Batten Down the e-Hatches
The internet is a titanic beast, endlessly growing and fed by the information we give it, from our expense reports to our engagement photos. As we entered the digital age, our societies more and more trusted and relied on servers in anonymous, chilled basements and the hard drives on our desks to keep our secrets for us. However, this has never been an easy task. As cybersecurity evolves, so too do the agents that would break down the doors and abscond with our sensitive data. October is National Cybersecurity Awareness Month and it’s vital that the international development sphere be on its digital toes.
The threats to cybersecurity have grown exponentially since Creeper swept the ARPANET in 1971. Users need to guard against viruses, trojans, worms, phishing, bugs, keyloggers, rootkits, exploits, spoofs, the list goes on, but the fight doesn’t appear to be going so well. The Office of Personnel Management suffered a breach in the data hull, affecting more than 22 million people; over a billion Android devices were revealed to have the dreaded Stagefright 2.0 vulnerabilities, barely two months after the original Stagefright bug was discovered; all iOS devices are susceptible to the YiSpecter malware; and the personal data for 15 million T-Mobile customers was accessed illicitly on Experian’s servers. The situation looks bleak for users and institutions alike, which requires action on everyone’s part to improve. In fact, insurance companies are now offering firms and individuals the opportunity to cover their cyber hides.
In international development, the data we handle is incredibly sensitive, a bit of an odd paradox for a movement pioneering the open data revolution. Regardless, cybersecurity is paramount. Elections monitors need to know their reports are confidential and accurate for the sake of a free and fair process, but they likely need to worry about the safety of the individual observers’ identities in an unstable democracy. NGO communications are typically sensitive as they involve identity and organizational information, communiques, and specifics for events and activities, data that would be quite valuable for a repressive regime. Without effective safeguards for their data, NGOs would become increasingly ineffective and vulnerable to interference, as well as potentially put their staff, partners, and contractors at severe risk.
Avoiding an embarrassing or debilitating security incident requires vigilance and preparedness. Investing in firewalls, creating gaps within your network, and layering your data with encryption and passphrase protections are necessary, but only the tip of the iceberg. As the hard defenses of IT have become exponentially more sophisticated, cybercriminals have moved to phishing, which now accounts for two-thirds of all digital espionage in the last two years. Humans are easier targets than Palo Alto’s VM-1000-HV firewall evidently, thus they’ve become the focus of the seedier side of the internet’s energies.
Personnel are the most vulnerable yet valuable resource in the fight against phishing. Instill two-factor (for the especially concerned, three-factor) authentication into your system, which requires multiple forms of verification from a user, usually via email or text. Opening a separate channel of identity-checking increases the difficulty of hacking and vastly improves security. Train your colleagues to guard against suspicious emails, texts, and phone calls. Carefully constructed spoofs have fooled many in the Pentagon, so ensure your staff understands the basics of screening scamming attempts. While training on data security, Mariarosaria Taddeo, a researcher at the Oxford Internet Institute at University of Oxford, recommends communicating urgency and importance to your personnel without undermining their intelligence. This keeps people in tune to your message of vigilance and invested, too.
Aside from anti-phishing stratagems, creating an entropy-maximizing password policy is ideal because entropic passwords are incredibly difficult for computers to guess, yet easy for an ideally tight-lipped staff member to remember. Here’s a good tool for measuring your password’s entropy.
Finally, you can never go wrong with encrypting your data. This slows down the process of reading your data tremendously and should be done across all devices and platforms. Here’s a handy guide for how you can encrypt just about anything. Increasing the difficulty of reading your information makes hackers more likely to give up, as well as surveilling bodies.
Cybersecurity has come a long way since the days of the Morris worm, but there are still huge leaps and bounds to simply be up to date. The US Cyber Command issued a $460 million clarion call for outside experts to help plugging the government’s digital holes and other projects, but more proactivity is essential. Data protection has thus far been an afterthought for the world, but this is unsustainable as hospitals and power grids now rely on IT systems to function. Cybersecurity is everyone’s responsibility and using best practices can not only reduce reputational and financial losses, it can save lives and keep progress moving.