One of the key components of modern civilization is the idea and practice of appropriating funds from constituents to be able to afford services that are put in place for the greater good of the community. Public water and sewer systems are created and maintained because people need water and access to bathroom facilities. Public transportation systems have been created and maintained because owning a car can be expensive for the average person and extremely difficult for the elderly and the handicapped. With information systems beginning to be more prevalent in public works, an age-old debate takes on a whole new importance.
One concept that many people have difficulty understanding is that with data systems, as is true anywhere else, you can only favor security or privacy, but not both. Sure, there are instances where both are controlled, but there are many times where privacy and security are not synonymous. This has reinvigorated an age old argument: what should be the individual focus, security or privacy? We have taken examples from our society to ascertain whether sacrificing one or the other is best practice.
Argument for Security
The security of your data systems is a major point of emphasis for both your IT department and your administration. There are literally thousands of solutions on the market that offer to assist you in keeping your network secure. These solutions include firewalls, remote monitoring and management tools, and more. To accomplish comprehensive network security, there is a comfortable balance that has to be reached between the security solutions and the ability for the people that use the data on that network to access it.
While accurate and reliable data accessibility is possible by keeping unwanted entities out, there are some out there that want in, and will do just about anything to do so. These include all types of malware intrusion, server spoofing, DNS poisoning, and distributed denial of service attacks. Any of these are strategies to get into your network, to either take it down, or to gain access for multiple malicious reasons. The problem is that many of these hacks are ineffective against the high-end encryption that many of today’s networks are protected with.
This very issue is making its way to Capitol Hill. Cyrus R. Vance Jr., the district attorney of Manhattan, is making the argument that companies need to diminish the level of encryption during criminal investigations, which has, to this point, been shrugged off by lawmakers. He’s arguing that it is costing the taxpayers too much in the way of time and money, since crucial evidence on devices and networks is inaccessible without the password or biometric security credentials to unlock access to the data. Lawyers from some of the world’s most powerful software developers have also met with lawmakers in recent days, suggesting that they are unified in protecting individual and business security access to their data storage platforms. This debate will heat up before it cools down.
Argument for Privacy
Privacy on the other hand is thought of, largely as an individual issue. In fact, viewing how most people handle their public communications, you’d think it would be a surprise that privacy is looked on as being overly important to maintain. With the advent and growth of social media, there is an overwhelming perception that privacy simply doesn’t seem to be as important as it once was. After all, if you continually share where you are, what you are doing, what you eat, the places you frequent, and so on, privacy doesn’t seem to be what you are after. The problem begins when people begin looking at the behaviors of the few and projecting those behaviors onto the lot of social media users (or even mobile device users). The fact is that the debate between security and privacy starts at the user level.
While for some personal privacy may not be important, device privacy remains essential. The folks that are more diligent about sharing their personal information don’t allow third-party apps to access their information; they manage their user accounts stringently; they make conscious decisions about when to share their personal or financial information with another party. By taking control over whom and what can access your information, you are making choices that affect the level of privacy you have. Chances are the days are over where people are going to go out of their way to help you protect yourself, which is why understanding what you are sharing is crucial to your ability to stay incognito (or at the very least safe from the party looking to take advantage of your lackadaisical privacy standards).
A large caveat has been developed over the past several years that makes the argument for privacy important. This is the deceitful practice of social engineering. Social engineering is the act of looking for a network’s most weak link, usually an employee or individual that can easily be compromised, and using that individual’s credentials to gain access to a network without having to put forth the time, effort, and expense that often accompanies straight hacks of a network. By tricking a member of your staff to give them their credentials, they gain access without the headaches inherent in trying to bust their way in. In this way, the security of your network is reliant on your user’s privacy.
No matter which you believe is most important to focus on, keeping unwanted entities out of your network is essential if you want to keep from dealing with headaches and downtime. Being able to stick to your industry’s best security practices will go a long way toward keeping your business secure.