Mention computer security to most people and the ensuing conversation inevitably involves viruses, spyware, spammers, and teenage hackers. Yes, it’s true that criminals are heavily involved in identity theft, foreign governments are stealing intellectual property, and pedophiles are trolling the Internet. But if we’re really looking for the number one threat to our money and information, let’s start with a good look in the mirror.

Backups

Computer hard drives consist of one or more metal disks called platters that usually spin at 5400 or 7200 RPM. Tiny heads move over the surface of the disks, reading or writing magnetic impulses as the platter spins by. To put it in perspective, the edge of a platter running at 7200 RPM is travelling at over 100km/h. While modern drives are very reliable, and often boast Mean Time Between Failures (MTBF) of up to five years, all it takes is a small particle of dirt, a bearing failure, or enough of a shock to cause the head to touch the platter, and it could be all over for your data. So even if you have the best antivirus protection money can buy, and you’re confident that you could never ever (ahem) accidentally delete the wrong file or folder, not backing up important files is playing the MTBF odds, and if you play long enough, you will loose.

Viruses

I think it’s safe to say that most of us are sick of hearing about viruses. Every year criminals (and have no doubt – virus writers are criminals) turn out a large number of them. Some are brand new, and occasionally one has a serious impact. However, the vast majority of virus infections are preventable, and while I hate to be accused of blaming the victim, the reality is that viruses are out there and your computer will be infected if you don’t take four simple precautions: Use a firewall between your computer and the Internet, install antivirus software and keep it up to date, don’t open email attachments that you aren’t expecting, and don’t surf the web looking for free software or porn.

Phishing

It’s getting real old, but scammers are still tricking people into logging into look-alike sites just to get their usernames and passwords. If you follow two simple rules you are unlikely to become a victim: First, financial institutions don’t email asking for updated information, and they don’t email about fraud or account suspensions. If you get email asking you to urgently update your information or log into your account due to fraud, just delete it. Second, don’t click links in email to any web site that requires you to log in. Instead, open the browser yourself, type in the URL, or select it from your bookmarks. It may take a bit more time, but it will prevent you from following links to bogus sites and giving away your username and password.

Financial Scams

If I walked up to you on the street and asked to borrow your bank account to move ten million dollars into the country in exchange for a ten percent fee, you’d probably laugh. But for some reason when the same solicitation arrives by email, people are happy to oblige, pay “fees” in advance, and are surprised when they get ripped off. The Internet gives you access to a vast amount of information around the world. It also gives fraud artists worldwide access to you. Your best defence is common sense – nobody is going to pay you millions (or even hundreds) to move their money for them. If they have millions of dollars, they don’t need your help to move it, no matter how good their excuse.

Spam and Chain Letters

A lot of people get offended when I lump spam and chain letters into the same category, but let’s be honest – while spam is sent for commercial advertising and chain letters are forwarded by well-meaning (yet gullible) family, friends, and acquaintances, the result is the same: Trash in our inbox.

Spammers collect email from web sites, mailing list, and anywhere else they can find them on the Internet. Then they sell the addresses to others, who, being like-minded, aggregate and resell their lists to others, ad infinium. In a very short period of time, your email address is widely distributed. So our first line of defence against spam is avoidance: Don’t post your email address on the Internet. If you must do so, use a secondary email address or a disposable email address from one of the dozens of companies on the Internet that provide them. Some of the disposable email address services offer addresses that automatically expire after 24 hours, which are perfect for those companies that require an email address to download a “free” document. Along the same lines, another strategy is to give family, friends, and those you personally know one address, and use another address from Gmail or Hotmail for everything else. In the event that spam levels become uncontrollable, you can then abandon it without loosing touch with family and friends. (As an aside, Gmail’s free spam filtering is top notch.)

Of course the problem may be your family and friends forwarding chain letters. If you’re lucky, a polite request may do the trick. If not, you may have to resort to the “reply-to-all with a link to snopes” technique and hope that a bit of embarrassment helps them to think next time.

On the other hand, if you like to forward chain letters, perhaps you’re the problem. Next time you get one check out snopes.com before you forward it. Chances are you’ll find it there, along with information on why it’s not true. Then hit your delete key.