How many organisations get hacked? A lot.

This article explains that a large number of organisations have security breaches in their network and they mostly go unreported. This makes sense as it would be bad publicity to acknowledge that their customer’s records are vulnerable to hackers. Still it’s important for everyone to be aware how often it really happens.

It’s also important to keep in mind how much information you provide to companies. Personal details like a drivers license number, date of birth, mother’s maiden name etc often aren’t necessary to do business with a supplier. All this information, including marketing information, is often stored for years by companies. Whether or not they have a privacy policy the information is there, and people like hackers don’t abide with privacy policies. So be aware of what information you divulge.

And it’s really up to every organisation to be accountable for their security. At the moment the laws in most countries aren’t strong enough to enforce this, so not much will change until matters get worse.

Protecting A Home Computer – First Steps

This article covers the most basic proactive measures you can take to protect your computer. It’s been written with a single home computer in mind – small and large offices need completely different solutions and they’ll be covered in a future article.

So you have a computer and are aware of the dangers present on the internet. You’d like to feel safe with as little effort as possible, and you’re even prepared to buy some antivirus software. Where do you start?

Anti-virus software is one line of defence, but you can’t rely on this alone. Online crime has advanced so much in the past few years that viruses are probably the least of your concerns. Nevertheless you still need an antivirus solution.

Viruses are programs that install themselves onto your computer and do something unwanted. Some are worse than others (it could delete your files, let hackers log into your computer, and copy itself to other computers). Antivirus programs scan everything on your computer and match it against a list of known viruses – new computer viruses get created every day. So yesterday’s antivirus software won’t protect you against today’s threats (it’s a fast paced world). What you need is a way to update your antivirus software every day. This is usually called a subscription, meaning you pay an annual fee to get the latest updates every day.

Some home users have outdated antivirus software. It probably came bundled with the computer with a 3 month trial subscription, and it probably expired. Some people think it’s ok to copy antivirus programs from a friend (which is morally wrong and illegal) and without paying for the subscription it won’t protect you. Bottom line here: pay the annual subscription.

The next line of defence is protection from trojans. The simple explanation is that some programs you download (or sometimes buy) include a hidden bit that connects out to the internet and does something bad without your knowledge. There are two things you can do to prevent and control this very serious problem:

  1. Be aware of what you download. Only download programs you really need and preferably from sources you trust. Although this may sound vague it gets easier with experience.
  2. Run a personal firewall. Read below on how this can help.

A personal firewall is a program you install on your computer that stops unknown programs from connecting out to the internet. In other words, it becomes very difficult for a “bad program” to use the internet without your permission. Windows now includes a firewall program but it’s worthwhile paying for a better one.

You also need to learn to use it. In its most basic form a personal firewall with ask you for permission whenever it finds a new program (attempting to connect to the internet). If you blindly click Accept then you haven’t really achieved any better level of security. You should take a moment to read what the message says and consciously decide whether or not to allow it. Don’t fall into the habit of clicking Yes to everything. In most cases if you’re intentionally telling a program to use the internet then you would want to allow it. Again this becomes easier with experience.

Lastly, the other main line of defence for a home computer is to keep it patched. Windows is not perfect (and neither is Linux or MacOS) and the programmers generally find ways to improve security. They release a patch and it’s up to you to apply that patch to your computer. This is often automatic, and for beginners this is how you want it to work. Windows XP and Windows Vista will let you know if patches are not being applied manually (in which case you should do this at least weekly). Patches can be applied by opening Internet Explorer and selecting Windows Update from the Tools menu, then following the prompts.

In summary there are three facets to securing a home computer:

  1. Use antivirus software. It’s important that it receives updates at least daily
  2. Use a personal firewall. Learn to read the messages it gives you and use it properly.
  3. Keep your computer patched. This can often be automatic.

I think that’s enough for now. Each of the above three areas requires further articles, and there’s still an awful lot more to be learnt. I have deliberately avoided suggesting any products. This also warrants its own article and the market changes so fast that a recommendation would be out of date fairly quickly. Expect to pay about $100 per year per computer. This is reasonable considering that a computer typically costs over $1000 and your bank account could contain significantly more.

Computers Are Complicated

Computers are very complicated machines. This article is an introduction to computer security suitable for all people.

Anyone who says a computer is simple, or the latest version of anything is easy to learn either is lying (possibly with the intent of selling you something) or is naive. Over the past 25 years computers have only become more complicated, programs and systems have grown to be huge and no matter how much work is done to wrap things up in a nice simple interface it’s inherently complicated under the surface.

Compare an old car with a more complicated vehicle such as a space shuttle. If something was wrong with the old car you’d probably know just by driving it. With a space shuttle you probably wouldn’t know unless you had a large support team monitoring all the sensors. Computers have become like that.

Commercial environments (such as offices) have IT departments that constantly monitor all their computers and repair problems (including vulnerabilities), often without users being aware of it. Home users, or small office environments, don’t have this luxury and won’t be aware of a problem until it’s too late. The problem could expose itself as a failed drive, and you might lose some data. Or it could be a compromised network leaving your computers at the control of hackers. In fact there are countless possible scenarios.

And then there’s the risk to you. Some people insist there’s no reason a hacker would attack their computer, that there’s nothing valuable on it anyway. In fact there’s something very valuable in every computer you use: confidence in the computer’s security. You want to know your computer’s safe to use for internet banking (and that it’s not under the control of a hacker). You want to know that your computer isn’t being by an unknown person to send spam or to commit a crime.

The point of all this is that you should never assume anything with a computer is simple. Computers don’t take care of themselves, and problems really do exist, often without your knowledge until it’s too late to prevent it.

Your approach to computers should include the following points: 

  • Be proactive in maintaining your computer(s)
  • Spend money where necessary to have the best tools to secure and maintain them
  • Keep in mind that the risks to you are real
  • And remember that there are lots of people out there with malicious intent (the threat is real).

This article hasn’t gone into any specifics, it’s an overview on why you need to be proactive. It presents a case for putting effort into maintaining a computer or network.