Study & Write T10 (Security situation in Estonia)

In this post I would like to take a look at the overall digital security situation in Estonia. To better see the result, I will divide the overview into three parts that are connected to three components of Mitnick formula: technology, training, policy. 

 

Technology 

Overall, I would say that Estonian citizens have a lot of technological possibilities to protect their personal data, as they are free to choose any antivirus and other protective software they want. Also, there are no legal restrictions on VPN usage in Estonia, which may also contribute to people anonymity and security (as well as to cybercriminals, who can hide their identity). It is also worth mentioning that Information System Authority of Estonia developed the DigiDoc software, which lets you encrypt and sign documents using your ID-Card certificates (Smart-ID and Mobiil-ID were also added in the latest update).

 

Training 

Though Estonia is quite advanced in a technological way, to me it seems that there could be a little more attention paid to cybersecurity awareness training. As I was was studying in one of the schools of Tallinn city, I can say that we didn't get enough training as school students. I only remember getting one lecture in the fifth grade (and I can barely remember what was in the fifth grade at all). 

What about other examples, we can sometimes see on the news that someone lost their money because of the Internet scam. Also, there are getting more and more of these scams, which means that people can be deceived. For example, recently there has been a huge way of scams in which "bank employee" would call you and notify you that there's been a payment made from your bank card and that you should provide personal details to block the transaction. 

Having considered everything written above, I would say that more attention should be paid to digital security awareness training for Estonian citizens. And it should be done before the attack, not after it.

 

Policy

Policies mostly depend on companies, and companies in Estonia can choose their own security policies. Though, these policies should still comply to EU laws, which are quite strict about everything connected to personal data handling. This means that customers can trust that their data won't be misused in any way.

 

To conclude, I would say that the overall security situation in Estonia is pretty good. People have freedom on the Internet, as well as freedom to choose software they want. However, they are not that aware of different attacks (they may have heard of them, but have never seen real examples), therefore, this issue should be addressed (more practical examples than theoretical examples would be more beneficial).

 

 

Sources:

https://www.ria.ee/en/state-information-system/eid/digidoc-software.html