So it’s a new year…Another year, another thousand virii and worms released into the Internet ‘wild’ to attack our computers, millions of more Identites released, and untold more spams mails sent. Well if some of the powers that be would make some Infosec New Years Resolutions (and keep them!) those numbers wont be quite as high. Then again, if these New Years resolutions go like most of mine, the spammers, hackers and crackers have nothing to fear. So without further ado, I present the Fearless Security New Years Infosec Resolutions with something for everyone:
To the clueless large companies that lost our private information last year. May you resolve to go out of business, being hounded from business by lawsuits, government regulators and your own customers (unless of course I own stock in you!). May you not make it to 2009.
To the clueless companies that have yet to lose our information. May you resolve to learn the lesson of your less fortunate peers and realize that you could be the next in line. Spend some money on Infosec and spend it smart. Don’t just throw dollars at the problem but actually making a top down commitment to it, so that you don’t end up like the companies in the previous paragraph
To the clueless small companies. May you finalize realize the onus of keeping our data safe starts with you; when you take that card from us and run it through your machines. May you finally realize that the PCI standards apply to you to and enact stronger security precautions both on the technical level and the operations and personnel level. You are the front lines in the battle against identity theft
To the clueless retailers
May you resolve to tighten your credit policies and stop handing out “instant credit” to anyone who can fog a mirror (whether or not they look like the person in the ID). May you resolve to stop seeing fraudulent credit loss as an acceptable business cost and start seeing it as the huge hassle and pain it is in the lives of the victims (your customers).
To the clueless credit bureau companies.
May you resolve to stop handling out our credit records to anyone with a computer who asks. May you resolve to finally give us access and control to our own credit records and stop waiting till we have been victimized to allow us to freeze our credit without a fee.
To our beloved clueless government
May you resolve to grow up, strap on a pair and pass some legislation that actually helps consumers and your constituents rather than inconveniences them. May you resolve to stop championing laws that sound good on paper but only hurt legitimate businesses and
push up costs for all of us (HIPAA, Can SPAM act, those worked great didn’t they?).
and of course our favorite friends, the clueless users,
May you resolve to be smarter about your web and email activities (no, that friendly man on email really isn’t a deposed dictator in Africa with 40 million to share with you. May you resolve not to be become a statistic by keeping tighter control of your credit record (freeze it if you can and don’t need access to ‘instant credit’). Resolve to keep a closer eye on your credit card bills and don’t be slow to act, realize it can happen to you too. And finally resolve to finally hold our government accountable in this next election. Do you know which candidates have taken strong positions on cyber security and crime? Which ones have an awareness and are knowledgeable on the subject. Find out before November 2008 and factor it into your decision. Maybe we will get a cyber savvy president this time.. Its about time!