Equifax Hack and Cyber Hygiene
This week’s news has provided us with a tremendous amount of information and opinion pieces surrounding the recent Equifax hack (which is a trendy term for a data breach). It ranges from articles describing (or debating) how the breach may have occurred (e.g. QZ vs SA), to how to check to see if you are one of the 143M Americans affected, to what individuals should do to protect themselves from identity theft. What this demonstrates to me is how broadly this particular data breach will affect most of us (well, at least the 143M who work, buy houses, have credit cards, etc.)
The unfortunate reality is that this data breach is one of many high profile “hacks” that has taken place in the last 10 years. I often look at the Information is Beautiful website, which visualizes the various breaches and their impact on society. It is stunning to look at that graphic and realize how vulnerable our data — and we — are. There is a 99% chance that some of your data is already out there for public consumption, or worse for private criminal consumption. This leads to one of the most important questions of our time.
What can we do about it?
There are a number of personal protective measures one can take. It is not my goal to outline all of those measures here and prescribe some individual solution to the problem. There are already many reference articles that do a good job of providing advice in this realm.
I am most interested in bringing attention to the need for all of us to feel personally responsible for educating ourselves about cybersecurity and its practices. Given that this is one of the most broadly impactful and wicked problems of our time (it is already affecting everyone in one way or another, independent of whether we are young or old, rich or poor, male or female, etc.), education is the only way to combat the problem. True, we can prevent a data breach here or there, over time, through technology or experts, but the long term problem won’t go away until we all better understand and live by ingrained principles of security.
Handwashing
I liken this problem to the practice of handwashing. You don’t have to convince many of us of the need to wash our hands before we eat or especially after we use the restroom. Yes, there is always “that gentleman” in the airport bathroom who finishes his business and then walks straight out of the bathroom without washing his hands, but I think we would all agree that that is a gross and dirty practice.
Have you ever stopped to wonder why this practice is so commonplace in most of the developed world? It didn’t use to be. In fact, it wasn’t until 1846 that medical handwashing became a mandatory and acceptable practice among physicians. Today, science has demonstrated that the simple act of washing your hands is one of the most effective means to prevent diarrhea, respiratory diseases, and many other illnesses that still account for several million child deaths every year (mostly in areas where such practices are not as prevalent). It is argued that this habit is more effective than any single vaccine or medical intervention in the prevention of these diseases.
So understanding the importance of handwashing, where did we all learn it? For many of us, we would point to our mothers or fathers. There have also been many societal campaigns and public service announcements. The fact is that over the generations we have taught and retaught the principles of good hygiene and we currently reap the positive results.
In a very similar manner, some basic practices of good personal cyber “hygiene” can prevent a great many of our current breaches and attacks. The difference is that unlike hand washing, we haven’t educated ourselves (and in turn educated others) on these simple practices. For those of us who have been educated, we sometimes are like that guy in the airport who does his business and walks out ignoring what he knows he should do. The first step in all of this is to teach ourselves principles of good cyber hygiene and then in turn, to bring others along with us.
Community Education
When I started this company in 2014, I did so because I was tired of losing the war (that we are still losing) in this space. Being an educator, I knew that for lasting change to take place it had to start with education. I set out to educate the next generation of cybersecurity professionals to provide strength in numbers to our army of defenders. Over the last three years SecureSet has made great strides to that end and will make even greater strides in the years to come. What I have also learned however, is that this is not just a professional fight. It is all of ours.
At SecureSet we live by a “Give First” principle and one of the ways that we demonstrate this is by providing free training on cybersecurity skills within all of the communities that we are a part of. We host events every week that are free to the public so that we can better educate a population looking to learn more about the principles and practices of cybersecurity. In other words, good cyber hygiene. I am confident that we all can, and will, be part of the solution as we take on the responsibility to both educate ourselves and others. This will ensure that we are all prepared for and protected against events such as the Equifax hack and the many others that plague us.