Don't Be the Low-Hanging Fruit

Two men are being chased by a bear. One says to the other: “There’s no way you can outrun that bear.” The other man replies, “I don’t have to be faster than the bear. I just have to be faster than you.”

The basic premise of that joke also applies when it comes to computer and Internet security. Cyber attackers are your “bear”, and the fact is you don’t have to have the best security. You just need stronger security than the next guy. In many cases, simply having any protective measures at all makes you a more difficult target and ensures that you aren’t the “low-hanging fruit”.

Criminals in general are typically creatures of opportunity, and likely to take the path of least resistance. A skilled thief might be able to nab a wallet out of the pocket or purse of just about anyone, but given the choice between a person with a wallet in a zipped up purse slung over her shoulder, and a guy with his wallet hanging halfway out of the back pocket of his jeans, the guy in the jeans is much more likely to be the target of choice.

The same is true of cyber criminals. Given enough time and resources, a skilled attacker can breach just about any system. But, if there is one PC that is fully patched, running up to date security software, and employing strong passwords, and another with known vulnerabilities left un-patched, no security software, and a weak password, the attacker is going to focus on the easy target.

So, here’s what you can do to make sure you don’t have to “outrun the bear”:

Keep Your System Patched

Most attacks exploit vulnerabilities that are already known, and for which the vendor has already issued a patch. Zero day flaws seem scarier and get more media attention, but are rarely associated with successful, large-scale attacks. Use automatic updates wherever possible, and make sure you apply the patches and updates available for your operating system and applications.

Use Wireless Encryption

It’s a well-known fact that WEP (Wired Equivalent Privacy) encryption is fatally flawed and can be cracked in a matter of minutes--perhaps seconds. Do you know what’s even less secure than a vulnerable encryption algorithm? Not using any encryption at all.

WEP, and its successor WPA2 both have known weaknesses, so you should use WPA2 if possible. But, just the fact that you have any encryption enabled at all will set you apart from neighbors with unprotected wireless networks and make your network less desirable.

Change Your Passwords

Passwords--specifically exposed passwords--have been making headlines lately following breaches at LinkedIn and eHarmony. There isn’t much you can do to prevent the sites and services you use from allowing your password to be compromised, but you should make sure you choose a strong password, don’t use the same password for multiple sites, and change it periodically to stay one step ahead of attackers that may obtain and crack your password.

Even if you do all the right things you still won’t be impervious to cyber-attacks. But, you will be a less attractive, more difficult target than the next guy, and nine times out of ten that’s enough to avoid becoming a victim.

recommended for you

Flashback Trojan FAQ

Read more »

Subscribe to the Security Watch Newsletter