Privacy For Sale

privacy_lemonade

 

The recently announced anti-trust suit against Google is not about privacy, per se.  It is about leveraging monopolistic power to secure a dominant position on mobile devices.  One of Google’s claims is that it provides a free service to consumers so there is, in the end, no harm caused by their actions.

In fact, Google is not offering their services for free; they provide us their capabilities in return for our information and our behavioral tendencies.  That data is pumped into their algorithms that predicts our behaviors and tendencies and then sold to third parties.

What will be interesting is how much of this will be exposed during the case.  Google’s use of data has historically been opaque.  It will also be interesting if this case opens more eyes to the importance and value of privacy.  Are we perfectly happy giving away our privacy in return for free search, or do we have no other choice because Google has so much dominance it permeates our digital worlds whether we want it or not.

In the end, of course, there is no free lunch (or lemonade).  It’s just at what price are we willing to pay?

Cyber Death by Imagination

Cyber Death by Imagination

Behavioral economics teaches us that we are more fearful of immediate losses than future gains.  Conversely, we are also tend to choose immediate gains over protecting ourselves from future losses.  Especially when the type of loss is too foreign to us or is ever changing.  

We do have available to us a tool that doesn’t require a lot of tech to use but perhaps can do more to both enhance and protect our organization than any piece of software or hardware we might have:  our imagination.

When things are changing, you can’t rely on static measures or processes designed to defend against what today’s threats.  Because the use of technology as a business enabler is ever changing as is the nature of cyber threats, businesses need to take a dynamic approach to risk mitigation and transfer strategies and constantly imagine both the opportunities and the risks they may face tomorrow.

As a report from the UC Berkeley’s Center for Long-Term Cybersecurity and Booz Allen Hamilton states, “….failures of cyber defense in some cases — possibly the most important ones — [are] not necessarily a failure of operational rigor but equally or more so a failure of imagination.”

There are a number of tangible ways businesses can leverage the use of imagination in addressing the cyber risks that they may face.  One is through an incidence response simulation.  Get your team around a table.  Imagine a ransomware event has occurred.  What do you do?  Do you pay the ransom? How long will your systems be down?  How much business do you stand to lose?  Brainstorm other scenarios, focusing on ones that could take you out.  Risks that cause you to be shut down for an extended period of time or do irreparable harm to your ability to serve your customers or to your reputation.

Not only do these types of simulations help you be better prepared to respond if they occur, it also helps you better define what risks you might face and what defenses to build to mitigate those risks.  This can therefore become the basis for your risk assessment (which, if you are simply focused on compliance you generally have to do anyway).

We often think of creativity when it comes to innovation and growth that are critical our long term success.  In the ever-changing world of cyber threats, we need to be equally creative when it comes to imagining and addressing risks what are crucial for our long term viability.

Remember Your First Password?

password_cartoon

We do need to make sure that we are using strong passwords, but guidance has changed on the need to continually change those passwords.  The National Institute for Standards and Technology (NIST), which codifies best practice cybersecurity controls, has updated their guidelines around digital identity.  Instead of forcing individuals to change their passwords frequently and/or require a special characters or passwords which are more gibberish, they recommend creating long passwords out of pass phrases, such as “NIST passphrases make passwords easy!”.  Long pass phrases are difficult to crack and yet memorable enough for the user.  

Still, remember not to use the same password twice (use of a log in manager can help you here).  Also, enable multi-factor authentication for applications which may have sensitive information (where you have to both key in a password and enter a code from your smart phone, as an example).