More Information Security Awareness programs

26 09 2012

by David Munyaka

This blog focuses on the United States but of course most, if not all, of the cases mentioned in this blog may happen in other countries as well. Government institutions spend a lot of money in trying to operate government information system in the most secure way possible. This is because the government stores a lot of information about its citizens such names, social security numbers, State ID numbers, passport numbers, current residences, occupations etc. The government has to protect all this information.  If the government was to fail in protecting citizens’ information in various databases, the government would also have failed in its duty to protect its citizens. For this reason, among other reasons, the government spends a lot of money making sure that this information does not end in the wrong hands.

Private institutions such as hospitals, schools and financial institutions spend large amounts of money every year to protect patients’, students’ and clients’ information respectively. The success of a business relies a lot on how well a business is able to protect its clients’ information. Even laymen who may not be so concerned about information security will discontinue their membership with an institution that suffers security breaches and security violations quite often. For this reason private institutions spend huge amounts of money to protect clients’ information.

What does a layman do to protect his or her own information?

Well a few examples may help. How often do you hear an individual on the phone placing an order for an item or service on the phone? In some cases people will read out the credit card information out loud especially when they believe that the people in their proximity are trustworthy.   I concur that this may not happen very often but it does happen. Two vulnerabilities come to mind—the person who overhears these conversations may want to use the information and also the person on the other end may end up using the credit card information for his/her own needs. All that is required in most cases to make a purchase over the phone is name, credit card number, expiry date and depending on the card sometimes the Card Security Code.  But let us assume that may be making phone purchases in the manner described above is not common enough to cause problems and that people are cautious when making purchases.

Well, what about when one is on a job search? Even though most of the applications are online (for the sake of this blog the assumption is that the online applications are well secured) but also some are on paper. For example, if one needs a job at a restaurant especially in this economy,   one job application may not be sufficient. So one may apply online or one may decide to drive around town and fill out hardcopy applications at different restaurants. In those applications they ask for information such as Name, physical address, previous employers, and yes even social security numbers.  This information is seen by most of the employees who already work at the restaurant (most of who do not fall under the “need to know” category). These applications with this information lie at some corner in the restaurant waiting for the store manager to review them. The point here is so many people can see private information (such as social security numbers) even though some of these people are not the intended recipients of the job applications.

Online purchases—customers will sometimes buy items online from stores whose reputation they may not know. In the case of a fictitious online store, one may lose thousands of dollars if their credit card information is used by someone else, but even worse a persons’ identity depending on how much information they provide. Other undesirable practices such as sharing of passwords are also common.

These examples are just to show that while the government and other private institution are spending large amounts of money making sure that our information is safe, we may be generously handing the same information to criminals. Even with major scientific advancements in information security, information will not be safe unless there is more awareness about the serious ramifications that are brought about by similar unsafe practices.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: