I recently had the unfortunate experience of consoling a person who had a smartphone mishap that rendered the phone completely unrecoverable. It is truly sad to watch a person’s reaction as they come to the realization that all of their data is gone.
I have seen more than one person go through the same Five Stages of Grief over the loss of data that are normally attributed to other, more serious life-altering events. In each case, the same questions are uttered from the lips of all the InfoSec evangelists:
- Do you have a backup of the phone’s data?
- Did you copy the photos and videos to a safe location in case the phone took a dip in the pool?
- Did you take the time to email critical information to yourself, such as the text messages that you never delete?
- Did you have any kind of mobile device software installed that would do all of this for you automatically?
In too many cases, the answer from the distraught, now phone-less person, is “no”.
As a security professional who has dismantled a fair share of devices dating back to the Blackberry era, it is painful for me to break the news that even I cannot repair everything.
There are also many articles about the importance of backups in all aspects of our digital lives.
The question becomes: Have we failed as InfoSec evangelists?
Here we are, preaching the importance of backups, phone protection, security awareness and overall digital hygiene, and our flock seems to be wandering far afield, only to return in a panic when the wolves are nipping at their ankles.
I spent considerable time beating myself up over the failings of the InfoSec profession, and then I remembered how everything we have learned about human nature and the desire to take risks is hard-wired into our brains. This is compounded in the developing brains of our youthful friends, all with their cracked phone screens. “Why don’t you buy one of those protective cases?” “Oh, don’t worry, I won’t drop my phone.”
Have we failed? Absolutely not. We must keep repeating the message until it resonates loud and clear beyond the InfoSec echo chamber. Think about how long it has taken the medical profession to impart the knowledge that certain bad habits can kill us. Have the medical professionals given up because the message of healthy living has not reached 100% of their patients? Of course not. There are new studies and new medical journals published every day that constantly reinforce the findings. Tobacco bad, drugs bad, etc.
As InfoSec professionals, we must keep up the same vigilance in repeating and solidifying the message. Will we eventually reach 100% of the smartphone population? Of course not. However, this is no reason to stop. We may be bored by the seemingly infinite blogs about the importance of having good backups, but we are the messengers of InfoSec, and there is always a way to tell the same story in a different way to reach a new person.
Let’s not lose sight of our mission.