Today, I was reading this post by Brain Krebs about stolen identity in my home town of Golden, Colorado. The surprise in this Kreb’s post, was that the victim was a Cyber Security Professional. The subject in the above referenced Krebs post left his wallet in his car, which was parked in the garage. The garage was open and thieves broke in and found the jackpot. While it may be easy to judge this person for being lax on the Security surrounding his physical world, I think it is better to look in the mirror and check our own Security mindset.
Security mindset is simply thinking how bad guys think . . . as a way of thinking . . . about your world . . . all the time. Everywhere.
What do I see in an open garage and a nice car inside? I see how easy it would be for a bad guy to reset the garage key pad to a pin of his choosing, simply by sneaking into the garage really fast and press the learn button and then reprogram the exterior keypad to a code to whatever he wants; ( less than 60 seconds ) and then come back later when you know no one is home. I don’t rob houses for a living, but I have to think like a Burglar to protect my home. Close the garage. Lock the inner chamber door. Always. Don’t leave the keys to the castle ( garage door opener ) in the car when it is outside on the street.
Back in the mindset of the bad guy, what else makes a home look attractive? No ADT / no sign of a Security system. The appearance of high value assets inside, always having your Benz or Vette in the driveway and your garage wide open with all the expensive stuff, neatly hung inside. Park that sweet ride in the garage and close it. Don’t show off your stuff. You don’t have to bulletproof your home, you just have to make it a less attractive target. Really, anyone can get in if they want, so I am in the mindset of making my house look less sexy to Burglars. Really, I am in the mindset of making everything about myself less sexy to Burlgars of all kinds.
I’ll admit that with all the breaches of mass databases, my social security number has probably been compromised. The bad guys have it – but when they go to open an account, and the fraud alert is on, there is the extra step of phone verification. If I am a lazy burlgar, I’ll just move on to the next Social Security on the list. Fraud alert is on credit report all the time. If you don’t want to pay for a credit watch service, its a manual process to alert the bureaus every 90 days, but well worth it.
This same type of thinking can be applied to anything you are trying to protect, all the way from your virtual assets to the wallet in your pocket. It’s not a bad thing to think like a bad guy. As a Security person, I am always doing my best to continuously improve my security thinking and way of looking at things / people / situations differently than other people. I will do my best to document this thinking in the coming blogs. Thank you for reading.