In the third part of my series “IT-Misconceptions” I deal with the topic “Computer Security”. There are dozens of misunderstandings that are constantly repeated and all too quickly accepted as truth without actually being provable. Here I have identified some common misconceptions and show how the risks resulting from a wrong understanding of IT security can be minimised.
Misconception No. 1: “If I have a virus or other malware on my computer, it will show up.”
It is not always possible for a user to determine whether a virus or other malware has taken root on his computer.
There are many different types of viruses or other malicious programs that cyber criminals can introduce into computers or mobile devices in different ways. Many malicious programs that can be installed on a computer undetected have identity theft capabilities. They are usually designed to spy on the user, for example, access data or account and credit card numbers, and can cause considerable economic damage to the victims.
Malware that enables an attacker to remotely control infected devices is also completely inconspicuous to the user. This type of malicious code is secretly smuggled into the user’s computer by e-mail attachments, opening a specially manipulated website or clicking on an infected advertising banner, for example. By infecting thousands of computers with the software, authors can launch attacks on websites (DDoS attacks) to paralyse them or use them to send masses of spam. There is no 100% protection against these threats, especially when so-called zero-day exploits are exploited. However, users can increase their protection with measures such as anti-virus software and firewall, as well as the immediate installation of software updates and careful handling of email attachments. Users should also exercise caution when downloading or installing software or other data from unknown sources. If in doubt, this should always be avoided.
Misconception No. 2: “I have nothing to hide and no important data, so I’m not a target for cyber criminals after all and therefore don’t need to protect myself.”
This view is fundamentally wrong, because cyber criminals can use all available data for their purposes.
Anyone who surfs the Internet, shops or banks online with an unprotected device uses and leaves behind a lot of data that cyber criminals are interested in. These are not necessarily the holiday photos, correspondence or other private documents stored on the computer. Criminals can easily steal and misuse access, account and credit card data stored on an unprotected computer or transmitted over the Internet. Malicious programs such as ransomware can also implant themselves on unprotected systems. The authors of these programs can encrypt the infected computer so that the user can no longer read his data. The user simply receives a message to pay a certain amount of money (ransom), usually through disguised channels such as the Internet currency Bitcoins, so that he can access his data again. At the latest then, many often find out that they do have data worthy of protection, such as holiday or family photos. Insufficiently secured devices can also quickly become part of a botnet and be misused for criminal purposes.
Misconception No. 3: “My data is in the cloud, so I don’t need a backup.”
That’s not right. Using a cloud does not guarantee that the data is always available.
It is true that data storage in the cloud offers a number of advantages: the security mechanisms provided by the provider, the possibility of accessing one’s own data via the Internet at any time and from any device, and saving storage space, especially on mobile devices. There are cloud services whose security and also availability are high. Nevertheless, the case can occur that the user can no longer access his data. Technical problems, service provider failures or even the discontinuation of a cloud service are possible reasons. It is therefore essential not only to store important data in one place – as in a cloud – but also to make regular backups, i.e. duplicates of the data, on an (external) storage medium. It should be kept in mind that devices, hard disks and storage media can also unexpectedly break or get lost or stolen.
Misconception No. 4: “If I delete all data from my device and then empty the trash, the data will be gone once and for all”.
Wrong. Additional steps are required to irretrievably remove data from a disk or device.
If users wish to sell or dispose of an old device or obsolete external storage device, they should ensure that all data has been securely deleted to prevent possible misuse. By moving files to the Recycle Bin, the files remain completely on the storage device. Even after emptying the Recycle Bin, data can be restored with little effort, since this process only deletes the references to the data in the index, the table of contents of the hard disk, and releases the area for overwriting. Only the overwriting of data makes it disappear never again for certain storage media. To delete data permanently and safely, it is best to use special programs. If a device or storage medium should not be passed on anyway or cannot be overwritten for other reasons, it should be physically destroyed. This is the only way to make it impossible to restore the data. However, users should be careful to avoid injury from splinters or similar.