By Tom Fairfax, Managing Director
If you were asked to sell your soul to a stranger…. what price would you ask?
The ancient Egyptians believed that a person’s soul had multiple parts, ranging from the spiritual to the physical; the bit they hadn’t discovered was the digital component. Regardless of one’s personal belief, each of us carries a very real and hugely valuable intangible asset in the form of our personal identity and the information that forms part of it. This asset is incredibly vulnerable in the cyber environment and once compromised is effectively irretrievable. Think of this as our cyber soul. It contains our very digital essence, our unique identity, our access to our resources and secrets, and represents the means to impersonate us or take control of parts of our life, our possessions or our good name and reputation.
The environment we call cyberspace represents a complex web of connected technology sharing information with and without human interaction. This environment is inaccessible to our naked senses; we cannot see, hear or feel in it without assistance. Critically, it is contested, and is populated by a global population of strangers, many of whom are explicitly seeking to compromise us. It is to this environment that we expose our cyber souls. The only question is – what protection or consideration do we give our valuable information assets before publishing them into the wild?
We are asked to share parts of our cyber souls on a daily basis. A myriad of commercial, official and social platforms request and sometimes require information. Some we hope we can trust – and in some cases we need to make a risk-based decision. But how much thought do you give before deciding what information to share and with whom you entrust this sliver of your essence? A brief glance at the Information Commissioner’s Office (ICO) enforcement page is instructive and shows that no organisation can be assumed to be safe. A brief perusal of the causes of breach shows that breaches are not confined to failures of technology but often result from individual and collective human frailty. This is not new.
This raises another, possibly more important question. How much explicit effort do you spend on protecting the personal information that other people and businesses entrust to you? The ICO website shows a number of instances where something as seemingly innocent as a breach of email etiquette has resulted in the exposure of personal information, and a direct, if inadvertent compromise of people’s sensitive information. Fines and sanctions are damaging, but we must not forget the fundamental breach of trust.
Information Security and data protection are disciplines that enable us to protect our own cyber souls and those with which we have been entrusted by others. They are still seen by many as an administrative irritation but they are a fundamental part of our personal responsibility as members of society. No-one can guarantee that they will be 100 per cent safe; indeed such a claim is a good indication that the problem has not been understood.
We can, however, exert a degree of critical judgement on every occasion that we are asked to share parts of our soul. Trust should not be assumed.