Security is a personal issue – you are talking about the safety of your person, your possessions and your identity. It’s no surprise that discussing security in digital technology can often be muddied by personal attitudes.
Perceptions of digital security are often tied to tech brand loyalty and can lead to the sort of emotional, irrational debates that are only surpassed by sports fandom; fans of opposing teams can only hurl insults while they let the “debate” be settled by more capable strangers.
It’s hard to get a straight answer on digital security sometimes, because you’re likely to get a skewed opinion. So remember this: security is personal, and that means it starts with you.
I have at times made the “dark alley” analogy; the city you live in might not be completely safe, but you have a lot of cultural knowledge that helps you avoid unsafe situations. In other words, you avoid dark alleys. People can lack this knowledge when it comes to the Internet, so here are some pointers to help you take personal ownership of your own e-safety.
All the major operating systems have moved to a more secure model for installing software, but some people view it as a nuisance rather than a bug. What is important to understand is that the only way you can get a virus or other malware is if you install it on your system. Why would you do that? Because you are frustrated and clicking “Okay” on every box you see. Using Windows as an example, you get a warning every time software is about to be installed on your computer, and you are told the source of the installation and asked if you’d like to continue. This approval from you is so important. It might seem like a nuisance to have to click that extra button, but imagine you were surfing the web and then out of nowhere, you get the installation warning for some unknown thing? Ding ding ding! Requiring that you acknowledge every tiny tweak to your machine makes it really hard for bad things to sneak on to your system … provided you understand that all those installation warnings are a tool for you to keep your machine clear of malware. If you have the warnings turned off, or just zombie-click “Okay” every time something pops up in your face, then you are blundering down a dark alley.
This refers to when somebody else learns or guesses your password and takes control of one of your many online accounts such as e-mail or Facebook or eBay. The primary motivation for someone to do this to you is to steal your trustworthiness. The aim in taking control of your e-mail account isn’t to harm you, it’s to harm your friends. A scam e-mail or spam advertisement written by a “friend” is much more convincing than one written by a stranger. The most effective solution is to choose a good password. What constitutes a good password is something that can cause a lot of nerdfights, so I’m not going to lay down the rules. The most common mistake is to choose something short, (‘r2d2’), simple, (like the name of your dog), or lazy (‘asdf1234’). On the other end, one of the most effective ways to complicate your password is to replace some letters with visually similar characters, such as replacing ‘s’ with ‘5’, ‘e’ with ‘3’ or ‘a’ with ‘@’. Changing ‘usetheforce’ to ‘u5etheforc3’ is no harder for you to remember and much harder for an outsider to guess. There is a lot more to be said about safe passwords, but I will refer you to this resource.
Your e-mail inbox is the primary place an outsider can proactively attack you. Here, attacks are spam, phishing, virus pranks and other scams. But even if unwanted or offensive, an e-mail in your inbox is not dangerous by itself. In general, you aren’t in danger until you click on a link. So here’s the rule: Don’t click on a link unless you solicited it. For example, maybe you are signed up for our newsletter – safe to assume those links are safe because you know their source and you asked for them by signing up for the newsletter. You sign up for a web service, then you solicited the confirmation e-mail. You ask your friend for advice on restaurants, you solicited the response. In other words, be suspicious of anything you didn’t ask for. Anything. Many scams are designed to sound important and dangerous – tax-related e-mails near tax time. A link from a friend? It’s always possible they’ve been hacked, so get out your magnifying glass and ask if it really sounds like them, or just a flippant advertisement.
You are exposed to a lot scams in your inbox, but you also might encounter them out in the wild on the Internet. Whether you are afraid of ignoring a real e-mail or think that this online offer really might be all it’s cracked up to be, you can do something for your peace of mind. The Internet is full of scams, but its also full of people reporting scams. The next time you get an e-mail from a Nigerian prince, you can always search for “nigerian prince scam” online. It seems so simple but a lot of people don’t realize that verifying a scam is so quick and easy.
Until next week, stay out of the alley.