What Avarage Users Need to Know

Security is one of the most tricky thing to accomplish. However, to the most clueless and stupid user, the best security is useless. I have heard several times of security professionals’ dream of computer users needing to acquire a license first before using a computer. This is optimism to the point of absurdity. However, here are some advice that security community experts expects the average user to know:

• Don’t act like a clicking monkey, particularly with links sent through emails. Type the URL in your browser manually.
• Disable the preview pane in ALL your inboxes. And don’t open unsolicited Emails.
• Read all email in plain text.
• Visit only sites that you trust.
• Don’t open email attachments, particularly .exe attachments.
• Don’t use ActiveX.
• Set your browser to block popups.
• Don’t check your email with Microsoft Outlook or Outlook Express. Use Thunderbird.
• Don’t display your email address on your web site.
• Don’t follow links in web pages, email messages, or newsgroup without knowing what they link to.
• Don’t let the computer save your passwords.
• Don’t trust the “From” line in email messages.
• Never Use a Browser that is Unsafe 98% of the Time and instead Switch to Firefox.
• Never run a program unless you know it to be authored by a person or company that you trust.
• Read the User Agreement thoroughly on all software you download to ensure it is not spyware.
• Don’t count on your email system to block all worms and viruses.
• Get a Mac. Or switch to Linux.
• If your not doing anything, the light on your modem should not be blinking.

We can start blaming one another for the failure of Information Security but it will get us nowhere. Security professionals think the user is the problem. The user think the network is the problem. Those who manage the network think its an OS problem. Those to make the OS think its a software problem and those who make the software think the user is the problem. Let’s face it. We are all part of the problem. Now, we need to be part of the solution. Right now, I’ll end here. More to follow later. 😀