The NoticeBored security awareness topic for September is communications security.
It is just as important to protect information while it is being communicated as when it is stored and processed, and yet communications mechanisms are numerous, widespread, complex, dynamic and hence tricky to control.
Communications security is a substantial challenge for every organization, even the very best.
We have covered various aspects of communications from different angles many times before in the awareness program, mostly emphasizing ICT (information and communicaitions technologies) but also the human aspects such as social engineering and fraud. This time around we supplement the usual fare with something new: body language.
Aside from the actual words we use in conversation or in writing, the way we express stuff is often just as revealing - in fact in information security terms, body language qualifies as a communications side-channel.
The TV is awash with examples, such as the US presidential candidates currently making numerous appearances. Provided they stick to the script, the politicians' carefully-prepared and well-rehearsed speeches are intended, of course, to follow specific lines and communicate largely pre-determined messages. In practice, their gestures, facial expressions, nods and shakes of the head, smiles and grimaces, demeanor, even the dramatic pauses supplement and frame what they are saying, affecting the way they are understood by the audience and (for that matter) the journalists and news media. The specific choice of words, the phrasing and intonation, even the speaker's volume and cadence, also influence the communication. In addition there's the broader context including factors such as the lead-up, time of day, location, props, formality, clothing, audience reactions and participation, and more.
With all that in mind, it's obvious that the words alone don't paint the whole picture, hence controlling the communications involves much more than simply writing the script. Most politicians, presenters, celebrities and performers are presumably coached in how to communicate well, or at least they are experienced and well-practiced at it. They don't all have the same abilities, however, and lapses of concentration or emotional outbursts can trip anyone up. If you are observant, there are other more subtle cues, many of which the speaker is unaware of (gently shaking the head in disagreement while saying "yes" is a classic and surprisingly common example). Controlling our subconscious, reflexive or innate behaviors is hard, especially under the full glare of the global media presence.
Translating over into the corporate context, there are information security implications for situations such as business meetings, phone calls, video-conferences, negotiations, sales pitches, seminars and presentations - including, for that matter, security awareness and training events. Whenever we converse or interact with other people, there are bound to be both intended and unintended communications. Being aware of this is the first step on the way to taking charge and controlling - or securing - the comms. It's also an important part of responding to the audience since communications are almost invariably bidirectional.
On that note, please comment on this item or email me with your thoughts. I'd love to hear back from you.
Hello! Is there anyone out there? Tap once for yes, twice for no.
PS I guess that's two taps then ...
PS I guess that's two taps then ...