Select a state or province from the map above to get primary contact and web information for any
member fund.

By Al Parisian, CIO, Montana State Fund

Admit it. At one time or another you have been frustrated by a cybersecurity measure at the office. In this article, we are going look at a few common vignettes from modern life and rediscover the reasons your cybersecurity team is so careful at work. You may even learn to love them.

These days, our information is being collected and used at an unfathomable rate, and the collectors are sharing their business data (our information) purposely and inadvertently ever more quickly. Besides recording what happens in the transaction itself, almost every event is “enriched” by a location sensor, context on your digital device, a camera or a microphone. That data lives forever with your partners, their partners, and anyone who has (or steals) access to them.  It’s why we warn our children about what they post and what they share. Today, every digital transaction has huge implications for our digital privacy.

At work we have to go ever-more-digital, and it seems it’s true at home as well. We conduct personal digital business for everything from shopping, to banking, to smart TVs, to smart door bells, to social media, to games and apps, and well, just about everything. So what am I so concerned about?

Let’s begin with what is going to be your absolute favorite example of a “Terms of Use” agreement—an ordinary transaction that we all engage in many times per year at home for some piece of digital gear or some software or service we want to use. In the Terms of Use, we usually give our permission to use, share, and sell our data…and more, but let’s get to the example. This actual Terms of Use was posted and agreed to by several thousand people in just one day. Here is a quote, buried in the small print of a multiple-page agreement:

“by placing an order via this Game Station web site on this the first day of the fourth month of this year, you agree to grant us a non-transferable option to claim, for now and forever more, your immortal soul.  You will deliver your immortal soul within five business days of a demand from us or from one of our duly authorized minions.”

Get the gag? These terms were effective for just one day, April Fool’s Day. Website and software agreements don’t usually claim your immortal soul. But they do include permissions to use and even sell your data, your immediate location, and more. Sometimes you have and use some opt-out choices at signup. But the initial signup is not the worst of it.

When we first sign up, and a choice is given, we do opt out of sharing and data mining. But our digital vendors know that when defaults reset at each update or patch, we will not remember to opt out of every tracking or usage option every time. How often have you just tapped the “Update All” option on your phone or tablet? And so you end up getting a digital coffee shop coupon just as you approach a shop. And getting told that your friend Becky is already inside. Worse, as individuals, our Terms of Use agreements in our personal digital lives do not protect our information, nor do we get our data back when we stop trading with the vendor.

But enough of that, let’s look at some other aspects of our digital personal lives.

More and more of the things we own and use are connected to the internet. Here are four examples:

1. Roomba vacuum systems enhanced their product by having it video and map your home so as to better navigate and clean.  But then Roomba was hacked, making floor height videos of your home available online. (It’s since been fixed.)
2. Smart doorbells, for quite some time, allowed access to your home network (including password) by removing two screws from the faceplate and pressing a reset button. (It’s since been fixed.)
3. Smart TVs were hacked in 2016, remotely without physical access to the TV, which provided direct access to your home wireless network. (It’s since been fixed.)
4. Smart alarm clocks were introduced last December by Amazon. Called “Spot” and tied to Amazon’s Alexa, Spot has a high resolution camera for video calls and the latest generation microphone and voice recognition. It connects automatically to your other IP enabled home devices and your music and subscriptions.  With such a device always connected, in your bedroom, what could possibly go wrong?

You might think these are examples of the “Internet of Things” (IoT), and you would be correct. You probably have even more examples at home.  Some in cybersecurity view these digital things as unintended open doors to countless risks.

The IoT issue is no different at work. Here are a couple of examples:

• Remember the Target HVAC story from a few years ago? By hacking Target’s HVAC vendor, and subsequently Target’s HVAC equipment, and then the in-store networks, crooks stole 40 million debit and credit card records. How many of us have our home heating and cooling system hooked up to the internet to allow remote setting of temperatures or for monitoring and support?
• About the same timeframe, researchers hacked the building management system for Google’s Australian HQ building. They got all the way into control screens with buttons marked "active overrides," "active alarms," and "alarm console," as well as the Building Management System key.  How many of us can remotely manage home heat settings or lighting?

Speaking of network security, do you remember the story about the coffee shop Wi-Fi victim? A criminal in the same shop on the same Wi-Fi system hacked her Facebook account, alerted an accomplice to her empty home’s address, and used her Facebook credentials to make online purchases. So she was robbed both in the digital and in the real world.

Then, just a few months ago we learned that all Wi-Fi security connectivity protocols are flawed. Anyone in physical proximity to your network can evade existing security measures and steal the data flowing between your wireless device and the wireless router.

So, on a personal note, please remember:

We expose the details of our lives with every digital device we have and each time we use internet and shared services. We cannot control the security of the networks and trading partners we use. Everything about you—your data, your purchases, your searches, your location, your friends, even your texts and words—are a valuable commodity. Google, Facebook, and others make billions selling your data.

So please take steps to protect yourself in the digital universe. And spare a little love for your cybersecurity team at work. You might even wish they made house calls.