Why being paranoid can be a skill

In IT you need to have a disaster recovery plan, which means you need to think of the worst case scenario every time.

That's why paranoia is one of the best skills of an IT security professional.

When it comes down to computers, things are almost never what they seem.

I've been screwed up so many times in the past that now I follow three simple rules:

1. Backup, backup, backup!  In technical jargon we call it redundancy, i.e. keeping multiple backup copies on different media (external hard drives, cloud, etc.). You might be tempted to think: "Why should I keep a copy of that Word document when I already have another copy of it on a different hard drive?". Don't worry about it, you never know when you might need a spare copy. Hard drives fail and they often do it that very time you need them, but people often forget about this.
2. May suspicion be with you:  every time you download a file from the Internet, you should wonder whether it is really what it appears to be, what it's supposed to do and where it's coming from. If you investigate a little deeper, you might sometimes find that you're up with malware disguised as a legit file.
3. Get informed, document, ask:  if you're not sure what a file is, Google for more information or use resources such as forums, manufacturers documentation, known issues and bugs, etc. In case of further doubts, don't hesitate to ask your peers, as they could've been up with similar issues or malware.

          

Wrap-up

Like I've already stated in my previous post How to think like a hacker, if you want to counter bad guys, you need to think like one of them.

That's why paranoia should be in the job description of any IT security professional.

For any defense there can be an exploit and you want to find it before somebody else will.

It's a time-sensitive cyber war.