Weekend Reads: Information Security Hygiene

Posted In: Drivers of Value, Leadership, Management & Communication Skills, Weekend Reads

A few months ago, I saw a terrifying warning when I logged into my personal email account. It read: “Government-backed attackers may be trying to steal your password,” and boy, did it get my attention. Apparently, a number of people have received these warnings since 2012, and the summary advice on what to do about it is: “Be alert but not alarmed.”

How exactly does one do that?

This summer’s Equifax hack was the fourth largest data breach in the last few years. Hackers have targeted companies ranging from Yahoo to Verisign. It’s likely we’ll see increased information security regulation in the coming years, but it is also reasonable to expect that at some level we are all on our own.

Perfect and permanent “security” is probably outside of our reach. It exists on a spectrum and requires a set of practices that are best understood as another category of hygiene. Nobody can wash their face enough to permanently eliminate all chances of ever getting a blemish. But we wash our faces because we know it mostly works.

My hope with this essay is to help you find an approach that mostly works and connect you with some resources to go deeper if you’d like.

It is comfortable for some of us to think about information security through an economic lens. The picture is bleak, but computer scientist Ross Anderson summarized it well in his 2001 paper, “Why Information Security Is Hard: An Economic Perspective.” I find the first paragraph of his conclusion striking:

“Much has been written on the failure of information security mechanisms to protect end users from privacy violations and fraud. This misses the point. The real driving forces behind security system design usually have nothing to do with such altruistic goals. They are much more likely to be the desire to grab a monopoly, to charge different prices to different users for essentially the same service, and to dump risk. Often this is perfectly rational.”

The world is somewhat different 16 years later, but not in a way that makes security any easier. In fact, by welcoming internet-connected locks, refrigerators, thermostats, and wheelchairs into our lives, we have broadened our collective vulnerability.

For an individual, the first step to sanity is to check if your information has already been compromised. I recommend a visit to haveibeenpwned.com to see if your email address and password have been revealed in any recent data breaches.

Hopefully, you are in the clear. But if not, it’s time to change your passwords. The best approach is to use a unique password for each of your online accounts so that if a hacker gains access to one site, they can’t necessarily move on to others. That sounds quite daunting. Without some help, it means a lot of passwords to memorize.

Fortunately, a number of different password managers exist that can help you generate, remember, and categorize your various accounts. The most popular are 1Password, Dashlane, LastPass, and KeePass, and it’s worth spending some time figuring one of them out. They make life significantly easier because they will also do other things for you like fill out tedious forms.

Once you have set that up, take a look at this guide to personal information security. It contains many useful tips and is written to be accessible for your friends, colleagues, and perhaps clients. You may also want to develop a better understanding of how an attack may unfold or explore whether your firm is equipped to maneuver fast enough. It is past time to be alert, but hopefully thinking these issues through now will help keep you from being alarmed should they actually occur.

I’ll leave you with my wishes for a great weekend, and some more upbeat reading.

A visionary deck aimed at “Unlocking Braden’s Potential” (Quonset Point Capital)
The cryptocurrency world comes with “a lot of social pressure to eat meat for some reason.” (Inc.)
“Opinion: ‘Let me give you my invaluable insight from spending a whole week in China‘” (China Daily Show)
“Redefine Statistical Significance” (Nature)
“Autonomous Robots Plant, Tend, and Harvest Entire Crop of Barley” (IEEE Spectrum)
We’ll get self-driving boats before too long. (Axios)
“The Time Everyone ‘Corrected’ the World’s Smartest Woman” (Priceonomics)
“In the 90’s, the worldview of New England elites momentarily expanded to become the norm across America.” (Wow Huh)
“Building a commodity exchange in Ghana.” (Tradeghana)
“Teach Yourself Logic 2017: A Study Guide” (Logic Matters)
Technical analysis, set to choral music. (Vimeo)
“The Problem With ‘Full Look’ Styling in Fashion Magazines” (The Business of Fashion)
Will the trash island become the world’s newest country? (Creative Review)

If you liked this post, don’t forget to subscribe to the Enterprising Investor.

All posts are the opinion of the author. As such, they should not be construed as investment advice, nor do the opinions expressed necessarily reflect the views of CFA Institute or the author’s employer.

Tags: cyber security, information technology, weekend reads

Share On

About the Author(s)

Sloane Ortel

Sloane Ortel is the founder of Invest Vegan, an ethics-first registered investment adviser that manages distinctive discretionary portfolios of public equities on behalf of aligned individuals and institutions. Before establishing her own firm, she joined CFA Institute’s staff as a sophomore at Fordham University and spent close to a decade helping members adapt to a changing investment landscape as a collaborator, curator, and commentator. She is also a co-host of Free Money, a podcast for sustainability-oriented investors with a sense of humor.

1 thought on “Weekend Reads: Information Security Hygiene”

lilly says:

23 February 2018 at 04:31

nice post

Reply