So we’re all agreed: Malware can be hazardous to your health.
We also agree that more and more exploits are being discovered every day
in various software packages. Thankfully, vendors are finally exhibiting
an ability to make security an essential component of their products,
instead of viewing security as a bolt-on luxury feature no one really
cares about. And best of all, some software creators realize security can
be a selling point for their products.
The distance between announced vulnerabilities and publicly available
exploits is getting slimmer, but the distance between exploits and
patches also is getting smaller.
So why aren’t we all happy?
Because you all aren’t playing along. That’s why.
Too many of my conversations go, more or less, like this…
”I wasn’t doing anything and it just stopped working!”
Ok, what were you doing before you weren’t doing anything? You were
reading your email. Did you click on the link in that email? You know,
the one that had a spam score of 47.0? Right, that one. So you weren’t
doing anything but reading your email, and then clicking on the link in
the email from ‘the bank’, even though you don’t have an account, and
never have had an account, with this bank (which, by the way, you’d never
heard of until you got this email). Is that right?
WELL, DON’T DO THAT!
EVER!
Obviously, we, as security professionals, can no longer blame the vendors
for being inattentive to the situation. We can identify the problem
pretty easily. Rather than try to be delicate about it, let’s just see it
for what it is.
Our end users have no clue. And that’s our fault.
If we don’t teach the people we’re responsible for to take care of
themselves — just a little bit — we are going to continue spending the
majority of our time cleaning up perfectly preventable computing
tragedies. This is important.
How much time has your organization lost to compromised systems? How many
hours of productivity down the drain? Don’t cheat yourself either. The
number of hours you work on a system should be multiplied by the number
of users dependent on that system, plus you. (This means if the boss’
secretary prints out all of his email for him, and that system gets a
virus, the secretary is down, the boss is down and you’re down. That’s
right. You’re down too, because you could be doing something more
productive than re-imaging that machine.)
Here’s another question. How many times is a simple rebuild complicated
by the owner never doing a backup, and not being able to tell you where
his files reside? So now you not only have to put in the time and expense
of restoring the system, you also have to do the detective work of
identifying and protecting/saving the data on the system. You run the
risk of losing important corporate assets.
What’s worse is that you know you’ll be back on this machine within six
months. And the guy who owns it? He won’t have done a single back up
since you last restored to him a pristine machine with all his stuff on
it.
If only we could get up in the face of our users like drill instructors
and scare the living daylights out of them into believing that if they
ever click on another link, we’re going to take their computer
and…
Well, ok, that’s just wishful thinking on my part.
But we can make a difference. We can get the message across through
variety, repetition and repetition. (Yeah, repetitive just like that.)
There are three messages we need to tattoo on their foreheads.
One: Do not click on the link in that email that should
have been marked or filtered as spam. And do not be tempted to even open
your spam and peek at what may be inside. It’s spam. Nothing good comes
from spam.
Two: Back up your data religiously. Utilize resources the company
provides. (The company better provide some, or you need to be working on
management, as well.)
Three: Auto-update. Both Apple and Microsoft have finally gotten
their collective acts together to provide OS patches as painlessly as
possible. Turn on auto-update. It goes out and does what’s necessary to
keep the system patched. It’s the ‘turn it on’ part we seem to be having
trouble with. According to some reports only about 40 percent of users
have auto-update activated.
See, we know what the problem is. We simply need to get on the stick to
fixing it. We need to convince management (and management, if you’re
listening, pay attention here) that the expense of a quality archive
system appropriate to the corporate mission, can be justified in the
negative deliverable of lost data and down time. If your corporate
environment is geared to mandates, then work on mandating auto-updates.
If you live in a more liberal environment, such as a university, where
dictating policy won’t work, it’s incumbent on you to convince your
constituency that auto-updates are in their best interest.
You know your users. You know what message will be most effective. The
ones who can’t bear to be without their system, will gain comfort from
knowing they will be less likely to incur system loss through compromise.
For those on the opposite end of the spectrum who don’t know and don’t
care, just tell them to turn it on and you’ll quit bugging them about it.
It’s the ones in the middle you have to treat carefully. They won’t let
you tell them what to do, and they don’t feel they have any incentive to
do what you ask. You might try both ends against the middle here. Tell
them, you’ll quit bugging them if they will activate auto-update. And
remind them that that includes you coming around and seizing their system
when it’s been compromised.
They’re just as happy to not see you as you are to not have to see them.
As for spam, and the people who read spam? ”We have seen the enemy, and
they is us.”
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.