Navigating the Ocean of Technology - Part 8
Malware is a persistent threat to your computers. Your computer security practices can make the difference in whether or not you are infected. It is surprising, then, that there can be such a difference between the practices employed by security experts and those employed by the rest of us. A study ("Comparing Expert and Non-Expert Security Practices," by Iulia Ion, Rob Reeder, and Sunny Consolvo), compared the top 5 practices employed by security experts and non-experts. The top practice used by non-experts was: Use antivirus. Use of antivirus software wasn't in the top 5 for security experts. For experts, the number 1 practice was: Update system. The number 2 practices were quite different, also. For experts it was: Use unique passwords (don't use a password more than once). For non-experts, it was: Use strong passwords. Using strong passwords was the only practice, in fact, that showed up in the top 5 lists of both experts and non-experts.
The top 5 for experts were: install software updates; use unique passwords; use two-factor authentication; use strong passwords; and, use a password manager.
For non-experts, the top 5 were: using antivirus software; using strong passwords; changing passwords frequently; visiting only known websites; and, not sharing personal information.
Why isn't antivirus software a top 5 security practice? It's because security experts know that no software can keep you 100% safe. The makers of antivirus software can only react to malware as it is discovered. Until they discover, analyze and neutralize a particular infection, your computer is vulnerable. The current estimate is that there is a new threat released for every second of every day. The use of antivirus software can lull you into a false sense of security and make you think you can rely on it to keep your computer safe. Does that mean you should stop using antivirus software? No. It is still an important defense for most computer users - it just shouldn't be your number 1 defense.
Keeping your software up-to-date should be number 1. After that, the most important thing may be situational awareness. Imagine you are walking downtown at night and you hear a voice from the shadows of an alley saying, “Psst, you wanna buy a watch?” Well, the Internet is like downtown and every link is potentially a dark alley. Even worse, the dark alley type of Internet links can be disguised as a brightly lit street – and the voice you hear can be disguised as that of your best friend. The bottom line is, if you can’t determine where a link will take you, just don’t go there.
As for what security experts would consider good advice, here’s their top 10:
- Turn on automatic updates
- Install OS updates
- Be suspicious of links
- Don't enter passwords on links in email
- Don't open email attachments from unknown sources
- Update applications
- Use unique passwords
- Use strong passwords
- Use a password manager
- Use two-factor authentication
One thing that doesn’t show up in the advice from the security experts is to do regular backups to an off-line device. But that is because they were asked about practices to avoid an infection. Backups help you recover from an infection should you fall victim. In the case of a ransomware infection, backups are the ONLY reliable way to recover your data.
If you have questions or suggestions on future topics, write us at firstname.lastname@example.org or follow us on Facebook (#CompassComputerClinic). Stay safe and be happy!