It’s something you’ve probably heard or read many times over, I know I’ve repeated it often enough… ‘the best security starts between the ears’. It’s always been a truism and never more so than in these days of ever increasing threats and cybercrime.
Getting the priorities right
Lately the net has been inundated with stories of tracking cookies and targeted advertizing, with most tech sites and blogs attacking them as though they were evil personified. While I concede that privacy is certainly an important issue, I am suggesting that perhaps the emphasis is just a tad skewed. Targeted advertizing can be a nuisance, an irritation, but I don’t believe anyone’s bank account has ever been drained of funds, or credit card details stolen, because of one or even one million tracking cookies.
If it upsets you to see ads displayed for products you’ve researched previously, you’re certainly not Robinson Crusoe. To be honest it doesn’t bother me unduly, in the overall scheme of things tracking cookies are a minor issue. And if you’re smart you too won’t allow the current preoccupation with tracking cookies divert your attention away from what are much more serious threats.
How you are more likely to get hacked
Many people perceive the ‘baddies’ as a bunch of seedy characters, working away in grubby basements, hunched over their souped-up computers incessantly attempting to hack into PCs so they can steal your information or hard earned dollars… a common misconception. Generally speaking, cybercrooks prefer to take the path of least resistance. Why spend long hours attempting to hack into computers when it’s much easier and quicker to just trick the user into doing it for them them? I see this almost every day when dealing with my clientele, many of whom are what I term ‘clickaholics’.
Scamware and malware infections are probably the most prevalent cause of call-outs among my clientele. Almost every single machine I deal with is infected, often with multiple instances of malware. How can this be? Because they are clicking on links in emails they shouldn’t be clicking on, opening email attachments they shouldn’t be opening, inadvertently clicking the wrong download buttons, downloading from sites they shouldn’t be trusting, and generally not applying due diligence… clickaholics! You’ll all be familiar with the saying “look before you leap”, that old and wise adage applies equally to online life… ”look before you click!”.
What can be done to help improve security
Socially engineered threats, those which rely largely on user interaction to perform their dirty deeds, constitute the largest and fastest growing group of threats today. Wikipedia describes social engineering thus… “The art of manipulating people into performing actions or divulging confidential information.”
The strange thing is… many people who adopt a common sense approach throughout their offline lives seem to throw that philosophy out the window when it comes to their online lives. They know darn well that ‘something for nothing’ is an illusion yet seem to believe the net somehow magically alters that concept. No, you are not the 100,000th visitor on that website, and no, you haven’t just suddenly won a large sum of money. No, you won’t get a free iPad if you help test one, and no, that email almost certainly did not come from your bank. If many of these techniques were encountered during everyday offline life they would be treated with the skepticism they deserve, the very same philosophy should be applied when operating within the realm of the Internet.
I would never suggest that users do not require anti-virus, and would always recommend installing a reputable anti-virus, but that is just the beginning of security, the first step, it is not the final be-all and end-all. Too many people allow installing anti-virus software to lull them into a false sense of security. The fact of the matter is you cannot rely on your anti-virus to protect you against everything, a goodly dose of common sense is also required.
I also highly recommend utilizing a good password manager. Weak passwords and using the same password on multiple sites creates a high level of risk. I put a theory of mine to the test during a recent social gathering. I commandeered the host’s PC, gathered all the party goers around, and randomly input their passwords into Daves Computer Tips online password test. This involved around 20 people of varying ages and backgrounds who could all be described as ‘average’ PC users. Results were shocking to say the least. I already suspected that their passwords would be very weak of course, but visual confirmation from an official source was bound to have a greater impact. A good password manager will not only record and maintain passwords in a secure environment, it will also help you select strong passwords and ‘remember’ them for you, including different passwords for each site and account.
You might also like to read through an article we published recently regarding sandboxing and site advisory services. You can read the article in full here: Increase you browsing security easily and effectively.
Last but absolutely not least: Everyone has in their possession one of the most potent and effective forms of security money can’t buy… their very own common sense. Make sure to take it along with you whenever you are visiting the Internet.
Great stuff. And right on.
What might be obvious to an experienced user is not the case with an average home user or younger person. How do you know what is to be trusted and what is not.Almost impossible to know.
So called common sense is entirely a subjective position and generally is not effective. Even experienced users can get caught out.
Best solution is to open your browser protected by a sandbox. This throws a ‘wall of protection’ around the browser and any email program you care to use. Any activity within the sandbox is NOT installed on the hard drive. It is possible to save outside the sandbox if required. This is where much care is required, otherwise bad web sites and bad email attachments will not infect the computer.Sandboxie is a free download .Just google.
Jp
Hey John – This is a follow up to a previous article expounding the virtues of sandboxing techniques and site advisory services… there is even a link included. If you’d bothered to read through this article properly you would have saved yourself some embarrassment.
Would you say that using something like Sandboxie for protection is common sense? Or for “an average home user or younger person” to utilize site advisory services would be common sense?… nuff said.
12-03-2012 8-39AM
So spyware is not malware?
Hi Barry – The term ‘malware’ is a portmanteau of two words… malicious software… and covers the entire range of infections, including spyware.