When it comes to thinking about online safety, we are overwhelmed with information:

• Sensational news reports of viruses and hacking.
• Advertising and marketing activities by the people who write security software.
• Opinions and stories from friends and family.
• Guidance from work.
• Even websites like this one.

For example, the media play up a spectacular story of hackers robbing a bank but don’t cover the day-in, day-out low-level fraud that affects hundreds of thousands of people each year.

Because of the way internet security threats are reported, people often have the wrong reaction to the problem and make poor choices. For example:

• Fear and uncertainty. People stop using the internet.
• Inaction. Hiding under covers and not taking any action.
• Looking for a magic bullet that ‘solves’ the problem.
• Relying on other people.
• Downplaying the level of risk or the consequences of failure.

You just have to look at the kinds of myths that people fervently believe to see these reactions in practice.

None of these knee-jerk reactions is effective. What is required is a combination of information, judgement, planning and caution. You are responsible for your own protection.

Information: risks and consequences

The first step is to understand the risks that you face online. How many risks are there?  How likely are they?  What are the consequences if they happen to me?

Reading about the kinds of security risks and the consequences when these risks turn into reality can help define the scale of the problem.

In short, the main risks are:

• Viruses
• Spyware
• Eavesdropping
• Hacking
• Physical theft
• Fraud
• Spam
• Identity theft
• Invasion of your privacy
• Theft
• The ability of strangers to contact your children
• Online bullying
• Exposure to inappropriate material

The consequences of a security breach can be severe.

Judgement: probability and priorities

The second step is to set some priorities. What are the odds that I will be attacked?  What am I trying to protect? What should I do first?

It is harder to quantify the likelihood of being attacked, but some research (and people’s practical experience) suggests that some kind of problem is almost certain if you take no action to protect yourself.

• Over 1,000 new virus variants emerge each month.
• Spam constitutes about 75 percent of all email traffic on the internet.
• There is a 90 percent probability that a computer attached to a broadband internet connection without any protection will be infected by a virus within an hour.
• Fraudulent phishing websites increased from 176 new sites in January 2004 to 1,518 in November 2004.
• In the UK over 100,000 cases of identity theft were reported in 2003.

Figuring out what to protect seems easy but the checklist is longer than many people think and probably includes:

• My children’s innocence and safety.
• My property, money and financial wellbeing.
• My reputation: at work, with my friends and family, at credit reference agencies, with customers and people I do business with.
• My privacy.
• The reliability and availability of my computer.
• My time.
• Individual files, such as photos or letters.
• Other people’s data, especially personal information.
• Not letting my computer be used to attack others.

It is impossible to achieve 100 percent security. It is, however, possible to raise your overall level of security and to concentrate your efforts around things that matter the most to you. So it is a case of setting priorities and making time to do the job properly.

Most people do this intuitively when they decide whether or not to fit a lock or alarm. It’s the same online. You weigh the cost of the defence against the risk and consequences of a problem.

This site tries to provide you with a comprehensive checklist of security actions and advice. Naturally, we recommend you follow it and enjoy the internet to its fullest. However, you can decide to simply transfer the problem to someone else (for example by hiring a security expert to set up your computer), avoid it altogether (for example by not using the internet at all) or just live with it and accept the consequences.

Ultimately this site is about information. The better informed you are, the better risk assessment decisions you can make.

Planning

Creating a security plan, even if it is written on the back of an envelope, is a worthwhile exercise. Here’s how to do it:

• Audit. Review your own skills, what you are trying to protect, the threats and risks you face. You can use the checklists and quizzes on this site to help.
• Plan. Write down the steps you are going to take to protect yourself and set aside the time to do the work. Don’t just concentrate on the technical aspect; spend time understanding the whole problem and how you can change your behaviour online to be safer.
• Execute. Do the tasks you set yourself or get an expert to help you.
• Monitor and repeat. Make a note in your calendar to review the whole thing in six months. Monitor your security settings regularly.

Use your commonsense

• New threats emerge every day and old threats attack people who have never encountered them before. The watchword is caution.
• Many online problems exploit people’s gullibility, so it pays to be sceptical, even paranoid when faced with something unfamiliar.
• Read online guides to sceptical, critical thinking.
• Mentally assessing the risk before clicking on a link or downloading a piece of software is as sensible as checking a map to make sure you avoid a bad neighbourhood in a strange town.