Finding The Hidden InfoSec Story

Swords and Security

Richard Westall [Public domain], via Wikimedia Commons

Damocles was ingratiating Dionysius, his king, and exclaimed that Dionysius was fortunate to be a great man of power and authority, surrounded by splendour and opulence. Amused, Dionysius offered to switch places with Damocles so that he could experience firsthand, for a while, the fortune for which Damocles pined. Damocles eagerly and joyfully accepted the proposal. Returning the next day he sat down in the king’s throne, encircled by all of Dionysius’ luxuries.

Happening to look up, Damocles saw that, just inches above his head, Dionysius had dangled a great sword, held at the pommel by only one single hair of a horse’s tail. Suddenly drained of his enthusiasm, Damocles begged the king to let him go – he no longer wanted to be so “fortunate,” realizing that with fortune and power also comes danger.

In several of the data breaches of the last few years, the data that was entrusted to a company by individuals was lost due to the company’s lack of security. Yes, there were breaches because of good hackers, and yes there were losses because of inside jobs. But there were also hacks simply because the institution failed to protect its customers’ data.

Hanging over your head are the identities of hundreds, thousands, perhaps millions of people. This personally identifiable information (PII) is no longer just their responsibility – your company has taken charge of protecting it. If a bad guy gets hold of that data, all of your customers are at risk.

Incorporated into everyone’s daily life is the duty of protecting their data. In order to protect one’s data, it’s no longer optional for individuals to monitor activity on their accounts – it’s mandatory. Convergent with this monitoring is the need for companies to guard their customers’ data. It’s not optional, but mandatory.

I don’t know if there’s anyone who enjoys the extra time, money, and energy spent in keeping an eye on their accounts’ activity, changing passwords, using a password manager, and other necessary measures (wasn’t technology supposed to make life easier?). But we realise that the grown-up thing to do is to make that watchfulness a part of our daily lives.

In the same vein as personal responsibility, companies need to accept accountability and responsibility. While the cost can be great, even enormous, it’s a fact of corporate life – you have to use your resources to take care of your clients’ data.

It can be a burden. You don’t get paid to protect your customers’ information. You don’t receive Thank You communiqués from your clients saying, “You kept me safe. Good job!” There aren’t really many perquisites to spending so much time and money to secure data, except for one – a good name. Your reputation is vital. Things happen – markets go up and down, economies change, customers come and go, and technology advances rapidly. One thing that is completely up to you is your good name. How do you use your power and authority?

Author: Ross Moore

Share This Post On