A Momentary Diversion into the Dark Side of Personal Risk Management

It's fair to say that my perception of personal risk has morphed since starting at Mandiant six months ago. Pre-Mandiant, I was free-wheeling and fancy free without a care in the online world...and then I came to work for Mandiant (dun dundun!- cue music) and I realized using simple passwords and carelessly clicking on links was just inviting targeted attacks into my inbox.

I was always a cautious individual and generally did the right things, but seeing first-hand the dangers lurking out there on a daily basis has certainly changed how I look at and approach managing my personal risk.

Of course, my initial knee jerk reaction was, "I'll go rogue and drop off the grid." No problem.Right? So, I pulled out my tablet and started a to-do list. Paired with my internal dialogue,went a little something like this...

To do list:

  • Cancel Internet. Wait a minute, if I disconnect the internet how will I keep up with the Kardashians? How will I ever know if Caesar Milan is able to tame crazy dogs and their owners with his mad whispering skills? How will I check my email? Ugh, I'll have to go back to writing actual letters. Let me see if I can find any pens...
  • Buy pens. And paper. And stamps.
  • Get a landline. Oh yeah. That's right. I've got phone via the internet and when I disconnect my internet, well you know what will happen. Do phone companies still offer landlines?
  • Toss the smart phone in the trash. Do I really have to do it? It's my last link to the outside world and it's got that handy little GPS and fun apps.
  • Disconnect tablet.Oh man. How will I download books and the latest Angry Birds app, and watch movies while trudging through my daily workout on the elliptical?I'm starting to feel like my shirt collar is too tight.
  • Cut up credit cards and go cash only. But I don't like going to go to the store. Just thinking about the mall is making me break into a sweat. I surely don't want to carry big bucks around with me on a regular basis either. Nothing says "mug me!" more than flashing wads of cash around.

Then I decided this list stinks. My blood pressure is soaring. And it depresses me. While the public library would keep me in books, I'd be lost without email and the ability to Google anything that catches my fancy (did you see the rumors that Vanilla Ice is dead!?). And while I can get PBS with bunny ears on my TV, it can't offer me everything the internet can.

But I would have Downton Abbey so it's not all bad (seriously, you should be watching this). The truth was that this dramatic reaction wasn't the most practical. Mostly it would have driven me - and everyone within a 10 mile radius - nuts.

After a couple of deep breaths and a glass of wine, sanity returned and a more practical list emerged:

  • Identify which assets I was most concerned about
  • Change my passwords on a more regular basis
  • Don't keep the default "welcome123" passwords
  • Closely look at my bank and credit card statements every month
  • Pay cash for those small transactions
  • Don't use the bank account debit card for anything except the ATM

And the moral of the story? I haven't taken myself off the grid - I didn't turn my beloved tablet into a paperweight. I didn't cancel my LinkedIn or Facebook accounts. I still shop on the web. I'm just a whole lot pickier about how I do all of this.

So what does this have to do with you and your organization's concerns? Everything. The same basic principles apply whether you're managing your personal risk or organizational risk.You need to know what assets you're protecting and you need to have a plan of action. And while there's no 100% guarantee, you will know you're making it tougher for the bad guys and your vigilance will make it harder for them to succeed.