Cybersecurity is a topic that affects nearly every individual. Rich Baich, Wells Fargo’s Chief Information Security Officer, reviews the current state of cybersecurity.
How Do We Build a Safer Digital World?
To work towards a safer world, cybersecurity is kind of like a grassroots effort. I think we need to step back. We need to start early in our school systems and begin to help individuals learn how to be safe, what are the dangers associated with utilizing the Internet, but at the same time embracing the fact that our future is moving toward digitalization. And if we focus on ensuring the future generations understand the risks associated with it, they can further enhance and hopefully the Internet could continue to be a positive experience rather than a negative experience.
When the Internet was built, it wasn’t built with security in mind. Now we’re kind of tracing our steps back to secure it. And it’s going to be a journey. But the first step is always the human element. The individual is always the weakest link because we are the ones that either fail to patch our systems, click on an email that we shouldn’t, or we notice something going wrong with our computer but we don’t necessarily understand it. So we keep doing what we’re doing. So through education and awareness, I think that we can reduce the threats that are associated with the environment today.
What Strategies Should Individuals Consider?
Well, I think they need to have a realization that everything that they do and everything they say and they put on the Internet can be viewed by most people. And if we look at social media, you know, there are protections for all the social media platforms, what you make private, what you make public. Understanding those things and adhering to them can help lessen, you know, kind of your cyber beacon on the Internet. And know that individuals and organizations that are potentially targeting you monitor those sites. You know, it is a wealth of intelligence collection. Many of those are used for counterespionage, but in addition to that, just the average normal criminal is surfing the Internet, looking for that individual who is smiling and posting because they’re on a 30-day cruise around the world and somebody figures out where they live. So, being very careful what you put on social media is one thing.
In addition to that, I would say savvy home security type of features would be things like making sure you update all your patches on your platforms, whether that be mobile or laptops. In addition to that, making sure if you have vulnerabilities, or you have applications, those remain updated. And making sure that you have enabled your desktop firewall.
And to help understand that, I’ll give you an analogy of a house. So when you think about a house, think about the front door being your firewall and think about your windows being your patches. So, if you’re living in a house in a neighborhood that anybody can walk by, which is what the Internet is, and you leave your front door open. Now, not everybody wants to come in and find out why that door is open or what might be in your house. But by keeping it open, you draw a little bit more attention to yourself. So if you don’t have a firewall enabled, you’re drawing attention to yourself. Now let’s say you had the door closed and then you look at your windows. Going to use your windows as your patches. Well, you know you’re supposed to keep your windows closed and you shouldn’t necessarily have holes in your windows or broken windows. So when a patch comes out, what’s that basically saying is the window’s now open, it doesn’t work. Or maybe it’s broken. And you need to call someone to fix it.
So when you’re looking for the thought of potentially using an IT professional to help you secure your own personal environment, think of it just like it was a financial advisor, right? Are they skilled? Are they professionalized? Can you trust them? So utilizing somebody’s always a choice, and it’s not a bad thing to do.
What is the Role of Businesses in Keeping Us Safe?
Responsible information security oftentimes is a difficult definition because again we don’t have constitutional laws that say, this is good information security. And, you know, there’s not a framework, there’s not a checklist. So really the responsibility comes down to that organization. But in today’s environment, I think customers as well as just citizens expect and understand the simple things, which is, you know, having firewalls, making sure your equipment is healthy, making sure that you’ve got expertise working in your environment that could help you understand it. And, the most important thing is obviously transparency and the ability to have a comfort level that an appropriate amount of investment and an appropriate amount of skillsets are focused in this area, to, again, to ensure to keep that information that that particular organization is trusted with keeping safe.
If more organizations focused and took pride on ensuring the trust of their customers are as important as the funds that they collect, I think ultimately the organization itself will be stronger, the customer will be happier and our nation will be stronger.