Network Security guide for the home or small business network – Part 17 – The Security Mindset



This may be one of the most important entries in this series. An important defence against those that would try to access your network is to constantly have the “security mindset”. Ask yourself “do I need this, how could it be exploited, what are the implications of this”… When it comes to people asking you to click on a link… “do I trust the person, am I sure it’s from the person that it claims to be… how sure? is it normal behavior for this person to ask me to click on a link?” I guess what it comes down to is developing some healthy critical thinking and skepticism…


One of the earlier examples was of possible social engineering attacks… one was of a person calling claiming to be from an ISP asking for password and username information to help make sure their files are complete. Are they really from the ISP? Ask for their name… they may provide a number and supervisors name to verify, search the number online does it seem to check out as being from the ISP? Call the ISP at a number you are aware that you can contact them. (Use other means than the person that’s seeking information from you.) Be skeptical.

If someone comes claiming to have a work order to look at network equipment find out who called. Has this person come before, do you KNOW they come to service equipment? How do you know? If they’re substituting for someone, were you aware that the usual person wouldn’t be there? Once again, did someone call in a problem? Be skeptical.

Websites… “this website claims their security product is the best thing since sliced bread…” it may be, but of course, they’ll say that about their own product. Use search engines, look for other opinions. One thing I’ve found is that you can usually tell a bad or suspect product by the overwhelming number (and intensity) of negative opinions you find online. Make sure the review sites aren’t affiliated with the site selling the security product. Be skeptical

Emails… “how do I know my bank sent me this email?” The return email address could be spoofed, the graphics could be forged and the links could be obscured. If there appears to be a problem contact the bank (or other sender) through other means. Be skeptical.

What it comes down to is, if you have something making a sudden “cold call” out of the blue, think about it, ask questions and try to verify it through another source.

On the critical thinking side… So, my firewall is telling me that my new painting program is trying to access the internet, “Why would a paint program need to access the internet?” once again skepticism, combined with some critical thinking.

Now, really if you follow this far enough you can close in on paranoia I think most people though will know when and how to balance their skepticism. The real catch with many people is to get them to start thinking that way to begin with.

   Send article as PDF   

Similar Posts