The ABCs of Cyber Security

Last weekend my girlfriend found an iPhone on the metro on the way back from a Washington Nationals game.  Ever the Good Samaritan, she returned the device to its owner (making a rather panicky teenage boy very happy).  What shocked me most about the experience was that the kid’s phone was unlocked.  He’s not alone.  In an age where technology is omnipresent, staggering numbers of people leave their phones, laptops, and other electronic devices unprotected on a regular basis—making them easy prey for potential hackers. As a die-hard proponent of electronic security, I feel compelled to share with you what I consider to be the “ABCs” of security.  A handy little acronym, which summarizes the most important aspects of cyber security, is ironically (or appropriately) “CIA”: Confidentiality, Integrity, and Accessibility.

Let’s start with accessibility, which must have two components: controlled access and reliable access.  For example: When you lock your house every day (which I assume most of you do), you exercise controlled access. But I’m willing to bet more than one of you does not regularly lock your cell phone.  Why?  It’s an annoyance. When you want to use it, you want to use it right away.  In essence, you want reliable access.  But reliable access is not sufficient when it comes to protecting your electronic devices.  Understanding the importance of both aspects of accessibility is crucial.  The few seconds it takes to unlock your phone ensures controlled access as well as reliable access (no one else can get to your data but you, so nothing will have changed since you last accessed it!).

Exercising the second component of the security acronym, integrity, means making certain the data on your electronic devices (phone, hard drive, email, etc) only gets modified by authorized users. Controlled access plays a key role in maintaining the integrity of data. It is important to realize that not everyone necessarily needs the same access to certain data. You may want your spouse to have access to your phone, but not the power to alter its settings (lest your whole world go out of whack because everything is stored “just so”). Determining what abilities users have to the same data is achieved by assigning privileges. This is similar to programming a TV so your children can watch Cartoon Network but not a horror movie.  My initial example was a phone, but your desktop PC and laptop certainly have these features, which should be utilized depending on your security needs.

Now for the third aspect of security: confidentiality.  How many times have you seen a spy movie where someone reads a top secret file? Confidentiality is about keeping information “need to know”. Limited access plays a big part in confidentiality; after all, if someone can’t get something you don’t want him or her to see, they certainly can’t make use of it. However, confidentiality also takes into account what happens if a hacker does gain access. The easiest solution is to make information worthless to a hacker or too difficult to use to be worthwhile. In terms of electronic data, encryption comes to mind. In its basic form, encryption is the process of scrambling data with a key (where only someone with the de-scrambling key can see the data in its original form). Data encryption can be used to protect phones, hard drives, thumb drives, or individual files on a device (so that even if the physical device is compromised, the confidentiality of the data remains intact). Encryption also helps to maintain integrity of that data because someone can only change it with the appropriate key. Email can also be encrypted, ensuring confidentiality and the integrity of the message.

Obviously, security is a complex subject, but in the broad strokes we’ve discussed basic security of your data against unwanted access. Put a little thought into your data protection habits and decide if they cover the trinity of security: Confidentiality, Integrity, and Accessibility. What kinds of security do you want? Want kind of security do you need, and how can it be accomplished keeping the basic principles in mind?  Don’t emulate the kid who left his iPhone on the metro.  After all, not everyone is as nice as my girlfriend.