Net Results: Information technology security is not just about hackers and crackers and nasty folks who want to, at best, create minor headaches and, at worst, cause havoc and commit fraud, writes Karlin Lillington
It's also about us, you and me, the people who are interested in technology; who know what we should and could be doing to protect our PCs, networks and websites, but for a range of reasons, are idiots. Okay, you might feel that's a bit strong but, believe me, it is one of the milder terms you will direct at yourself as you curse yourself for any sort of security breach that you know full well could have been prevented.
Such was the case with me a few weeks ago when I went to a discussion board I run. As the site came up, so did a little dialogue box politely explaining that my Mac laptop couldn't run the desired script because it didn't recognise the file type.
At about the same moment I received an e-mail from a board member noting her PC was throwing up virus warning dialogue boxes when she went to the main page of the board.
It wasn't hard to guess what was happening - my site had been hacked and some sort of code inserted that was causing problems. It was also clearly a Windows virus which my Mac was immune to, though its inability to do what the inserted code said - in this case, redirecting the visitor to a different website that would automatically open an infected image file, causing an unprotectedWindows PC to be hit with the Trojan Moo virus - alerted me to the fact that something was up. I shut down the site until I could figure out what to do next.
That took calls and e-mails to helpful techie friends, to my hosting company and a lot of googling around the web to look for the problem and possible solutions. Two days later I had my answer.
Track down the code (a major headache when there are hundreds of lines of code in dozens of files that make up the board, plus a large database of content information), remove it, then, ahem, update my board to the most recent version of the board software - the version that blocked the type of attack I had inadvertently allowed. Oops! Doh! Idiot! I was only a couple of versions behind and both those versions had come out fairly close together. I'd meant to get around to figuring out how to do the installations of the updates, but you know yourself . . . tearing off your fingernails seems more attractive than spending your free evening installing security updates.
But I learned my lesson. It was the very obvious one that security updates come out for a reason, and not simply because software developers want to torture their user base (though I am sure a few of them get a little frisson of evil pleasure, knowing how delighted most users will be at needing to apply yet another new update, patch, or version).
What's worrying is that, even taking into account my lunk-headedness in this case, I would generally fall into the "experienced computer user" category of home computer user. If I knew what I was supposed to do, what about all those people who don't know, and are online regularly? Apparently, that is the majority of us.
Some statistics from research done by Amárach, cited during Make IT Secure day last week, showed how poorly prepared we are for voyaging out on the internet, and how unfamiliar we are with basic risks.
Only 13 per cent of the sample said they really understood what phishing scams were - those fake e-mails that seem to come from legitimate sites like eBay, PayPal, or your own bank, stating they need you to enter usernames and passwords to "protect" your account, renew it or reregister.
That's a worryingly small number, given the large amount of phishing e-mails among the daily spam onslaught most of us receive. This amounts to some 70 per cent of all e-mail most people get, says e-mail security company MailFrontier, which also says 5 per cent of people actually click on the links in phishing e-mails and, on average, get done out of $1,200 (€1,018).
Only 19 per cent in Ireland understand identity theft, 24 per cent what spyware is, 46 per cent what viruses do and 45 per cent what anti-virus software does. Yikes!
All this is made worse by the statistic that 70 per cent of internet users in Ireland are still on dial-up connections, meaning they are subject to modem hijacking too.
Only 23 per cent of home users, and an astonishingly low 41 per cent of businesses, have a firewall in place. Some 21 per cent of home PC users don't have any virus protection at all on their PCs. Only 12 per cent of workplaces, and 28 per cent of home users, have anti-spyware software running, even though spyware can cause some serious PC and network problems.
Of those who have anti-virus software, (79 per cent at home, 75 per cent at work), almost half - 35 per cent - have no notion when their virus definitions were last updated. Yet some 44 per cent of Irish net users bank online, sending highly sensitive information out over their computer connections. While the link to the bank may be secure, an unprotected home or work computer, and network, means you may be revealing that information anyway.
Let's face it, even those of us who know better are contributing to those statistics. Time to make sure you are not on the idiot roster. A good starting place is the Make IT Secure website,http://makeitsecure.ie/, but be sure you actually do what is advised.
Install the updates, and secure your PC, so you don't end up like me - banging your head on the wall over the lazy foolishness that got you hacked.
weblog: http://weblog.techno-culture.com
