Intersections’ Consumer Security Adviser Neal O’Farrell writes today about current efforts by the FCC to improve Internet security. But, is it going too far? Read on!

In an effort to protect the broader internet from the carelessness of a few, the Federal Communications Commission (FCC), among others, is proposing a much broader adoption of something I’ve been encouraging for years – encouraging ISPs to take a greater role in protecting the Internet from the mistakes or carelessness of their own customers.

The idea is that ISPs would use a variety of tools to detect PCs that are infected with dangerous malware like bots, warn the owners of those computers about the infection, and help them clear it up. If the owner fails to clear up the infection, or becomes a repeat offender, the ultimate sanction could deny them access to the internet until they clear up their act.

It sounds draconian, and the FCC is not yet going that far. But it’s already beginning to happen and may even be a good idea. As one commentator put it, when bad guys manage to infected thousands of personal computers and get them to work together, they have in effect a highly dangerous cyber weapon capable of causing significant damage to other computers and networks.

If you’re not protecting your computer, it can easily be infected by all kinds of malware – malware that’s becoming increasingly sophisticated. When criminals are able to infect enough computers to create a botnet, or network of bot-infected computers, they can then use that network to attack web sites, hide porn, and share stolen identities. Essentially use your personal computer to run their criminal enterprise.

Which is why the Federal Communications Commission is working even harder to encourage more IPSs to get tough on careless users. And some are paying attention. A couple of years ago Comcast announced the launch of Constant Guard, a free protection service for its customers that now includes bot detection – although so far it doesn’t go as far as blocking Internet access for infected users.

But now the FCC wants all IPS to take part in this fight. In a recent speech, FCC Chairman Julius Genachowski commented that “ISPs can play a significant role in the battle against botnets. They can increase customer awareness so that users can look for signs that their computers are being used as bots, detect infections in customers’ computers, notifying customers when their computers have become infected, and offer remediation support.”

He added that ISPs can and must do this in a way that does not compromise consumers’ privacy and that if other ISPs employed similar best practices, it could significantly reduce the botnet threat.

And while he didn’t go as far as suggesting more draconian measures if consumer education doesn’t work, many security experts, including myself, believe sanctions against the worst and deliberate offenders are only a matter of time.

The best way we can all avoid moving in such an extreme direction is to take greater responsibility for protecting our own little corner of cyberspace. Guard your computers well – it’s actually quite easy and you have no excuse not to.

The easiest options are to use multiple layers of malware-protecting software and most of this is now free. Keep your computer constantly patched and updated – this is also free and automated so you have to do little. And make sure you update your browser. The latest browsers have lots of great security tools built in that can offer solid defense against most of the threats that want to take over your computer.

I’ve had the honor of being a member of the FCC’s Cyber Security Working Group and I know how dedicated the FCC is to making the Internet safer for everyone. But they can’t do it alone, and they shouldn’t have to. Don’t force your ISP to get tough with you. Protect your own corner of cyberspace and we all win.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s post, Intersections’ Consumer Security Adviser Neal O’Farrell shares the results of a recent study on social network safety and security. Bottom line? People are becoming less “social” on social networks. Read on!

We’ve been monitoring and writing about the issues surrounding social networking safety and security for many years. During that time, we’ve been very concerned that no-one was really getting the Facebook safety and security message. We’re glad we were wrong, because according to a recent survey by the Pew Research Center’s Internet Project & American Life, users of social networking sites (or SNS) are becoming more careful and acting more cautiously.

According to Pew “Social network users are becoming more active in pruning and managing their accounts. Women and younger users tend to unfriend more than others.” About two-thirds of internet users now use some kind of social networking site, Facebook and Twitter being the most popular.

Of these users:

• 63% of them have deleted people from their “friends” lists, up from 56% in 2009.

• 44% have deleted comments made by others on their profile.

• 37% have removed their names from photos that were tagged to identify them.

• 67% of women who maintain a profile say they have deleted people from their network, compared with 58% of men. Likewise, young adults are more active “unfrienders” when compared with older users.

• A majority of social network site users – 58% – restrict access to their profiles and women are significantly more likely to choose private settings.

• More than half of social networking site users (58%) say their main profile is set to private so that only friends can see it.

• 19% set their profile to partially private so that friends of friends can view it.

Unfortunately, some people just don’t get the security message. At least one in every five social networking user says their main profile is set to be completely public. Women who use SNS are more likely than men to set the highest restrictions (67% vs. 48%).

The personal security situation could be even better, and safer, if users didn’t have so many problems figuring out how to master their privacy settings. Half of SNS users say they have some difficulty in managing privacy controls. Those with the most education report the most trouble. In all, 48% of social media users report some level of difficulty in managing the privacy controls on their profile, while 49% say that it is “not difficult at all.”

Regrets? Seems like some social networking users have had a few. According to the study:

• About one in every ten social networking users have posted content they regret.

• Male profile owners are almost twice as likely as female profile owners to profess regret for posting content (15% vs. 8%).

• Young adults are also more prone to say they regret some of their social media postings; 15% of profile owners ages 18-29 say they have posted content they later regret, compared with just 5% of profile owners ages 50 and older.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

The Today Show recently featured a story about a man sentenced to 26 years for stalking a woman for 17 years. In this article, Intersections’ Consumer Security Adviser Neal O’Farrell writes about a new report that indicates that as many as 1 in 5 Americans may be victims of online stalking, Read on to learn how you can prevent yourself from becoming one of those victims!

1 in 5 Americans may be victim of online stalking

A new study recently released by the National Cyber Security Alliance (NCSA) and McAfee found that one in five Americans have come in contact with someone online who made them feel uncomfortable through stalking, persistent emails, and other aggressive outreach attempts.

The report was published to coincide with January’s National Stalking Awareness Month and revealed a number of troubling statistics.

For example:

• The National Center for Victims of Crime estimated that stalking affects 3.4 million victims every year

• One in four victims report that the stalker uses a variety of technologies, such as computers, global positioning system (GPS) devices, or hidden cameras, to track the victim’s daily activities.

• Just less than 40% of those victims reported the incident while 61% chose not to.

“The Internet is an amazing tool for sharing and connecting with people. Unfortunately, there are some people who will use it to track, harass or make unwanted contact. Stalking can be dangerous and should be taken seriously,” said Michael Kaiser, executive director of the National Cyber Security Alliance. “We encourage anyone who believes they are being victimized online to report the crime and seek help, if needed, from law enforcement or a victim service provider.”

The authors of the report offered the following tips to help you avoid stalking and deal with stalkers:

1) Clean up your online profiles – Don’t include your address or phone number in an online profile. If you must use a professional networking site such as LinkedIn for work, include your company’s corporate address instead of your actual office to prevent someone from knowing where you work. Think about each piece of information you include on your profile and whether it would be dangerous if it fell into the wrong hands.

2) Lock down your privacy settings – If you are a social networking user, make sure to set all of your privacy settings to “private” or “friends only” to keep people outside of your network from accessing your information. It’s also important to regularly check the settings to make sure there haven’t been any changes that leave your data exposed.

3) Be careful whom you connect with – When using social networking sites, only connect with people who you know in real life. A stranger who tries to “friend” you could become trouble later on. Also, pay attention to the people your friends are connected with to prevent your information from being shared with someone suspicious.

4) Search yourself to see what’s out there about you – You might be surprised at what you find when you search for yourself. Old website profiles, online forum posts, and pictures of you posted by other people could all be unearthed in a quick search. If you find information about yourself that you want removed, contact the website or person hosting the content.

5) Don’t use an email address that is easy to identify – Stay under the radar by selecting online handles that don’t include your name, date of birth, or other details about you that a stalker might easily recognize. Once you have an anonymous address, guard it as you would your credit card or Social Security number.

6) If you have a personal website, don’t post your email address – These days many of us have blogs and personal websites, but it’s a bad idea to post your email address. Instead, use a contact form so that people can reach you without having your personal address.

7) Be careful when posting photos online – You never know where photos can end up when you post them online. Someone could find them in an image search, post them to a website or downloaded them to their computer. And if the photo contains information about where you live or work, you could wind up giving a stalker all the information they need to locate and harass you.

8. Create strong passwords – Make it difficult for someone to guess your passwords by using a mix of letters, numbers and characters and make sure that they don’t spell anything. Passwords that include the name of your pet or some other personal detail could easily be guessed, allowing an attacker to gain access your account. The same goes for security question answers. Choose hard-to-guess answers to prevent someone from using the password retriever function to obtain your password.

9) Avoid using location-based services – “Checking-in” to restaurants and other locations can be fun, but it can also be dangerous if someone is stalking you. If you must use location-based services, choose a unique username or alias that is not associated with any of your other accounts to make it more difficult for people to identify you.

10) Delete old posts or entries – If you have a stalker, they will scour the Internet for any tidbit of news about you so it’s a good idea to delete any old forum posts, Tweets or status messages that include any personal details or information that could allow them to find you both online and off.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser, Neal O’Farrell shares his thoughts on keeping yourself safe at work.

While most of the advice we offer on the Daily Shield focuses on protecting your personal space and finances, it’s easy to forget that some of the greatest security vulnerabilities can be found in a place you may spend much of your life – the workplace.

And with an endless stream of data and security breaches being traced back to bad decisions in the workplace, it could help you and your job if you pay a little more attention to workplace security and privacy.

With that in mind, here are a few simple ideas that can protect you and your co-workers in the year to come:

• Know the rules and follow the policies. Security policies sound like a pain, and in some workplaces they’re so long and complex they read like a text book for a law degree. But policies are there for a reason, and even if they’re poorly written or overly complex, you still need to pay attention to them. If properly implemented, they protect data, protect your workplace, and even protect your job.

• Be careful what you bring to work. One of the biggest threats in 2012 is BYOD – Bring Your Own Device. In spite of policies against them, many employees still bring their own smartphones, laptops, and tablets to work. Thumb drives are a particular source of security problems. If you use those devices to store work information or access corporate networks or systems, you risk exposing your workplace to all kinds of threats. If your employer doesn’t know what kinds of devices you’re using, and what kind of security precautions you’re taking, they’re almost defenseless against the risks your devices might pose.

• Keep your personal information hidden or out of the office. A study as far back as 2005 by the University of Michigan found that close to 70% of all identity thefts in the United States might originate in the workplace. Even if the report is only half right, that’s reason enough for you to guard any personal information you bring to the workplace. So hide any personal financial documentation, wallet, purse, personal devices and anything else a co-worker might grab an opportunity to snoop on.

• Be careful with social media. Many workplaces still don’t have clear rules about the use of social media in the workplace, but that doesn’t mean you should ignore the risks. And apart from getting into trouble for checking your Facebook page too often at work, some of the biggest risks when using social networks at work include saying things that could get you or your employer into trouble, giving away corporate secrets or insider knowledge, or clicking on a malicious link that introduces malware into your workplace.

To avoid these dangers (1) stay off Facebook at work as much as possible, (2) if you do use Facebook or Twitter, mind what you say – about yourself, your workplace, your colleagues, and your job, (3) be very careful what you click on.

• Protect your passwords. If your workplace has guidelines or policies on the proper use of passwords, follow them. The rules are there because they work. If your workplace doesn’t have any clear rules, then use common sense. Use long and complex passwords, change passwords often, don’t share them with others, and be wary of calls or emails claiming to be from a colleague and requesting your password.

• Challenge strangers. One of the most common attacks on the workplace is the walk-in, where a complete stranger will simply walk into the business, perhaps posing as a customer, repair technician, or even a janitor, and steal information. If you come across a stranger in your office, don’t simply ignore them. Offer to help them, ask them who are and what they’re looking for, and if they seem suspicious, notify security or your colleagues.

• Think privacy. The root of good security is a respect for privacy. As a consumer you value your privacy and expect it to be respected and protected. So why not expect that for others. If you come across the personal information of others, give it the respect it deserves. Good security flows from a respect and passion for privacy, and if it’s second nature, security breaches are less likely to happen.

• Be an advocate. If you truly believe in security and privacy, and believe that it makes a difference, then speak up. Become a privacy advocate in your workplace. Encourage co-workers to take security and privacy seriously, and if there are no security guidelines or policies in place already, offer to work with your employer to create share, and apply them.

Learn more about identity theft protection.

Keep informed about the latest threats to your safety. Join our Facebook group.

Although Santa has come and gone, it’s never too early to start a wish list for the New Year. So today, Intersections’ Consumer Security Adviser, Neal O’Farrell shares his security wish list for 2012.

Another year over and a new one is just about to begin, but hand it to hackers to spoil all the fun. As we look back on the year that was, and try to predict what lies for us in the year ahead, it might be a good time to think and talk about all the things we’d like to change so that the bad guys don’t win more than they have to.

With that in mind, I’ve put together a wish list of just some of the things that I’d like to see happen – things that would protect consumers and make life easier for victims.

1. Consumers could take the threats more seriously and get more involved in their own protection. We know from experience that the majority of security incidents could be avoided if consumers were more vigilant, more involved, and more willing to change the bad habits that often get them in trouble.

2. Stop using zero liability as a safety net. Consumers make the mistake of assuming that zero liability means zero loss or zero responsibility. As any victim will tell you, zero liability leaves a lot to be desired and often leaves the victim on the hook for costs they never anticipated.

3. Banks should play a greater role in educating and alerting their customers. Banks are in the best position to educate and information their customers about security risks, and alert them to the latest threats. But most financial institutions would prefer to say as little as possible about security in case it makes their customers worry.

4. The IRS, Social Security Administration and other government agencies should be more sympathetic to the plight of victims and change their practices. I hear so many horror stories of identity theft victims whose Social Security number is being repeatedly misused and abused by crooks, and in many cases it’s because the Social Security Administration has few resources to help in such cases.

5. Law enforcement should be more aggressive, especially when it comes to taking victim reports and sharing intelligence. One of the many worrying trends in identity theft is the evolution of super thieves – low level crooks who are never arrested or get into any law enforcement database, and so go unchallenged and undetected for years. Which gives them plenty of time to practice and get much better. By the time law enforcement spots them, they’re too good to be caught.

6. Data breach laws should focus on the needs of the consumer and not the breached company. Too many of the proposed laws focus on the needs of business rather than the impact on consumers.

7. Consumers should watch their credit reports more carefully – I still come across consumers in their 50’s who have never checked their credit reports and don’t know how.

8. Accelerate the move to chip-and-pin cards. This should help slow down the surge in skimming attacks that take advantage of the vulnerabilities of traditional magnetic stripe cards.

9. More consumers using credit cards instead of debit cards. As recent skimming attacks have shown, a debit or ATM card provides direct access to the victim’s bank account. And while stolen funds may be replaced, it might not happen fast enough for the victim to pay urgent bills. Credit cards shift the loss and responsibility on to the financial institution.

10. Faster move to authentication systems to replace passwords. I wrote in a recent blog that IBM believes the password will be a thing of the past within the next five years. And that’s not fast enough for me. There are better ways for users to identify and authenticate themselves, and the sooner they become more practical and effective, the better for security.

11. More security awareness training for employees. Because so many security incidents and breaches are as a result of preventable mistakes by employees, the only remedy is better employee security awareness training. In spite of the fact that it’s one of the cheapest security tools available, most employees receive little if any security training. Which means we’re likely to see more data breaches that result from busy employees making predictable but preventable mistakes.

12. And finally, I’d love to see the creation of a national database of compromised Social Security numbers. Because Social Security numbers can rarely be changed, once an SSN is stolen the victim faces a lifetime of fraud and worry. A national database of compromised Social Security Numbers could significantly cut down on the number of times a stolen Social Security Number is abused.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell provides his comments and analysis of the recent privacy settlement between Facebook and the Federal Trade Commission (FTC). A must read!

As a result of numerous complaints from a number of privacy advocates and organizations, the FTC finally launched its own investigation into Facebook’s privacy claims and failings. According to the FTC’s own statement, which announced the settlement on November 29th 2011, Facebook allegedly made many promises that it did not keep:

• In December 2009, Facebook changed its website so certain information that users may have designated as private – such as their Friends List – was made public. They didn’t warn users that this change was coming, or get their approval in advance.

• Facebook represented that third-party apps that users’ installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users’ personal data – data the apps didn’t need.

• Facebook told users they could restrict sharing of data to limited audiences – for example with “Friends Only.” In fact, selecting “Friends Only” did not prevent their information from being shared with third-party applications their friends used.

• Facebook had a “Verified Apps” program & claimed it certified the security of participating apps. It didn’t.

• Facebook promised users that it would not share their personal information with advertisers. It did.

• Facebook claimed that when users deactivated or deleted their accounts, their photos and videos would be inaccessible. But Facebook allowed access to the content, even after users had deactivated or deleted their accounts.

• Facebook claimed that it complied with the U.S.- EU Safe Harbor Framework that governs data transfer between the U.S. and the European Union. It didn’t.

Speaking about the issue on his Facebook page the very same day, Facebook founder Mark Zuckerberg insisted that “Overall, I think we have a good history of providing transparency and control over who can see your information. That said, I’m the first to admit that we’ve made a bunch of mistakes.”

At the same time he announced the appointment of two privacy officers – reminds me of Sony’s announcement that after more than half a century in business it finally decided it would be a good idea to hire a head of security, only after hackers stole nearly 100 million user accounts. Better late than never, I suppose.

The settlement requires that Facebook can no longer conduct business as usual when it comes to privacy, cannot make any further deceptive privacy claims, and must get users’ approval before it changes the way it shares their data.

Specifically, under the proposed settlement, Facebook is:

• barred from making misrepresentations about the privacy or security of consumers’ personal information;

• required to obtain consumers’ affirmative express consent before enacting changes that override their privacy preferences;

• required to prevent anyone from accessing a user’s material more than 30 days after the user has deleted his or her account;

• required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers’ information; and

• required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers’ information is protected.

It doesn’t look like Facebook has to pay any fines or suffered any other punishments. It’s simply on privacy probation for at least the next 20 years.

Read the full statement from the FTC.

To keep up to date on Facebook privacy issues, Facebook has its own team and page dedicated to all things security.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’ post, Intersections’ Consumer Security Adviser Neal O’Farrell reminds us that “low-tech” methods used by identity thieves and criminals are sometimes the most effective.

As the busiest season for identity thieves approaches, one of the greatest vulnerabilities for all consumers will be their incoming mail. Mail is a magnet for identity thieves because it usually contains all the ingredients to commit anything from simple fraud to full-out identity theft. And all that priceless information is usually left right at the side of the road for any thief to simply pluck from your mail box.

When an identity thief looks down a street, he or she sees no one watching or protecting the stacks of personal information lining both sides of the streets. Hardly surprising that mail theft is one of the most lucrative forms of identity theft and the most popular for low level or novice identity thieves.

And these thieves know that the Holidays always bring with them a treasure-trove of personal information, and especially financial statements. Mail theft has become so lucrative it’s almost an organized crime with professional mail gangs actively roaming neighborhoods looking for unattended mail that they can grab, run, and sell to other thieves. And we’re already beginning to see a seasonal spike in this kind of crime. Just recently, police in the Northern California city of Chico discovered that mail thieves had ransacked more than twenty seven mail boxes in one spree. And stories like that are now cropping up all around the country.

But it wasn’t on some dark street in an isolated neighborhood under the cover of night. The brazen attack was actually at a Post Office, in plain sight where thieves crashed through a plate glass window, emptied all the mail boxes and sorted out the valuable from the valueless right there on the post office floor.

And some thieves will stop at nothing to get their hands on your mail. One thief was recently charged with hiring two women to attack a postal employee so they could steal the master key he used to open mail boxes. In a vicious assault the thieves actually tazed the postal worker.

So what can you do to protect yourself?

• Collect your mail every day as soon as it arrives.

• Never leave mail out in your mail box to be collected. That’s quite literally a red flag for thieves.

• Consider switching to online banking and bill paying. Most experts believes that online banking is much safer than traditional banking, and by going paperless with your bills and statements you can dramatically reduce the amount of information thieves can steal from you.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

In today’s article, Intersections’ Consumer Security Adviser Neal O’Farrell asks the question “is the economy helping cybercriminals?” Read on to find the answer!

A recent report from security firm Panda Labs found that in the last three months alone it has detected more than five million new types of malware. That works out to an average of one new type of Trojan, virus, and other malicious program discovered every 1.5 seconds.

Because of the way most anti-virus programs work, once a virus is discovered the anti-virus companies have to rush to write a piece of code or signature that must then be downloaded as quickly as possible by billions of users around the world in order to keep that particular piece of malware out.

That means that many of these viruses can easily make their way on to unprotected computers before the programmers have time to push out the updates. And with many anti-virus companies struggling to grow their profits, it could mean that as malware grows in volume and sophistication, anti-virus companies may have to spend less on updating their software.

And if you don’t believe in such perfect storms, take a close look at the identity theft wars. As identity theft continues to grow, and become more sophisticated, cash strapped police departments no longer have the resources to investigate these crimes. Which only encourages and emboldens more thieves.

The Panda Labs report seems to support this notion. The most powerful and dangerous type of malware, and the type most favored by organized crime for its ability to steal passwords and break into bank accounts, is the Trojan. And according to Panda three out of every 4 new types of malware discovered in the last three months was a Trojan.

Which probably explains why Trojans were responsible for the majority (63%) of infections in the last three months. Trojans are very efficient bank robbers, and the payoff can be enormous. Two cybercrooks from the Ukraine were just sent to prison in the United Kingdom after they were convicted of using exactly this type of malware to steal more than $4 million from bank accounts in just six months.

On a related note, the Panda Labs report also found that the countries with the worst infection rates were China, Taiwan, and Russia. In China, for example, it’s believed that more than half of all PCs are infected by malware.

And traditional attacks like phishing are not going away. Within days of a warning by the American Bankers Association of an unexplained spike in phishing attacks, security researchers had identified a new type of phishing attack that looks like it comes from a well-known bank and offering recipients $35 to complete an online survey.

According to security firm Sophos, the email asked for so much highly confidential information it should be a warning sign. According to Sophos, the email questionnaire asked for:

• Social Security Number
• Card number
• Card expiration
• CVV
• ATM PIN
• First, Middle and Last name
• Email (ironically they mailed you the form)
• Address
• Mother’s maiden name
• Place of birth
• Birthday

And an increasingly common way to spread phishing emails and infect users with this kind of malware is trusty old spam. The irony is that much of the spam in circulation today comes from the computers of innocent users. Spammers use botnets to infect unprotected computers and use them to relay spam to other users. And unfortunately, it appears that the United States still holds the top spot when it comes to relaying spam.

The bottom line? The easiest way to lose a battle is to just walk off the battlefield. As many companies and industries struggle just to survive, they’re cutting back on security. According to this year’s annual Global Information Security Survey, conducted by PricewaterhouseCoopers, nearly 10,000 executives around the world were asked about their plans to make security a priority. Sadly just 11% said that they planned to make data protection a top priority.

Cyber-crooks are taking full advantage. Not only are they developing even more sophisticated malware, they’re deliberately overloading businesses and consumers with so many attacks, something has to give.

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.

We are joined once again today by Steve Schwartz, Intersections’ EVP, Consumer Services. In today’s video presentation, Steve shares some very important safety tips to help keep your kids safe online when using social media. We all want to have fun on sites such as Facebook and Twitter. By following a few simple rules, you can make help make the experience both fun and safe for your kids.

Learn more about the growing problem of child identity theft and what you can do about it.

Keep informed about the latest threats to your safety. Join our Facebook group.

Intersections’ Consumer Security Adviser Neal O’Farrell uncovers the secret contained in the recent 2011 Microsoft Intelligence Report. What’s the secret? It’s the user’s fault!

There are two schools of thought on the topic of consumer security awareness. One school suggests that all the malware and scams in circulation are far too advanced for consumers to understand and therefore prevent, and consumers should instead entirely trust technology to protect them. The most vocal proponents of that side of the argument are, not surprisingly, the companies that sell security technologies.

The other side of the house believes that consumer education, awareness, and vigilance are key to preventing or avoiding many, if not most, attacks. That’s the side of the argument I sit on, and so should you. Your vigilance, and your acceptance that you have significant responsibility for your own protection, are key to avoiding some of the most common attacks.

Think about it for a moment. Would phishing emails – the ones that pretend to be from your bank to try and trick you out of your password – even work if people just ignored them? Would infected email attachments work if users never just opened them? And would passwords still be a weak link if people made them stronger.

There are so many examples of just how important user awareness, vigilance, and participation really are. And one of the key words is vigilance. Awareness is no longer enough, because I think it’s safe to assume that most consumers are aware that there are risks and that there are something they should and shouldn’t do.

But vigilance is about being aware at exactly the moment that counts – thinking security before you create or use a password, before you respond to an email, before you open an attachment, or before you visit a web site.

And there’s plenty of evidence out there to how a lack of awareness and vigilance are being exploited. A recent study by Microsoft found that nearly half of all malware Microsoft detected when it scanned more than 600 million computers used tricks on the user in order to succeed. With security firm Trend Micro reporting one new type of malware every half second, that’s a lot of focus on user exploitation.

The study also found that that around 90% of all exploits targeted vulnerabilities that were known about and patched for more than a year. Which probably means that most users are just forgetting to update their software – one of the easiest way to protect yourself. In fact, although users are warned repeatedly about the need to update their browsers, Microsoft reports that nearly half of Internet Explorer users still use vulnerable out-of-date browsers.

And if the security experts recognize this weakness, so do the bad guys. Cybercrooks across the world are experts at social engineering – creating tricks that consumers are likely to fall for. These crooks expect you to make the wrong choice, whether it’s to forget about updating your browser or security software, falling for phony emails or Facebook requests, or letting your caution overcome your curiosity.

They won’t waste a moment taking advantage of a mistake you can make in a split second. So they’re worst fear is that you take a moment – to stop and think before you make a decision and use that pause to make the right decision instead of the wrong one. If you pause, think, and chose the other, safer path, you win and they’ve just wasted all that time and money.

Network World said what many others might want to. In a recent article on Microsoft’s report, they simply concluded “wise up stupid users!”

Want to learn more about identity theft protection and our credit monitoring services?

Keep informed about the latest threats to your safety. Join our Facebook group.