The inside – the local side is, potentially more of a threat, than the outside world. Thinking from the inside to the outside reveals such threats as you learn more about how people get hacked and intruded upon. Learning to contain how we respond to incoming threats is my point. Incoming threats are often hidden but some of them become very obvious if you use account security. Read on for my thoughts on this – my perspective is constantly shifting.
Modern security is as much about protecting you from your own loss of judgement or focus. When we are getting things done we are often in a track, going one step at a time through a long series of tasks and obstacles. Then some message comes along and we assume it’s all legitimate. Hackers, scammers, thieves know that they will get a hit eventually when their link and message hits someone in a vulnerable state. You are the vulnerability who can cut through all your own security and visit the wrong site, download the wrong file and install the wrong program. You put your computer on the inside of a firewall (perhaps several firewalls) right to the outside once their payload has installed and now … you have opened channels that enable further abuse of your private information and access.
Say you invest in the best technology you think money can buy, and the sales team tells you “this is going to solve all your problems”. That means, to me, that they are unwilling to spell out the truth that it is you that is the main threat. So if they have 100% security then they have to disable all access of you to the internet … because that is the only way nothing can happen. New ways to talk you through bypassing your security will always work on some people regardless how strong their security. Even in cases where you are in a ridiculously limited corporate environment the security staff will have to look that the employees they serve as a big part of the threat that needs to be educated and managed.
Yes, as per the slogan of this advertising, “layered security” – that is what we want. Many layers but there is always you as the first and last layer – the alpha and omega. You decide how you work, what you work on and what you trust. Know that, and know the truth of internet security. The fact that you read this far gives me the belief that you are chasing knowledge to learn how to manage these threats. We have to make rules and find out how to enforce them successfully according to our own temperament.
Use a “normal” account type
Non-administrative accounts might be called “normal” or basic access. People often start with a computer configured out of the box with an administrator account and never know any better. Practically speaking the best way to manage this is to limit your own access by using an account that is not automatically the administrator, root or other “access all areas” type of account. That is a way of accepting the reality that we are a threat and incoming threats need to be slowed down by passwords and formalities.
The first thing most successful malware and virus do is disable your security – using your account because they tend to arrive during your time using the internet, opening downloaded programs and so on. That may make all the difference – it may have to request permission to get outside back to the attacker – and that may stop it.