That oops in cyber security!

Introduction

Not all compromised situations are due to an out and out attack on you or your business.   Sometimes it is accidental, lets call it the ooops moment!    That silly time when one of your staff, yourself or even your children have clicked on something on the screen and all hell has broken out.   A momentary lapse in judgement.      In most cases, it is in our speed to get that link, our imagination peaked or the perceived importance, that gets us.   It can be either on a social network or in an email.   Someone you think you know has sent you a something juicy that you have been compelled to look at.

The cyber criminals depend on this part of our human nature.   We are all inquisitive and more importantly we are very trusting especially when it comes to the internet.   something delivered from a trusted source is one of our weaknesses.   Our problems come from that trust situation.   We receive something from someone we either trust, a friend on Facebook, or from an institution we trust – a bank or a credit union, then we are programmed to do something with it.  This lowers our awareness and bang, you have a virus, you have contracted some type of malicious code and your device is no longer yours.

What is an oops moment?

Whether it is accidental, intentional or any other reason an oops moment can produce startling situations.    They can happen at any time and in todays world anywhere.   They can happen on any device or in any situation.   It is no longer the realm of just Windows.   Any system that uses an operating system is a target.   Any system that uses a plug in or an app is a target.

The criminals have ways and means of lowering your trust level.   Our role is to increase your awareness and to make you less trusting.   Awareness training is vital not just for business but also for all individual users of the internet.

What to do to make sure you are not a victim?

There are three things to think about so that you do not become a victim of cyber crime.   Awareness, Paranoia and Common Sense.   On the internet these three are rare.   These concepts will protect you, your staff, your hardware and your business.   The awareness comes from training.

The other two have to be built, in most cases from scratch.   Making people paranoid in normal life is pretty hard, on the internet is is relatively easy.   On the internet everyone that you do not know is after you.   They are after your money, your personal information, your personal details and or your intellectual property.   On the internet, a 12 year old, can be your most vicious adversary.   They can use technology to steal your digital persona, and you may not even know it has happened.

Common sense is also something that can be learned.   In most cases it is a lot harder.   In the defense force they have a saying about “common dog”, using common sense to solve problems.   The number of people who are absolutely brilliant who have no common sense is staggering.   They are the people who are the most vulnerable.   The innocent, unaware and uneducated are the target of all cyber criminals.    To use common sense you need to be able to say that if its free – no its not, if they want to give you something – be suspicious,  if they want information about you or someone you know – are you asking why!

Conclusion

The ooops moment can happen to any of us.   It is relatively hard to create a situation where everyone has not had an ooops moment.     The best thing that can happen is minimise the effects of what you have done using awareness, common sense and paranoia.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply