Security isn’t rocket science, but we can make it sound that way. Here’s what happened when my daughter got given a secret diary and began to work out the security implications. When you cut through the usual jargon, the same issues apply to anyone’s flash drive, laptop, smartphone or tablet (you’ll find some links for grown ups at the end):
The diary was one of those electronic voice recognition jobs. Off she toddled to set it up.
- First she set an easy to remember password, but her sister guessed it.
- Then she decided on a short passphrase (with some help), but she forgot it.
- She reset it with a different passphrase, but her sister overhead her saying it.
- Next she wrote it down, but lost the piece of paper (guess who found it).
- Eventually she got me to stand guard while she chose yet another passphrase and only opened the diary in private. Much to her little sis’s annoyance.
Physical Security Issues
- One day, when she left it unlocked, she came back to find a drawing of Spongebob Squarepants over a poem she’d lovingly penned and illustrated (sibling carnage was narrowly avoided).
- Another day it went missing. Eventually it turned up at her friend’s house, apparently unharmed.
- The last incident was a near miss. I came in to find the younger one trying to leverage the thing open with a fork.
The Insider Threat
Much to her horror, after an argument, her friend said she knew who she loved and threatened to tell the lad in question. My daughter returned home in tears and told me her friend must have read the diary when she left it round there. She had shared her password to show off how the diary worked. Not a problem while they were BFFs, but a catastrophe when they fell out.
Things were subsequently patched up before there was any damage to her reputation, but lessons were learned.
Encryption (or in this case encoding)
Mindful that she wasn’t the carefullest of kids, she asked how she could stop that happening again. Between us we worked out a code for her most secret secrets. A simple letter substitution with a tiny twist. Enough to keep an opportunistic friend in the dark. We’ll talk about encryption being a must-have when I finally give in and let her get a tablet or smartphone.
The future of keeping her secrets
I then asked her if she was worried about me peeking at her secrets, given I knew her code and her password. She said that she trusted me. Will I abuse that trust? Not now, but who knows if the dangers faced later in life make her less willing to voluntarily share things. I explained this and she said she’d never forgive me if I did. That one was left for another day.
I also explained that when she uses a work computer, shares things on Facebook or uploads things to a cloud store, she won’t be able to rely on them staying secret. Companies can check what employees are doing on their computers as long as they say they’re going to (she said that they should trust the people who work for them. I reminded her what her BFF did when she was angry).
She was just as unimpressed when I told her Facebook and cloud store owners share things if you say they can, BUT their sharing rules are hard to understand and they’re not great at stopping bad guys breaking in and stealing secrets.
She said she’d never share anything if it wasn’t going to be safe. I told her she probably would, but she should think hard about what she shares, where she shares it, how she sets passwords up and who she would like to see it.
We then went on to have a chat about government data retention and surveillance, but that’s a story for another time…
Info for the grown up mobile device user:
For parents to help kids stay safe;
- Mobile Devices: STOP, THINK, CONNECT – Stay Safe Online
- Mobile Parental Controls – Stay Safe Online
- How Two-Step Logins Protect iCloud and Other Accounts (links to set up extra phone code security on most social media platforms and sharing sites) – USA Today
- The Brand New Facebook Privacy Tool You Didn’t Know You Needed (simple guide to using it) – i100 The Independent
- Passwords: Long? Strong? Keep Getting it Wrong? – Here on Infospectives
- How To Discover How Secure Your Password Is [TOOL] – Security FAQs
- Should I Be Worried About Carrying Sensitive Data On My Flash Drive? – Security FAQs
- Consumers Leaving Back Door To Open To Hackers Automatically Logging On To Facebook (the issues linked to clicking “Remember Me” when using social media, email and banking sites) – Information Security Buzz
More on the current state of mobile device security and related incidents;
- Is Your Mobile Device Secure? – Information Security Buzz
- Apple Denies iCloud Breach In Celebrity Nude Photo Hack (weak passwords and easily guessable security questions implicated) – The Verge
- Human error tops Ponemon patient data security study threats – Health IT Security
- Businesses At Risk From Unreported Mobile Device Theft – PCWorld
- REPORT: 23% of consumers save banking credentials on multiple mobile devices – IT Pro Portal
- Ever Lost Your Phone? – My take on the pain involved and ways to avoid it
- Why Your USB Flash Drive Is Ripe For A Hack Attack – Venture Beat
Categories: Security for all