Let's be honest: computers and websites are often easier and quicker to use if you do nothing about security.
You could save several minutes each day!
That's why it can be handy to have some really good excuses for doing nothing.
Sadly, as we're sure you have found, once a friend or family member
has latched onto a security avoidance excuse, it can be hard to talk
them round.
So, here are five excuses that we hear a lot, both from individuals
and from small businesses, together with some points you can use to
argue back that security really does matter.
EXCUSE 1. No-one's interested in little old me!
The reasoning is that cybercrooks just aren't interested in the local automotive repair shop or cake-making business, because...
...well, why would they go after an individual earning $30,000 per
year, or a local business turning over $500,000, when they could take on a retailer like Target with annual sales of $70,000,000,000?
But stop to think for a moment: Target doesn't turn over $70 billion a year by closing 70 deals of $1 billion each.
Target's business is much more like one billion transactions of $70 each.
And many cybercrooks run just that sort of low-value/high-volume business, for example:
- The CryptoLocker gang, who were estimated to have extorted $300 each out of well over 100,000 computer users in the UK alone.
- The criminals busted in 2011 in the FBI's Operation Trident Tribunal, who netted $72,000,000 in nearly one million transactions averaging $75 each for fake anti-virus software.
- The spamming industry, which would love to get its hands on your computer at home and use it to pump out more than 5 million spams per week.
→ We're all in the sights of cybercrooks somewhere, and we
owe it to ourselves and to everyone else to do the best we can to thwart
them.
EXCUSE 2. My printer won't work with the latest updates.
OK, it's not always a printer that gets the blame; in fact, it's not always hardware.
Sometimes it's legacy software that provides the excuse for sticking in the mud of yesterday's insecurities.
In particular, this is a very common reason we hear for not replacing Windows XP with an more recent operating system that is officially receiving security updates.
We accept that you may have some old hardware devices (lathes or
milling machines, for example) that would be vastly expensive to
replace, and can only reliably be controlled from XP.
But for everyday computers, you need to ask yourself if keeping
yesterday's printer alive to save the modest purchase cost of a new one
is worth the risk of running outdated software.
If you have a security hole that criminals have already had months or
years to hone their skills against, they're going to attack you first,
because they already know how to break in.
→ Every time you fall further behind on security updates, you make yourself into lower-hanging fruit for cybercrooks.
EXCUSE 3. I've got a Mac.
Good choice! (I've got a Mac, too.)
But whatever sort of computer you have, and whatever operating system it's running, if it is ever lost or stolen then your data will be in someone else's hands.
Even if a thief steals your laptop
just for the value of the hardware in an immediate cash sale, and even
if most stolen laptops are wiped and sold on quickly, not all of them
end up that way.
You have to remember that your data has underground value, too, even if only in the form of a bulk "data dump".
That's where the intermediary who buys a stolen laptop knows enough
(or knows someone who knows enough) to suck off the sector contents off
into a giant, unstructured blob of data.
He then sells on that data at a bargain-basement per-gigabyte price
to someone else, who knows enough to comb through it to extract nuggets
of personal information to sell on to the next crook, and so on.
In short, computer brand choice alone simply isn't enough to keep your data safe.
→ Don't leave home without full disk encryption, so that the only data dump a crook will get is shredded cabbage.
EXCUSE 4. Security slows your computer to a crawl.
Full
disk encryption, for example, sounds as though it ought to make your
computer slow, because it has to unscramble everything it reads in, and
rescramble everything it writes out.
But with modern disk encryption software
such as BitLocker on Windows and FileVault on OS X, running on modern
hardware, you'll be hard pressed to measure a statistically significant
difference in performance, thanks to CPU improvements.
Anti-virus often gets a bad name, too, but we very often find that it
only genuinely gets in the way when people needlessly "flip all the
switches," turning on redundant combinations of scanning options that do
more work that is necessary.
Similarly, strong passwords and two-factor authentication
are often blamed for making software and web sites time-consuming to
use, even though they typically add just a few seconds to important
transactions.
→ Don't throw out security altogether to save a little bit of time today, because it could end up costing you many times over tomorrow.
EXCUSE 5. I only browse to safe sites.
Do you? Really?
The thing is, how do you know?
How can you tell in advance that a site is safe?
Remember that even legitimate and high-profile sites may put you at risk, for example because they include poisoned adverts from a third party provider that was hacked.
That's where web filtering technology
can help, because a good web filter not only examines the URLs of the
web pages you plan to visit before you even go there, but also checks
out the content of web pages you've fetched before they are processed by
your browser.
→ Don't assume that all online cybercrime is obvious, even if you're visiting sites that were just fine yesterday.
THE BOTTOM LINE
The bottom line here is that there a lots of excuses you can find if
you want to give yourself an official-sounding reason for being slack
with security.
But please don't do that.
There may, indeed, be some security precautions that are genuinely impractical for you.
Just make sure, when you take on added risk by skipping security steps, that you find some other way to mitigate that risk.
For example, if you stick with XP for the sake of your million-dollar milling machine, use a firewall to segregate the milling machine into a safe corner of the network.
Doing nothing is the easiest option, but it's also the worst, for you and everyone around you.
0 comments:
Post a Comment