Dali Burgado posted a really interesting article from infosecurity.com today about combating Twitter worm threats being personal. The gist of the article was that the best way to combat these information security threats was by reporting them. We’ll take this idea a step farther in this article, that information security really centers around making good personal choices. Unfortunately a lot of people are not very cautious in their experience and bad choices lead to big compromises, expenses and a bevy of other problems. In fact did you read about the man in Australia who had one of his investment properties sold as the result of identity theft?
What areas do these personal choices affect your information security?
Competency and learning – the core of information security
At the core of information security is what you as a user are willing to do to educate and protect yourself. Do you take a cautious and guarded approach or do you throw caution to the wind and click every link in sight? Perhaps one of the biggest challenges for new users is there are not many best practices training programs available for end users (know of some, please share the wealth as a comment to this post!). You really have to actively seek out the information. There are a number of paths for professionals to get the training including Sans Institute (Dali Burgado who inspired this post works for them!) among others. We provide end user information security and best practices training to our small business clients and you can always inquire at my “speaking” page on my personal blog to inquire on behalf of a group.
Hardware, Wireless and networking device choices
A little bit of prior planning in the hardware arena can close some huge gaps in information security. The biggest risk and most difficult choice the average home owner or business can make is the decision to have wifi on premises. You may have read this week that Google Street View Cars were collecting a lot more than pictures of the streets in your neighborhood. I don’t think the information Google collected will be used against you but to that point if they can do it anyone can do it. The decision to add wireless to your home or business network should not be taken lightly. Educate yourself on the security best practices and realize that even if you do a reasonable job of securing the device it is just one more thing that could be compromised at some point. Any networking gear you add to your network needs to be updated from time to time, do you have the ability to do that? Does the benefit of that hardware outweigh the expense of hiring a professional to provide you with the updates? These are questions that are best asked in advance.
Security software choices
Computers need extra protection against threats, the simplest protection is keeping your software updated. Think about this when you decide to install a new application, it is another spoke in the growing wheel that you will need to keep updated. Software updates are a fact of life in our modern age, be prepared to understand what they are and how to upgrade them. A great resource for finding out about new threats is CERT in fact I highly recommend you sign up for their weekly alerts or feed. In fact I used to do a weekly feature here that will give you an idea of what to look for at the CERT website.
In addition to keeping your software up to date, it is a great idea to protect your system with antivirus and/or a security suite. We became a reseller of Eset NOD32 a number of years ago and have found over time that they continue to provide a quality product. Do not for a minute think that antivirus/security suite software will protect you from everything. It is the “last resort” and even the best products will not catch everything. The personal choices you make will have more to do with your information security that the anti virus software you choose.
Where you choose to be present can have a direct impact on your information security. The allure of social media sites like Facebook is great, and there are a number of advantages, but any place you choose to participate has it’s own risk, practices and learning curve. You should be aware and remain aware of these risks and practices, never assume that because a lot of people are using something that it is safe. The opposite is often true, the criminals often go where the people are because they have more potential targets. I have an article that I’ve started to work on that goes into detail about how social media has really become a vulnerable spot for many internet users. I will add a link to this post when it is done.
The Gullibility and Greed Factor
Gullibility and greed are major contributors to information security compromise. I think Facebook is a great example of where this occurs, I have seem more hacked Facebook accounts than I imagined I ever would, why? People thought that their really easy password was fine or they clicked a link or installed a rogue app. Now some malicious app or user is posting things to their friends walls, sending messages, etc trying to further perpetuate the compromise.
Beyond the gullibility of individuals that help their stranded friend at
greed is an often overlooked factor in information security. Do people really believe they will get something for nothing? Judging by the ongoing “Nigerian”, “419” or “advanced fee fraud” scams, they do. If it didn’t work they would not be so prolific. Some very senior executives have been caught by these scams in the past, it is believed that many more have been victimized as well but did not come forward due to embarrassment.
Keep in mind the oldest trick in the book by con artists (pre-dating the internet) is to exploit a persons gullibility or greed. If you’re going to be information secure you’re going to also have to learn to be a little street wise.
Hopefully this will be a good primer and starting point for people to start to move towards a more information secure computing experience. While there are links to a number of great resources we’d be happy to have your feedback about other possible resources, we’ll also feature the best of the suggestions to the article itself. You can share your feedback, suggestions or questions in the comments below.