Well, it’s that time again – you know, when you get tons of email from security vendors reminding you that your security sucks, no security is perfect, this bug, that vuln and blah blah blah. Let’s take a step back and get started the right way with a series of posts that address a few places where you can improve your day-to-day technology security.
No security is perfect, you are simply mitigating risk – so it is really about how comfortable you are with a certain level of risk and how difficult it is to use. For example, are you prepared for someone being able to post not-so-nice things on your social media accounts or send emails with malicious attachments that appear to come from you?
Maybe your computers at home will become zombies and start sending malicious traffic as a part of a global bot net…not the end of the world right? Maybe you won’t be getting all the throughput from your ISP that you are paying for. Maybe you are opening yourself up to future attacks from that same bot net.
What about money? What happens when an attacker logs into your online banking account, sets up a new bill pay or transfer and sends all of your money off? Maybe you’ll get an email notification (assuming you still have access to your email account) that a new transfer or payee has been setup or maybe you’ll be out shopping and your cards will be declined. Maybe you’ll be able to get some of that back…
But what happens if you have documents and pictures…family photos, wedding pictures and kids pictures from years ago. Are you willing to risk those pictures being COMPLETELY LOST. Forever.
Security [can be] hard
Doing security right is one thing when you know what you are doing, but for people that don’t quite understand security, it’s probably just because there was an easy way out…and that easy way out was probably less risky yesterday than it is today. It doesn’t help that one person’s accepted level of risk is different than another person’s – making it a bit objective…and this leads to endless “discussions” (arguments) about security.
The hardest part about doing security well is the fact that there are NO “immediate benefits”. Having the ability to access your bank accounts on your mobile device is ‘cool’ and could be considered a benefit…having to use a strong password with multi-factor authentication does not add any additional “benefit”…other than, you know…keeping your money.
So while good security may be common sense for some security professionals or technologists, it isn’t for everyone else – and is probably seen as a hindrance…right up until money\photos\privacy\something is lost or stolen.
Taking a Step Back
So for the next month, I’ll [try] to take a step back and go back to security basics.
Do enjoy and stay safe.