In 2000, Scott Culp wrote a terrific essay on computer security.
It was entitled the 10 Immutable Laws Of Security.
Fifteen years is a long time in cybersecurity, so it seemed like a good time to revisit these “laws” and put them in the a context you might encounter this Christmas – a time when there’s often a spike in attacks.
Observing them could prevent a festive season you’d rather forget.
Most hacks begin this way – you receive an email, or SMS, you visit a link and are given a convincing reason why you have to install something.
Or, you receive an email with a document attached, open it and it installs the malware for you.
Think twice, click once.
If something is unexpected don’t trust it: delete it.
Be careful where you buy that Christmas present from or you may get more than you bargained.
Even reputable manufacturers have been found to install elements into an operating system that cause major security headaches.
If at all possible, buy devices that give you the necessary data – original keys and software – to reinstall the operating system.
A fresh install is the only way you can be certain of what you’re getting.
It’s a pain but it’s worth it.
Most people are completely unaware of how vulnerable their machines are to uploading malicious software simply by allowing someone to plug in a USB stick.
Even if your computer is powered off, a hacker might be able to boot off a USB stick and install malware or add hidden elements.
Unless you want to superglue shut all of the physical connections on your device – not recommended – just do not give anyone “alone time” with you precious machine.
And, if at all possible, encrypt your hard drive so it is more secure when powered off.
With over a billion active websites in the world, hackers don’t just target individuals’ machines.
They can upload code in unexpected ways.
We have seen major brands breached as they didn’t prevent hackers injecting code into web forms. We have seen malware being passed onto visitors via embedded adverts.
Website developers typically don’t think like hackers. They design their sites to be helpful and friendly.
You need professional cynics who will advise on how hackers can abuse such features.
Nothing destroys a brand faster than a website that visitors think cannot be trusted.