BHS Technology News Bytes

Computer Security: Myths vs Facts

Some years ago, it was the case that we’d be advising people to exercise caution in the digital world and our advice sometimes appeared to be going against the conventional wisdom that was somewhat contradictory at the time. Now, however, even the average person on the street understands that regardless of how careful they are with their credit card, it can still be compromised at the retailer level, such as happened at Target. They also understand now, for instance, that the “padlock” icon on a browser doesn’t necessarily mean their data is protected when they’re doing banking on a public wi-fi network. All the signals may say “We’ve done our best and you’re now protected”, but the public now understands that this is sometimes not the case.

While the general public is now somewhat savvy about old issues, there is still a lot of work to be done in online safety and security education. The problem with technology now is that new myths that seem to have taken hold where the old ones were and these now require some debunking.

Myth: Anti-Virus software will stop you getting infected with viruses.
People think that installing anti-virus software will make them safe from viruses. This is simply not true as viruses have to be created and then be discovered infecting people in the wild before anti-virus software gets retroactively updated to recognize them on other people’s computers. Anti-virus software is no different to your flu-shot, in that many people have to be infected with the flu first, and the authorities have to identify what strains are affecting these people before the annual flu-shot is formulated to deal with these new threats.

Truth:
Don’t act like that because you’ve got anti-virus software installed, opening up all attachments and clicking on all links you receive in your email is going to be OK because you’re protected. There’s always the chance something new is going to get through. Also, make sure you schedule your anti-virus software to update regularly, and to sweep your system (preferably at night when you’re not working) regularly.

Myth: Installing software patch will fix all security holes.

Software on computers is rather like some soup in a container – if it’s poured into a normal, clean bowl you would identify it as OK to eat. If it’s poured into a hollowed-out bread bowl, you know this is very different, but it’s still OK to eat. If it’s poured into a container that has previously been used as a grease bucket and then cleaned out, you’re probably not going to be sure if it’s safe or not and likely won’t trust it. The same thing happens where software is concerned; software on a new clean system is one thing… software in a Virtual Machine is something else completely, but it’s still OK… and then there is when it’s installed on someone’s computer alongside counterfeit software that’s loaded with malware and regularly gets exposed to public networks, “freemium” games, has firewalls turned off, pop-ups enabled in their browser and cheap anti-virus – but they clean it regularly. That patch you downloaded might solve one issue, but who knows if it will move the problem elsewhere or open a completely new hole in your security.

Truth:
It’s always a good idea to install patches as soon as they become available, however, patches can create as many issues as they solve. In order for them to be at their most effective, patches need to be combined with general good habits and safe computing.

Myth: Data on a private servers and networks is safe.
So much emphasis has been placed on encrypting and securing data when it is in transmission that most people have forgotten that data “at rest” on a server is probably a bigger threat to their security. The reasons why it’s a bigger threat is that first, it’s usually accessible to anyone that has access to your network or that can bypass your wi-fi security, and secondly, it’s not as “fleeting” as data in transit which means people have more time to examine it.

Truth:

Private networks are not inherently safe. You need to provide security and training to make sure that any electronic safeguards to keep external eyes out are not undone by policy, oversight or human error.

Myth: My mobile device doesn’t have much sensitive information on it.
There are two types of mobile devices; the one’s where the consumer gets updates and patches directly from the manufacturer, and the OS’s where the wireless carrier sends the OS patches to the consumer. This latter group means that a large portion of the wireless devices are not fully patched as carriers can delay the updates by months, years, or even indefinitely if they’d prefer you to purchase a new device. What this means is your device that logs in to your corporate email server or other corporate infrastructure can unwittingly be a vector that exposes data elsewhere – so even if you don’t have sensitive files on your device, you may still have the key to accessing sensitive data on your device.

Truth:
Many people fail to update their devices to the latest version of their mobile operating systems. These devices are often open to vulnerabilities that allow others to access information on them, or worse allow them to use the device to access something else that trusts that device.

In Conclusion
It’s important to remember to apply patches and upgrades and upgrades in a timely manner, but that will only carry you so far. The weakest link in security is still the human element. If you would like help writing corporate policies that address these weaknesses, guidance on how to operate BYOD (Bring Your Own Device) best practices at your business, or simply need training or network support to help protect you contact us for more information! We’d love to help!