The good news is that we have good tools to protect our data. The bad news? That’s not our biggest problem.
Although many large corporations and the government inexplicably fail to spend a few hundred thousand to prevent losing millions in sales/fraud/bad publicity, the biggest hole in our defenses is very strange: we freely give access to the bad guys.
We very readily give access to the wrong people if they ask nicely or cleverly. So much of our culture depends on trust, but we have to be smart, too:
- Targeting CEOs–brilliant. Targeting their staff–even better. When someone says, “the boss needs this”, our brains turn off.
- Help Desk personnel don’t need or want your password. The nice guy asking for it is actually NOT a nice guy. He wants to rob you.
- When “Microsoft” calls about problems you didn’t know about, and asks you to install some software, it isn’t Microsoft, they want to rob you.
All the security in the world won’t help if you unlock the door for the burglar when he asks.