Three Scary Thoughts on a Monday Morning
SEO-friendly subheading here . . .
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .
So this morning I get an alert from Hum, an application I was rather coerced into using the last time I went in to “I-just-want-to-add-one-phone-to-my-plan-please” . . . you know, when you walk out thinking you got a good deal on something, but just know that in two months you are going to be paying more than you paid last month, and it will be too late to change anything.
This time the good deal was on three “Hums,” a device you can plug into your car that interfaces with wireless networks in order to eventually tell an app on your phone who what when where and not really why. And what we learned quickly is it was more of a what and when, the employee we wanted to give one of them to didn’t want us tracking his where, which we totally agreed to (having not even thought that far), and the what was often wrong, so we stopped watching the way-too-many alerts they were sending.
Until yesterday . . . because I realized the alert I received was for our Trailblazer. We loved our Trailblazer. But we don’t own it anymore. So when I forwarded the message to my wife, with “Are we monitoring somebody else’s car?” . . . I . . . well . . . I became frightened.
And then that reminded me of what I realized last Friday, the day after I finally shaved the beard that had grown while I was recovering from surgery on my neck. I went from this: <a picture of Dan with no beard> to this <me in my beard> back to this <a caricature of Joe ISO> . . . the entire time Windows Hello . . . you know, the facial recognition software . . . didn’t pitch one complaint. While from time to time, in the past, it threw up a “can not recognize your face” and then it would make me use my cheezy numeric-based password to bypass my way to, fortunately, no data . . . during the transition from Joe ISO to Injured Dude to Grizzly Dan to Joe ISO, Windows Hello noticed nothing.
So that made me decide I should write an article about my trepidations. And when I started the article, instead of writing “two scary thoughts,” I titled the article, “Three Scary Thoughts” because I figured by the time I got to the end of the second thought, a third one would pop into my head.
And it did . . . . how are we going to recognize the risk of Windows Hello? If we’re no longer confident in it, shouldn’t the likelihood factor be raised? And thus, should we prohibit it’s use again??
Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex
Dans New Leaf is a fun blog to inspire thought in the area of IT Governance.
Leave a comment
Many organizations spend time and money deploying endpoint protection, then think the Read more
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more