Deep in the heart of the defense intelligence community resides a critically important practice called Information Security. Commonly referred to as InfoSec by various federal agencies to include the US Department of Defense, it is the practice of defending either classified or unclassified information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording, or destruction. It is a general term that can be used regardless of the form the data may take both electronic (digital) or physical form.
In the private sector (corporate and business organizations), InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection.
InfoSec is so critically important that the United States government has specific training classes entirely devoted to the subject which are mandatory to employees. One of the many agencies offering such training is the Cybersecurity and Infrastructure Security Agency (CISA).
In a nutshell per a CISA excerpt, “The Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn helping to ensure a secure and resilient infrastructure for the American people. “
InfoSec applies to both online and physical information. A cyberthreat is considered anything that may compromise InfoSec. According to CISA, nefarious “individuals and organizations can reach any point on the internet without regard to national or geographic boundaries or time of day. However, along with the convenience and easy access to information come risks. Among them are the risks that valuable information will be lost, stolen, changed, or misused. If information is recorded electronically and is available on networked computers, it is more vulnerable than if the same information is printed on paper and locked in a file cabinet. Intruders do not need to enter an office or home; they may not even be in the same country. They can steal or tamper with information without touching a piece of paper or a photocopier. They can also create new electronic files, run their own programs, and hide evidence of their unauthorized activity.”
Any information you or your kids post on Facebook, Instagram, Twitter, Tic-Toc and other similar social media platforms is made available to these worldwide access points and once posted cannot be removed without tremendous effort and potential expense.
Unauthorized information gathered, either online or physical, can be exploited for identity theft, account access, and financial disaster to name a few. Once your information has been compromised this can trigger a never-ending cascade of undesired events requiring immediate, excessively time-consuming, and potentially expensive recovery measures.
Most security experts will tell you that there should be a balance between security and convenience and ultimately, it’s up to you to decide where to draw that line.
At one end of the spectrum, the InfoSec standard can be set so high that no pertinent (exploitable) information is released either physically or electronically. This is accomplished by following the “Rule of the five W’s” which is purposefully withholding information details such as who, what, when, where, and why. Minus these details makes it very difficult for predators, criminals, or opportunists to exploit your information.
An example at the other end of the spectrum might be a “home sale” online real estate digital tour providing the house’s exact physical address, illustrating every room, furnished contents, gun safe, electronics, security system, and other details to anyone anywhere that bothers to click on it.
Security professionals would advise you situational awareness on what your kids and/ or other family members are posting on social media.
Physically speaking your home, your car, your gear, and anything else visible to the general public are subject to observation. If the person or persons observing discover exploitable information, then this is considered a “soft target indicator” which means that they are suddenly attracted to you because you may be a subject of value to them and potentially an easy target.
Assuming a predatorial role, the next time you may be driving or on the road, place yourself in the position of a criminal, predator, or opportunist. Take a glance at the back of random vehicles.
Observing from this perspective, you might see a bumper sticker or two, (or more) on the back of someone’s car telling you how many kids they have, where they go to school, that they may have a small dog (not a guard dog), that their spouse may be in the military and therefore often away from home. You may see stickers of small boats and side-by-sides and other such vehicles that may lead an opportunist to believe that they may be storing expensive toys at their residence—and it may be enough reason to follow them home. Such bumper stickers compromise InfoSec.
Stickers representing firearms on the back of a car or truck indicate that there may be guns on board. To an aggressive enough predator that may be all the information they need to break in and investigate.
Be advised of similar signs on or around your home such as “Intruders will be shot” as this indicates that you may have firearms on site. Similar stickers, patches, or tags on luggage, clothing, water bottles, and keychains et al may capture the attention of an astutely observant predator.
Extremely observant, seasoned criminals can already discern quite a bit of information about you by the way you look, the clothes you wear, how you hold yourself, what you have on or with you. Compromising InfoSec via the back of your vehicle, the front of your home, and what you may be carrying in your hands does nothing but help them discover more exploitable information about you. Remember that you are a walking beacon of information to the experienced opportunist.
Another aspect of physical information is verbal. When you are in a checkout line at a store and they ask for your phone number, address, or other exploitable information, it’s OK to show them a card or a screenshot from your cell phone rather than to verbalize it.
The same applies to a hotel. Whenever you are checking in to the hotel, the law requires that the person at the desk write your room number down and not verbalize it. If you may ever be in a situation where your room number is verbalized, you have the right to change rooms and ask them to place the number of the new room on the room card holder.
Verbal InfoSec also applies to conversations in public places. Keep in mind that anyone around you can hear every word of your conversation. You may be speaking with a co-worker, friend, or family member either in person or on the phone. Your voice carries in open spaces and that physical information is made available to anyone listening.
InfoSec applies both electronically and physically. Unauthorized access, use, disclosure, disruption, modification, perusal, inspection, and recording of your information can lead to disaster in the hands of a skilled or seasoned criminal or opportunist.
InfoSec is your responsibility. Ultimately you are in total control of every piece of information you put out. Playing it fast and loose can compromise important information. Keeping it too tight may possibly squeeze your convenience. You are the only one who can determine those parameters and control the balance between the two.