True IT Security Starts in the Home
A child sitting on the grass watching his favorite show on YouTube. A mother feeding her toddler while he's glued to her smartphone. A teenage girl busy 'snapchatting' away with her friends.
These are regular scenes we see on a day-to-day basis, children engrossed in absorbing content or playing games via tablets, smartphones, and laptops. Welcome to the era of the "digital native", where lives are driven by devices, social media, and the internet.
While you may have spent a certain amount of time teaching your children how to use a device and invested in a sturdy cover to protect said gadget, how many times have you sat your children down to tell them how to protect themselves on the internet?
Teaching children how to protect themselves on the internet has become critical given the free hand that social media now plays in their lives, particularly as the associated dangers of online bullying, identity theft, inappropriate content, and even cyberstalking are so very real.
The first response to such fears may be to block your child from using connected devices completely. But, such a strategy is likely to fail given the proliferation of internet use within education these days. And let's be honest, you feel more secure knowing your child has their smartphone on them, so what are your options?
Sure, you can install a browser that enables parental control, proactively limit screen time for your kids, and ensure that you only subscribe to age-appropriate content on streaming services. But such approaches should never be viewed as a silver bullet.
Indeed, they are just precautions, and despite such measures, your child may still end up viewing inappropriate content or giving away crucial information about themselves. Simply placing blocks in the way is not a solution in itself; the ideal solution is greater awareness, communication, and plain common sense.
Now you may be wondering how any of this is relevant to your organization, but much of the above advice holds true in the big bad world of business too – particularly as IT leaders consistently rank their own employees as the number-one security challenge they face.
And just like the scenarios previously discussed, much of the blame for this can be placed at the door of poor end-user awareness, a lack of communication, and, often, an absence of common sense. Why else are established IT security policies, procedures, and protocols so routinely flouted in the workplace?
Data loss is perhaps the biggest fear in this regard, and organizations around the world are increasingly investing in data loss prevention (DLP) tools in an attempt to alleviate such concerns. Indeed, IDC projects that global spending on DLP solutions will grow at a compound annual growth rate (CAGR) of 7.9% over the 2015– 2020 forecast period.
But just as installing YouTube Kids on your tablet is no guarantee of protection for your child, corporate investment in the latest security technologies can only defend the organization to a certain point. That's because a firm's IT security posture is only as strong as its weakest link. And that weakest link will always be human!
Whether it's achieved through phishing, malvertising, or a whole host of other approaches, people will always be the prime target of the attackers, because they know that the easiest way to enter a network is to be invited in rather than to relentlessly pound on the security infrastructure until it cracks.
But all too often, people are not considered part of the solution, just part of the problem. Indeed, while the human element is widely considered the greatest threat to organizational security, many businesses continue to focus their attention (and resources) on trying to take people out of the equation rather than on addressing the underlying issues.
Given their propensity to freely share their locations and photos of the most mundane daily activities via social media, the typical digital native can hardly be described as a discrete and private individual. As such, it is incumbent on us as parents to establish clear boundaries for our children and educate them on what they can share online and with whom.
Likewise, it is imperative for organizations to increase the security awareness and capabilities of their users. In this way, they can become a force multiplier, reducing the possibility that they will introduce malware into the organization or provide an attacker with some other avenue for exploitation.
Technology solutions undoubtedly have a critical role to play as well, but without true awareness around the issues of online security and privacy, their effectiveness only goes so far. And this is true both at home and in the workplace.
At IDC, organizations regularly tell us the reason they experienced a security breach was due to a lack of employee awareness. The fact that adults are falling victim to social media engineering attacks and identity theft only highlights how important it is to start security education at the earliest opportunity.
And, crucially, by educating the children of today, we are helping to protect the businesses of tomorrow.