Select a state or province from the map above to get primary contact and web information for any
member fund.
Member Connection: A member-only forum where you can post questions and ideas.
Stat Book: A highly functional analytical tool that provides valuable comparative benchmarking results from among our members who participate.
Online Directory: Get connected with your counterparts through this comprehensive list of AASCIF members with updated phone number, email and website information.
By Al Parisian, CIO, Montana State Fund
Admit it. At one time or another you have been frustrated by a cybersecurity measure at the office. In this article, we are going look at a few common vignettes from modern life and rediscover the reasons your cybersecurity team is so careful at work. You may even learn to love them.
These days, our information is being collected and used at an unfathomable rate, and the collectors are sharing their business data (our information) purposely and inadvertently ever more quickly. Besides recording what happens in the transaction itself, almost every event is “enriched” by a location sensor, context on your digital device, a camera or a microphone. That data lives forever with your partners, their partners, and anyone who has (or steals) access to them. It’s why we warn our children about what they post and what they share. Today, every digital transaction has huge implications for our digital privacy.
At work we have to go ever-more-digital, and it seems it’s true at home as well. We conduct personal digital business for everything from shopping, to banking, to smart TVs, to smart door bells, to social media, to games and apps, and well, just about everything. So what am I so concerned about?
Let’s begin with what is going to be your absolute favorite example of a “Terms of Use” agreement—an ordinary transaction that we all engage in many times per year at home for some piece of digital gear or some software or service we want to use. In the Terms of Use, we usually give our permission to use, share, and sell our data…and more, but let’s get to the example. This actual Terms of Use was posted and agreed to by several thousand people in just one day. Here is a quote, buried in the small print of a multiple-page agreement:
“by placing an order via this Game Station web site on this the first day of the fourth month of this year, you agree to grant us a non-transferable option to claim, for now and forever more, your immortal soul. You will deliver your immortal soul within five business days of a demand from us or from one of our duly authorized minions.”
Get the gag? These terms were effective for just one day, April Fool’s Day. Website and software agreements don’t usually claim your immortal soul. But they do include permissions to use and even sell your data, your immediate location, and more. Sometimes you have and use some opt-out choices at signup. But the initial signup is not the worst of it.
When we first sign up, and a choice is given, we do opt out of sharing and data mining. But our digital vendors know that when defaults reset at each update or patch, we will not remember to opt out of every tracking or usage option every time. How often have you just tapped the “Update All” option on your phone or tablet? And so you end up getting a digital coffee shop coupon just as you approach a shop. And getting told that your friend Becky is already inside. Worse, as individuals, our Terms of Use agreements in our personal digital lives do not protect our information, nor do we get our data back when we stop trading with the vendor.
But enough of that, let’s look at some other aspects of our digital personal lives.
More and more of the things we own and use are connected to the internet. Here are four examples:
You might think these are examples of the “Internet of Things” (IoT), and you would be correct. You probably have even more examples at home. Some in cybersecurity view these digital things as unintended open doors to countless risks.
The IoT issue is no different at work. Here are a couple of examples:
Speaking of network security, do you remember the story about the coffee shop Wi-Fi victim? A criminal in the same shop on the same Wi-Fi system hacked her Facebook account, alerted an accomplice to her empty home’s address, and used her Facebook credentials to make online purchases. So she was robbed both in the digital and in the real world.
Then, just a few months ago we learned that all Wi-Fi security connectivity protocols are flawed. Anyone in physical proximity to your network can evade existing security measures and steal the data flowing between your wireless device and the wireless router.
So, on a personal note, please remember:
We expose the details of our lives with every digital device we have and each time we use internet and shared services. We cannot control the security of the networks and trading partners we use. Everything about you—your data, your purchases, your searches, your location, your friends, even your texts and words—are a valuable commodity. Google, Facebook, and others make billions selling your data.
So please take steps to protect yourself in the digital universe. And spare a little love for your cybersecurity team at work. You might even wish they made house calls.
Â