Who the Heck Needs Security? You Do!

By Paul Chin

Originally published in Intranet Journal's Chin Music (20-Apr-2007)

back back to portfolio

As a cyclist, I watched with great interest a television report about the rise in head related injuries suffered by cyclists who don't wear helmets. On the corner of a dicey intersection, the reporter stopped a passing cyclist and asked her why she wasn't wearing a helmet. Her reply illustrates an all-too-common attitude.

She shrugged her shoulders and said nonchalantly, "I've been riding my bicycle for years and have never been in an accident so I don't really see the need to wear one." Interesting. By her logic, the only thing that would prompt her to wear a helmet would be to have an accident first. A little late, wouldn't you say?

I'd laugh at the folly of human nature if it wasn't so sad, and the consequences so dire. The naivety and lack of foresight in some people never ceases to amaze me. They rarely, if ever, plan for unforeseen circumstances. They seem to think that accidents can somehow be scheduled like an appointment, giving themselves ample time to prepare for it. But no one ever really knows when these mishaps will occur. And when they strike—and they're not properly prepared—their only recourse at that point is list off all the "could'ves," "would'ves," and "should'ves."

Despite all the media attention surrounding the countless digital creepy-crawlies that can render thousands of dollars worth of computer equipment as useless as a soiled tea bag, I still find myself having to convince people about the importance of system security and data backups and protection.

The past isn't always indicative of what will occur in the future. Just because it hasn't happened yet doesn't mean it never will. And one isolated incident may be all that's needed to cause permanent damage to either your system, your business, or both. By then all the security in the world won't fix your problems.

I see this with large organizations, with SOHO-based entrepreneurs, and with personal computer users. While the lack of security measures on a personal system can be dangerous for that individual, the lack of security measures on a business system is unforgivable.

System security—or any security for that matter—is about prevention, not reaction. We put time and effort into securing our systems when everything is perfectly normal so that we don't end up putting our head through a wall trying to recover an unprotected system during a digital disaster. Would you ever consider building a house without putting locks on the doors? Or putting locks on after robbers make off with all your valuables? No, locks are a given. So why hasn't this same mentality transferred over to the digital world?

The answer to that question is simple: No one ever thinks it will happen to them. Why waste all that time and money on something you might never even use? Viruses, spyware, identity theft? Nah, it won't happen to you. Malicious hackers? Those basement dwelling misanthropes? Nah, why would they want to target you. These things happen to other people, people you read about in the news, not you, right?

To a certain extent all these statements are true. It will never happen to you—until it does. Let's stop reacting to disasters and start thinking about not letting them happen in the first place. How extraordinarily original an idea.

Copyright © 2007 Paul Chin. All rights reserved.
Reproduction of this article in whole or part in any form without prior written permission of Paul Chin is prohibited.