Inconspicuous little actions may ruin security measures

Security should start from the nuances

You may have taken many measures for encrypted network security and data security, such as installing firewall, anti-virus software and hardware, and UTM ......, However, some simple behaviors or ideas may allow you to put all the security measures to the fore.

Is there a way to list all the aspects that give way to the security of a well-protected system. Of course not. Generally, users make countless such errors. Therefore, the so-called five aspects of the author's question are nothing more than a feather, and these "hairs" are just the most common. However, they show us that these seemingly inconspicuous little actions may destroy the hard-built security door.

Believe it or not, please refer:

1. Trust: The trust here refers not only to trust others, but also to the following situations: trust a certain brand, and believe that a certain anti-virus software system cannot be infected with viruses; trust a security system that does not trust users, trust your judgment capabilities, and trust the absolute reliability of your security measures. These are the enemy of security. Remember, security is relative.

2. Ignorance: This is in connection with the previous article. It is because of ignorance that it is easy to trust. Most of us may know that ambiguity is not security. This does not mean that we do not try to use ambiguity for security, and sometimes we do not even know what we are doing. A very realistic example is our understanding of Google and Yahoo's indexing of Flash content. This index indicates that many sensitive information is naively encoded into the Flash Object, which may be used by some people familiar with this field. Many people create security filtering, but do not realize that they are actually relying on ambiguity rather than security. In many cases, the problem is that users do not really understand the technology they are using. They believe that something that is fixed is sometimes just a vague understanding of a technology. Therefore, do not make the same mistake again. Please try to understand the true meaning of the technology you are using and refuse to blur it!

3. Insecure emails. Some people send confidential enterprise information via email, and some websites provide methods to restore passwords through email. It is conceivable that if these emails are not encrypted, you are handing over the password to anyone who wants them. Therefore, please encrypt your email transmission! But is encryption secure?

4. Insecure encryption. Do not think encryption is a panacea to cure security problems. It may also be insecure. To enable OpenPGP encryption to be available and protect communication, you must be able to decrypt any encrypted message you receive. To ensure its security, you must keep the privacy of the private key and the private key phrase. If the computer that maintains the private key is not properly protected, if the computer that encrypts and decrypts the message does not take appropriate security measures, so what about the security of your encryption? Some systems are more vulnerable to security damage than other systems, thus compromising the security of users' private keys. Unauthorized access may allow someone to copy your private key and launch a powerful offline attack on your passphrase, the keyrecord can be captured when you type a phrase. Even worse, when you encrypt data on someone else's computer, you do not know much about the security measures set by people with administrator access, or even whether they are completely trustworthy. Basically, if your encryption key is not robust, you 'd better not use plain text communication. At least you should know whether the same communication can protect against online eavesdropping if it is through plain text communication.

5. Knowing that you cannot do it. This is not a compliment, I mean to persuade you to realize that you should choose your own battle wisely. Do not fight an irretrievable war. Do not spend a lot of energy on things that cannot be effectively protected. If something that cannot be secure is a must in your enterprise model, you may need to rethink this enterprise model, not just because of its inherent defects, and because all your efforts to ensure the security of the impossible are transferred from measures to safeguard all other aspects. Enterprises should spend limited time and money on things that can be realized!

As mentioned above, these five aspects are not a complete list. However, you can use these five aspects to check your business and avoid making these mistakes. Think about it. Although these problems may not appear in your Enterprise, you can consider other aspects that I have missed. In the face of increasingly serious threats, you should not only think like hackers, but also learn to think like a security expert. Some seemingly insignificant actions may cause unpredictable disasters. Think twice!