Security by Obscurity – NO!

Heads in the SandDuring a recent meeting with a potential client, we learned they did not use firewalls for network security at their six offices. When we asked about this lack of protection, the owner said, “we have security by obscurity.” He felt that the bad guys don’t know him or his company, and therefore he was safe.

Wow. We were speechless. This posture seems dangerously naive, that any individual or company might bury their heads in the sand and hope to be safe.  There are many ways to protect your personal or business data, and I’d like to offer two major ideas to consider.

  1. Security and Convenience are in constant tension.  You must find the right balance.

    Anytime we make something more secure, then immediately we make it less convenient.  Examples of this include when websites require very complex passwords or force you to change them on a regular basis or don’t allow the browser to save passwords.  Clearly these are more secure, but less convenient.  Or consider the opposite scenario, as I make things more convenient (good) then I make them less secure. Many companies or families share passwords among people (convenient), but security is less.  Buying products online is certainly convenient, but you share private data with 3rd parties which may not be as secure.  Using public wifi is convenient, but your devices might be accessible to others around you.

It’s easy to see the conflict between security and convenience, so I want you to consider this balance in each personal or business scenario.  There’s no ‘one-size-fits-all’ answer, it’s up to you or your business to make a decision on the many data security situations you face.

  1. Implement multiple layers of security for the best protection.

    If major companies and  government agencies are suffering data breaches (they are), you should understand that no technology system is 100% foolproof.  The only guaranteed protection is for you to disconnect from society!  If that’s not an option, it’s critical to think about security in terms of layers.  The more layers the better, and if one layer is breached than hopefully others will not be.  Consider the layers protecting a home – door locks, flood lights, motion detectors, window sensors, alarm systems, barking dogs, and more.

The same analogy applies for data security, the more layers the better.  Examples include antivirus, firewall, content filtering, complex passwords, local and offsite backups, two factor authentication, user education and more.  If any one layer fails, then hopefully others will protect critical data.

These two principles are the starting point for really assessing your technology security.  The Howard Tech team is eager to dig deeper into this topic, and will gladly get more specific with you regarding your company’s unique security needs.  At minimum, please assume that the bad guys know who you are and it’s your job to protect yourself and company.