Information in the Digital Age.
I’m sure you’ve heard the truism as often as I:
“Nothing is free…”
I wonder if you’ve heard the follow-up? Nothing is free; you will pay with either time, money or information. Increasingly in our digital age, information is the most valuable one of those commodities.
Recall the ubiquitous crime board that appears in every television detective drama. Whether or not actual detectives use these, this idea accurately captures the essence of what hackers are doing in their ongoing attempts to build a robust profile on you or your organization.
Why is information so valuable to a hacker? Because specificity conveys authenticity. Every bit of info increases the hacker’s chance of appearing to be an insider, and thus of securing your confidence.
“specificity conveys authenticity”
We drip information like my daughter’s ’97 Volvo leaks oil. It’s not pretty! (the leaking oil, that is, she’s awesome)
Let me tell you a story that happened last week. Names have been obscured to protect the innocent.
A program manager I work with was giving a training on trauma to some firefighters who were joining remotely over Skype. This was a multi-day class, and the day before everything had gone swimmingly, but today a lone guy in a particular station was having trouble accessing the meeting. Ever the problem-solver, the program manager suggested she email him the PowerPoint, and he could follow along over the phone without video access. I love these “get ‘er done” kind of people!
Everything was hunky-dory till she was informed by Compliance that she had distributed the Protected Health Information (PHI) of more than 700 people. Freaked out by what she had never intended, and extraordinarily confident that there was no PHI in the PowerPoint, the program manager called Compliance to determine what on earth had happened.
Every bit of info increases the hacker’s chance of appearing to be an insider, and thus of securing your confidence.
As she related the story to me, right in the middle of asserting that there was no PHI in this PowerPoint, the Compliance employee on the other end of the line directed her to a particular slide, and within three clicks converted a summary graph containing no individual information to the entire data source from her original spreadsheet!
So, I’m telling this story at her request, as she wants everyone to know that if you need to put a graph in a PowerPoint or other Microsoft Office document, for Pete’s sake, please take a screen shot!
Whatever you do, don’t copy/paste, insert or embed your Excel graphic into that PowerPoint.
I hope you will start thinking differently about information. It’s a valuable commodity we reveal constantly with precious little thought to how we are endangering ourselves or others.