In 2004 a very smart gentleman named Bruce Schneier put forth an utterance famous in Information Security circles, “Security is a process, not a product.” Lending the flavor of context, what he published specifically was:
“Security is a process, not a product. Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.“
— source: https://www.schneier.com/essays/archives/2000/04/the_process_of_secur.html
2004 was a jolly good while ago. Do we have better software and products to press into service? Certainly – and our adversaries, named or otherwise, have access to the same improvements.
As I contemplate the “old world” wisdom that my parents exhibit in some situations, it is 100% on target, appropriate, and safe. (They may chide the person at the other end of the phone, for example, and then hang up on them.) The trouble is there are certainly “bad actors” out there who spend a significant amount of their time honing their ability to convince other human beings to do “Bad Things(tm)”.
With this differentiation between “processes” and “products”, I’ll bring my combined experience supporting a host of clients both far and wide, and witnessing my parents’ generation both succeeding and failing under various test circumstances, to provide relevant and timely “Security Advice” focused on that generation.
Free Advice is worth every penny you pay for it. Insert all manner of personal indemnification and excuses here.