I was recently invited to speak to senior executives about traveling with electronic devices. I designed a presentation consisting of 11 slides and guessed it would take about half and hour to do.
Was I wrong!
It turns out that the topic generated a lot of questions and discussion. Much of which I thought would be second nature or common sense was brand new to a room of highly intelligent people. Security is not second nature unless you have been in security for many years.
Some of the extended discussions revolved around:
- Key loggers installed on hotel business center computers
- Using random Wi-Fi networks
- Backups
- Using the same password everywhere (Not single sign on)
As security professionals (and I figure if you are taking the time to read this, you must be one), it is our job to educate the unwashed masses (too strong?) in the basics of computer security that we all take as second nature at this point. When we are out speaking, take the time to mention that it is a bad idea to use the same password for every web site, bank and stock brokerage account. Explain why it is a good idea to back up data and not keep the only backup in the same bag as the computer that is being backed up. Why it is risky to walk up to a random computer at a hotel or coffee shop and proceed to log into all of your bank and stock broker accounts. These are things that I would hope that no one in the computer security business would do, but have you told others?
I was a bit surprised as to how many of those executives appeared to be hearing this for the first time – you would think that basic security practices would be second nature to anyone who travels in the board rooms of industry.
So, my suggestion is that the next time you get invited to speak to a group of people who are not “security geeks” like us, rather than talk about APTs and SQL injections; you might take the time to educate them on the stuff that we almost forgot.