Well, not exactly. Security is about understanding and managing
risk, not fearing it or running from it.
As a matter of fact, much of life is an exercise in managing risk. I
drive a car though I know there is a risk of being injured in a collision. I
ride roller coasters though I know there is a risk the ride has not been
properly maintained. I eat at restaurants though I have no way of being certain
the food was prepared properly or the kitchen kept sanitary. I risk snakebite
when I walk around my rural backyard. I risk a lightning strike when I watch
the fantastic power of a thunderstorm. I risk being rejected when I invite a family to Awana. I risk spraining my ankle (again) when I
play basketball. I risk being stung by a
jellyfish (again) or bitten by a shark or pulled away by a rip current when I
swim at the beach. This week I am building a zip line from which I will risk
falling.
These risks have varying degrees of likelihood, and some
clearly have more dire consequences than others, but the point is in almost
everything we do, we make choices as to risk.
Professional risk management people say there are three basic ways to
address a risk. Acknowledge and accept the risk (I know there is a chance of
getting hurt on a zip line, but it’s so much fun that the risk is worth it).
Transfer the risk (I know I could get injured, or have financial liability, in
the event of a car wreck, so I pay an insurance company to take that risk for
me). Or take some action to reduce the risk (learn to swim parallel to the
beach to escape a rip tide; wear sturdy workboots and avoid spots where
rattlesnakes are known to hide).
Technology changes rapidly, never more so than in the last
few years. In many cases, new technology brings incredible convenience. 20 years ago if I wanted to order something
not readily available from a local retailer, I had to find a catalog or call a
vendor, figure out what specific product to order, send a check, wait for the
payment to be verified, and wait for the product to be delivered. Now I can search Amazon.com, place an order online, and have something
delivered by the end of the day. 10 years ago communicating with a team I
coached, or a ministry I served, meant lots of phone calls or letters sent home
(most likely to be discarded without ever being read). Today I can set up a
Facebook group and a group texting app, and keep in touch amazingly
easily. What’s more, when a student or
clubber is missing, I can check the parent’s Facebook status and see if I
should send a get-well-soon card, or cheer them on at a contest, or wish them
safe travels.
All this comes with some risks to understand though – and once
understood, I can decide whether to accept, transfer, or mitigate the
risks. A few basic tenets:
- The Internet was designed first and foremost communicate,
not to maintain privacy. Granted in a controlled situation there are ways to
communicate securely without fear of eavesdropping (encrypted email works
great, as long as both parties have the technical prowess to set up encryption,
and SSL / HTTPS is pretty robust as long as you can be sure no one has intercepted
the data before it entered the SSL channel). These cases aside, expect that anything
you share will be made public, including to the one that you would be mortified
to have read it. If you don’t want your spouse / boss / business partner / mom
/ student / etc. to read something, don’t post it online.
- Bad guys are often lazy. They will go after the
easy target. If you keep up-to-date with software patches, use an anti-virus
program with frequently-updated signatures, use a firewall, and use web proxy
filtering software, you can move yourself out of the easy-prey category and
increase the chances they will move on to someone else.
- Bad guys are also very creative, and very motivated. Assume that at some point, a malicious piece of software will find its way onto any computing device that you use on the Internet, and then take appropriate action to minimize the damage when it happens. Specifically, separate any sensitive activity (be it banking, email, social media, etc. – you are the best judge of what is important to you) from web browsing.
The last point is why I have yet to adopt any of the banking
apps available for my smartphone. As convenient as it would be to deposit a
check by snapping a picture of it, or to log in to my brokerage account from my
mobile to make a trade, I have not yet found a solid and convenient way to
separate sensitive and non-sensitive behavior on one smartphone. That does not mean that I shun all technology though. It simply means that I have not found an adequate way to transfer or mitigate the risk, and I judge the risk as too high to accept it, so I do not take on that specific risky activity.
That in a nutshell is how I avoid pulling my hair out as a paranoid in a highly-connected world. Oh, cutting my hair short enough that I cannot pull it out helps too! :-)
How about you? How do you strike a balance between paranoia and practicality?
P.S. After writing this, I came across a sad example of paranoia gone overboard. A high school student in Florida was arrested and expelled for a chemistry experiment gone awry. There may well be more to the story than is being told publicly, but on the surface it looks like what happens when paranoia pushes aside common sense. I remember a high school chemistry mistake I made that could have ended similarly in today's climate. Thankfully, all I got was a lecture on lab safety and a few days' notoriety among other students.
That in a nutshell is how I avoid pulling my hair out as a paranoid in a highly-connected world. Oh, cutting my hair short enough that I cannot pull it out helps too! :-)
How about you? How do you strike a balance between paranoia and practicality?
P.S. After writing this, I came across a sad example of paranoia gone overboard. A high school student in Florida was arrested and expelled for a chemistry experiment gone awry. There may well be more to the story than is being told publicly, but on the surface it looks like what happens when paranoia pushes aside common sense. I remember a high school chemistry mistake I made that could have ended similarly in today's climate. Thankfully, all I got was a lecture on lab safety and a few days' notoriety among other students.