Microsoft technet has an article listing ten immutable laws of security according to Microsoft. I personally agree with these laws which are:

  • Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore
  • Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore
  • Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore
  • Law #4: If you allow a bad guy to upload programs to your website, it’s not your website any more
  • Law #5: Weak passwords trump strong security
  • Law #6: A computer is only as secure as the administrator is trustworthy
  • Law #7: Encrypted data is only as secure as the decryption key
  • Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
  • Law #9: Absolute anonymity isn’t practical, in real life or on the Web
  • Law #10: Technology is not a panacea

Everyone that never thinks of security until something bad happens must read these rules. Generally people do nothing for their security although they will be the ones that will face negative consequences of disregarding security issues. For example consider a customer of an bank who uses online banking applications. If he/she does not use a strong password, for example uses the license number of his/her car (syntactically strong but weak in practice), and someone gets access to his/her account just by guessing who is guilty, the bank or the customer?

Or assume that this person installs any kind of program from any source without considering any security issue, if he/she installs a keylogger one day that will let someone to acquire his/her online banking passwords, who is guilty? (Of course we assume that this user does not use any other means of security for online banking applications like one time password generators, tokens, sms validations etc. Why should he/she they are unnecessary and hard to use, they get lost all the time…)

Conclusion: You are responsible of what you are doing, do not blame anyone else for things that you must do. (Of course you can blame them if it is their fault but never forget your responsibilities)