People who work for themselves and do not use the internet much tend to believe that they are not vulnerable to technological threats. The idea that someone would target them is too ridiculous for words – there is not enough money involved.

That makes sense up to a point but everybody, even a personal fitness trainer who uses a home computer simply to keep a database of the names and addresses of clients, can be left exposed because few attacks are targeted deliberately.

“The criminals have learnt that the most successful strategy is to seed as much of the internet as possible with their malicious links,” says Gunter Ollmann, director of security strategy for IBM Internet Security Systems. “Then, once a user’s computer is infected, they sort out what they have caught and extract as much value as possible from their victim.

“An appropriate analogy might be an old barn full of spiders’ webs waiting for something to be caught. Once the spider catches a victim, it can decide whether it is tasty or not.”

In other words, the criminals do not have to be out to get you in order to get you – think of it as being caught in a drive-by incident rather than having someone take out a contract on you. The effect will be equally painful and people who use the net infrequently might be more vulnerable than others.

Ivan Ristic, chief evangelist at Breach Security, a company specialising in protecting organisations from internet attacks, points out that the occasional user might be less well-versed in good practice and may be tempted to take short cuts such as setting up easy-to-guess passwords.

But, he says: “The most dangerous mistake people make on the internet is using the same password for all their logins. They tend to forget that there are people behind each of the applications or websites that they are using and that those people may not be very skilled in security.”

So a password that is intercepted once, if it is used for more than one site, becomes a serious security issue.

Part of the problem faced by the small or sole trader is that big companies have stepped up security to the point where hackers are looking for other means of attack. Fran Howarth, a principal analyst with the research firm Quocirca, says: “As hackers see traditional windows of opportunity closed by companies applying security solutions such as antivirus, they are increasingly looking to attack applications through flaws in the code or through social engineering attacks.” This makes everybody vulnerable.

Some writers of malware try to make their systems look innocent. A simple hunt on a search engine can lead to users unknowingly clicking through to questionable content such as pornography, says Eamonn Doyle, the managing director of Bloxx, the web filtering company. “You only need to visit one website to potentially activate spyware viruses,” he adds.

To put it another way, do not take your safety for granted even if you are using the web for the first time and never intend to use it again.

Ollman adds: “It used to be a case of not visiting websites that were a bit dodgy. Today’s attacks mean that even infrequent access to popular international sites can leave you as infected as if you had visited a free porn site.”

CASE STUDY

Thomas Lundie is a freelance journalist who admits that he should have had antivirus protection installed on his computer. As a freelance, however, he could not see why anyone would want to target him. The attack when it came typified the way small businesses can be caught.

One day he received a briefing document from a client and when he clicked on it to shut it down a box popped up that said ‘I think Thomas Lundie is a fat stupid jerk’.

“It just seemed a bit of an irritation or some sort of daft prank,” he says. “I wasn’t at all concerned at first – I knew the client was a bit of a wag, so I didn’t think much of it.”

He started thinking about it more carefully when he realised that the box appeared every time he hit “save”, and that each time he ended up with a new, unwanted copy of whatever he was working on. This was happening with all of his files, not just the one from the client. His disk would soon fill up and be unusable.

He called his client, who was mortified – as a software company, it was all too aware that it had infected many of its suppliers with a virus.

This virus took the user’s name from the computer, added it to the “fat jerk” message and then filled the victim’s disk with copies of files every time someone closed down a document.

“I got an antivirus package from the local superstore pretty quickly,” Lundie says. “The attack had an effect on my business as there was the cost of my time and the mileage, which luckily was minimal but only because I knew what I needed to buy. It could have taken a lot longer. Had the store not had the antivirus program in stock it would have been more serious as I could not have sent any documents to clients because I could have risked infecting their systems.

“Imagine just how effective a journalist would be who could not send copy out – or how their reputation would suffer if they were found to have sent a newspaper a virus.” Guy Clapperton