I can’t help but wonder sometimes if tech evangelists actually practice what they preach.
It occurred to me yesterday, when I wrote about security experts’ dire warnings about malware threats on the eve of the Olympics, that if everyone were to follow all of their advice all of the time, the world wouldn’t be much fun.
Keep my smart phone off my work network? Sure. Avoid responding to e-mails from Nigerian cabinet ministers? No problem. But never clicking on any link whatsoever related to the Olympics? That seems a bit harsh. It made me wonder how these experts spend time on the Internet, and what precautions they, personally, take.
The answer, it seems, is that some folks in IT are just not like the rest of us. Today I spoke to Jeff Multz, vice-president of sales for Dell SecureWorks
, someone who is lauded as Mr. Security and is a regular public speaker on the subject of cyber-crime and Internet security.
Does he ever click on a link?
As a matter of fact, no, he doesn’t.
“I never click on links,” says Multz. “I’ll type in a URL — if that’s the link I wanted to go to I’ll type it in. The reason for that is most links aren’t what you see: they’re underneath, they’re embedded differently than what your eyeballs appear to be looking at.”
Somewhat unlike most people, he also prefers getting his news the old-fashioned way, in a paper newspaper (“I can’t get malware from printed paper,” he explains). He’ll rarely read online news sites because of the “pollution” most of them have.
Certainly, he says, he would never go to a brand-new site, such as one related to the 2012 Olympics, “under any circumstances.” Yet, he loves the Olympics, and he plans to watch them on TV and read about them in the newspaper.
Describing himself as “amongst the most paranoid,” while cautioning that what he does personally isn’t what Dell is advocating for everyone, Multz is also not a big fan of social media. He won’t touch Facebook and he sees Twitter as a bundle of potential trouble, unless you’ve covered yourself from head to toe in protection.
Ironically, he says, he’s able to be a little less careful when he goes in to work at Dell SecureWorks because the company does have this sort of protection. That said, it definitely isn’t taking any chances. His workplace IT security goes beyond defence in depth.
“Although we have the layers there is heavy CISO intervention,” says Multz.
This means that staff aren’t allowed to use personal e-mails (essentially any webmail) or any social media sites. They’re all blocked. “And if you do click on a link and there is malware, “he says, “the CISO’s office will be notified. Not only will the malware be stopped, but a person will show up at your doorstep here, literally in your office, and they’ll say, ‘Thou shalt not. Here’s some education…’”
When you think about it, Dell does provide this same education to the general public (though they’d relax the rules on social media). Multz jokes that the never-click-a-link maxim is provided as free advice during his speeches. “Most hacks can be prevented. These are some of the most basic things to be careful of.”
So, it turns out that Dell does play by its own rules. But when its own employees break them, they can expect a rap on the knuckles and a bit of re-education. In most of the rest of the world, things take their natural course and we get punished with malware until we smarten up.