I’ve spent my entire career working with computers. Twenty-five years ago that meant using a desktop computer to write personnel evaluations, project reports, and budget spreadsheets. Our “computer network” at work was a bunch of isolated, self-built islands of connectivity based on incompatible technologies. Today, I get complaints when the wifi at home drops offline (though to be honest, I submit my fair share of complaints about the wifi).
When my wife and I were married, we had a personal computer in the house. I’m not sure what we used it for. At last count, we had 19 devices connected to our home wifi network (I’m still not sure what we use them all for). We’ve come a long way in 25 years!
Today I want to share three of the computer security challenges I see at work every day:
- Malicious content
- Password management
By now, I hope that everyone realizes their computer and other technology devices should be updated on a regular basis. There are only two reasons why updates are published for your computer or phone: 1) there’s a feature enhancement (in other words, they’ve changed something to make it work better) 2) there’s a weakness, flaw, or vulnerability (in other words, someone can break into your device).
Think of it like a house. By design, every house has certain features: windows, doors, a foundation, and walls. Sometimes though, a house will develop problems–a crack in the foundation for snakes to slither through, a hole in the soffit for bats to fly through, or even a simple hole in the window screen for bugs to fly through. Sometimes, you’ll even have a garage door spring that breaks, a sink that springs a lead, or a lock on the door that no longer works. Without regular maintenance, these problems will increase and grow until the house is no longer comfortable or safe to live in. Some of these problems will allow burglars into your home.
Computer vulnerabilities work the same way. When your computer was built and released, it had the latest available software. Over time, bad guys find new ways to break into your computer, unless you apply the security updates for your computer. I prefer to set up an automated schedule for updating my computer. This way it gets updated every month as soon as possible without the possibility of me forgetting (because that does happen every now and then).
Unfortunately, you can’t stay safe simply by keeping your systems up to date. Let’s go back to the house analogy. Even if you perform regular maintenance on your house, there’s still the very real possibility that a scammer will ring your doorbell. You may inadvertently invite someone bad into your home, thinking they are safe. I’m sure you’ve noticed that any service person with half a brain immediately offers you their company badge when you answer the door for them. Even at that, you’ve got to play it safe, be alert, and be careful who you invite in.
It works the same for your computer. As we surf the drivel of Facebook, we’re presented with so many tempting links. How easy it is to click on a seemingly safe link and end up at a site that just downloaded software to your computer to monitor where you surf. There are some sites that are worse and will download viruses, ransomware, or other malicious content.
The same thought applies to your e-mail. Hopefully everyone realizes there are no Princesses in Nigeria who need your help…you won’t be notified of a surprise inheritance through an e-mail…and certainly there are better places to find a bride than from a Russian website! The worst though, are the e-mails that look legitimate. Things like “You’re package has been delayed, click here to confirm your address.” Or “Your account has been compromised, click here to reset your password.” The bad guys are so good today that I only get account compromised e-mails from companies I actually do business with!
So how do you protect yourself? First, don’t click on links that look suspicious. In fact, don’t click on links that you aren’t expecting. If you get something from your bank that asks you to confirm information, call your bank (using the number you already know, not the one in the email). Second, make sure you’ve got antivirus software running on your computer.
Perhaps the biggest problem I see in the corporate world is password management. It was relatively easy 25 years ago to remember the 1 or 2 passwords I had. Now, it is nearly impossible to remember all of the passwords I use each day. There are dozens of passwords for work-related sites. Then there are the passwords to get onto my home devices. And don’t forget that every website and app require a password.
It is tempting to use the same password everywhere so you can remember them. Let’s go back to the house analogy. Imagine that every lock you have uses the same key: your house, your cars, your padlock at the gym, your luggage, the Post Office Box, the key to your office, the key that opens your top right desk drawer at work, the fire safe at home where you keep your birth certificates, the storage shed down the road, the gate in your yard…you get the point. At first glance this seems very convenient…until someone manages to steal the key to your desk drawer. And now they have the key to everything you own.
So what do you do? No normal person can remember all of their passwords. You’ve got to use a password manager or other system to keep track of your passwords. There are free solutions you can download to your phone that keeps track of your passwords. Yes, there are dangers with using these as well, but it’s better than writing them on a sticky note and putting them under the keyboard!
Here’s the bottom line (did you catch the pun…see the line): being a responsible user of technology requires effort. To go through life without paying attention to vulnerabilities, malicious content, or password management is like the ostrich who puts their head in the sand whenever they sense danger, effectively hiding their noggin, but leaving their big caboose flapping in the wind.