“‘Charity begins at home,’ is the voice of the world: yet is every man his greatest enemy.”Sir Thomas Browne, Religio Medici, 1642
It’s a debated idea in our national discourse lately, and believe it or not, there’s a parallel to cybersecurity. The charity debate comes as a question of priorities; should we only look after (care for, love) ourselves and our own, and let it end there? If one truly understands charity toward fellow man – expressed ultimately in Christ, and outwardly in the “Golden Rule” – the answer is surely “no.” Both are important, and should be attended to.
Now what if we were to substitute “security” for charity?
“‘Security begins at home,’ is the voice of the world: yet is every man his greatest enemy.” Would it still hold?
Without getting political, I’d like to suggest it does – especially as an important and timely principle for churches and other ministries concerned about data protections. Let me explain.
Recently, a panel of data security experts were asked “What’s more of a threat to a company’s (or ministry’s) data security: insiders or outsiders?” An overwhelming majority said that when it comes to security, the prevalence of internal threats – both intentional and unintentional – reveals that we’re definitely our own worst enemy.
A plethora of external threats do abound – from Ransomware, viruses, and other kinds of malware. No question here. Yet it seems that poor internal security policies and passwords, negligence (the human element), physical theft, and even personal and professional revenge are just as powerful “insider threats.” Additionally, when drawn in by phishing and other attacks by unscrupulous social engineers, insiders can create serious weaknesses and “holes” in a ministry’s cybersecurity for malicious attackers to enter and exploit.
Now to continue the parallel, there is an understanding of “charity begins in the home” that suggests that we learn charity first in the home, among our family; in other words, charity is expressed in our immediate culture first. It’s a good picture – and we might also say the same about security. To really address the insider problem, it must be cultivated, taught, and modeled among our own first.
Among the experts, this seems to be a widespread consensus. So what are the marks that security has become part of your culture? According to Peter Firstbrook of Gartner Research, here are some important indicators:
- You’ve determined a “data blueprint.” Your team understands the context in which the “data is created and used, and how it is subject to regulation,” Firstbrook notes, utilizing a
“data-centric blueprint that identifies and classifies data assets and defines data security policies.” This is a vital step in identifying the appropriate technologies to be be employed to minimize risk. It only makes sense to do this before acquiring costly or inappropriate security technologies. Unfortunately many companies and ministries do it the other way around.
- Annual risk assessments are being conducted. Malicious attacks evolve, like mutating viruses that adapt to survive. In this way, the virus attempts to “trick the host” cell into allowing it to attach itself. Hackers and social engineers do much the same. Because this is so, risk must be reevaluated regularly.
- Security skills and governance tools are becoming integrated into daily activities. This might include two factor and password-less authentication (like Touch ID on smartphones), using the latest protocols and encryption ciphers for data protection, secure workstation practices like screen locks on computers, training on how to recognize phishing schemes, etc.
Much more could be said about adopting the mindset and behaviors that lead to a healthy
security culture. Hopefully we’ve seen it is a necessary paradigm shift away from looking at the “outside” only. So, how is it with your own? Is your own house in order?