Who is a hacker now? Protecting ourselves.

Contradictions, contradictions... 

• Social media wants me to share, I want to be private.
• The government says it doesn't want my information but buries directly into cables and mines my data in the interests of protecting me.
• Google says it is honest, but teaches me how to analyse my own data. So we know it is doing the same, all the while sharing my data with businesses I don't know, and then some:  it competes to offer big Government server space.
• I would like to locate my phone if I lose it but this means revealing my location. Temptation for everything and anything to use it to offer me "appropriate" advertising.
• I want my children to learn, but I need to protect them.
• All the time, hackers want to take over my site, access my credit cards and take away the money I don't have.
• We know that embassies around the world are resorting to old-time measures - couriers with bags padlocked to their wrists when they want to take really sensitive information around the world and typewriters in the office because they leave no trace of anything that can't be destroyed in a shredder. That's how much they trust secure systems on the web!
• For the ordinary user, every click I make transmits my personal information around the world, age, sex, marital status, children, location etc etc....Because the search engines want these, they seem happy to share the information with anyone and anybody.
• I am being told that devices are being installed in my refrigerator, my car, in my phone which regularly spy on my movements, my calls, my habits. All for a good purpose, I am told, but I do I want someone to know if my milk is about to go off when I can smell it for myself?

With all these conflicting forces, where have the latest elements left us?

Have the Government revelations been the worst possible thing for security?

I actually wrote the original version of this article some time back when the whole PRISM revelations were at their height. This fuelled a growing anger as we realised how much harder it was going to be to tell people the value of protection against hacking when the principal hacker turns out to be their Government. If everyone is your enemy how do you convince people that the web is really safe for anything now? We are not here to judge whether the PRISM and subsequent revelations are moral (at least not in this blog), but the one thing the Government as hacker has done is to make absolutely clear to us all that our data is not safe. It also tells us we have no privacy any more.

When they start applying gag orders to prevent the details of the extent of the hacking being identified, then I get more worried again. I have a lot of sympathy with their start position. I don't really want some terrorist being able to exploit security weaknesses, or to feel that the agencies are not on top of any threats. But, in the words of the old quotation: "the road to hell is paved with good intentions". Much of this data is merely being mined because they can. With so many examples of incompetence in handling big IT, why should we trust the Government with our data at all?

The privacy issue is important to us all, but it is amazing how we seem prepared to sacrifice our data to anyone and everyone in the interest of being protected. I just didn't want you to have the data in the first place. The thing paranoia teaches you is you are right to consider yourself in danger? Is this how we all have to think now?

New Year resolution - Review your own security

Of course, the web is not going to go away. It will continue to blindly stumble into new growth areas as it balloons away. In the spirit of offering New Year resolution advice, we suggest that we are all going to have to stick at protecting our data if we are going to have a good year. Here is what we are going to be doing this week just to make sure we are doing as much as we can.

• Inaugurate regular security checks into our systems.
• Make conscious decisions about how we use the web and the devices that are connected to it.
• Think before we send - do you need to send it? Does it say what you want it to? Who are you sending it to and why?
• Check your website security is up to date and that you have it properly backed up.
• Look at how we protect your emails. Make sure that employees are warned again about the dangers of opening emails from people they don't know.
• Do a thorough check on staff security - make sure their devices are all checked and that no-one can bring in a memory stick without it registering its existence as an approved device.
• Check our settings on Facebook, Google+, Twitter, LinkedIn etc. You can be private you know. Only share with apps if we want to with some thought about why we approve it.
• Never share passwords or your pin numbers. People still offer, you know.
• Just because it is convenient, don't leave your passwords in place on phones and computers. Company phones must have a protective PIN.
• Change passwords from time to time.
• Prune cookies.
• Check antivirus software and firewalls are up to date.

Rather than continue to list things we might do, I am off now to spend an hour checking on these things. You may want to do the same.