The latest revelation about the fake google certificates is a reminder to all of us to be careful how we use the internet. In the case of the Iranians who were fooled by the https certificate purporting to be from Google, there was very little they could do to ensure that they were transmitting emails without intervention, but in every case of sharing or using online information, there are a number of precautions we can all take:
If you are at all concerned about information reaching people it shouldn't, then you should think twice before putting it online in the first place. However secure your information is travelling to and from the website or other service in question (and it's not always - see paragraph above), it can always be compromised in situ, by the company providing the service being hacked itself or just by them letting data go free against your wishes as facebook has done in the past.
When communicating with individuals it's important to remember that a large percentage of face-to-face communication is non-verbal. Without being face to face, not only do we not know who we're talking to, we can't always interpret what they are saying and how they are saying it! It goes without saying (I hope) that giving out identifying information or moving the relationship into the real world should only be done with the greatest of care.
From experience of a long career in IT, I can safely say that the biggest threat to computers is children downloading games and hacks. Children who are not very experienced at this will not only choose badly but also get scared by notices warning them that their computer is out of date, etc. And as we've seen in the past and I'm sure will see in the future, you don't always need to download a program for a website to install something nasty. More often than not these downloads will install multiple viruses, trojans, keyloggers, etc. The best way to deal with it if your virus scanner doesn't catch it (and it won't), is using Windows System Restore. And if you don't know what this is, and you're a Windows user, it's time to find out. It should be lurking in your start menu under 'accessories' - 'system tools', and it turns the clock back so that your computer no longer has the virus.
A proportionate response
As with any security measure, it helps if everyone involved understands the risks (not just the statistical percentage of something bad happening, but what bad things can happen). What happens if someone finds out my email address? What's the worst thing that could happen? Who could want this information? And then - what would it cost to effectively wipe out the threat? Do we need an https:// certificate in order to encrypt communication to and from our website? Do we need any other measures?
Bamboozled? Need a security review? Talk to us.