It was that time of year again. The day I lie and promise to be good the rest of the year: dental check-up day. During this most recent visit I was struck at how much people treat the security of their computers and accounts in the same way they treat their oral health.
You know what you’re supposed to do, but you don’t do it. “How often do you floss?” the dentist asks us, knowing full well that we’re lying through our bloody gums. If we flossed regularly we wouldn’t have bloody gums. When it comes to security we know we’re supposed to do all sorts of things, like create strong passwords and never re-use them, or lock our screens when we leave our desks, or use two-factor authentication on everything we can. When do we do these things? When a bunch of passwords get stolen and cracked, or when a phish leads to a data breach; the equivalent of flossing like a maniac the night before your annual check-up.
You have tools, but you don’t use them well. Mechanical toothbrushes, water flossers, even the metal tools the hygienist uses to scrape away plaque, are all readily available. When do you use them? You brush in the morning for sure and usually at night. We already know you don’t floss. You bought the Waterpik but it makes such a mess you only use it after corn on the cob or brisket. Likewise, you may run anti-virus software but you’re not diligent about updating it. You delay installing patches because it is inconvenient. You allow Flash and pop-ups and cookies and all sorts of things that could cause problems because who wants to use the web like it’s 1995?
Solutions are rarely permanent. Fillings replace the gap left when a cavity is removed, but eventually fillings can develop cracks. Crowns can come loose. That new IDS or firewall or end-point solution, where there was none, is a significant improvement in your security posture, but there are ways to bypass or undermine every security mechanism, at which point you’re back in the hands of expensive professionals (to fix the problem and/or clean up the mess) and looking at another pricy – and temporary – investment.
You have to get your hands dirty to do the job right. Understanding just what a sorry state your oral health is in means letting someone put their hands in your mouth. They’re spraying water and its splashing on your face. They’re getting their blood on their fingers. Bits of gunk are flying around. Sometimes they have to put you under because what’s necessary would make you scream. There is no such thing as a quick fix to security problems either. You have to attack the problem at the root, and that means blood, sweat, and tears.
These issues don’t exist in a vacuum. Dental health impacts more than just your mouth, and illnesses that impact other parts of your body can impact oral health. Bad or poor security can have a negative impact on your organization in myriad ways, and if your organization doesn’t place a priority on security you’re not going to get the best security capabilities or resources. In both cases you have to view the situation holistically. Just because you have a pretty smile, doesn’t mean you don’t have problems.