5 excuses for doing nothing about computer security!

Filed Under: Data loss, Featured, Malware, Privacy, Vulnerability

Let's be honest: computers and websites are often easier and quicker to use if you do nothing about security.

You could save several minutes each day!

That's why it can be handy to have some really good excuses for doing nothing.

Sadly, as we're sure you have found, once a friend or family member has latched onto a security avoidance excuse, it can be hard to talk them round.

So, here are five excuses that we hear a lot, both from individuals and from small businesses, together with some points you can use to argue back that security really does matter.

EXCUSE 1. No-one's interested in little old me!

The reasoning is that cybercrooks just aren't interested in the local automotive repair shop or cake-making business, because...

...well, why would they go after an individual earning $30,000 per year, or a local business turning over $500,000, when they could take on a retailer like Target with annual sales of $70,000,000,000?

But stop to think for a moment: Target doesn't turn over $70 billion a year by closing 70 deals of $1 billion each.

Target's business is much more like one billion transactions of $70 each.

And many cybercrooks run just that sort of low-value/high-volume business, for example:

→ We're all in the sights of cybercrooks somewhere, and we owe it to ourselves and to everyone else to do the best we can to thwart them.

EXCUSE 2. My printer won't work with the latest updates.

OK, it's not always a printer that gets the blame; in fact, it's not always hardware.

Sometimes it's legacy software that provides the excuse for sticking in the mud of yesterday's insecurities.

In particular, this is a very common reason we hear for not replacing Windows XP with an more recent operating system that is officially receiving security updates.

We accept that you may have some old hardware devices (lathes or milling machines, for example) that would be vastly expensive to replace, and can only reliably be controlled from XP.

But for everyday computers, you need to ask yourself if keeping yesterday's printer alive to save the modest purchase cost of a new one is worth the risk of running outdated software.

If you have a security hole that criminals have already had months or years to hone their skills against, they're going to attack you first, because they already know how to break in.

→ Every time you fall further behind on security updates, you make yourself into lower-hanging fruit for cybercrooks.

EXCUSE 3. I've got a Mac.

Good choice! (I've got a Mac, too.)

But whatever sort of computer you have, and whatever operating system it's running, if it is ever lost or stolen then your data will be in someone else's hands.

Even if a thief steals your laptop just for the value of the hardware in an immediate cash sale, and even if most stolen laptops are wiped and sold on quickly, not all of them end up that way.

You have to remember that your data has underground value, too, even if only in the form of a bulk "data dump".

That's where the intermediary who buys a stolen laptop knows enough (or knows someone who knows enough) to suck off the sector contents off into a giant, unstructured blob of data.

He then sells on that data at a bargain-basement per-gigabyte price to someone else, who knows enough to comb through it to extract nuggets of personal information to sell on to the next crook, and so on.

In short, computer brand choice alone simply isn't enough to keep your data safe.

→ Don't leave home without full disk encryption, so that the only data dump a crook will get is shredded cabbage.

EXCUSE 4. Security slows your computer to a crawl.

Full disk encryption, for example, sounds as though it ought to make your computer slow, because it has to unscramble everything it reads in, and rescramble everything it writes out.

But with modern disk encryption software such as BitLocker on Windows and FileVault on OS X, running on modern hardware, you'll be hard pressed to measure a statistically significant difference in performance, thanks to CPU improvements.

Anti-virus often gets a bad name, too, but we very often find that it only genuinely gets in the way when people needlessly "flip all the switches," turning on redundant combinations of scanning options that do more work that is necessary.

Similarly, strong passwords and two-factor authentication are often blamed for making software and web sites time-consuming to use, even though they typically add just a few seconds to important transactions.

→ Don't throw out security altogether to save a little bit of time today, because it could end up costing you many times over tomorrow.

EXCUSE 5. I only browse to safe sites.

Do you? Really?

The thing is, how do you know?

How can you tell in advance that a site is safe?

Remember that even legitimate and high-profile sites may put you at risk, for example because they include poisoned adverts from a third party provider that was hacked.

That's where web filtering technology can help, because a good web filter not only examines the URLs of the web pages you plan to visit before you even go there, but also checks out the content of web pages you've fetched before they are processed by your browser.

→ Don't assume that all online cybercrime is obvious, even if you're visiting sites that were just fine yesterday.

THE BOTTOM LINE

The bottom line here is that there a lots of excuses you can find if you want to give yourself an official-sounding reason for being slack with security.

But please don't do that.

There may, indeed, be some security precautions that are genuinely impractical for you.

Just make sure, when you take on added risk by skipping security steps, that you find some other way to mitigate that risk.

For example, if you stick with XP for the sake of your million-dollar milling machine, use a firewall to segregate the milling machine into a safe corner of the network.

Doing nothing is the easiest option, but it's also the worst, for you and everyone around you.

Click for our free tools...

Images of gesture of tininess, steampunky typewriter and laptop on wooden table: courtesy of Shutterstock.

, , , , ,

You might like

13 Responses to 5 excuses for doing nothing about computer security!

  1. Anonymous · 31 days ago

    Excuse 6. You don't produce the software for a Windows phone

  2. VL-S · 31 days ago

    Paul...following your proselytizing has made me even more aware of computer security.

    As far as web sites go I installed "HTTPS Everywhere" on my Chrome browser and have begun to notice https prefixes more often. However Sophos seemed to be lacking there until today.

    This page now shows https with the prefix "Sophos Ltd. [GB]". However the page does have display problems with the side banners Like, Tweet, etc. showing up at the top of the page and the forwarding links to subsequent stories missing.

    All in all though its good to see Sophos undertaking the use of https even for an innocuous web site such as this.

    • Hi,

      Naked Security has actually had HTTPS enabled for a while now. Right now it's opt-in whilst we test it but it will be the one-and-only option soon.

      HTTPS Everywhere will only use HTTPS on Naked Security if you've configured it to do so, it doesn't happen automatically. We have just started using HTTPS in our email newsletter and social media links so perhaps you followed one of those?

      We have also had a few rendering issues today, unrelated to HTTPS. Our slide rail - the sticky thing on the right of the page that shows the social media widgets - was one of those areas affected.

      Thanks for using HTTPS and thanks for the feedback. The more we get the more confident we can be in switching over.

      • MikeP_UK · 31 days ago

        I have used HTTPS Everywhere in Firefox for several months now and only today did Naked Security show up with HTTPS protection, such as it is.

        I don't have any rendering issues as far as I'm aware - but the 'slide rail' containing links to various social media sites (which according to your stories are themselves a bit dubious) is actually on the left of the page, not on the right! The right hand side shows 'Hot this week' and 'Try our free tools', so has some got their left and right confused? And I know it's not me!

        As for the article itself, quite interesting. But please can you look at things from the point of view/perspective of a private user who may or mat not have their 'in home' private network that needs security just as much as businesses. I know busienss is important but then we private individuals provide the 'on line business' that many firms rely upon and we need decent security just as much as the businesses we deal with. Imagine if a compromised computer in the hanbds of an inexperienced amateur accessed a business critical system merely trying to place an order on-line! What chaos that could potentially cause. So we humble home users need security, and advice, just as much as the businesses we deal with every day.

  3. Sarcasm · 31 days ago

    Excuse # 3 - I got a MAC... which is immune to all viruses and hacking attempts so these excuses and security tips do not apply to me

    • Anonymous · 30 days ago

      Also it might help to look at another post by nakedsecurity:

      http://nakedsecurity.sophos.com/2012/04/24/mac-malware-study/

    • Mark W · 30 days ago

      I got as far as excuse #3 and thought "Hang on, this is totally the wrong answer to this excuse." Instead of focussing on the possibility that a device may be stolen, the author should be rebutting the bizarre notion that a Mac is somehow immune from malware.

      • Paul Ducklin · 30 days ago

        The author has already rebutted the Mac and malware myth many times on Naked Security and elsewhere. So he chose to adopt an argument that comes from a different angle...maybe the malware deniers will actually believe this one :-)

  4. foo · 30 days ago

    "But for everyday computers, you need to ask yourself if keeping yesterday's printer alive to save the modest purchase cost of a new one is worth the risk of running outdated software."

    If you have a printer made in the last decade by a major manufacturer, chances are that Windows 7/8 will correctly recognize it and automatically install the correct driver for it.

    In short, don't assume that you'll have to buy a new printer.

  5. Roy 123456789 · 21 days ago

    So MACs and Apple PCs are immune to malware? Wow...and here i thought anyone using a Linux OS was much safer than anyone using Windows Oh well looks like i picked the wrong week to switch Operating Systems...

    As for "security slows my PC to a crawl" gosh that's a real shame.
    .Finding a Security Suite that offers decent protection without being a "resource hog" is not rocket science...but then again, maybe it is to users who don't know the difference between RAM and ROM or between a USB Port and Harvey's Bristol Cream...

    My #1 fave excuse is "I have nothing to hide" to which I reply by requesting the person's DOB, SSN, credit card #s with expiration dates, drivers license #, bank acct #s with PINs etc. But of course poor PC security doesn't put any of that info at risk does it?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog