One of the core criteria we often use when choosing where to live is safety. Given the choice, most of us don't choose to live in a dangerous neighborhood with a high crime rate. In the virtual world, we don’t have that same choice; we all live in a bad neighborhood when it comes to cyber. Whether it’s Beverly Hills, the Pentagon, or Rio de Janeiro, anyone can break into your systems at anytime and from anywhere. Unlike your physical house, you don’t have to be in the same zip code to break in. You don’t even have to be in the same country. All this in mind, we did a comparison between security in the physical world to that of the virtual world.

1. Username and Password = Lock and Key. Just as in the physical world, the more sophisticated the lock and key the better. Picking a bathroom lock with a screw driver is the equivalent of a weak password. A double deadbolt requiring multiple keys is like two factor authentication. Take away: use the double dead bolt (i.e. two factor authentication)!
2. Encrypting sensitive data = Storing valuables in a safe. In the same way you wouldn’t leave your valuables lying around, personally identifiable information (PII) and other sensitive data should never be stored unencrypted. Encrypt your hard drive (i.e. put it in a safe). This can save you from having to notify customers in the case of a data breach.
3. Cybersecurity monitoring = Physical security guards. In the physical world, security guards patrol the landscape and 1. deter criminals from attempting to break in, 2. stop them from breaking when they attempt to and 3. catch the criminals that do break in quickly. 24/7/365 cybersecurity monitoring by a security operations center (SOC) is the equivalent in the virtual world.
4. Log aggregation and analysis = Physical security cameras. Security cameras record criminal activities and allow them to be replayed to 1. find the perpetrators and 2. prove they are guilty. Logs are records of every event that happens on an information system, to include criminal activity and aggregation allows those logs to be replayed to 1. find the perpetrators and 2. prove they are guilty.
5. Virtual private networks (VPN) = Bulletproofing your car windows and locking your doors. Would you drive through a bad neighborhood with your windows down, car doors unlocked, and expensive jewelry visible to all passerby's every time you pulled up to a stop light? Then why do you use public WIFI without a VPN?
6. Network firewall = Security fence around perimeter. Network firewalls protect your perimeter (i.e. they keep bad people from getting in). That said, a misconfigured firewall is like a security fence with built with holes and gates left open. It’s probably best to have it set up (i.e. built) by someone who knows what they are doing.
7. User training and awareness = Occupant training and awareness. You can have the best physical security in the world, but if your son or daughter opens the front door for a thief and invites them in, it doesn’t matter. This happens all too often in the cyber world, with users clicking links, visiting websites they shouldn’t, or downloading files. Train your users like you teach your children!

Times change, both in the physical and virtual world. Ask your grandparents and they'll tell you they never used to lock their doors growing up, but they do now. Just 10 years ago, we didn't have to lock our information systems; but we do now. Times again, have changed.