Personal Cybersecurity How to Avoid and Recover from Cybercrime

I wrote this book to solve two very specific problems for my fellow IT professionals. We all get too many questions from individual computer users who are worried about the security of their personal computers, tablets, and phones. In the industry, the acronym RTFM is hurled at beginners for asking naïve questions. But that is not an appropriate answer to a user concerned about computer security. These folks ask good and important questions that deserve serious answers. A few years ago, after repeating the same answers many times, I started to look for the right book to recommend. There are many good books on computer security but most of them drift into security for system administrators; this confuses ordinary users and leaves them uncertain. And no one needs to be reminded that the details of computing change rapidly, but the basic principles stay the same. Users need knowledge that will give them a foundation to build on as the details of security issues change. Many books on personal computer security tend to be highly prescriptive with lots of screenshots and values to fill into specific fields. This is nice, but this aspect of computing changes rapidly and many of these books become confusing within months of publication because interfaces change. Users need simple explanations of what they are doing and why they are doing it, not outdated, detailed instructions. The rate of change has escalated as products adopt automated update practices. Products evolve much more rapidly than a few years past. To stay safe during rapid change, computer users must have a firm grasp of what they are protecting themselves against, how the protections work, and why they need to protect themselves. The book is divided into three sections. The first section explains how computing has developed, how cybercrime has become a serious problem, and the extent of its severity. The second section examines what government and industry have done to respond. The third section relies heavily on the previous two sections and focuses on what you can do to protect yourself and what to do when you become a victim. Throughout, I have tried to maintain focus on what is wrong, why it is wrong, and how the response works so that a user can apply the advice to any computer they work with. If I have succeeded in my goal, the users who read this book will be informed, not quite so nervous, and prepared to avoid or actively resist the security issues that plague them. This book will not eliminate user questions to IT professionals, nor will it eliminate the need for operating system and product security documentation. In a world where substantial updates are automatically applied every month, a book like this would not be useful for long if it was only a snapshot of cybersecurity at one moment in time. Readers may be tempted to skip to the last two chapters. If you are under attack and feel the need to take immediate action, do skip ahead. But then go back and read the preceding chapters. You will find that the recommendations in the final chapters will make more sense, are easier to accept, and can be applied more effectively after you have the background the earlier chapters provide.