Opinion: Carelessness is the biggest security threat

Staff Writer on
Opinion: Carelessness is the biggest security threat

The latest security tech is worth little if users fail to maintain best practice, says John Walker.

As a security professional, the essential disciplines associated with operating in cyberspace, such as using the right security tools, installing the latest updates and encrypting data, come pretty naturally to me.

However, of late it has become obvious that it is not just the technical practices and the whizz-bang technologies that make us secure. It is more about a state of mind, and continued application of best ­ – or at least good –­ security practices as we use our chosen technology.

Most mobile professionals need at some time to access a PC in a public place –­ a PC which has been, and will continue to be, used by large numbers of unknown people. Recently, when I was using such a computer, after my session I carried out all the usual best practice tasks, and cleared down the browser history, cookies, and other digital footprints. However, when I looked at the previous history of use, it was possible to see the type of person, and in some cases the company, that had used this resource.

In this case, the previous users had clearly been working on business-related topics, and had downloaded files to the local disk. Under Windows, where such data will be written to by default, sure enough in the My Pictures and My Documents folders, information was located that would be considered pretty sensitive by many.

Without exception, the users of the system in question were all considered to be computer literate, and as such, would have been expected to be aware of the threats, and the necessary steps and countermeasures to protect their identities.

Security tools, applications, and other related technological methodologies employed to defend user systems go a long way to mitigating against cyber attacks. But only when they are combined with user best security practices will they fulfil their potential to secure the system. It is good to be careful, but possibly, much better to be paranoid.

John Walker is a member of the E-victims Advisory Council and the ISACA Security Advisory Group

Got a news tip for our journalists? Share it with us anonymously here.
itweek.co.uk @ 2010 Incisive Media

Most Read Articles

Log In

  |  Forgot your password?