Information security as the name implies is the act of keeping information secure.
What many people fail to realise is that this goes beyond the powers of personal security measures, and into the realms of corporate and state security policies.
As soon as you give any information away, as soon as you use a credit card in a shop or sign up to a website you are placing your data in their hands. Your email and password is stored onto their system and you are completely reliant upon their security to keep it safe.
Now in utopia, where trees are ever green and your car never breaks – these people would safely handle your data and do every single thing they can to ensure they follow data protection laws and keep you safe.
However unfortunately we know that’s simply not the case. Over the recent years we have heard countless stories regarding the encroachment of peoples privacy and data, both from maliciousness and plain foolishness.
The sad truth is that as one recently apprehended Russian hacker would tell you, many companies still store sensitive data (like credit card details) in plain text files, completely open to anyone with the knowledge to grab them.
Security is hard, and that is why being a security expert grants such a high demand and wage. Many simply don’t want to – or are fearful of implementing the security required to protect your data. Often it’s a case of trying to meet everyone’s needs, which leads to compromise.
Then, of course is the government aspect which can’t go unmentioned with what we know today. The government are a bit like over protective parents, their intent is somewhere in the right place, yet the methods and tactics they have used in the past to protect you have been completely irresponsible and a real genuine invasion of privacy.
The problem we have however – is that if we are to live in society, and to function in what constitutes as a ‘normal’ life, then we are going to have to end up placing trust into all of these people. But you can choose what you share, and more importantly the damage that would be done should those you trust fail to keep your information safe.
This is why using an arbitrary email address and password for superficial things (not business) is a great idea, as is having separate credit cards with differing limits and I would go as far as to suggest using a VPN and ensuing a private browsing session, as you would be amazed how much telemetry and tracking goes on as you nonchalantly browse the web. There’s far more you can do too. Being selective with who you give your information to is the most obvious of course – an ounce of prevention is worth a pound of cure.
The good news – (if you can call it that) is that as a security practitioner you will always be needed. As we enter the precarious wasteland of IOT devices and their glaring flaws in security; often from manufacturing – your skills will always be required. And on another level, whilst you won’t be receiving any knighthoods from the queen, your role in security really can prevent peoples lives from being torn apart.
It’s a brave new world, and the more information we have the better we will be to deal with it; and even come to embrace it.