Keep Information Security in the Forefront of Your Mind Always - National Information Solutions Cooperative (NISC)

Keep Information Security in the Forefront of Your Mind Always

Why is it that it takes events like the latest Heartbleed openSSL bug to make us stop and think about security? The NISC Security Team had so many phone calls and e-mails from technical as well as non-technical people, we lost count. If you haven’t heard or read about the Heartbleed openSSL bug, check out this site for a little background on the vulnerability.

Now keep in mind events like these do make us slow down, or in some cases stop, and think about security. The reason? It happens when it affects us personally, when it strikes close to home and when it takes us out of our everyday routines. Otherwise, security just “runs in the background.”

I came across an interesting analogy the other day on theanalogiesproject.org: “Why do we have brakes on cars? The obvious answer, of course, is to slow them down. [But] they [also] allow you to go so much faster, confident in the knowledge that you can stop quickly if you need to. This holds true for information security as well. It can definitely slow you down, but it can also help you recover and adapt quickly if planned out accordingly.”

A second, but equally important point in the analogy was: “Can you imagine a car manufacturer working on a new model without any consideration being given to the brakes right from the start? Of course not.” Again this holds true for information security. Why is it that we think we can add security to our tasks and routines later? To have it “built right”, it needs to be incorporated at the beginning of a task or routine.

Take for example your password(s). Do you use the same password for every website you go to? Do you change it regularly? Is a difficult to guess? Now, couple that with the latest Heartbleed vulnerability. Due to the fact that many websites had vulnerable SSL implementations for well over a year now, one of the recommendations being given was to change your password. If you maintain the practice of having the same password at all websites, how do you know that your compromised credentials at one location won’t affect you on the others? You won’t. On the flip side, if you have different passwords for each of the websites that you login to, it reduces the likelihood that a single compromise password will affect you multiple locations.

We are happy with security as long as it doesn’t get in the way. We are happy with security as long as it doesn’t cost us too much. We are happy with security as long as we don’t have to deal with it. Far too often we have to deal with security after an incident rather than beforehand. So I challenge you to keep security in the forefront of your thoughts each day and think “how do I incorporate security into my everyday tasks?” Even simple things as not using the same password for every single website that you go to. Buy that password manager that will allow you to manage your passwords more effectively, as well as utilizing random passwords. It really will save you time in the long run as you won’t need to try to retrofit good habits into already established routines if that “breach-day” comes.

If you would like to discuss further or have questions, don’t hesitate to contact the NISC Information Security Team at infosec@nisc.coop. Also follow Information Security on the NISC Community, where you can find information on how to better protect your organization as well as breaking news on new threats as they surface. Also if your organization hasn’t yet done so, please designate your organization’s information security contact and submit the information here to receive critical information from the NISC InfoSec Team.