I have a colleague, Ed, who’s a legend around here. He’s the Microsoft UK Chief Security Advisor. Obviously that’s a bit of a mouthful, which is why we call him “Ed the Fed”, because of his career history – which obviously makes him an ideal person to ask about Information Security. (I was going to share a picture of the real Ed, but I thought that you’d prefer the cardboard cutout of Ed from our atrium!)
So I wandered along to Ed’s desk, told him about the dilemmas schools are facing with Information Security, and the new Becta guidelines, and he jumped into action.
“Ray”, he said, “you need to remember that this isn’t just about what you do with your IT systems – it’s also about what people do”…and that led to a long, long conversation.
Good to his word, Ed wrote a great article for me – something that you can share with colleagues, friends and family – designed to ensure that anybody using a PC – whether it’s their home machine or their school laptop – can be more secure.
The premise is that you need everybody in your organisation adopting safer practices, at home and in school. And raising their awareness and giving them a self-interest (eg making sure that they are safer on their home PCs) will help you improve information security.
Anyway, over to Ed:
EDWARD P GIBSON
Chief Security Advisor, Microsoft Ltd UK
The “Pareto Principle” - or, sometimes “Just Enough is Good Enough”
I was asked by my friend, Ray Fleming, to list a few things you can do NOW to help ensure a safer online experience. He looked at the title to this article, and then me, and said he already didn’t want to read any further. “It’s supposed to be an article giving our readers a ‘Top 10’ list of things to do NOW, Gibson! Not a place to be talking about the Peter Principle”.
But let’s not be too hasty, Mr Fleming. The PARETO principle is simply the formal name to what we all know to be the “80/20 Rule”, or, 80% of the effects come from 20% of the causes. And that’s the point of this article - of the scores of things you can do to be safer online, there are a few you can take right NOW that will take you more than 80% of the way to online safety. Follow my Ten Steps to Online Safety in 30 Minutes and sleep more soundly tonight.
1) Do not start surfing the web or getting busy online until you have completed steps 2-6.
2) ANTI-MALWARE: If you have not already done so, install Anti-Virus, Anti-Spam, and Anti-Phishing software. If you are using Windows XP with auto updates turned on, or Windows Vista, you already have Windows Defender, free. But you still need Anti-Virus software. Go to www.WindowsMarketplace.co.uk, click on ‘Security Downloads’ at the top of the screen, and look for an Anti-Virus product. Get something you trust.
3) Turn on your Internet (ie, go online).
4) UPDATE SOFTWARE:
a) Run Windows Update to ensure you have the most current security updates.
b) Run the Secunia Online Software Inspector to make sure even your non-Microsoft software is up to date. This will also alert you if your firewall is not turned on
5) Run Windows Malicious Software Removal Tool (MSRT) now. This will get rid of the vast majority of malicious software and other unwanted software on your computer.
6) Go to www.GetSafeOnline.org - the UK Government campaign for online safety. If you have wireless Internet read the section on wireless security. Make sure yours is configured properly - read the instructions for your wireless modem - if all of this sounds unfamiliar to you, send me an email for help.
SEE, you feel much better already, right. Why? Because you just spent 30 minutes to make sure you are at least 80% of the way to being safer online.
If you have 15 more minutes, read on.
7) SOCIAL NETWORKING: If you have little people at home or university, they are likely to be using a social network site such as MySpace, BeBo, FaceBook, etc. Make sure you and your little people spend 10 minutes reviewing www.SafeSocialNetworking.com - though focused on BeBo, its advice applies to all sites.
8) PASSWORDS: Let’s face it, if you are like me chances are you can’t remember a lot of passwords. Don’t go overboard. If you can’t remember your passwords, you’ll end up writing them down - which defeats the purpose for having them to begin with. Try remembering patterns on the keyboard instead.
9) DO NOT click on any links in an e-mail from someone you do not know.
10) PHISHING FILTER: Internet Explorer 7 has a built in phishing filter. If you see a red bar at the top of your webpage, it means you are going to a known site that has malicious software. DO not go there!
Send me an E-Mail to EdGibson@Microsoft.com if you have questions or concerns. I reply to all emails (presuming you ask a question rather than suggest a new place for me to live).