IT Security Home

For the purposes of trying to simplify the world of IT and how it analogously relates to your business, I’ve put together some basic domestic->technology metaphors to try to explain how your IT systems and security is like your own home.

Now before all the various IT experts have conniptions and say: “that’s not accurate”, “that’s is not entirely true”, “that is not this” blab blah – the whole idea of this article is for lay-persons to hopefully get a better understanding of these somewhat intangible and, quite often, highly-technical concepts which nonetheless are involved in their everyday lives as well as in their businesses.

So when I use the “=” sign below, it’s not meant to mean specifically “equal to”. Rather it’s the segue-point from merely a household example to an attempted, illustrative-IT equivalent.

For the relevant tech experts out there, they will definitely be able to provide far better specific definitions and explanations; however that’s not the exercise here. So I do also welcome you to chime-in and add-on where you see appropriate or helpful.

 

Again for anyone who:

  • may be generally interested in simple, anecdotal illustrations; and/or
  • still thinks that “the Cloud” is:

– a particular, proprietary IT system

– rather than a generic descriptor for the storing and accessing data & programs/’apps’ over the Internet (instead of a computer’s local hard drive),

then this hopefully may be of some help.

  1. Fly-wire screens = Virus, trojan and malware protection (hint: still just don’t go for the cheapest or last year’s best ‘flywire’). Such software has limited effectiveness and things ‘bigger (and nastier) than flies and mosquitoes‘ can come through the front door… see below*
  2. Front door = *Firewall -> extrapolation on that is: Battering-ram/Ram Raid to ypir front door = ‘Brute Force Attacks’ on you business’ servers.
  3. Windows = a type of operating system 😉. Seriously, another potential vulnerability-access point, if not properly checked & closed (i.e patched) regularly or because it’s too old a version – just like leaving your windows open!
  4.  A person at your front door (wearing a cheap mask) simply saying they’re someone you know and should trust- to let them in and to give the access or something of value to them (without any proper validation or verification…) = ‘Phishing‘ or ghosting emails, scams or attacks.
  5. Security alarm system (if any, and remember: they only works if you actually activate/arm them…) = *Unified Threat Management (UTM) systems.
  6. Power outage/blackout or a ‘brown-out’ (and in addition to required RCDs; possibly now some homes may now have even a even have a Tesla PowerWall) = Uninterruptible Power-supply System (UPS) with power-filter and battery-backup.
  7. Jewellery and valuables safe = fully-encrypted AES 256-bit data storage (along with UTM etc)
  8. Age of residents = very young children may not be good judges of character and very old persons may be too trusting – both may also not fully appreciate the ever-rapid pace and changes in technology (e.g. online scams affecting the elderly or giving a young child a mobile phone is like dropping them off in Northbridge, at midnight, on a Friday night…)
  9. Leaving your front door unlocked = leaving your computer logged-on with no password or secure login (not a matter of if, but when will be hacked++)
  10. Leaving filing cabinet papers/ a ‘dead’, old home PC on your front verge for pick-up = gaily returning your office photocopier/scanner/printer to the third-party hire company at the end of the hire period and/or exchanging it for a new or updated model.

Note: this is, potentially, extremely diabolical for any business . As most modern copier/scanner/ printers have an internal hard disk drive (HDD) that stores up to 2 years’ worth of every single document that has ever been copied, scanned, or printed! 

Therefore it may still contain things such as clients or customers’ Tax File Numbers, drivers licence, medical records, passport details, Wills, highly confidential and sensitive personal or business information & data etc https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/

Hence it is recklessly indifferent nowadays to simply leave it to your office manager to treat it as a standard update or exchange of office equipment-exercise; namely the release of your copier/scanner/printer from your control will be a major breach of privacy, client confidentiality/(and possibly legal privilege for lawyers) and numerous other risks. All of which is also uninsurable! 

Simple solution – ensure you ask the hire company, before they take the machine, to physically remove the fully depreciated (i.e. worth nominally $1 or thereabouts) 20-200+gb HDD and then you can cathartically, literally, smash it to bits!

11. Sneezing/not using a tissue, coughing/not covering your mouth, someone drinking straight of the milk carton in the fridge! = unilaterally /inconsiderately forwarding ‘dubious’ (or “funny”) unsolicited emails or text messages to family and friends. It may also be a breach of the Spam Act. 

12. Dodgy door-to-door product sales = ‘bait & switch’ where a user clicks on an purported legitimate ad, but gets directed to a page (with download links) that’s actually infected with malware or ransomware.

13. Leaving credit card/cash lying around house, when you have naughty teenagers… = online-supplied credit card details can be obtained and then misused, and are regularly ‘sold’ on the dark web.

14. Spare key under the proverbial front doormat/pot plant or similar such other hackneyed-practices = allowing blatant, obvious security flaws (e.g. user passwords indifferently set by some something as basic “password” or “123456”).

15. Junk mail stuffed in your letterbox = Junk email/spam in your Inbox -> extrapolation on that is: never-ending junk mail = Denial of Service (DoS) attack.

16. ‘Rules of the House’ (and everyone’s’ chores) = your business’ Operations/Procedures Manual and Policies (including appropriate induction and refresher-training).

17. Your family’s ‘standards & values’ = your website’s Terms of Use. Note: Terms of Use, whilst related, are materially very different to your business’ specific Terms and Conditions (T&Cs); whether for the provision of its goods and/or services

18. Respecting other personal family members’ privacy, information and details (as you would want yours) = your business’ bespoke, proprietary Privacy Policy.

Appreciably the above is still a very limited scenario and doesn’t comprehensively deal with the huge, multifaceted range of issues complexities & aspects that are involved each individual businesses’ IT and security.

However, if even one of these points resonates with you and starts the conversation internally with your risk management, HR and compliance teams and externally with your IT and other appropriate professional advisors, then that is a good thing.

As they say: ‘an ounce of prevention is worth a pound of cure’.