SECURITY does not begin with S

You might think that security begins with an “S” as in Security Software, but I’m here to tell you that it begins with “Y” as in YOU.

You may have read one of the many articles appearing seemingly daily in the news about some big corporation or another being “hacked” by an individual miscreant or a cabal of criminals. And you’re probably in the majority who believe that hackers are sinister, invisible scumbags who live in filthy, musty basements and who crouch over their souped-up laptops hacking into computers to steal money or information in order to live the good-life without working.

And you probably also believe that the brand-name (and expensive) security suites like Norton offer better protection than the humble, free anti-virus programs that are still available (but slowly disappearing). You might think that the price you pay is directly proportionate to the protection you receive.

What You Believe May Hurt You

If you believe any of the above you’re wrong. Dead wrong. And being wrong when you’re talking about your personal information and your security on the Web it could cost you – your money and your identity.

While tech sites and bloggers spent weeks, even months, gutting Google over its new privacy policy. And many of these same sensationalists (sensationalism sells much better than the truth), spent months and months writing about the dangers of “tracking cookies” (and still harp on and on about them) making readers afraid and getting their undies all in a bunch. In the meantime, thousands of people’s’ personal information and money were being stolen. It wouldn’t surprise me if some of these victims aren’t the same people who passionately worried tracking cookies as the second-coming of Attila the Hun and took their eyes off the real threats they face every day on the Internet.

You see if you allow yourself to be duped by so-called experts, whose main concerned is drawing readers to their Websites or blogs, you’ll take your eye off the real threats. As I write this, there are at least a hundred people having their bank accounts drained or their credit card numbers stolen.  And I’ll bet you a million dollars that their bank accounts were not drained or their credit card numbers stolen because of tracking cookies.

How Companies Really Get “Hacked”

Hackers don’t normally waste time trying to guess passwords and break into computers. It’s easier just to trick people into giving away passwords…or if you’re a hacker and you’re lucky enough, get your hands on one of the many unsecured government laps government employees leave lying around (yes, they really do).

Sometimes having an antivirus or “Internet security suite” installed gives people a false sense of security. One thing no software program can do is protect people from themselves.  I read an article recently about a hacker who did a lot of profiling. He befriended people who worked for companies he wanted to hack. It wasn’t very hard. A lot of executives go out for a few drinks after work — how do you think the term “happy hour” got so popular? –and he would strike up a conversation and find out what they liked and didn’t like. One executive really liked to play the game Angry Birds. The hacker and the exec exchanged email addresses (you can be sure the hackers was a disposable email address or it wasn’t a real address at all). Later on the hacker sent the exec an email announcing a new version of Angry Birds… “Click here to download it!”. Of course the exec downloaded it and it was a password-stealing Trojan. You can guess the rest.

You’d expect that the company would have had good security software installed and they would have kept it updated. Perhaps they did — but sometimes things slip by. The point is – hackers don’t need to use password cracking tools and packet sniffers to hack a computer or a computer network. It’s easier to use trickery to get your passwords and gain access to your money and your personal information.

So while the flap continues over Google’s privacy policy and while millions race to download tracking-cookie-killers, the hackers and the criminals are happy that many people are thus distracted. They can pilfer freely — stealing funds from individual’s bank accounts and gathering passwords to online accounts while people are up in arms over seeing furniture ads for a week after searching one time for furniture, have their attention diverted away from the truly dangerous stuff.

If it upsets you to see ads for products you’ve previously searched for, you’re not alone. But it doesn’t really bother me – I’m worried about much more nefarious things. If you’re smart you won’t let the fear mongers divert your attention from some really pernicious things.

Your First Line of Defense: You!

Having now repaired hundreds and hundreds of PCs while working with our Cloudeight Direct Computer Care service, I can tell you, for a fact, that having a good antivirus and antispyware program on your computer and keeping them updated, while vitally important, is not enough. Just in the last five days alone,  I’ve repaired two computers – one with Norton 360 (and updated with the latest definitions) and one with Norton Internet Security 2012 (and updated) that were infected with malware or spyware. One of them (the one with Norton 360) had over 117 instances of malware and one Trojan on it.   And while I’m no fan of Norton (it really isn’t very good), it should have done a better job of protecting these users.

Then point is not to take jabs at Norton but to make a point. You can’t  count on your security software to protect you from everything. You have to use your common sense. I didn’t have to ask these computer owners how they became infected. I know. They were clicking links in emails they shouldn’t have clicked, and they were downloading software (games and so forth) from sites they shouldn’t have trusted. You’d think with Norton’s “reputation-based” site rating tool, these two people would have been warned about downloading from those sites, but they were not.

Of course you need good antivirus/security software. But you don’t have to spend a dime to get it. Microsoft Security Essentials and BitDefender both make great free antivirus programs. We’re not sure about AVAST anymore – with all the garbage they’ve been adding — and AVG has already gone over the top and become a mini-Norton.

You don’t need a third-party firewall – leave the Windows firewall turned on. Anyone who tells you that you need a third-party firewall to protect you from hackers or to prevent your identity from being stolen is lying. There are a lot of people out there pushing 3rd-party firewalls because they make money by pushing 3rd-party firewalls, and really, it’s all about the money. It’s all about your money — getting your money, any way they can.

A good password manager is as important as having an antivirus in the age of the Cloud. If you don’t have one and you’re most likely using weak passwords, or you’re using the same password for every site. If that is so, then it’s only a matter of time before you’re going to pay the price for that. Don’t wait until something bad happens to you – get a good password manager now and use it. Use it to generate and save complex passwords.  Lastpass is a great password manager and the free version works very, very well. You can learn more here.

But above all, when you’re on the Internet make sure you take the best security money can’t buy along with you – your common sense. You common sense has worked great in your life off the Web – and it will work well for you on the Web. But so many very smart people seem to think the Web is different – that everyone is dying to give them something for nothing. A free download isn’t the same as freeware. No one is going to give you a free iPad if you help Apple test one. No you’re not the 10,000th visitor to a Website and no, you haven’t won $25,000. Use your head. Use your common sense. You wouldn’t fall for these schemes in your everyday life, don’t fall for them on the Internet either.

Security does not start with an “S” – it’s start with YOU.