Are you too trusting?

information security Sep 20, 2022

I was burgled a couple of months ago.  Thankfully it was just my workshop and not the house, but it was still a nasty surprise.

The intruders forced a door lock and stole most of my power tools.  I’m a keen woodworker and lost my drills, router, sanders, and a bunch of other stuff including my weed eater and chainsaw.  Thankfully, aside from a $1000 insurance excess I’m no worse for wear, but it made me think a lot about how I approach security.

Back in June I wrote about The Privacy Paradox, which is basically that while most people value privacy, they do little to protect it.  They don’t configure privacy settings, don’t read privacy policies, and make a lot of personal information public.  Being private is inconvenient and the risks seem abstract.

Similarly, while I wanted my workshop to be secure from burglars, in hindsight the factory lock on that roller door was an easy target.  I wasn’t negligent, but I was trusting.

I like to feel that I live in a safe neighbourhood.  But adding security cameras, alarms, strong locks, and security lights doesn’t help me feel that way.

So, is it another paradox that I want to be secure but didn’t add a strong lock?  No, it’s irony. I got burgled because I subconsciously wanted to believe my neighbourhood was secure.  What I mean is that while I could afford to secure my workshop I didn’t because that would’ve eroded my belief that my neighbourhood was safe. And we’d never had a problem before.

As human beings, we subconsciously try to reinforce the things we believe. We share news articles that support our beliefs and ignore those that don’t. Likewise, I think I subconsciously didn’t secure my workshop because not doing so reinforced my belief that I lived in a safe neighbourhood. The burglary has forced me to re-evaluate that belief and justify the effort and expense of improving its security.

Are you too trusting when it comes to your own home security?  The NZ Police don’t say that you should install alarms and security cameras, but they do say you should have good quality locks.

And how do you feel about your IT security responsibilities at work? Are you diligent, well patched and confident you have good backups? Or are you subconsciously holding onto a mistaken belief that you're doing enough?

vBridge gained ISO 27001 information security management system certification in 2020 and we continue to improve ourselves month after month, year after year. I used to think Information Security as something to ‘get done’ – a project if you like. e.g., “when all my servers are patched, I’m done,” or “when I’ve implemented the OWASP top-10” I can move on to something else. ISO 27001 has taught me that good Information Security is more like leading a healthy lifestyle. You can ignore it but at a cost.

And home security isn’t much different, despite how you feel about your neighbourhood!

Peter Brook

Peter is our vBridge Operations and Information Security Manager. He has over 20 years experience in many NZ organisations including PGG Wrightson, CDHB, Lyttelton Port Company and Spark Digital.