Computer security is something we don’t think about, when computers, tablets and smart phones are working smoothly. But things can easily spin out of control.
James Lee of TD Bank Group, Technology Risk and Control Governance spoke about information technology security to some Toronto law librarians. I was struck by the human variable or social engineering ways in which security can be breached. It can be as simple as shoulder surfers, with good eyesight, who can see what I am doing on my Ipad on a crowded bus.
My interest lies in improved smartphone security. James Lee reminded us about basics, like locking phones with a password. I know not to use public wifi for banking or other sensitive information. Some wifi networks still use WEP encyryption standard, which is older and has been superceded now.
As smart phones come with preloaded apps, the convenience is traded off with data privacy issues. I might be a urban professional, so I don’t mind sharing my shopping and other consumer habits with Google Maps as my data will be be lumped into Big Data and for Google’s commercial enterprise. The compromise is worth my sharing the data then.
Lee has noticed that the Globe and Mail uses bitly for shortening URLs, so their articles will be an easier link to share. But Lee issued a strong warning that major banks wouldn’t send links using bitly link as security is not strong enough.
At home, the best laptop security involves setting up profiles for each family member, plus an administrator as a user profile. So if a situation arises, where the laptop is compromised by a hacker then individual users would have less rights than the administrator. Then less damage would result if there was a compromised user instead of a user with full administrative rights.
There is so many portable and convenient ways to store information now. But the proliferation of SIM cards, SD cards and flash drives also means they should be treated as valuable things. and one should protect them. SIM cards can be password protected too.
Finally I threw out a case of saving documents to Dropbox with 2 step authentication for password procedure. Was it a good idea or not? James Lee gave a nuanced answer in which the documents were not sensitive, then he would be satisfied with the security level at Dropbox. But if the documents included sensitive business information, then the assessment changes as Dropbox is cloud service with some risks involved. Potentially there could be problems with Dropbox’s U.S. servers falling under the jurisdiction of the Patriot Act and Dropbox management could be in a situation to release the sensitive business documents to third parties.
Ultimately James Lee stressed the need to strive for balance as we want usable technology and not technology that is so locked down that it is not being utilized. Lee believes some situations require top levels of security. In big companies, the guests are vetted at reception. Once they are past the gatekeepers, then they can plug and play in open wifi environment in meeting rooms. If guests were asked to sign in with passwords, it would off putting and increase hassles. To my mind, having open wifi with vetted guests would be an acceptable level of security.
Thanks to Toronto Association of Law Libraries organizing the talk and Goodmans for hosting the event.
– Brenda Wong
Educate yourself on digital rights issues
Lots of good information about avoiding online scams and protecting children
Filed under: data security | 1 Comment