Consumers: The Last Best Mile of the Security Perimeter

For consumers and businesses alike, when it comes to keeping private information private your best defense is vigilance; in both instances updating patches whenever they are available.

In fact, organizations are battling hackers every day, working to patch holes on servers and in applications to ensure data is not compromised. Consumers, too, have a responsibility to do the same when new software patches are released. Many of the more common consumer platforms (e.g. Adobe and Microsoft; others) automatically roll these out and send us notifications when consumers open the program. It’s these notices and updates we should not take for granted but instead apply regularly to keep our laptop, PC, tablets; so on, in top working order and, more importantly, to keep hackers from accessing any information they could use to hijack our identity or that of our families. Failure to apply these updates leaves the system vulnerable to attack or to be compromised, as these cybercriminals often use these same updates to reverse engineer ways to take advantage of these vulnerabilities.

Consider the proposition that as security software is being developed and ultimately propagated, hackers, cyber thieves and other malware malcontents, nearly in parallel, are hard at work trying to find ways of penetrating it, including leveraging rootkits and back door viruses to subvert its integrity. What does that mean for you? It means that even if you installed a new patch or upgraded antivirus software as recently as thirty days prior, you could already be subject to an attack. In other words, think of your antivirus software as static, a snapshot in time that is updated every 30 days (or so). For hackers, however, time is on their side. As soon as the current patch is offered up, they don’t have to wait until the next one is released to get to work on breaking through it and possibly contaminating your home systems with malware, viruses and redirect requests. In fact, many although not all antivirus companies are constantly playing catch up in coming up with the next patch and only after a virus has already gone mainstream (think of Ransomware, for example or any zero-day attack).

Writing in the LA Times Terrence August, professor of innovation, technology and operations at UC San Diego’s School of Management, also makes the observation of the importance of consumers to protect themselves through proactive pitching.

“The weak link is the individual. Diligently updating software with patches, which are regularly released by companies such as Microsoft, is a major factor in foiling attacks. Not only does it guard individual consumers but also the computing public as a whole, as a better-protected population is a deterrent to hackers,” said August.

At this point, you are probably asking yourself: “Why am I a target if I have nothing to hide?” Attackers work on the weakest link in the chain to compromise a target. Think for a moment about your job and the data you handle. Could they be appetizing for a prospective attacker and could they be accessed by just compromising your personal home computing resources?

So, how do you defend against these pernicious and in most cases evergreen threats? Well, in many ways consumers are already accustomed to updating software on their systems. Updates from an Operating System (OS) or Internet browser provider are probably delivered to you regularly over the Internet. While these updates often update basic functionality and features, some may provide security updates or fixes to existing software.

The Privacy Rights Clearinghouse, a nonprofit consumer education and advocacy project whose purpose is to advocate for consumers’ privacy rights in public policy proceedings, recommends the following best practices to securing your computer to maintain your privacy:

Keep your software up-to-date. Download and install patches for both your operating system and your software applications whenever they become available. Software patches or updates often address a problem or vulnerability within a program.

That includes upgraded versions. Sometimes, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch. It is important to install a patch as soon as possible to protect your computer from attackers who would take advantage of the vulnerability. Attackers may target vulnerabilities for months or even years after patches are available.

Don’t let the number of software programs running on your system deter you. Keeping your software programs up to date can be a daunting task, since most computers contain dozens of software programs. Many are pre-installed when you buy your computer. Hackers are constantly attacking flaws in popular software products such as Adobe PDF Reader, Adobe Flash Player, QuickTime, and Java. In spite of their sheer number, however, and since every program could be subject to attack, it’s always wise to keep each of them updated whenever possible.

Take advantage of automatic updates. Some software will automatically check for updates, and some vendors offer users the option to receive automatic notification of updates through a mailing list. If these automatic options are available, take advantage of them. If they are not available, check your software vendors’ websites periodically for updates. Only download software patches from websites that you trust. Do not trust a link in an email message. Beware of email messages that claim that they have attached the patch to the message—these attachments are often viruses.

Other recommendations essential for maintaining a secure personal computing environment should include:

Change your passwords often and do not reuse passwords across resources: Changing your passwords often and not reusing them can be a great preventative measure to negate weak password vulnerabilities. Furthermore, aim for password complexity using alphanumeric characters and symbols.

Install a desktop firewall: Windows systems have already one installed so enable it. For Mac users I recommend “Little Snitch”. This utility helps to block or allow network connections. Remember if an attacker successfully exploits vulnerable software on your desktop then they can connect back to an external system to execute commands. You can block these connections through a personal firewall.

Paradoxically, the internet is the same channel for delivering antivirus to deploy the very viruses the antivirus was developed to stop. Being vigilant in regularly updating patches and for that matter all security updates to your home based devices are why consumers, even now, continue to represent the last best mile of the security perimeter.