Jun 18, 2019
Security Through Obscurity is Not Security at All
I started thinking this a little while ago about how far the world has come and going back into the days of my first job, yep, many, many moons ago at Jaycar. I was thinking abouthow many people paid and their PIN number was on the back of their credit card or on the back of their key card. I thought, oh my goodness, that's not even an obscurity, that's not security at all. You might as well use a chisel to lock your door. It doesn't make any sense.
Learn more about Business IT Security: https://dorksdelivered.com.au/blog/368-security-through-obscurity-is-no-security-at-all
Security is Everything
The biggest problem you can face is you don't even know if your business is secure or not unless you're in the game. You need to make sure that it is secure. You want to make sure that things aren't being taken away and that those little bits of ease aren't at the expense of security. I'm sure your IT companies have told you this before, but if you want to have everything completely secure, the most secure network you'll ever find is one that has no people on it and no connection to the internet. When I was doing some support work for a school of 1,200 machines, I can comfortably say that during the school holidays after I got everything working, nothing broke, everything just kept working. It was great, but it's not a usable system.
If you have everything completely locked down and nobody's able to touch them there's no point in having them. There always has to be a bit of flexibility and that's where you need to make sure that you're staying secure, because flexibility comes at a risk if it's not done properly. If you're connecting into your workforce from remotely you should be using a VPN or something to connect in that would connect to your phone, such as a two factor authentication.You want to make sure that you have great security in place. This goes on premise as well.
Lock it Up With Good Quality Locks
You can go down to Bunningsand you can buy a cheap lock. One of my sort of side hobby that I've done in the past to pass time and get my mind away from the analytical thinking and more towards a creative, physical thing is lock picking. It's quite a hobby andit's quite interesting. It was surprising to find, when I went over to my mate's house, his parents had just built this beauty of a home, maybe 1.6 million dollar home near the water and it looked quite nice, as you'd imagine. The home was so fresh, that grass, you could still see those lines where the turf had been rolled out. We couldn't get into the house. His parents weren't home and his parents didn't have a hidden key or anything like that, again, security through obscurity. They said, "Look, we just have to wait for us to get home, we'll be home in about two hours." I said, "If you don't mind I'll just use my lock picking set." I opened the door in about 10 seconds and that comes down to shitty locks. You can't have bad locks on your doors. You've got to have good locks, you've got to have good security, otherwise you're only keeping out the honest criminals. That's what a lock is and that's what a lot of security is around IT practises.
Get An Audit
These people have just popped in antivirus solutions and they've turned a small network into a bigger network. They're still running a mumand dad practise, butthe business is now turning over sizable income and wouldn't be able to have the downtime that was associated with a mom and dad business. Have a look, get an audit. Get someone to jump in and audit your business. You'll be surprised at what they can find, anything from security patches missing, old router firmware that needs to be updated, old wireless protocols that should be disabled or even things that let them get in because you don't have the correct types of encryptions with any of the resources that you are dishing out remotely.
What About the Cloud?
Some people think, "I'm in the Cloud, I don't have to worry about security." Well here's a big, scary notice for you, you really really do more than ever if you're in the Cloud because now if someone's breaking into your shit, you can't even unplug the cord and get away from them. You have to just sit there and let it happen. How terrible is that? That is of course unless you've got the right processes in place.
The Final Word
Have talk to your IT company and see what they can do. Security should be your number one priority. Remember that security through obscurity is not security at all. Stay good.