Security is no longer just an IT concern, but is behaviour changing?
If - and it’s a big if - there is a positive to the recent spate of information security headlines, then it could well be that more people will take an interest in the protection of their data and devices.
There seems to have been a never ending supply of headlines to worry people over the last few years. One of the most prominent ones has been the spate of stories related to the Edward Snowden leaks, covering the methods used by intelligence-gathering bodies to collect data from members of the public, businesses and other government bodies.
Most recently it was revealed that the CIA has been trying to crack Apple’s iOS and Mac OS software to enable it to plant malware on iPads, iPhones and Mac computers. Given that Apple has sold over 700 million iPhones, around 250 million iPads and has around 5% of the worldwide PC market, that is a huge number of devices being targeted.
Going slightly further back there was the infamous iCloud incident, where private pictures belonging to female celebrities were stolen and posted online. Apple denied its iCloud service had been breached, and suggested that the victims were targeted via “user names, passwords and security questions”.
What incidents like these do is make the idea of data protection and security more real for many people. As I mentioned above, there are hundreds of millions of iPhones and iPads being used across the world and hearing about security breaches involving those devices and celebrity victims means more people are going to think about their own security.
Whether it is a device you use, a celebrity you admire, a hotel chain you stay in or a store you shop in, if the security incident is personal to you, then it makes sense that you are going to pay more attention to the headlines.
The upshot of all this is that people are more aware of the security of their information and devices. Many people I know have adjusted privacy settings on Facebook and other social media and have started to think twice about what information they post online, often as a direct result of what they are reading and seeing in the media.
Other factors introduced by vendors, such as two-factor authentication, which is common in online banking as well as email services and some social networks, help as they get people used to another layer of security.
That’s a good thing for businesses, as people being more aware of security in their personal life will take the same approach at work. Instead of just IT worrying about security of data and devices across the organisation, workers will (hopefully!) start to take more of an active role.
That’s is something we at F5 have believed in for a long time: getting employees on board with security is key to improving data and device security across an organisation. One of the best ways to do that is to educate them, and workers will be more willing to engage in security awareness education if it’s something they can identify with from their life outside the office.
If an employee is likely to do work on their personal device, whether it’s a phone, PC or tablet, then a more security-conscious approach will of course benefit the business as well: we’ve talked about the risks from BYOD a lot, as well.
Ultimately, if security scare stories mean that the people on the street think more about protecting data and devices, then that’s a good thing, for all of us, personally and in business.