, the founder of the Ford Motor Company 


Do you have a follow up on this topic or have the right question on another area? Please share it with me at brian@bostonlegacyworks.com. Your question may show up here on Tech Talk.


Posted by DKH at 11:18 PM
Tags:

0 comments:

Post a Comment

Post a Comment

We encourage the thoughtful sharing of information and ideas. We expect comments to be civil and respectful, with no personal attacks or offensive language. We reserve the right to delete any comment.

Subscribe to: Post Comments (Atom)
ShorelineAreaNews.com
Facebook: Shoreline Area News
Twitter: @ShorelineArea
Daily Email edition (don't forget to respond to the Follow.it email)

  © Blogger template The Professional Template II by Ourblogtemplates.com 2009

Back to TOP