Average Knowledge Worker & Infosec

Last week, I had the chance to interview someone I would consider to be an average knowledge worker. They work in the area of being a virtual personal assistant, often using the Internet and their computer to serve the needs of their clients. They were chosen at random from a pool of VPAs. Here’s the short interview I did with them:

Q. What types of information security threats concern you most as a person who is dependent on their computer to earn a living?

A: I am most concerned about the potential for my getting “hacked” to impact clients or colleagues. I would hate to be the “weakest link” in the chain of information, and therefore take information security very seriously.

Q. What types of security tools do you use to protect the systems that belong to your family (firewalls, anti-virus, anti-malware, etc.)

A. I have my home network secured and encrypted, installed McAfee’s anti-virus app on all computers in the household network, and have taught my oldest son, who uses it via his laptop, to ALWAYS ask if he’s in doubt about clicking a link or approving an update. I’d rather he pester me every time Windows wants to update itself than potentially put our network at risk!

Q. How much does information security impact your life on the Internet? (Do you bank, shop, vote, trade, etc. online?)

A.  I bank and shop online, and honestly I mostly just try not to think about it. I take every reasonable precaution and don’t want to let fear influence my decision-making beyond that. 

My takeaways from the interview were actually good news. The basics of having a network firewall, doing some basic wireless security and installing some basic AV on machines has clearly entered the mainstream of the computing culture. That’s the good news. Sadly though, it would seem, I would guess that the controls stop there. I was glad to see that knowledge workers are training their children in the basics as well. I remember when just those steps were quite a leap. 

I was also kind of sad that the person said they try not thing think about the security risks. I wish they had said something along the lines of “I try and make rational security decisions to still enjoy modern online conveniences while allowing a modicum of safety.” or something like that. Sigh, I guess we still have some work to do. :)

As always, thanks for reading!