Kimmo Rousku: You are chief (digital) risk manager of your life!

Photograph in black and white showing a street in Brussels, with a man dressed in military uniform.
©Pirita Männikkö

The environment we operate in has changed completely and the rate of change is only increasing

Do you remember the first time you made a call using a cell phone, the first time you used a GPS navigator, or the first time you found an answer to a question using an internet search engine? That may well have been twenty years ago. Things that seemed remarkable then, have for a long time now been part of our daily routine. The rate of technological development is only increasing, and the devices and services we now use have revolutionized both our work and private life. And, there does not seem to be end to this development. Rather, technology only accelerates the growth of new services and technologies. Right now, much debate is generated around AI or Artificial Intelligence, and the use and spread of other automatics and robots in our environment. Would you imagine that in twenty years the use of these machines will be as widespread as the use of smart phones today? This is completely within our reach.

How do you navigate your digital environment? Are you a risk taker?

Our digital environment has created enormous possibilities. But, at the same time, new threats have arisen. Sadly, the argument is often made that the human being/the employee/the member of the organisation is the weakest link when it comes to digital security. I challenge this by arguing that an informed, educated and motivated individual who uses safe devices and services enables effective and safe digital practices for organisations.

What are the most prevalent risks that users succumb to and how can you overcome these in your own actions?


Usernames and passwords

Information security when using services is based on how we treat usernames and their related passwords. The most important guidelines for passwords are:

1.Always use different passwords for important services.

2.If a service allows for a two factor authentication process, use it. This means you will, for example, receive a SMS-code on your cell phone, which only then allows you to login to the service.

3. Make use of sufficient special characters in your passwords. An ordinary password can be made more secure by using special characters by, for example, replacing the letter ‘i’ with the numeral ‘1’, or the letter ‘o’ with the numeral ‘0’. For example, ‘radio’ is not a very good password, but ‘ckBkMTDigJk= is noticeably better – but far too short alone, better use 10 or more letters.

4.Do not reveal your password to anyone. No official service or legitimate company will ask for your username or password via email or by phone.

5.A healthy dose of suspicion is the cornerstone of safe practice!

You are the target of various phishing and spoofing attacks

As you have no doubt noticed, you are the target of an enormous amount of different campaigns and lobbying groups through social media and email. You can try to root out hidden threats by following these guidelines:

1.With every email, consider whether you can really trust the attachment or the link that you are expected to click.

2.Be especially cautious when asked for any of your personal information. Who is the request from and why do they need it?

3.When using social media and sharing content produced by others, ask yourself whether the content can definitely be trusted and whether it is in line with your own beliefs and attitude.

4.When installing a new application, check the privileges you are giving the application. Does it, for example, need access to your contacts, your camera and your microphone? If it requires access to these, is it justified?

5.Whenever you notice anything suspicious, report it according to your organisation’s policy. If you are the victim of a scam on a particular platform outside of work, always report it as a crime.


Recognise threats, manage the risks

As you can see, our way of working in a digital world is undergoing enormous changes and it requires us to be proactive in recognizing threats so that we can manage the risks. Because there is no such thing as 100% security, it is important to think about the kinds of risks you can take.

Let’s consider an example. When you approach traffic lights that are about to turn to red either on foot, on a bicycle or in a car, how do you act? Some people brake as soon as they notice the traffic lights. This kind of unexpected action, which is an over-reaction, can also cause an accident.  Most people start to slow down and stop where they’re supposed to. The rest do the opposite: instead of slowing down, braking and stopping, they accelerate to get through the traffic lights. We know that trying to beat the traffic lights, does not only put the safety of the individual in question at risk, but also the safety of those in the surrounding traffic.

How does this relate to how we navigate the digital world? Unfortunately, all too often the high risk takers described in the example treat the digital world in the same way. When this kind of user receives an email which he suspects of being a scam, or even knows for sure to be one, they decide to open it out of curiosity, just to find out where the link in the email leads, risking not only their own but their organisation’s security. Digital behaviour that recklessly ignores guidelines is unacceptable . Let’s avoid pointless risks, for the sake of our own safety as well as that of our environment and our workplace.

Photograph of a man smiling, holding a dog, to the camera. He is standing in front luscious branches of an apple tree.

Kimmo Rousku is the General Secretary of VAHTI (Finnish Public sector digital security management board) and a leading specialist at the Finnish Population Register Centre. He has been involved in various specialist and management activities relating to ICT and security for the Finnish government from 1995 onwards. In his private time, he is also active as a writer and keynote speaker. For reactions: kimmo(a)