In 2014, companies announced nearly a breach every day, exposing an average of 1.1. million identities per breach.
For consumers, the news appears grim. From ads on major websites infecting consumers' systems to ransomware that can hold data hostage, criminals continue to successfully steal money and data from half a world away. If companies can't protect themselves from the bad guys, what chance do individual users have? Even the police are falling prey to criminals.
In reality, consumers have a better chance than most companies. Yes, home users are overwhelmingly targets of opportunity, but they can protect themselves by making their systems harder to compromise and looking out for signs of infections.
"You can't just pack it up and give in, even though that may seem to be a reasonable approach," says Mark Nunnikhoven, senior research scientist with OpenDNS. "You need to take reasonable steps to protect yourself."
For years, security professionals have tried to erect impenetrable digital walls, but that strategy has largely failed. Instead, the latest philosophy focuses on throwing up multiple hurdles in front of attackers and improving awareness — spotting attacks before they can do damage.
For consumers, these techniques boil down to three simple strategies.
1. Don't leave a device vulnerable
With the average person carrying three devices — a smartphone, a tablet, and a desktop or laptop — keeping track of whether all those devices have downloaded the latest updates is a chore. Multiply the workload by the number of family members and keeping up with updates can be an enormous and ongoing project.
A few security services can help the family administrator manage the problems. For Windows users, Secunia's Personal Software Inspector, a free service, checks all third-party software for updates and gives instructions on how to update. For hybrid households, OPSWAT Gears, a free service for less than 25 devices, makes sure that each PC and Mac passes a number of security checks, such as whether it has antivirus, a firewall, and an encrypted hard drive.
"We get you a score for compliance and then we give you the tools to improve your score, either based on systems configuration or third-party applications," says OPSWAT CEO Benny Czarny.
In addition, most major security software makers have made managing multiple devices much easier, albeit for a fee.
2. Monitor your network's traffic
Once your systems are locked down, the next step is to monitor the network for potentially bad traffic. To compromise your computers, attackers must communicate with your network, and that leaves traces.
One option: Look at the logs captured by the network router. More advanced routers — including many high-end consumer models and most models designed for small-business use, have options for logging or even for archiving of logs in the cloud. Another option is use a cloud service, such as OpenDNS, which collects all the domain requests generated by your users, blocking communications to suspect servers and websites and allowing family administrators to filter inappropriate traffic.
Sign up for CIO Asia eNewsletters.