Computer Security Day: useful fun

Prevention always suffers from a fundamental feedback problem: the more successful we are in preventing disasters or attacks, the less reinforcement there is for our recommendations.

Consider for example the popularity of flossing.

At least flossing is based on some sound scientific research. Unfortunately, to many of our colleagues, information security practices remind them of the old joke about a fellow standing on a street corner waving a raw potato around his head every 30 seconds.

“Why are you doing that?” asks a passerby.

“To keep the dinosaurs away,” replies the potato-waver.

“But there are no dinosaurs any more,” retorts the passerby.

“See? It works!” says the spudster triumphantly.

So in the absence of rigorous data about annualized loss expectancies, we are stuck trying to keep security interesting or at least tolerable for the people we are trying to protect. One of the measures we can exploit (in a positive sense) is Computer Security Day (CSD). According to Chris O’Connor, IBM’s Director of Security Strategy:

* CSD was started in 1988 when the Washington, D.C., chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit, and Control decided to raise awareness of computer security.

* Nov. 30 was chosen for CSD so that attention on computer security would remain high during the holiday season – when people are typically more focused on the busy shopping season than thwarting security threats.

* This year’s CSD theme is “personalizing security” by asking businesses and individuals to get personally involved in creating a more secure global computing environment.

* Every year more than 1,000 organizations in more than 50 countries officially participate in CSD.

* CSD is sponsored by the Association of Computing Machinery, IBM and Security Awareness, and is supported by a host of other organizations.

I concur with supporters of CSD that we need to raise awareness of protecting not only business users but also the general computer-using public against accidents and deliberate attacks.

O’Conner continues with suggestions of how readers can get involved:

1. Ask yourself, “What are we doing on Nov. 30?” If your organization doesn’t have a security-awareness program, it’s a good day to start one. If you have one, perhaps it’s time to reinvigorate it by doing an audit of system weaknesses, reminding employees to change their passwords, and revisiting your organization’s security policies.

2. Get political. Write your mayor and ask that Nov. 30 be declared “Computer Security Day” in your home town. Ask your senator or representative if they are publicly supporting Computer Security Day to draw political attention to an issue that costs businesses billions of dollars a year.

3. Think globally, act locally. Form a local grass-roots effort to promote Computer Security Day. Gather your brightest security gurus and volunteers to speak to seniors, students, community organizations and other groups about how to spot viruses and spyware and keep their computers safe and up to date.

4. Get your customers involved – let them know security is part of your company’s culture. If it’s appropriate, print security messages on receipts at the cash register or online transaction confirmation e-mail messages, flash messages across kiosk screens, or use screensavers to showcase your company’s commitment to computer security.

5. Make security part of your company’s water-cooler talk. You can order posters for the break room from the official CSD 2004 Web site (http://www.computersecurityday.org) providing simple, yet often forgotten tips about security.

I will finish with yet another invitation to download a copy of my free booklet on Cybersafety from:

https://www2.norwich.edu/mkabay/cyberwatch/cybersafety.pdf

You’ll find it full of simple explanations of security issues for non-technical people and practical suggestions on protecting families against Internet-mediated harm. You can give free copies to teachers and students in your local schools, to computer users in senior centers, to youth clubs, to groups in churches / mosques / synagogues / temples, to people in social clubs like the Rotary / Elks / Knights of Columbus and so on.

If this column moves you to get involved in CSD, drop me a line after the event to let me know how it went. Enjoy yourselves!