“I really don’t pay much attention to security,” the potential client told me. “I don’t have anything on my computer that anyone would want to steal.”
There was a time when that would have been an almost valid idea. If you didn’t do your finances on your computer and you didn’t keep personal information there, what difference did it make? As things have moved forward, however, it has become less and less likely that you don’t have anything on your computer that a hacker might want, simply because personal information you might think trivial quickly becomes a part of a hacker’s plan to get into other things.
But these days whether or not you have something you want to protect is no longer the key issue. One of the major efforts of hackers is to get control of other devices so as to use them in other attacks. Your security is no longer just a private issue. It’s possible that your computer could be used to harm others.
Let’s illustrate this. One of the simplest forms of this sort of attack is the hacked email. We’ve all experienced this, though in some cases we might not be aware. Occasionally someone will ask me how so many people have their e-mail when they don’t share it online. One of the most common sources is a friend’s address book. Someone hacks your friend’s e-mail account, and then uses their address book to send out spam.
This gets even worse as hackers use that address book to provide “from” addresses or even just names. Over the years I have received several e-mail forwards from friends of e-mails purporting to be from me. “Is this really from you?” they ask. My main surprise here is how few there have been considering how long and how thoroughly my name has been spread online. In no case have these e-mails come from an account of mine that was hacked. (My account at Yahoo was hacked in their huge data breach, but since I only used that for limited testing, very little resulted.) The return address of the e-mail will have my name, but not my e-mail address. (None of them, as I have more than one.)
This is a simple thing for a hacker to do. It’s a bit harder (but not very much harder) to also spoof (that’s the word for it) your actual e-mail address. If that is spoofed, then you have to look at more detailed information to see if the e-mail was sent by the correct server. You can look at more detailed information in the email header to see what’s going on. One tell-tale sign of a spoofed e-mail is that you have the senders name and then an e-mail address with random characters. (Note for my clients: If you have any suspicions at all about an e-mail you receive, contact me!) See the illustration above for how to get some basic extras on your gmail.
Neither this, nor any other simple test is foolproof. Hackers are not stupid. In fact, they probably have a higher IQ than you do. Sorry, it’s just a fact. But as smart hackers invent new and harder-to-detect attacks, there are many following in their wake who use older methods, and there are always plenty of people who are vulnerable to simple attacks.
Another simple type of attack is a denial of service attack. This works very much like the main thoroughfares of your town or city around rush hour. The more people are trying to get to the same place, the more strain on the space available. Now apply this to internet browsing. If the hackers want to do damage to a business, they can simply overload its web site. But how? It takes a large number of people to truly disable a site.
Here’s where the careless or uninformed computer user comes in. The hackers find and take control, or more likely leave a hole open through which they can take control at need, on many thousands of computers. Then when the time comes, they enlist all these slaves, some of which may be in your living room or den, and they use them to attack the site.
This is why, as annoying as it is, Microsoft now forces updates on Windows 10 systems. Users delay installing updates, because updates take time, and they want to get on with their business. But updates also patch vulnerabilities. They close up those potential holes. They may not make you 100% safe—nothing short of ditching all your electronic devices will—but they make you less vulnerable. Similarly, your security software needs to update. Set it to do it automatically. Don’t tell it to stop when it wants to do it.
Security is a community issue now. You’re not just protecting yourself, but others. Not to mention, you’re helping to protect the infrastructure without which our data driven economy could not function.