A Technology Lawyer's guide to "Why your Business' IT Systems' Security is like Home Security"

For the purposes of trying to simplify the world of IT and how it analogously relates to your business, I’ve put together some basic domestic->technology metaphors to try to explain how your IT systems and security is like your own home.

1. Fly-wire screens = Virus, trojan and malware protection (hint: still just don't go for the cheapest or last year's best ‘flywire’). Such software has limited effectiveness and things ‘bigger (and nastier) than flies and mosquitoes‘ can come through the front door… see below*
2. Front door = *Firewall -> extrapolation on that is: Battering-ram/Ram Raid to your front door = ‘Brute Force Attacks’ on you business' servers.
3. Windows = a type of operating system ??. Seriously, another potential vulnerability-access point, if not properly checked & closed (i.e patched) regularly or because it's too old a version - just like leaving your windows open!
4. A person at your front door (wearing a cheap mask) simply saying they’re someone you know and should trust- to let them in and to give the access or something of value to them (without any proper validation or verification…) = 'Phishing' or ghosting emails, scams or attacks.
5. Security alarm system (if any, and remember: they only works if you actually activate/arm them...) = *Unified Threat Management (UTM) systems.
6. Power outage/blackout or a ‘brown-out’ (and in addition to required RCDs; possibly now some homes may now have even a even have a Tesla PowerWall) = Uninterruptible Power-supply System (UPS) with power-filter and battery-backup.
7. Jewellery and valuables safe = fully-encrypted AES 256-bit data storage (along with UTM etc)
8. Age of residents = very young children may not be good judges of character and very old persons may be too trusting – both may also not fully appreciate the ever-rapid pace and changes in technology (e.g. online scams affecting the elderly or giving a young child a mobile phone is like dropping them off in Northbridge, at midnight, on a Friday night…)
9. Leaving your front door unlocked = leaving your computer logged-on with no password or secure login (not a matter of if, but when will be hacked++)
10. Leaving filing cabinet papers/ a ‘dead’, old home PC on your front verge for pick-up = gaily returning your office photocopier/scanner/printer to the third-party hire company at the end of the hire period and/or exchanging it for a new or updated model.

Note: this is, potentially, extremely diabolical for any business . As most modern copier/scanner/ printers have an internal hard disk drive (HDD) that stores up to 2 years’ worth of every single document that has ever been copied, scanned, or printed! 

Therefore it may still contain things such as clients or customers’ Tax File Numbers, drivers licence, medical records, passport details, Wills, highly confidential and sensitive personal or business information & data etc https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/

Hence it is recklessly indifferent nowadays to simply leave it to your office manager to treat it as a standard update or exchange of office equipment-exercise; namely the release of your copier/scanner/printer from your control will be a major breach of privacy, client confidentiality/(and possibly legal privilege for lawyers) and numerous other risks. All of which is also uninsurable! 

Simple solution - ensure you ask the hire company, before they take the machine, to physically remove the fully depreciated (i.e. worth nominally $1 or thereabouts) 20-200+gb HDD and then you can cathartically, literally, smash it to bits!

11. Sneezing/not using a tissue, coughing/not covering your mouth, someone drinking straight of the milk carton in the fridge! = unilaterally /inconsiderately forwarding ‘dubious’ (or “funny”) unsolicited emails or text messages to family and friends. It may also be a breach of the Spam Act.  

12. Dodgy door-to-door product sales = ‘bait & switch’ where a user clicks on an purported legitimate ad, but gets directed to a page (with download links) that’s actually infected with malware or ransomware.

13. Leaving credit card/cash lying around house, when you have naughty teenagers… = online-supplied credit card details can be obtained and then misused, and are regularly ‘sold’ on the dark web.

14. Spare key under the proverbial front doormat/pot plant or similar such other hackneyed-practices = allowing blatant, obvious security flaws (e.g. user passwords indifferently set by some something as basic "password” or “123456”).

15. Junk mail stuffed in your letterbox = Junk email/spam in your Inbox -> extrapolation on that is: never-ending junk mail = Denial of Service (DoS) attack.

16. ‘Rules of the House’ (and everyone’s’ chores) = your business’ Operations/Procedures Manual and Policies (including appropriate induction and refresher-training).

17. Your family’s ‘standards & values’ = your website’s Terms of Use. Note: Terms of Use, whilst related, are materially very different to your business’ specific Terms and Conditions (T&Cs); whether for the provision of its goods and/or services

18. Respecting other personal family members’ privacy, information and details (as you would want yours) = your business’ bespoke, proprietary Privacy Policy.

Appreciably the above is still a very limited scenario and doesn't comprehensively deal with the huge, multifaceted range of issues complexities & aspects that are involved each individual businesses’ IT and security. 

However, if even one of these points resonates with you and starts the conversation internally with your risk management, HR and compliance teams and externally with your IT and other appropriate professional advisors, then that is a good thing. 

As they say: ‘an ounce of prevention is worth a pound of cure’.