The Second Most Important Computer Security Step
Previously I discussed what I would tell you if I could tell you only one thing relating to computer security.
I told you to back up.
It’ll save you from so many different kinds of damage ranging not only from security-related issues but right down to hardware failure to just about any kind of catastrophic data loss.
So if you listen to only one thing I ever say, please listen to that — back up.
What if I could tell you a second thing? The second most important step you can take to keep yourself secure?
Like before, it might not be what you expect.
What we would like is for the solution to be the perfect combination of tools — security scanners, firewalls, anti-spam tools, operating system components and what not — that would keep us safe.
What we would like is for there to be a combination of simple steps and powerful software that would put a stop to it all and keep us safe.
There a problem in computing that a friend of mine still at Microsoft once called “the dancing bunnies problem”. It goes something like this:
If people receive an email that promises them pictures or videos of dancing bunnies if they just click a link or open an attachment, then some number of people are going to everything in their power — including side-stepping every security tool and warning they encounter — in order to attempt to see those dancing bunnies. They were promised dancing bunnies and no silly software is going to prevent them from seeing the dancing bunnies, gosh darn it.
Except of course there are no dancing bunnies. There is only malware.
There is no software, no tool, no magic bullet that can protect you from yourself. To quote the old game show, you are the weakest link. I see it over and over and over.
Let’s go back to the friend I talked about before, and his machine infected with ransomware. How did he get it in the first place?
No, it wasn’t dancing bunnies, but it was similar.
If I recall correctly he mentioned opening an attachment he received in email that proported to be a delivery notification from a major package delivery service.
Except of course there was no notification, no package. There was only malware.
And in his case it was ransomware.
Email attachments are, today, the most common way that ransomware, specifically, is being distributed. Successfully distributed, I might add. Though of course it’s used for all forms of malware as well.
So, my second piece of advice, the second most important security thing I would tell you is this: be skeptical of the internet in general, but particularly when it comes to email, and most of all when it comes to email attachments. Don’t open them unless you are absolutely sure that they’re from a trusted source, and that that are safe.
And if you are an email sender — avoid attachments if you can. Don’t send a word document or a PDF if what it contains could just as easily be contained in the email body itself. (There are many other reasons for this, but if your recipients are appropriately skeptical they might not take the perceived risk of opening whatever it is you send.)
This essay stems from notes for a talk I gave on the subject. I hear about ransomware and other infections a lot out at Ask Leo! where I also help people use technology more effectively, giving them the confidence to do more, be more, and explore more of the world that today’s technology makes available to us all.
