'Recently, a friend of mine got hacked, costing him some hard earned cash, a lot of time talking to his bank, and the frustration of knowing he had been had. Post a little Q&A, it was established that, that day he had utilised the services of an insecure public Access Point [AP], which was, it would seem the commencement of his troubles, when he logged into his PayPal, and Bank accounts with complete disregard for his logical security.
The first thought that entered my head was 'just how silly can you be', as my friend should have known better - but should he? Confronted with the offer of free WiFi, do we assert that every member of the public is fully savvy on the subject of logical security, and the associated exposure they face when throwing caution to the wind?
The fact of the matter is, in my opinion the missing element with the topic of, shall we call it, Cyber Security is that there is no real Security Education and Awareness Programme in place to protect the public from others, and themselves. Granted this will cost money - but let us not forget, in the absence of doing something, this is exposing individual users, the SME, and the economy to losses which are now reaching significant proportions
Getting back on to the topic of my friends issues, after a little bit of education, and a few configuration tweaks, we bolstered up his local security with complex passwords, the used of Symantec VIP Services, and the employment of a piece of software to create VPN Tunnelling - all of which was easy stuff to implement. Thus now hopefully, enriched with a little education and awareness, and the implementation of a few easy to use tools, my pal will be fine, and all was well with the world - or was it? Until....
Today, I am traveling down to London on the train, and sitting offset to the left in front of me, I observed a user unbeknown to me fire up their laptop, share the entire contents of their big screen with me, and then, as if not to add to my concern, logged directly into the mobile public AP without a care in there world- yes, Security Education and Awareness for the Public should be considered a High Priority if we are ever to dent the successful growth of Cyber Criminality.'
Where does John's advice to his friend appear on any of the current mainstream "security awareness programmes"? Who do you trust to give similar advice to your local silver surfers club and, more importantly help install the necesary software for them and check that it is working?