I was thinking about why people don’t take the time and effort to practice good computer security–and then I remembered two things:
1) Most people don’t practice simple computer maintenance (such as check whether their antivirus software is updating, apply OS patches, run Adaware once in a while, delete temp files, do backups, and defrag their disks), so how can we expect them to practice good security habits?
2) Most security pros, auditors, and others who know better don’t do regular computer maintenance either, and they more than occasionally get sloppy in their own security habits (just admit it and deal with it, okay?).
If the gods don’t behave, how can they expect the same from simple mortals?
So what am I saying? That we should give up and accept our sorry lot?
No. We ALL need to do better, but we need to consciously decide WHEN we’re going to pay the piper, either now or later. Instead of living in denial and pretending we’ll somehow slip by.
Making a conscious decision is better than just saying “oh, well” and going our merry way. So start thinking…
P.S. Some say that we need to make security simpler. You can’t, simply because computers and gadgets, people, the communications between them all, and life itself, is just too complicated. So that brings us back to deciding…