Where do most security incidents comes from? External hackers? Disgruntled employees? Probably not. For most organizations, the innocent employee.
Whether it is politics, business or technology, the most damaging thing is ignorance. People are ignorant of what damage that can occur through careless browsing habit. Why? Because significant security incidents are rarely experienced by the average computer user.
Most computer users do a few limited number of thing: they check email, run a word processor, download photos, copy music and browse the Internet for news, sport, products, etc. A browser is the most used application on most desktops, laptops or netbooks. Few have had any instruction on the security implications of their browsing habits.
Recently, Joan Goodchild posted a short-list of five security mistakes people make when browsing the Internet:
Most people do not know what Active X even is. All they know is if they check it, the pop-up box goes away and they get to their “intended” destination. Likewise, who knows what SSL is? A “Bad SSL cert” means what to the average bloke? A user clicks on a link that requires an application that does not appear to be on the users local machine. The pop-up says you can run it if you click “here.” What does the average user do? Clicks “here,” where ever “here” might take him/her.
Spam is still rampant because enough people, albeit a small number, still click on the message to find-out more, whether it is a free financial check-up, a must-have coupon for lunch, or someone from your high school that is interested in hooking up.
We all view our computer as a utility: it just must work. Most of the time it does. But ignorant browsing is going to catch-up eventually, if it has not already (most will not associate their insecure browsing habits to PC performance degradation).
In March 2009, Bill Brenner, gave his 10 IE Browser Settings for Safer Surfing:
You know the cliches: “Common sense is not all that common.” “If something seems too good to be true, it probably is.” Free is never free.” I know it is hard to face but 23 year old beautiful women are not interested in blind dates or 50+ year old men.
A little education can go a long way in protecting our personal and business computing environments. It all starts by prudence by the end user and the browser.
6 May 2009 at 12:45
A good way to go for general web browsing is using Fire Fox. I run it and have never had a problem. Generally however I use a few add on’s to help. I use Pop up blocker, flash blocker, bug me not. I always get warned if something needs to run, install, or what have you. Due to new security features though, like the auto page scan in IE8, if you get a virus its your own dang fault.
12 May 2009 at 19:04
Prudent browsing is a must; I feel that on a corporate network average users should not be allowed to browse the internet without taking a course or two in internet security. I work with end users that will pretty much do anything that you will tell them so long as you throw some technical terms in. I feel that these types of people should not be allowed to function on the internet.