Are you secure?
To most people, security, when talking about Internet, is a list of what to install, what routine tasks to do, and what not to do under any circumstances.
There are interesting publications on that, for example Overdosing on computer passwords and security. Among other things, it is said value of the time users spend managing passwords, SSL certificates warnings (Secure Sockets Layer which encrypts data between web server and your browser) and phishing site identification is far greater than the damage done by computer criminals.
Allow me to disagree.
First, how could one compare the damage amount? Will you persuade a person having lost all the money from their bank account due to a phishing attack, that the damage inflicted is far less than the damage from hours uselessly (so it seems) spent on studying the principles of security?
Second, what is offered instead? What kind of security precautions can be neglected without exposing oneself to cyber-threats?
Security is a discipline of mind. A manner of thinking, not a list of cumbersome, irritating indecipherable actions. Security precautions should be made by experts; for an ordinary user, security means following several simple rules. The rules that assume they are applied to every given case in due manner.
Security is for minds
Security is for minds, not for hands, devices and other things not supposed to think.
We are taught security, in one sense or another, all our life. Many would agree that one shouldn't eat without washing one's hands first. What is the big difference between that rule and the piece of advice to never click on a link in an email message, if you aren't sure who's it from?
Security is the matter of trust. Every time you venture into an area of cyberspace, you trust the owners of that place. If you enter your name and password on a bank site to access your account, you trust that bank. Just as you trust a person if you allow them to enter your house.
Strong passwords can't be secure, if they are written on a piece of paper stuck to a monitor. Strong passwords aren't secure, if a bank can send them to you on request. Access to your private data can't be secure if it can be granted without you involved in the process.
Security is a discipline of mind. There are axioms of security, better not to be neglected. Just as washing one's hands shouldn't be neglected, in general.
Above the axioms, there are several simple rules of trust that one can use to tell dangerous areas of Cyberspace from relatively safe ones.
Security isn't obsession. It is but a set of cyber-reflexes trained to warn you of possible danger. Nothing else — use your mind to decide in every given case, what and how to do.
As for me, I believe in security. It exists, as long as I know what to do to avoid loss of control, leaking out my private data and other unpleasant things happening out there.
Do you? Do you believe in security?
