Do you own a computer? Since you’re reading this let’s assume that you do. Does your computer have anti-virus software? Since you’re a reasonable, intelligent human being, let’s assume that it does. Do you also run something like Malwarebytes or SpyBotS&D? Since you’re a responsible netizen, let’s assume that you do. Does this mean that your computer is “secure”? Since your computer is on 24 hours a day, 365 days a year, let’s assume that it isn’t.

I can hear all of you now: “My antivirus is up to date! I’ve got nothing to worry about!”, “My spyware definitions are current, I’m protected!” The problem lies in a couple of factors; First, your antivirus was up to date the last time it was updated. Ten minutes later, you are still vulnerable. Second, I can’t count how many times I have been asked to look at a computer that was “running slow” or “acting funny”, only to find that it had been all but taken over by malware. These are computers with updated anti-virus, owned by people just like you and I who religiously check their systems for evil bits and eradicate them. Just kidding! Most of the time, I find the anti-virus software is out of date (usually because the subscription expired), and nobody has ever taken the time to check for malware.

The truth is, anti-virus software is, at best, an arms race. The companies who make anti-virus software are forever playing catchup to the people who write the viruses. They are perpetually one step behind, by design, because their technology is REACTIVE rather than PROACTIVE. Anti-virus software can not protect you until the bad stuff has already made it to your system, by which time it may be too late. In addition, if you don’t know what you’re doing you can actually harm your system by trying to run too many of these anti-malware applications at the same time, or worse, reduce productivity while people try to work around a system that is not optimized for your environment. If your system is too aggressive people will get in the habit of “clicking ok to make the box go away”, which can actually leave you more vulnerable to attack than if you didn’t have the software in the first place.

All of that being said, most anti-virus software does an excellent job of protecting you from known threats. Anti-malware software helps to clean your computer up after the evil bits have been installed. Both of these are important pieces of the security puzzle, but anyone who tells you, “Install this piece of software and you’ll be completely secure!”, is trying to sell you something. Any “security assessment” that only looks at whether your anti-virus software is up to date and you have the latest Microsoft patches installed is not a security assessment.

A lot of people today sell software wrapped up in a package with SECURE!!! written all over it, the number of people who can actually help you secure your priceless data is far lower.

When I spoke at Learn About Web 2008 something I tried to convey was the importance that your audience feel secure in your environment. When developing your business consider using the hard work you have put into protecting it and the genuine effort you put forth protecting client data as a marketing tactic. Again, this only works if you actually put effort into developing your security program.

Using items like trustmarks (recognizable representations of some type of effort, service, or guarantee), privacy policies, and appropriate copy in the material your customers receive and your employees are subjected to allows a subtle and controlled feeling to be delivered. Should you get this message wrong your customers and employees might just feel like the below cartoon by Scott Stantis.

Prickly City by Scott Stantis