For the purposes of trying to simplify the world of IT and how it analogously relates to your business, I’ve put together some basic domestic->technology metaphors to try to explain how your IT systems and security is like your own home.
Now before all the various IT experts have conniptions and say: “that’s not accurate”, “that’s is not entirely true”, “that is not this” blab blah – the whole idea of this article is for lay-persons to hopefully get a better understanding of these somewhat intangible and, quite often, highly-technical concepts which nonetheless are involved in their everyday lives as well as in their businesses.
So when I use the “=” sign below, it’s not meant to mean specifically “equal to”. Rather it’s the segue-point from merely a household example to an attempted, illustrative-IT equivalent.
For the relevant tech experts out there, they will definitely be able to provide far better specific definitions and explanations; however that’s not the exercise here. So I do also welcome you to chime-in and add-on where you see appropriate or helpful.
Again for anyone who:
– a particular, proprietary IT system
– rather than a generic descriptor for the storing and accessing data & programs/’apps’ over the Internet (instead of a computer’s local hard drive),
then this hopefully may be of some help.
Note: this is, potentially, extremely diabolical for any business . As most modern copier/scanner/ printers have an internal hard disk drive (HDD) that stores up to 2 years’ worth of every single document that has ever been copied, scanned, or printed!
Therefore it may still contain things such as clients or customers’ Tax File Numbers, drivers licence, medical records, passport details, Wills, highly confidential and sensitive personal or business information & data etc https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/
Hence it is recklessly indifferent nowadays to simply leave it to your office manager to treat it as a standard update or exchange of office equipment-exercise; namely the release of your copier/scanner/printer from your control will be a major breach of privacy, client confidentiality/(and possibly legal privilege for lawyers) and numerous other risks. All of which is also uninsurable!
Simple solution – ensure you ask the hire company, before they take the machine, to physically remove the fully depreciated (i.e. worth nominally $1 or thereabouts) 20-200+gb HDD and then you can cathartically, literally, smash it to bits!
11. Sneezing/not using a tissue, coughing/not covering your mouth, someone drinking straight of the milk carton in the fridge! = unilaterally /inconsiderately forwarding ‘dubious’ (or “funny”) unsolicited emails or text messages to family and friends. It may also be a breach of the Spam Act.
12. Dodgy door-to-door product sales = ‘bait & switch’ where a user clicks on an purported legitimate ad, but gets directed to a page (with download links) that’s actually infected with malware or ransomware.
13. Leaving credit card/cash lying around house, when you have naughty teenagers… = online-supplied credit card details can be obtained and then misused, and are regularly ‘sold’ on the dark web.
14. Spare key under the proverbial front doormat/pot plant or similar such other hackneyed-practices = allowing blatant, obvious security flaws (e.g. user passwords indifferently set by some something as basic “password” or “123456”).
15. Junk mail stuffed in your letterbox = Junk email/spam in your Inbox -> extrapolation on that is: never-ending junk mail = Denial of Service (DoS) attack.
16. ‘Rules of the House’ (and everyone’s’ chores) = your business’ Operations/Procedures Manual and Policies (including appropriate induction and refresher-training).
17. Your family’s ‘standards & values’ = your website’s Terms of Use. Note: Terms of Use, whilst related, are materially very different to your business’ specific Terms and Conditions (T&Cs); whether for the provision of its goods and/or services
18. Respecting other personal family members’ privacy, information and details (as you would want yours) = your business’ bespoke, proprietary Privacy Policy.
Appreciably the above is still a very limited scenario and doesn’t comprehensively deal with the huge, multifaceted range of issues complexities & aspects that are involved each individual businesses’ IT and security.
However, if even one of these points resonates with you and starts the conversation internally with your risk management, HR and compliance teams and externally with your IT and other appropriate professional advisors, then that is a good thing.
As they say: ‘an ounce of prevention is worth a pound of cure’.
Copyright © 2024. | Website Designed and Developed by Media 365