Multiply this one teacher’s infected computer with the thousands or millions of other botnet victims, and you can see why the online actions of others affect us all. Even if you’re smart enough to ignore the phishing attacks, the attacker could still leverage the thousands of victim computers under his control to DDoS your network. All because a few uninformed folks made simple mistakes and got infected.
The second issue involves chain-of-trust. While you may have built strong defenses around your network, your organization likely has tens, hundreds, even thousands of external partners or contacts with whom you interact each day. Likely, you’ve extended your trust to these external associates, whether by giving them elevated access to your network or by just more readily interacting with their emails.
You see, our trust networks go further than you realize. It’s kind of like the old “Six Degrees of Kevin Bacon,” which posits there are six or fewer steps between Kevin Bacon and any other actor. If some minor work acquaintance introduces you to someone at a conference, and you accept a LinkedIn request from her, you’ve invited someone you don’t know closer into your trust circle. If that person’s security practices aren’t up to par, she may introduce a potential threat into your network. Target learned this lesson the hard way with one of its external partners.
My point is, other people’s security practices (or lack thereof) affect us all. We’re all connected via the shared network we call the Internet. It’s in our own best interests to make sure everyone — even the grandmas on Facebook — know and practice basic security habits. As security professionals, I believe we should share our tips with anyone we meet, whenever the opportunity arises. Chatting with an accountant on the bus who mentions the Cryptolocker infection on his wife’s computer? Why not share some tips you practice to avoid that sort of ransomware?
Here are the three tips I share with normal folks.
Tip 1: Patch regularly. Update your software as often as you can. Studies show you can prevent 79% of all attacks simply by patching. Most modern software, like Windows, OSX, Adobe products, Java, and more have automatic patching programs. You should turn them on, and say “yes” whenever they ask to update.
Tip 2: Use antvirus and update it. I don’t care which one you choose or whether it’s a free or full version, but use AV software and let it update automatically. Yes, this includes Mac users. AV software is like the hand washing of the computer age; you need its basic sanitation to help prevent the spread of infection.
Tip 3: Think before you click. Use common sense before interacting with links or attachments. Does something sound too good to be true? Are you wondering why someone sent you a file? Does the link look weird when you hover over it? If you’re asking yourself these questions, you probably should avoid clicking.