Poor security can lend a false sense of security, encouraging you to relax your guard and making it more likely that you will suffer loss or damage from bad guys.

Analogy

Consider a garage. If you have no lock on the door (no security), you are likely to check that your car is locked and not leave anything valuable exposed. If you have an inadequate lock (poor security) you might think comforting thoughts like "well, at least it's something" or "it will slow them down" and no take the same care.

IT Systems

You might get away with poor system security for a while, but in the connected world there areenough bad guys with enough time (and automated hacking tools) that your poorly secured systems will be found and attacked. If you're very lucky you'll just get some silly message on your web site, but more likely are data loss and having your computers highjacked as proxies for further attacks.

Things to do

Security is as much a process as a product. Don't think that just because you've installed _name brand anti-virus/personal firewall_ that you don't need to do anything else.

There's nothing new here - you know what to do, you just have to do it.

  • Keep that anti-virus software up to date.
  • Use WPA or WPA2with AES encryption on your wireless network, worry less about hiding SSID and MAC address security.
  • Keep your operating system up to date. Even if you don't let the updates happen automatically, check for security updates regularly and apply them.
  • Have a network firewall as well as a computer firewall. If you have a router/shared internet connection you probably already have a firewall with default settings.
  • In a corporate environment, you should have a system policy covering things like passwords, acceptable use, monitoring etc.

Most importantly have a security mind-set. Don't do stupid things and expect to escape the consequences.