The main questions on users’ minds when talking about information technology (IT) security are: “Am I secure?” and “Is my business safe?”
These are not easy questions to answer. Just as the doctor hears, “Am I healthy?” constantly, it’s clearly a simple question, but the answer is complex and unique to each person.
There are two major principles of security. They are as follows.
1. Security and convenience are in constant tension. Each person or business needs to find the right balance between these.
2. There is no single “key” to good security. Implementing layers of security is the best plan for individuals and businesses.
Finding a Balance
In the simplest form, you can’t have maximum security and high levels of convenience in any one system. The more secure a computer or mobile device or website or database is, the less convenient it will be to access.
To protect a computer, most people use a password upon login. This eliminates unauthorized users from logging onto your computer. However, if you need to ask a family member, friend or colleague to retrieve something from your computer, it will require you to share the password.
With the latest iPhone, you can set up a fingerprint to unlock your phone. This is extremely secure. However, if you leave your phone at home or work and you ask that same family member, friend or colleague to check your messages, s/he will not be able to. That’s not too convenient.
When logging into a website, there may be two-factor authentication (2FA). This is a security measure that requires the user to enter a “known” password, and it requires another component, such as a temporary password, that is sent to your mobile phone.
The chances of a thief or hacker having both your bank account login information and your mobile phone are far less likely. It may be inconvenient in the moment to enter additional information, but it is an excellent way to deter hackers from logging into your accounts.
If your company requires the user to change passwords every 90 days, know that this is a very good security practice. Criminals who have stolen your password can’t use it if it’s been changed. That’s a good thing, but isn’t it annoying when a website forces you to change your password?
Not Always Best
On the other hand, the more convenient you make access to a computer or website (or anything), then the less secure it is. It’s certainly very convenient to use the same password for many different systems, but what happens if the password is compromised? You have provided the criminal access to all of your systems.
Using free wireless access in a coffee shop is convenient (and saves your data usage), but it exposes your laptop or mobile phone to a network where criminals might be lurking. It’s often helpful to use public Wi-Fi, but it definitely comes with the price of being less secure.
The tension between security and convenience is real. Here are a few other examples to consider how secure it is vs. how convenient you’d like to be.
• Using cloud applications, such as Dropbox or online banking
• Using mobile devices such as laptops or tablets
• Sharing files or passwords among your employees, volunteers, interns or family
• Encrypting emails between you and your customers or vendors
• Storing/saving passwords in your web browser so you don’t have to type them each time you visit a site.
There’s no single, simple answer to these questions, but it’s important to consider this tension in each data scenario you encounter.
Ananta Hejeebu is a partner at Howard Tech Advisors, in Elkridge. He can be contacted at 410-997-2500.