Over the past twelve months I have become increasingly aware that most non-tech people have very little understanding of even the most basic information security principles. Whilst I’m sure that that isn’t particularly shocking to most people in the info sec game, the end result is that it often makes for difficult conversations when I’m engaged to try and pick up the pieces for someone whose identity has been stolen or are being harassed online.
So many times recently have I had to fight my instinctual urge to slap my forehead when listening to a client describe how they didn’t think updating their anti-virus was that important, or when they respond to “What version of Windows are you running?” with “XP, I think”.
Instead of castigating people for their ills, I’ve decided to go a different route – I’m going to live the change I want to see in the world. I’m trying to convince people that taking charge of their information security can be a straightforward process with great rewards at the end. And I’m going to show them how. Well, strictly speaking, Justin Carroll from Operational-security.com is going to show them. I’m going to follow Justin’s Thirty Day Security Challenge (https://www.yourultimatesecurity.guide/thirty-day-challenge.html) and I’m bringing along three clients for the ride. We’ll be starting on 1 October, and I’ll be providing a daily update on how each of us went with each stage. It’s going to be an interesting ride, so stick around and if you are inspired, please follow along!
