The productivity cost of protecting ourselves from cyber-threats
The cost of cyber-threats such as viruses, spyware and phishing schemes is truly staggering. The Consumer Reports National Research Center estimates that 1 in 4 people have encountered a major virus attack, resulting in an average cost of $109 per incident and a nationwide cost of $5.2 billion in total damage. Spam, spyware ($2.6 billion in estimated damage) and phishing schemes ($630 million in estimated damage) have also caused tremendous financial and productivity losses.
There are a variety of measures that everyone should take to protect themselves from cyber-attacks…
- Invest in an anti-virus program. No ifs, ands or buts about this one!
- Install a hardware firewall on your network and a software firewall on your PC. Most routers have some sort of firewall built-in, but you might want to upgrade to a higher-level firewall device such as those offered by SonicWall. A software firewall is an absolute necessity for laptop users who surf the web at public WiFi spots.
- Install an anti-spyware program that can scan your hard drive for spyware, or better yet monitor for spyware in real time (i.e., without having to go through a comprehensive scan).
- Use common sense when responding to emails. Don’t buy products from folks you don’t know, or via obvious spam email (yet about 800,000 households did so in the past year). And don’t update your banking information via links from any email!
However, when establishing your e-threat arsenal of tools, a balance must be struck between threat protection and personal productivity.
Within the past 24 hours, I have personally encountered two examples of over-zealous cyber-protection that have resulted in reduced productivity, lost time and much frustration. Over-zealous protection can even impact your relationship with clients, prospects and colleagues.
Collateral (spam) damage
In the first example, I was actually on the other end of someone else’s cyber-protection tool, and as a result was prohibited from communicating with them. Worse yet, they didn’t even know it! The culprit: a spam filtering service called Spam Cop. Spam Cop filters spam by identifying and stopping purported spam at the email server level. It sounds great on the surface. But the fact of the matter is that most email is delivered from an email server that is shared by multiple users, and when a server is identified as a source of spam, everyone associated with that server is identified as a source of spam. The result: lots of legitimate email is blocked and never allowed to be delivered by Spam Cop – “collateral damage” resulting from Spam Cop’s rigid methodology.
For example, our company’s email is hosted by Verio (although we will be switching soon to internally hosting our own email, partially for this reason), and my personal email address is hosted by Comcast. I’ve had numerous person-to-person emails blocked by Spam Cop because the Verio or Comcast email server was identified as a source of spam. Yet Spam Cop provided no process for re-defining emails as non-spam through some sort of verification process (you know, the ones that ask you to type in characters based on a fuzzy-looking graphic). Emails that are identified as spam are stored in Spam Cop’s online server in a “held mail” folder for two weeks, then are deleted. I’m betting that most users never even check that folder.
I’m all for blocking out true spam, but not at the cost of blocking out legitimate emails. I’d rather receive ALL emails and use a program such as Trend Micro’s Anti-Spam software to sort perceived spam into a spam inbox that I can review with a single click – and that won’t auto-delete the emails – rather than having ANY legitimate emails not get through to me.
Staring at wallpaper…
The second disaster that I ran into yesterday was the result of applying Windows XP updates to my laptop. After applying the latest updates and rebooting the computer, I got no further than the Windows wallpaper. No icons, no task bar…just the picture of a beautiful island with three palm trees in the middle of an azure sea.
After a couple of hours trying to resolve the problem, including time on the phone with Microsoft and Dell, I was able to “roll back” my PC to the state that it was in before the updates were applied. Everything works fine now, although I’m dreading going through the process of applying a few updates at a time to find the offending update. For my machine, which is loaded up with all kinds of software, it takes me about 20 minutes to shut down and restart it. At that rate, it might take me 2 hours to get through the entire process.
I highly recommend that everyone keep up with the Windows updates. There are simply too many holes in Windows that hackers can exploit to get into your system. However, I have two suggestions that will improve your productivity and save you time…
- Set Windows to “Download updates for me, but let me choose when to install them.” This will automatically download the updates and inform you that they are ready for installation. However, this option allows YOU to choose when to install the updates. Installation generally requires a reboot of your system, which takes lots of time if your computer is set up like mine. To make this recommendation work, you MUST incorporate update installations into your regular routine. Otherwise, you’ll not keep up with the updates and you’ll be susceptible to attacks. If you can’t keep up with the updates, I’d recommend setting updates to “Automatic”. You can change your Windows update settings by right-clicking on My Computer, then clicking the “Automatic Updates” tab.
- Be prepared to roll back your system to a previous state if the update is unsuccessful. You can do this by pressing the Control-Alt-Delete keys (all at once), clicking the “Applications” tab, then clicking the New Task button. Type “c:\windows\system32\restore\rstrui.exe” into the box, then click OK, at which point you can follow the prompts to restore the computer to an earlier time.
Another issue that I’ve run into with over-zealous protection systems is the inability to send files to others via email. Some companies prefer to take no risks with attachments, and they forbid certain types of files (especially EXE) from making it through their corporate firewall.
Fortunately, there’s an easy fix for that. For several years, I’ve used a service called SendThisFile to send files to others. It’s a free service if you don’t need to use it much or don’t need extra file-sending bells and whistles. To use this service, you simply upload one or more files to SendThisFile’s servers and the service generates a URL link that is used by your recipient to download the file. You can even set it up to send you a confirmation email when the file has been downloaded by your recipient.