We’ve all let things slide. You have. I have.
Like the auto mechanic with bad brakes on his car. Or the home remodeler who never quite finishes the woodwork. Or the InfoSec pro who occasionally doesn’t follow his own advice!
Here is a list of some of the things I have advised others to do that I have occasionally not done – and that have caused me grief!
Clicking on unexpected pop-up windows – Yep, I’ve fallen for this one a couple of times. One time it resulted in a virus infestation that was a bugger to clean. Another time I clicked on a pop-up and suddenly my screen began filling with other pop-ups containing images of things that I’d rather not discuss here!
My remedy is two-fold. First, I turn the pop-up blocker on for each browser that I use. Second, if for some reason a window pops up, I generally just close it without clicking any of the buttons. Funny thing is that I use a Mac and most pop-ups are made to look like a Windows dialog box. It’s pretty easy to tell if it is legitimate, or not.
Assuming people know what I’m talking about – I have had many people ask my opinion or help with computer security issues. I used to give a very complete, and often highly technical, answer. The result of this generally is that eyes roll or glaze over and they say something like, “ok, yeah, Uh-huh”, but they really got lost about 10 seconds into my speech.
So, now I try to give answers that are simplified with one or two steps that can be taken immediately. Sometimes I even pull out a business card and write the steps down for them.
Outdated anti-virus – In another post, I made reference to a time when I had a worm that compromised my personal banking information. That was a result of outdated anti-virus on my computer.
I now ensure that the anti-virus software is current with both the application and the virus signatures. In addition, I make sure that anti-spyware software is also running as it should. At some point in the future, these two malware solutions will probably merge, but until then, they must both be kept updated.
Not patching the OS – This is kind of like polishing your shoes. You can see that it needs done, but it is hard to make the time to get it done. But, these patches are important. I used to think that I could manage this on my own and that I needed to let every patch have some time before I put it on my personal computers. But not any more. Too much malware is easily spread when the patches are not applied.
Now I have Automatic Updates turned on for each of my Windows computers. It is set to download the updates, and then install at night. This also covers my Microsoft applications that are installed. On my Mac computers I make sure that Software Updates are enabled and that each application is set to check for updates automatically.
No backups – This one hit me hard a few years ago. I had just converted to a digital camera and had all the new photos stored on a computer at home. It was a new computer and I kept thinking that I would get around to setting up a backup system. I never to this done before the drive crashed and I lost nearly a years worth of family photographs.I learned my lesson.
Now I use Time Machine backups on my Mac, and Shadow Copy on my Windows boxes. With both of these I really don’t have to think too much about backups, just periodically check to see if they are still running. No only are they good if there is a drive crash on the computer, but I can go to my Time Machine backup to recover a file that might have been accidentally deleted.
So, as you can see, I have made my share of mistakes. Learn from them. As Edmund Burke said, “Those who don’t know history are destined to repeat it.”
Don’t repeat the history of my mistakes!
- Dan
{ 2 comments… read them below or add one }
I agree with you Dan. We don’t always apply best practices at home. I’d like to add a couple more to your list:
6. Use the same password for multiple accounts
7. Don’t encrypt storage such as hard drives or USB drives
8. Using privileged accounts rather than unprivileged accounts.
9. Don’t change passwords on a regular basis
10. Run Javascript, ActiveX, and other potentially harmful applications. I recommend NoScript to help in this area.
I’m sure we can all add a couple of items to this list, and that would be a fun list to read.
You are right, Becki. It is so tempting to bypass best practice in the interest of expediency. I’ll send out a tweet to see what mistakes others have made in this area.