Everyday Security in an Online World

Introduction

Taking risks is part of life. Even ordinary activities like eating and travelling cannot be made completely safe. Dangers are present in our environment and in other people, and sometimes we are a danger to ourselves! The reason we can go about our lives despite all these dangers is that we learn to weigh up risks against benefits. For example, the benefits of visiting a friend outweigh the risks in driving there.

Using a computer, tablet or smartphone is the same. You know there are dangers because words like spam and malware are now familiar in our language. You might have found yourself worrying about such things before, and perhaps taken steps to protect yourself. With the risks sufficiently catered for, the benefits of using a computer are enormous.

When I talk to people about computer security I often find they are both fascinated and confused. Crime involving computers increasingly makes headlines, but is often poorly reported, and people struggle to relate such news to their own lives. Sometimes people worry too much about unlikely or impossible scenarios, imagining bad things that could happen, while at the same time missing actual threats because they’re unaware of them. People can feel they are at the mercy of the technology rather than in control.

This book deals with common security problems and solutions. Understanding them will empower you to make informed choices on such matters both proactively and reactively. You will feel confident using your computer, tablet and smartphone knowing you have considered the risks and taken proportionate measures to protect yourself.

What is security?

Security is about protecting and preserving things we value. As we increasingly interact with the world via computers, tablets and smartphones – and store more important knowledge and treasured memories on them – the need for information security becomes apparent.

But what exactly does it mean to secure information? A popular approach considers three things: confidentiality, integrity and availability. Confidentiality means limiting access to information to those for whom it is intended. Integrity is about preserving the accuracy and completeness of information; in other words, making sure it isn’t changed or deleted maliciously or by mistake. Availability means the information can be readily accessed by people who need it, when they need it.

As an example, consider your email account. It probably doesn’t contain anything top secret, but you regard it as confidential in the sense that you wouldn’t want just anyone reading your messages. As for its integrity, you expect your messages to remain intact, showing the correct dates on which they were received and the right names of the senders. And you want to be able to access your email at will; in other words, its availability is important.

Why do we need security?

The fact that we need to consider the security of our devices and information suggests there are ways they could be harmed. But why is this? Where do the dangers lie, and why aren’t computers made to be totally secure?

Perhaps the most serious thing that can happen to your computer, tablet or smartphone is that someone steals it. You then incur the financial cost of its replacement, the loss of your data, and the possibility that someone else will misuse that data. Measures to reduce the likelihood of theft – or indeed loss, or physical damage such as from fire or natural disasters – are largely common sense, and so are not covered in this book.

This leaves us with the unfortunate fact that some people choose to profit from attacking computers and stealing information. Ultimately this cyber crime is made possible because, as humans, we are all imperfect.

People who make devices, apps and websites aren’t perfect; and history has shown that it is difficult, if not impossible, for developers to write software that is fully immune to the malicious actions of others. Meanwhile, an increasing number of computers – and all manner of ‘smart’ devices – are connected via the Internet, exposing this imperfect software to the wider world.

Equally, software is all about making choices. While it might sometimes appear to have a mind of its own, your computer generally does what it’s told. This means that you, the imperfect human operating it, can put your privacy and security at risk. You might do so indirectly by increasing your exposure to the malicious minority already mentioned, often not through an action on your part but rather by lack of action — like dismissing reminders to install an update, or ignoring advice on making good passwords. Or you might come to harm more directly, such as by installing bogus software from a website, or replying to a scam email with your credit card details.

So, if developers make mistakes and produce insecure systems, and we make mistakes that couldn’t be prevented even if the systems were perfectly secure, what hope is there? The answer is a joint best effort.

Developers can better test their software, and they can take advantage of new technologies and processes to create systems that are inherently more secure. Over time they can release updates to their software to harden its defences and eliminate risks that have been found.

Users can learn about the dangers that exist and how to avoid them. You might be surprised at how a little knowledge, like how to ‘read’ the address of a web page, can go a long way towards protecting you from a great variety of problems.

Summary

Information security is about protecting information to preserve its confidentiality, integrity and availability. It is necessary to secure our information because of a minority of malicious people. Our computing devices and the online services we use can never be fully secure because humans are imperfect; and tackling the problem is an ongoing responsibility shared by those who develop these products and the rest of us who use them.

Looking ahead

The first chapter, Update Your Software, explains why keeping your software up to date is one of the simplest and most effective ways to defend your device from harm as you go about your daily activities. In Only Open Trusted Apps and Files we see that people can be tricked into installing harmful software directly, and how you can avoid this. The third chapter details how you can Recognise Social Engineering, in which miscreants take advantage of human nature to steal information and money. Next we examine the role still played by the humble password, along with why it is important to Use Strong, Unique Passwords and the tools that make it easier to do so. Use Two-Factor Authentication introduces an increasingly popular way to bolster the security of your accounts, while in the sixth chapter we see that no matter how well you play your part in securing your private information, you must Accept That Data Breaches Happen. Accepting that we all make mistakes, and that there’s no such thing as total security, the final chapter introduces a topic that complements the rest: the need to Back Up Your Data so it can be recovered in the event of its accidental or malicious destruction.

If you found this useful, you can support my work by buying me a coffee.