Yesterday, we wrote a slightly satirical Zombie Myths piece for Halloween.
We looked at three statements that we keep on hearing, years after their use-by dates, that we wish we could put to rest for ever.
So much for yesterday’s security theories we’d like to leave behind…
…what about security advice we can use in the future?
Security All Saints
Well, in case you hadn’t realised, Halloween is short for All Hallows’ Evening, which is the day before All Hallows, also known as All Saints’ Day.
In other words, if Halloween is the ideal day to dig into undead zombie security myths, we think that 1 November is a great day to think about becoming a security saint, and not just for the day, but for the rest of the year as well.
You can revisit your commitment in a year’s time, but we think you’ll find that security saintliness turns out to be much less of a drag than it at first sounds.
Give it a go!
If you’re wondering where to start, here’s a selection of tips we’ve written up over the past year or so to help you and your family be more secure, both at home and at work:
- 5 security tips for businesses and everyone else.
- Back to school tips to help kids stay safe online.
- 5 tips for making life easier this SysAdmin Day.
- 24 day-by-day tips for the Christmas season.
The tough side of sainthood
Being a security saint isn’t all plain sailing, of course.
Once you’ve decided to take security seriously, you may become rather pointedly aware that other people don’t take it seriously, even in places where you might expect it.
A recent commenter, for example, told us a horror story of trying to argue with their bank that “mother’s maiden name” is not a secret. (How can it be, given that your mother knows what it is?)
We’ve heard of a telephone provider asking a customer to pick a secure password and then say it aloud in a busy store.
And we’ve read, disappointingly many times, about products that are supposed to improve security, such as CCTV cameras, shipping with so many security holes that you’d think they were designed for the crooks to keep their eyes on you rather than the other way around.
That raises the question, “What to do if you are pressed into insecurity by circumstances that you can’t easily control?”
Examples include:
- Being asked to hand over social media passwords as part of starting or finishing a job, for whatever reason.
- Being told you need to email in hi-res scans of your passport and other ID documents as part of applying to rent an new apartment.
- Being pressured into swiping your card at a payment terminal when your choice is to use the Chip and PIN slot.
Sticking to your guns
We don’t have a guaranteed way to work your way around this sort of abuse of your goodwill, but try to keep calm and polite, stick to your guns, and, if necessary, take a look for supporting articles on Naked Security.
Handing over your social media passwords to a new employer is, in most cases, a violation of the terms and conditions of service of those accounts, so there’s no legal or moral case that we can see that would justify such a request.
It’s tough to sound like a trouble-maker on your first day, or at an interview, so stay polite and keep up your explanation of why you can’t be expected to violate one contract to enter another.
When it comes to “showing ID” however, some countries, notably including the UK, require strict identity checks on property leases as part of enforcing immigration laws.
You will need to comply with the law, but you may be able to persuade the letting company to find a way that doesn’t involve keeping a digital copy of your precious documents.
And when it comes to paying for products and services in a way that makes you uncomfortable, it helps if you decide in advance how much you are prepared to yield, and then simply walking away if the vendor insists on a payment method you don’t like.
Ready for sainthood?
Are you ready to try Security Sainthood for a year?
If so, let us know – and please keep us tuned how things go for you as the year unfolds…
omega42
Agree with everything you say. But it is deckchairs on the Titanic
I have 4 Win 7 devices (all official and registered) and 3 of them refuse to update. I seek advice from MS but the advice is complex, very time consuming and then does not work. I am IT literate but have work to do and a life to lead so I have switched off updates until I get time. Will I ever.
I suppose some might think I should put my life on hold for the sake of the internet .. But it is not just me – I hear many other says the same.
The IOT DDS well be as nothing to the upcoming unpatched windows debacle
Spryte
A wee add-on:
Snip>>>
Being told you need to email in hi-res scans of your passport and other ID documents as part of applying to rent an new apartment.
<<<Snip
to a "company" with a $#&%ing Yahoo Mail account!!