Security Awareness – Page 6 – Tales from the Crypto

Security Awareness

October is National CyberSecurity Awareness Month

While I’m not much of a fan of anything with the word “cyber” in it, I’m definitely a fan of anything that improves awareness of security. National CyberSecurity Awareness Month is an annual devotion of a particular month to getting people to stop being insecure on their computers.

My colleague, Jesper, has suggested that a fitting approach to National CyberSecurity Awareness Month would be to post frequent blog entries on some of the simpler and widely-applicable parts of what I like to call Information Security. Or in other words, safety and security with computers.

So, here’s part 1 of my stream-of-security consciousness. And I apologise to security wonks for any loose use of security terms. This is designed to appeal to regular people, so worms and trojans are all viruses, etc.

NCSAM Part 1 – It’s Truly Too Good To Be True

OK, so my first posting is the easy one – but it points to a big difference between the people who always get infected with viruses, and those who never get infected.

Sure, there are always bugs in the software, and there are technological ways in which people get infected with viruses, but plain and simple, the most frequent cause of infection is characterised by the phrase “I didn’t think it was true, but I figured, ‘what have I got to lose?’”

In the real world, outside of your computer (or “cyberspace”, if you prefer), life comes at you at a relative snail’s pace. If someone steals your wallet, they’ve ripped you off for a few dozen dollars, and you have to start calling your credit card company.

Online, by comparison, everything happens far faster, and in bulk.

So, the phrase that did you good in the real world, “what have I got to lose”, is truly not applicable in the online world. You have everything to lose.

Data recovery is expensive – if a virus wipes your photos out (and it may get your backups too), you’re going to be spending around $1,500 to have a chance of getting your memories returned to you.

Reputation (“identity”) recovery is expensive as well – if a virus copies enough personal information from your system for the virus owner to pretend to be you, it will absolutely take around a year for you to get your credit history straightened out from theirs. You may get most of your money back, but you can never recover that time.

So, as I hinted at in the title of this part of the series, your chosen phrase should no longer be “what have I got to lose?” but “what do they have to gain?”

Whenever an offer comes in that seems like a wonderful idea, the mythical “free lunch”, if you will, ask yourself why someone would make that offer, and why they would make it to you. If there’s no good answer, then it’s likely that the offer is a scam. Don’t respond, just dump their email in the only place it belongs.