Data Security : Individual Responsibility

Once a man not feeling happy and wanting to change the situation set on a journey to correct the world, he spend  all his energy towards this and after 20 years realized that the problem was not with the world but with the country and shifted his focus to correct the country ,  again after 20 years of effort realized that the problem was not with the country but with the state/province, convincing himself to start working on correcting the state/province he diligently  works for 10 years to find that the problem was within the house and started working on it and after another 10 years of hard work on fixing it he realized the solution to the problem was actually correcting himself but then it  was too late .

This story is of relevance in current context of securing information in the digital world. People often feel that the state, organizations, OEMs, their tools, laws and regulations etc. will help protect them from being compromised in the vast - overtly friendly but untrustworthy digital world.

Securing yourself in the digital world is the first and foremost step towards secured computing. If we do a random search on google for a person by name, don’t be surprised to find at least 1or 2 pages of links with information from varied sources! this is quite alarming as we knowingly or unknowingly have pumped in so much data into the internet, which facilitates a prowling eye with wrong intent to do a profiling with 60-90% accuracy.

The IT security framework is a robust and well thought implementation of people, process and technology to reduce the risk but the right adaptation and practice of this is critical to success of the objective. Your journey on the net is like riding a motorbike - you are safe as long as you are alert, cautious and follow rules ………..People, Process and technologies are the cops, rules and traffic signage/signals that help you in the journey of being safe and secure.

The below image depicts an ideal IT Security implementation which includes 1) Technology (Perimeter, Network, Endpoint, Application and data security)  2)Process for managing the infrastructure and tools to meet the objective of securing the computing environment and 3)People to monitor, drive adherence and effectiveness of the tools and processes/policies.

But this above is beyond end users span or control, any users of a computing device be it a laptop, tab, smartphone, ATM etc should follow the below 5 steps or say habits while on internet,

Be Aware > Be Conscious > Think > Act Wisely > follow-through

Awareness – Be aware of the means and end , i.e be informed on the devise or technology you are using , intended purpose, known misuse, repercussions etc.,

Conscious – Once you are aware, make conscious effort to transact safe to avoid falling into a trap, it could be as simple as not getting tempted to open an unknown attachment even if the description looks convincing or sharing your credentials when it’s not part of the intended means and end.

Think – use your logical reasoning to evaluate before reacting to an unexpected situation encountered.

Act wisely – keep security as the priority and your actions should complement that, avoid any action that is not safe or you are not sure of .

Follow-through – Make sure that you don’t leave data traces, which trained minds, can put together and recreate the scenario.  Make it a habit to follow-through, for instance deleting cookies after online banking transaction, checking access rights given to any new app installed on your smartphone etc. are small steps will help reduce impact due to ignorance. Traces that you leave on the digital world are like a flaming matchstick thrown after use, which can burn something which it was not intended to.

To summarize secure computing practices will help supplement the technology, people and process that works towards securing your presence in the digital world. Make it a habit and practice consciously.