Living in an age of instant gratification, we often expect to be able to have it all when and how we want it. With every decision come factors we must prioritize to better guide us in making choices that align with what we value most. In terms of technology investments, these factors often boil down to security, convenience and cost. Each of these is important to consider, but at the end of the day, security, like trust, “don’t come easy.”
In a world that is increasingly interconnected, ensuring our information remains out of reach to unintended audiences is vital. As more of our proprietary and confidential data lives in the cloud to accommodate a remote workforce, security should be top of mind for us all. This includes protocols for spam filtering and who and how firm data is accessed remotely.
Ideally, a secure remote working environment would include using only company-owned equipment, company-owned management and security software, encrypted hard drive, connecting to a virtual private network, multifactor authentication, and implementing a challenge response system. These are all basic best practices available in many IT white papers. However, all these have a cost and several may be seen as inconvenient to the end-user.
We live in the “Age of Convenience.” We can tell Alexa to order light bulbs from Amazon, DoorDash an iced coffee and Instacart the extra ingredients needed for tonight’s dinner, all while attending a meeting with others across the globe from the comfort of our living room in our pajamas. This makes it extra annoying when the Amazon shipment takes two days instead of one, the DoorDashed coffee was missing your favorite add-in, the Instacart shopper informed you the store is out of the key ingredient you need or your Zoom window takes one minute to open after an upgrade instead of the typical five seconds.
As a society, we do not like to be slowed down, and this is not just a recent sentiment. One of my first security compliance experiences in the legal IT realm involved the implementation of automatic computer monitor locking after 20 minutes of inactivity, something almost universally commonplace today. This policy forced users to enter their password to unlock the display to begin working again. At the time, many saw this as incredibly inconvenient — we even had one attorney take time to send an email to the IT department calculating how many billable hours this policy was costing the firm based on how long it took him to reenter his password throughout the week. Despite the inconvenience, it kept those passing by from being able to easily view files they would not otherwise have access to obtain.
A similar modern example of this is the use of authentication apps and implementation of multifactor authentication when logging into accounts. While many users are annoyed that they must enter an authentication code after entering their password to log into an account, the frustration level often rises when the requirement is to obtain the code from an app on their phone rather than just being texted or emailed the code. We dislike the inconvenience despite recognizing that people have passwords compromised all the time and email accounts and text messages are vulnerable to being hacked, making the use of an external authenticator app the most secure choice to ensure that only the valid person is logging into the account.
Security and convenience will always be at odds with each other. It will often cost us time, money or both. Helping people understand the “why” behind protocols can help decrease some resistance, as will providing training and ongoing communication about security threats and trends that your firm is hopefully averting.
The cost of security products and services is typically what is used to budget for implementation of new measures; however, to balance things a bit, it is important to bear in mind the cost of time and convenience, as well. Sometimes the least expensive option may feel more like an obstacle course to navigate than a pathway to securely gain entrance, and that is why balancing convenience is imperative. Security measures do come with a price tag, especially those that account for some level of convenience.
As new threats emerge, security measures can quickly become obsolete and require new protocols to be implemented. It is a never-ending battle that will continue to require investments of money, time and convenience. Yet without it, you are risking the same and potentially much more.•
Tino Marquez ([email protected]) is a co-owner of the Indianapolis based legal technology company Modern Information Solutions LLC. Areas of service include traditional IT services, software training and litigation support including trial presentation services. Opinions expressed are those of the author.