Monday, October 20, 2014

The Biggest Threat to your Online Security

It's scary being online these days.  We're afraid to swipe a credit or debit card out of fear it might be compromised, and we're also afraid that our password and photos might be stolen and shown to the world.  There are many threats to our online security:  hackers from Russia and China, poor security practices by companies we purchase from, and card skimmers installed on an ATM or a gas pump, to name a few.  Plus, this does not even touch the low-tech methods that have been around for years, such as a waiter or waitress copying down your card information while they are processing your payment.

However, the biggest threat to our online security does not come from other people, other companies, or even other nations.  This threat has unlimited and complete access to every part of each device you own.  It is present on your network at all times of the day or night.  It knows all your secret passwords, security questions and answers, and PIN numbers.  The biggest threat to your online security is you!

Most security breaches on your personal computers and other devices will occur with your permission.  You will choose to install the game or program that secretly comes with a keylogger to steal your personal information.  You will click on the link in an email to "update your information" and hand over your online banking password to criminals.  You will fail to completely secure your computer or router and leave a way for someone to access your network.  You will choose to visit a shady website that will download malicious code to your computer.

Do not mistake this warning for criticism.  I have come close to falling for some of these scams, myself.  If the "computer guy" can be tricked into clicking on a link, I know that my readers and customers will be even more likely to click that link.  I broach this subject not to criticize anyone who has ever fallen for these scams, but to make you aware of three important points regarding online security.

First, attacking humans online is the most successful form of attack.  We hear about the millions of credit cards hacked from Target or Home Depot, but we do not hear about the people who are tricked into giving up their banking passwords or wiring money to some foreign entity.  There's a reason why you still get the "Nigerian prince" scam emails:  even after all these years, they still work!

Second, online attacks are growing because the cost of data is so cheap.  I remember when hard drive sizes were measured in megabytes.  Now, they are usually measured in gigabytes (over one thousand megabytes) but soon, we will be measuring them exclusively in terabytes (over one million megabytes).  It takes very little time and money to craft a nice looking email, link that email to your own database, and then send it to thousands of people at a time.  If one person hands over their credit card number, you can probably just about cover your costs.  If two (or more) people do it, you will be making big money.

Finally, we must take responsibility for our own security.  Antivirus software used to only protect against threats it could find in its database; now, these programs are becoming better at protecting us against other threats.  However, no amount of security software or hardware will ever keep us 100% safe.  I am thankful for the many times my antivirus software has kicked in and protected me, but I never assume that it will keep me safe from the next attack.  Each time I am notified that it is protecting me, I review my personal habits to see what clues I should have caught, and I try to be more vigilant the next time.


No comments:

Post a Comment