5P’s from my notes: Passwords, Patching, Precaution, Preservation and Privilege
This is a hard one. I’d maybe say that privacy refers to the imperative that a particular space, time or object necessarily precludes intrusions and divulgences based on a set of negotiated circumstances . For instance that imperative might be enacted in a home or flat or room, in a car, or consist of the contents of my devices or tote bag, or to my papers, mail and account info, or when I’m on the phone or speaking to or being with a particular person. I think privacy is something that is constantly negotiated at all levels of interaction, from community to personal.
So I’d say that cybersecurity is the set of practices, tools and habits that we employ against the threats to our privacy in the digital sphere (and which may also be extensible into ‘meat space’).
The 5Ps would work well set after the threat modeling questions in a training - they’re actionable!
City of Boston just implemented 2FA for our employee accounts which is great, but the library isn’t as proactive with addressing cybersecurity practices. It think it comes down to resources and staffing, honestly. A few things:
•Public staff workstations are updated fairly often, but there is a shared login floating around. There’s also a shared login for copiers and scanners. Who knows how many people have it?
•A prominent administrator’s email got hacked and a bunch of staff received a spoofed email from his account.
•There are no trainings for staff on some of the actions Tracy laid out (backups, strong passwords, id’ing malicious mail/content) that we can do be resilient and better respond to and resist threats. To be fair, IT did send out an email earlier this year with instructions to send malicious materials to a special account, but there weren’t a lot of details about what malicious looks like.
So as far as the 5P’s, we need to work as an institution on privilege (too many credential sets out there!) and passwords first.