Where risk is not seen, security is not appreciated
Delta Milayo Ndou #DigitalDialogue
Most people do not require much persuasion when it comes to investing in securing their property, belongings and valuables.
With little or no cajoling, people will put up pre-cast walls and reinforce them with shards of glass, razor wire or electric wire and then have burglar bars on their windows and bolted doors with double locks.
Without being prompted, vehicle owners know to lock their car doors and activate the alarm. If it is within their means, home owners know how to install alarm systems and some will even have dogs on the premises then reinforce that with guards.
Having done all that, many people will be careful to then once indoors, lock up cabinets that contain important documents — and even lock themselves up in their bedrooms when turning in for the night.
Such precautionary routines are the norm and they all derive from a keen sense of security awareness — an appreciation of threats and a desire to minimise risk.
In the context of online safety and protecting one’s devices, the conversation around security tends to receive lukewarm attention, perhaps because the risks seem to be rather hypothetical.
In some instances, the terms used when discussing cybersecurity are unfamiliar and do not effectively communicate what the exact threat is to ensure people fully appreciate the risks of not taking precautions.
Malware terminology relating to intrusive software, that includes computer viruses, worms, trojan horses, ransomware, spyware, adware and botnets — is often opaque and confusing.
Unlike threats such as hacking which can be explained as the act of having someone break into your data system or computer, malware is often not simply explained. Concepts like online fraud, which is fraud that is committed with the help of the Internet, are easier to explain.
Similarly, phishing attacks which involve the sending of emails purportedly from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers — are also easy to breakdown.
It may be difficult to persuade people to take online threats seriously when those threats are often not communicated with clarity.
Ransomware: a form of ‘abduction’
A friend once asked me to explain what ransomware was and was very quick to emphasise that they did not want an overly technical explanation.
By definition, ransomware is a type of malicious software that blocks access to the victim’s data or threatens to publish or delete it until a ransom is paid.
In other words, you simply cannot access any of your data until you pay the cybercriminal to undo the block or to send a key to decrypt your files — it is like your data would have been taken hostage.
Now your willingness to pay will depend on how valuable the data is to you, but more importantly on whether you have copies of that data stored/saved somewhere (i.e. backed up).
If someone steals a flash drive that has your data and offers to sell it back to you, your willingness to pay is dependent on what was on the flash drive and also on whether you don’t have that same information saved somewhere else, like on Google Drive or Dropbox or some other Cloud-based storage system.
The value of the data you stand to lose from ransomware is dependent on whether you had a copy of it saved somewhere else and this is why it is important to always back up your data.
The value of the data is also dependent on what that data means to you — if it is your final version or only copy of a school assignment, work project or soft copy of personal information — then it would mean a great deal to you to be able to recover it.
What would be worse — getting home to find that all your favourite clothes have been stolen off the washing line or losing an external drive you have had for over a year? The loss depends on which of those two possessions, is it your physical (clothes) and your intangible (data) belongings that hold the most value.
A year is a long time to store data and there could be data that you have not copied such as photos from memorable event (think how much it would hurt to lose all your wedding photos or all of your children’s baby pictures)?
Imagine the student who is a week away from submitting their college thesis to complete their course and have saved that thesis on a computer that gets hit by ransomware or have saved it on a flash drive that gets lost?
To such a student, the concept of risk is fully appreciated and therefore they would be more receptive towards and eager to take the necessary measures to secure their data and their devices.
Oftentimes, the perception of risk or threat is what determines the level of security awareness and the safety measures people are willing to take.
Please, back up your data with the same fervency with which you lock your gates, shut your windows, activate your alarm systems and bolt your doors — your data is an equally important possession to safeguard.
Deferring software updates is akin to disarming the alarm system
You probably know someone who always defers software updates, and that person is you. You know that feeling of annoyance you get when the software update alert pops up and it gives you the option of installing the software update now or being reminded to do it later — most people click on ‘remind me later’ instead of ‘install now’.
Software updates are often seen as optional rather than mandatory as most users will defer the updates repeatedly not realising that they are making their computer and system vulnerable to attacks.
No one wakes up in the middle of the night to disarm their alarm system and then goes back to peacefully sleep because such an action would be reckless.
Yet software update alerts are like an alarm system that needs to be armed and users are too lazy to simply click on ‘install now’ and arm the alarm so that they minimise the risk of falling victim to cyberattacks.
The next time your device issues you with a software update alert, don’t click on ‘remind me later’ — just get the update installed and enjoy peace of mind.
According to ESET’s Live Security blog, malware authors frequently rely on people running outdated software with known vulnerabilities, which they can exploit to silently get onto your system so it can significantly decrease the potential for ransomware-pain if you make a practice of updating your software often.
It is not possible to exhaust all the risks and the necessary countermeasures to guard against cyber threats, but experts recommend getting a reputable security suite that offers both anti-malware software and a software firewall to help you identify threats or suspicious behaviour.
Appreciating the need for data security and the need for regular software updates will go a long way in making you more security aware with your devices, systems, data and software.
You don’t leave your gates ajar, or your doors open or your windows gaping because you are mindful of the risks of doing so. Now why would you leave your valuable albeit intangible possessions such as data unsecured?
- Delta is a digital evangelist who believes in technology-driven solutions. You can follow her on Twitter: @deltandou