The secret to just about all things in life: start with manageable or agreeable amounts and repeat.
What am I talking about?
New Year’s passed recently, so we still have resolutions ringing in our heads. How many friends do you have who loudly proclaimed on January 1, that they just joined a fancy new gym or bought expensive exercise equipment?! (Or, maybe it was you who made the claim?) Are they still keeping up with the impressive exercise programs? Typically, most people fail in their exercise programs because they choose the wrong program. If Bob doesn’t like lifting heavy things on bars, or staring at a TV while sitting on a bike that doesn’t go anywhere, then he’s probably not going to be inspired to keep going to the gym to do it over and over, for weeks on end until he gets in shape – even though he bought a membership at that fancy gym. But if Sue signs up at the Y because she likes swimming, then she is more likely to keep up with a schedule. In the end, who’s likely to be more successful in attaining their health goals? Sue, not necessarily because of a super strenuous program, but because she found something that she could do in reasonable doses over and over.
So, great, you’ll go to the Y and start swimming, but what does any of this have to do with security?
Actually, a lot. The majority of people consider anything to do with security to be boring, or they don’t like it because it slows them down in what they want to do right NOW. These folks may have all sorts of imposing security hardware and software on their computers, but you’ll note that they often disregard proper usage. They simply ignore warnings from their firewalls by clicking ‘allow all’, that is, if they have their firewall turned on at all. And Microsoft security updates? Why should they bother? Strong passwords with some sort of solid approach to password management? Not likely! And all of these folks want to maintain their ‘health’ - keep their identities safe online and their personal data secure.
The better approach is to have basic set of tools that you’ll use: an anti-virus program (many include anti-spyware), a firewall and a password manager – and perform those security updates from Microsoft. That’s the minimum. If you’ve read any of the earlier posts in this blog, or the general news, then you know that password and phishing exploits happen too frequently to ignore. A password manager is now part of the basic kit. Start with these few tools, and learn to use them. You’ll see that it doesn’t require any more effort to learn how to use them than it does to click on ‘allow all’ to break through your firewall!
Once you’ve built the foundation for your security health, add more tools in manageable amounts and repeat.

Banks that can’t spell
Sunday, December 13th, 2009Walk into any café, deli, or just about any place where you can sit down (for instance, the salon where my wife gets her hair cut), and you’ll probably be able to connect to a Wi-Fi hotspot or a wireless network. From my desk at home, I can detect 6 wireless networks. Including mine, only two of them are secure. If you wouldn’t allow someone into your home without introducing himself, then why would you give him access to your wireless network without having him at least get the password from you?
Just like the author of the recent article in Wired magazine, I really enjoy reading phishing emails. I like finding as many spelling and grammar mistakes and other abuses of the English language as I can. Do people really think that their bank was in such a rush to get the important email to them (contrary to popular belief, email is not a intended as real-time communication!) that they would misspell words and make other really, really basic mistakes?! Would you really do business with your bank if they couldn’t even send you a letter without making spelling mistakes? Even if you do miss the spelling mistakes and the more sophisticated tip-offs (such as the email of the sender and others that can be difficult to detect), simply follow the rule that no legitimate business is going to ask you for your login and password information in an email! If you have any doubts about a suspicious email, or anything that asks you to ‘confirm’ your private data, simply call the company to confirm that the message came from them. If the communication is legitimate, they will work with you to ensure that you are satisfied that the interaction is legitimate.
The way technology seems to permeate everything we do these days makes it very easy to forget about being careful. The latest posts in the news section emphasize nicely the importance of being aware (or alert or conscious) of what is and isn’t reasonable in terms of basic security.
Tags: passwords, security
Posted in General, News and Commentary | No Comments »