At Azstec we firmly believe that the main security problem with document and email security are a result of the ridiculously complex encryption systems developed and sold by security companies. They’re just too complicated and too hard to use so even when they’re installed, users often stop using them. But there’s another, and arguably, bigger problem: You.
Computer security experts such as Bruce Schneier and Graham Cluley have pointed out, frequently and at length, how and why people and their behavior are such a huge challenge when you’re trying to maintain a secure computing environment.
Here are some of the things you do:
- You’re happy to open email messages from people you don’t know and then open the attachments even when they‘re executable files. This is akin to smelling gasoline and lighting a match to see where the smell is coming from.
- Despite years of commentary and endless lectures on safe computing, You continue to use weak passwords (“password” and “123456” are, sadly, still widely used) and often use the same poor password on multiple account (this means that when one account gets compromised the rest are compromised).
- You don’t bother to keep your operating system updated. Yes, we know that the continual stream of updates are a pain but OS vendors don’t issue updates for fun; the majority of updates these days are security patches and an unpatched system is like a homeowner leaving a window open but locking the front door; sure, the house is locked but getting in is really easy.
- You happily use open, public Wi-Fi hot spots without you having and security defenses in place on your computer. You might as well be saying “Over here, hack me!”
- You will use USB drives when you have no idea where they came from or what’s on them. The risks involved are enormous not only to your computer but to all of the other computers on your network as well.
- You haven’t changed the factory default administrative password on your Wi-Fi router, which means you’re just asking to get hacked. Even worse, You leave your Wi-Fi network open so users don’t need an access password. This is just inviting trouble from every hacker who passes by.
- You don’t bother to shred documents that should be kept private such as bank statements, bills, and printed-out email (yes, people still do this; weird, eh?). Not shredding documents isn’t a computer technology issue as such but it is a basic security and privacy measure because amongst those unshredded papers will be all sorts of useful data that hackers can use to attack your computers and the services you use.
- You don’t protect your confidential files with encryption. It’s one thing to have a password-protected computer but if your defenses are ever breached, that is, someone gets into your computer, then all of those files on your hard drive, the bank documents, memos, tax returns, business spreadsheets, and so on, are up for grabs and grabbed they will be. If You are like many of us in small businesses and use cloud services for storage such as Dropbox, box.net, and OneDrive and think your confidential files are secure, think twice. Even with services that claim to be encrypted, unless only you can read your own encrypted files, you have to assume there’s the possibility they could be exposed.
First: Computer security
You have got to become aware of what’s going on in computer security. You might feel the world of computer and Internet security is too complicated for you but in this case, ignorance is not bliss, it’s the road to disaster. If you’re up for a little reading, subscribe to newsletters from experts in the field like Cluley and Schneier, follow security blogs, or, at the very least, read the technology news.
Make sure you have serious anti-malware utilities installed and working. Should you feel you don’t have the knowledge and or experience to do this, then make sure you have a local computer service firm that will work with you. The few hundred bucks you spend getting a expert technician to set up your defenses could save you thousands of dollars if you were to get hacked.
Third: Password Manager
Start using a password manager and use different and robust passwords for every account you use. Do it NOW! Now, as in today (or tonight when you get home). There are plenty to choose from (PC magazine has a good review of password management products) ranging from free to around $40 or so. I personally use LastPass and I’ve been happy with it.
Fourth: Systems updated
Keep your operating systems and applications up to date. As we noted above, yes, it’s annoying but so is having change the oil in your car. Put that task off for too long and your car will most likely break down. Keeping all of your software up to date is just something you have to get used to doing. No excuses.
Do you have a shredder at your office or at home? If you don’t, you’re probably putting documents containing “actionable” information in the trash for anyone to collect and glean critical information on you or your company. Get a shredder or use a service.
Finally, if you’re working in a small business or have any confidential information on your home system, encrypting your disk is a first line of defense but you should also encrypt any file containing sensitive data. I use my company’s docNCRYPT product on both my home and office computers and I encrypt anything that’s even vaguely confidential as well as encrypting anything I email that’s sensitive in any way. docNCRYPT was designed to be simple and easy to install and use, so, unlike most of the other document and email encryption products available which might work for a large enterprise but are completely useless for a small business or individual, you don’t have to be an IT expert to get secure. It’s so easy you won’t even need a techie to get up and running with docNCRYPT.
Without hardly any effort or expense You can stop being the security problem and Azstec is there to make it incredibly easy. Try our free 30-day trial of the docNCRYPT Outlook Plugin to see how simple it is to protect your email and confidential documents whether they’re on your computer, stored somewhere in a cloud, or being sent across the Internet.
David Griffith is the CEO of Azstec LLC, the creators of docNCRYPT, the incredibly simple email and document security solution for everyone. If you have any comments or questions, email David at dgriffith [at] azstec.com and follow the Azstec Blog or on Twitter or LinkedIn
Phtoto Credit: WikiImages/Pixabay