Tag Archives: Security Awareness

Privacy is always better through sepia-tinted glasses

Facebook-Acquires-Instagram

Instagram has done one thing well. And no it’s not turn HD 8MP snaps of man plus dog’s meals in to Polaroid-esque travesties of blurriness, reminiscent of ‘70s snappers. What the photo filter app-maker (or photo-sharing and social-networking service if you sign up to marketing hyperbole) has done though is highlight that there isn’t a total sense of apathy and disinterest in security and privacy amongst the greater public, they just need something to care about – a sepia-toned champion if you will.

As word of a renewed privacy policy swept across Twitter, Tumblr, and Pinterest, the cool kids were up in arms, albeit at the duress of coattail-riding ‘celebrities’ like Kim Kardashian (a more orange than sepia skinned hero granted, but we take what we can get). How can you not own a photo you took on your own phone? There is one school of thought here that rationalises the situation – you own the unaltered photo which you took; but as you’ve over-exposed/scratched/generally ruined it with their app, then the output belongs to Instagram. By their logic, any image manipulation produces a new photo that is the property of the editor. That’s the kind of proprietary nonsense that even Apple’s legal team would turn their noses up at. This isn’t something anyone wants – my HTC has similar filter editing built in, and plenty of HDRs and digital cameras do their own image and balance correction on-device. Whilst we’re on the subject of what you can do ‘on-device’, in what world did Instagram think it was a good idea to not let users take pictures offline? Seriously?

Despite what Instagram, Zuckerberg, or anyone else claims the true intention of the shift was, the subsequent backtrack was unsurprising both in its speed and scope of the policy turnaround. For a company fresh off the back of a $1bn acquisition and enjoying the associated buzz of riding the crest of the Facebook wave, the whole move was a PR disaster and the damage has already been done. If you believe some news outlets, the app has lost half of its daily user base as a result of the debacle, and competitors have stepped up to try and fill the ‘vintage filter’ void.

But is it fair to blame companies like Instagram, YouTube, Facebook, et al for tying to monetise their offerings? After all they host literally petabytes of users’ content. It isn’t just servers that cost, but staff, cooling, and ground rent. And really, what were they going to use those pictures for? Which third parties were they hoping to sell them to? As nice as that shot of a sun-drenched deckchair on Brighton beach is in black and white, it’s not like stock photo repositories are going to be teeming with low-res shots of your shenanigans for sale. Let’s face it, Instagram got jealous of Facebook and LinkedIn with their user content advertising, and got caught up in the ‘we should be doing that too’ mentality that is synonymous with social media… except they forgot to offer an opt-out like those other bastions of user privacy (eventually) did.

So there’s one very important lesson Instagram has given us – users care about privacy and security when they have a vested interest, if it’s something they use out of choice rather than necessity, they are more than ready to get up-in-arms about it. Well actually there are multiple lessons, but if there’s one more fortune cookie of wisdom here… It might be best to explain the purpose of a policy before rolling it out, even if it’s just for awareness, hearts, minds, and warding off mutiny.

Advertisements

Debating the importance of security awareness

It goes without saying that in this open day and age, the importance of good practice when it comes to data and sensitive information, is more pressing than it has ever been.

From emails to tweets, USB sticks to smartphones, big bundles of paper tucked under your arm, printed here and there, remotely, across the digital highway, zip, zip and away, the ubiquity of information out there is pretty amazing.

With this sheer volume of information, transmitted, shared and downloaded on a daily basis, 24/7, all around the world, everyone always on the go, life has never been easier.

Add to that the fact that it is done through multiple devices, where one you’re minute writing a paper on your Blackberry, the next minute loading it to your Apple Macbook Pro, the next sharing it via Dropbox, it is almost inconceivable, that back in the day we relied heavily on transporting things via post.

With these radical changes comes danger. Where a lot of information used to be filed away and archived in a physical sense, under lock and key, today everything is in effect online or stored on a computer, which needn’t these days be access from one spot. You can, after all, check into your home computer remotely.

It can therefore feel as though data, however well protected, is always on the precipice of tumbling into the virtual world, like a £100 pound noted fluttering in the air for everyone to grab.

Which is why it is important for organisations, however big or small, to invest in training their staff in security awareness. A lot of time, effort and money can be saved if employees – employers as well – are informed about the latest happenings in the IT industry, like, for example, recent cyber crime trends.

However, interestingly, even if such training is delivered, is it actually having a positive impact? One line of argument is that the value of such training is negligible and it is constricted by certain limitations.

Take for example the recent study from the British Retail Consortium, which found that retailers were often unaware that a crime had taken place and didn’t think it normal to report every incident they were attentive to.

Or what about the Graeme Batsman’s comments last month, who had found that small businesses were almost lackadaisical when it came to data protection. The director of Datadefender.co.uk said: “Companies see the stories about leaks and hacks quite a lot, but the main thing is people think that it won’t happen to them. We know things will increase and get worse. More people are using computers and they have to wake up.”

At this year’s RSA Conference, whose theme is The Great Cipher Mightier Than The Sword, Acumin, the leading provider of information security recruitment and risk management recruitment services, will be delivering a special debate on the matter.

Showing a commitment to promoting good discourse, Acumin’s RANT (Risk and Network Threat) forum has assembled some of Europe’s leading thinkers in this area to push the debate further.

This includes Javvad Malik, senior security analyst at The 451 Group; Thom Langford, director of the Global Security Office at Sapient; Kai Roer, a freelance author, trainer and security consultant; Rowenna Fielding, information security manager at the Alzheimer’s Society; Geordie Stewart, managing director at Risk Intelligence; and Christian Toon, head of Information Risk at Iron Mountain Europe.

If it is going to be anything, then enlightening, thought-provoking and fascinating are just a few words that come to mind. It is great when we have multiple voices of authority and experience waxing lyrical about their ideas. Here is where great debate happens.

Acumin,  will be on call throughout the entire duration of the conference to discuss any questions pertaining to recruitment. It specialises in, among others information risk management, governance & compliance, penetration testing & forensics and executive management positions.

The RSA Conference at Hilton London Metropole runs from October 9th until 11th. Register here