What free security programs should I recommend for someone who doesn’t know how to create word docs (and Word is installed) or attach files to an email, and who has young kids who download and install everything they find?
I think CIS, as it is right now, will be too hard… 88)
True But not only Are uneducated Nubies a threat to them selves but they spread Viruses.
In reality the best security for a Nubie, if they are willing is a some training in basic best security practices. and how to use the PC.
My wife for example she does not want to now anything about a PC except how to Use Outlook, Power Point, and Word. She is a perfect example of a dangerous nubie but she is getting better slowly and reluctantly. And part of her problem at work any is the computer guy in their office, and the senior & managing partners. The partners think they are saving money by not paying the PC guy to set up good security. I even offered CEM & CIS for free. The computer guy would rather make money fixing the problems than preventing them.
I agree, I was just poking fun. I wasn´t trying to start a serious dialog.
I think thats the best way to learn.
This is why one of biggest computer security risks and the hardest to control is the user.
Many/most do not have the time, realize the risks to their data and even more importantly they do not have the desire to learn to use a PC safely (meaning minimize the risk to their PC and their Network and other users, and therefore their Data)
See: 10 Immutable Laws of Security Administration
Law #1: Nobody believes anything bad can happen to them, until it does
Many people are unwilling partners in computer security. This isn’t because they’re deliberately trying to endanger the network—they simply have a different agenda than you do. The reason your company has a network is because it lets your company conduct business, and your users are focused on your company’s business rather than on the vagaries of computer security. Many users can’t conceive why someone might ever go to the trouble of sending them a malicious email or trying to crack their password, but an attacker only needs to find one weak link in order to penetrate your network.
Law #2: Security only works if the secure way also happens to be the easy way
As we discussed in Law #1, you need the authority to mandate security on the network. However, the flip side is that if you turn the network into a police state, you’re likely to face an uprising. If your security measures obstruct the business processes of your company, your users may flout them. Again, this isn’t because they’re malicious—it’s because they have jobs to do. The result could be that the overall security of your network would actually be lower after you implemented more stringent policies.
There are three key things you can do to prevent your users from becoming hackers’ unwitting accomplices.
Make sure your company’s security policy is reasonable, and strikes a balance between security and productivity. Security is important, but if your network is so secure that nobody can get any work done, you haven’t really performed a service for your company.
Look for ways to make your security processes have value to your users. For instance, if you have a security policy that calls for virus signatures to be updated once a week, don’t expect your users to do the updates manually. Instead, consider using a “push” mechanism to do it automatically. Your users will like the idea of having up to date virus scanners, and the fact that they didn’t have to do anything makes it doubly popular.
In cases where you must impose a restrictive security measure, explain to your users why it’s necessary. It’s amazing what people will put up with when they know it’s for a good cause.
As a result, relying on voluntary measures to keep your network secure is likely to be a non-starter. You need the authority to mandate security on the network. Work with your company’s management team to develop a security policy that spells out specifically what the value of the information on your network is, and what steps the company is willing to take to protect it. Then develop and implement security measures on the network that reflect this policy.