How secure is secure? One of my childhood heroes is Harry Houdini. You know, the handcuff king, Chinese water torture escape artist and famous magician. I spent hours trying to pick locks and break out of my closet with just a hair pin and my wits.
Houdini helped me recently as an association manager when the topic of cyber security audit came up. The police departments around the country and world thought their jails were secure and then Houdini showed up. “How secure is secure?” is a different question than “How secure is the jail Houdini is in?”
Cyber security is a relatively recent phenomenon. Associations have always emphasized ensuring their members' personal information stays private. But as computers, emails, cloud computing and mobile technology have become vital and everyday tools, potential vulnerabilities have appeared.
My first lesson from the great master: You are not as secure as you think you are. As my association began its cyber security audit, it was amazing to see where “technological doors” opened. When you start counting mobile devices, laptops, remote logins, email clicks, web searches and WiFi access, you realize there are a lot of places somebody can enter into your “electronic facility.” Half of the staff opened suspicious email that then allowed access to our entire system.
Lesson two: Think like a thief. Honest people never think someone will lie to them because they themselves don’t lie. You need to look at your association’s data like somebody who wants to steal it from the outside. What is access control to your office? Where can your WiFi be accessed and what files can you connect to? Do you have open data ports for somebody to plug in a laptop?
Lesson three: Simple things can make all the difference. My favorite Houdini trick was the last kiss to his wife before he plunged into the ice river shackled. Very few suspected a lock pick passed between the two. Do the simple: secure doors, set up password changes, train staff on suspicious email, install better firewalls and encrypt thumb drives and laptops so even if they are lost or stolen they cannot be accessed.
My association is not yet “Houdini-proof,” but my cyber security awareness and protection has increased. How secure is secure for your association?