Security Does Not Begin With “S”

By | March 6, 2012
Print Friendly, PDF & Email

Security Begins With YouYou might think that security begins with an “S” as in Security Software, but I’m here to tell you that it begins with “Y” as in YOU.

You may have read one of the many articles appearing seemingly daily in the news about some big corporation or another being “hacked” by an individual miscreant or a cabal of criminals. And you’re probably in the majority who believe that hackers are sinister, invisible scumbags who live in filthy, musty basements and who crouch over their souped-up laptops hacking into computers to steal money or information in order to live the good-life without working.

And you probably also believe that the brand-name (and expensive) security suites like Norton offer better protection than the humble, free anti-virus programs that are still available (but slowly disappearing). You might think that the price you pay is directly proportionate to the protection you receive.

What You Believe May Hurt You

If you believe any of the above you’re wrong. Dead wrong. And being wrong when you’re talking about your personal information and your security on the Web it could cost you – your money and your identity.

While tech sites and bloggers are gutting Google over its new privacy policy and getting readers undies all in a bunch over “tracking cookies”, thousands of people’s’ personal information and money are being stolen every day.It wouldn’t surprise me if some of these victims aren’t the same people who passionately attack tracking cookies as the second-coming of Attila the Hun.

You see if you allow yourself to be duped by so-called experts who, even as I write this, are asking congress to investigate Google over its privacy policy, there are at least a hundred people having their bank accounts drained or their credit card numbers used. And I’ll bet you a million dollars that their bank accounts weren’t drained or their credit card numbers used because of one or a million tracking cookies.

How Companies Really Get “Hacked”

Hackers don’t normally waste time trying to guess passwords and break into computers. It’s easier just to trick people into giving away passwords…or if you’re a hacker and you’re lucky enough, get your hands on one of the many unsecured government laps government employees leave lying around (yes, they really do).

Sometimes having an antivirus or “Internet security suite” installed gives people a false sense of security. One thing no software program can do is protect people from themselves.  I read an article recently about a hacker who did a lot of profiling. He befriended people who worked for companies he wanted to hack. It wasn’t very hard. A lot of executives go out for a few drinks after work — how do you think the term “happy hour” got so popular? –and he would strike up a conversation and find out what they liked and didn’t liked. One executive really liked to play the game Angry Birds. The hacker and the exec exchanged email addresses (you can be sure the hackers was a disposable email address or it wasn’t a real address at all). Later on the hacker sent the exec an email announcing a new version of Angry Birds… “Click here to download it!”. Of course the exec downloaded it and it was a password-stealing Trojan. You can guess the rest.

You’d expect that the company would have had good security software installed and they would have kept it updated. Perhaps they did — but sometimes things slip by. The point is – hackers don’t need to use password cracking tools and packet sniffers to hack a computer or a computer network. It’s easier to use trickery to get your passwords and gain access to your money and your personal information.

So while the flap continues over Google’s privacy policy and while millions race to download tracking-cookie-killers, the hackers and the criminals are happy that many people are thus distracted. They can pilfer freely — stealing funds from individual’s bank accounts and gathering passwords to online accounts while people are up in arms over seeing furniture ads for a week after searching one time for furniture, have their attention diverted away from the truly dangerous stuff.

If it upsets you to see ads for products you’ve previously searched for, you’re not alone. But it doesn’t really bother me – I’m worried about much more nefarious things. If you’re smart you won’t let the fear mongers steal your attention away from some really pernicious things.

Your First Line of Defense: You!

Having now repaired over 100 PCs  (and EB about the same number) working for our Cloudeight Direct Computer Care service, I can tell you, for a fact, that having a good antivirus and antispyware program on your computer and keeping them updated, while vitally important, aren’t enough. Just in the last five days I’ve repaired two computers – one with Norton 360 (and updated with the latest definitions) and one with Norton Internet Security 2012 (and updated) that were infected with malware or spyware. One of them (the one with Norton 360) had over 117 instances of malware and one Trojan on it.   And while I’m no fan of Norton (it really isn’t very good), it should have done an adequate job of protecting these users.

Then point is not to take jabs at Norton but to make a point. You can’t  count on your security software to protect you from everything. You have to use your common sense. I didn’t have to ask these computer owners how they became infected. I know. They were clicking links in emails they shouldn’t have clicked, and they were downloading software (games and so forth) from sites they shouldn’t have trusted. You’d think with Norton’s “reputation-based” site rating tool, these two people would have been warned about downloading from those sites, but they were not.

Of course you need good antivirus/security software. But you don’t have to spend a dime to get it. Microsoft Security Essentials and BitDefender both make great free antivirus programs. We’re not sure about AVAST anymore – with all the garbage they’ve been adding — we’re going to take another look at it – we’ll let you know.

You don’t need a third-party firewall – leave the Windows firewall turned on. Anyone who tells you that you need a third-party firewall to protect you from hackers or to prevent your identity from being stolen is lying. There are a lot of people out there pushing 3rd-party firewalls — it’s all about the money. It’s all about your money — getting your money, that is.

A good password manager is as important as antivirus in the age of the Cloud. If you don’t have one and you’re using weak passwords, or you’re using the same password for every site, it’s only a matter of time before you’re going to pay the price for that. Don’t wait until something bad happens to you. Lastpass is a great password manager and the free version works great. You can learn more here.

But above all, when you’re on the Internet make sure you take the best security money can’t buy along with you – your common sense. You common sense has worked great in your life off the Web – and it will work well for you on the Web. But so many very smart people seem to think the Web is different – that everyone is dying to give them something for nothing. A free download isn’t the same as freeware. No one is going to give you a free iPad if you help Apple test one. No you’re not the 10,000th visitor to a Website and no you haven’t won $25,000. Use your head. Use your common sense. You wouldn’t fall for these schemes in your every day life, don’t fall for them on the Internet either.

Security doesn’t start with an “S” – it’s start with YOU.

One thought on “Security Does Not Begin With “S”

Leave a Reply to Eileen Cancel reply

Your email address will not be published. Required fields are marked *