Some time ago, I wrote an article called Authentication: Is he who he says he is?, based on the technical fact the faking the sender's email address is rather simple.

How can we educate the user to learn the right degree of (dis)trust when treating with emails (or telephone calls)? We need to be a culture of trust, yet be resistant to social engineering. Do you have policies concerning this matter?

In the last article we have seen that we can't buy-and-forget a computer, we have to maintain it; and that anomalies, which causes a such maintenance, are (maybe) easier to detect at a car than at a computer. Installing updates is one important part of this maintenance, running a anti-virus and a firewall yet another one. However, if you're responsible for the whole network of your base, it is even more critical.

Install updates. Install updates of ALL installed programs. Please.

I cannot stress enough the importance of installing updates. But how does it come that this concept is so counter-intuitive? Because it's not related to the material world.

As the password database (both in my head & in an encrypted file) grows, I increasingly worry about the responsibility which is behind. Not only that someone else could get access to these passwords, maybe suddenly the Internet stops working (at least at home), my computer stops working, the hard drive refuses to read the database file; maybe I'm in holidays, sick or otherwise occupied, and in this very month a significant security update should have been made for [replace this with concerning server or website]; or worst, my heart stops beating and someone else is trying to take over my heritage because he desperately needs access to [server/website].