Security hygiene

Writing in the inaugural issue of International Journal of System of Systems Engineering, Gattiker says the campaign would be on a par with road safety and public health campaigns but for computer users and will work most effectively if coupled with an early warning system for security issues.

At least half of all Europeans have access to a broadband internet connection in their homes or small business offices, says Gattiker, an expert at information and risk management firm CyTRAP Labs based in Zurich, Switzerland. All these users with high-speed connections represent rich pickings for cyber criminals hoping to exploit security loopholes, propagate viruses, worms, and Trojan horse software, and steal or compromise those users' data.

“Unfortunately, home users and those in small business are often the least prepared to defend against cyber attack,” says Gattiker, “moreover they often fail to update the security software and defence mechanisms they have in place and so detecting and resolving attacks on those systems is a real challenge.”

Member States of the European Union established the Cyberworld Awareness and Security Enhancement Structure (CASES) to improve awareness of security issues among home users, telecommuters, and small business. Gattiker has undertaken a study of security recommendations and suggests that Early Warning Systems (EWSs) could lead to a culture of security to help improve prevention and security against malicious code and attacks.

Gattiker explains that success in improving security hygiene rests on focusing on specific aspects of data security, such as unsecured information stored on personal computers, firewall and antivirus use or lack thereof and in providing home and small business users with accurate and timely information about security issues and demonstrating how these can be handled effectively.

Gattiker draws parallels between improving security hygiene and the quest for fitness. “We all know what we have to do to lose weight such as improving our diet as well as doing more exercise,” he says, this is analogous to ensuring a firewall and antivirus software is in place and kept up to date. But, he adds that fitness is not just about going regularly to the gym but about using the stairs instead of the lift, analogous to maintaining awareness of peripheral security issues, such as phishing attacks, vulnerabilities at WiFi hotspots, and the problem of zero-day exploits that can hit in between security updates.