Data breaches. Hackers. Passwords. ID Theft. Privacy. Cyber security terms appear in the headlines so often that many of us have grown immune to them. Instead of raising our awareness – and therefore our ability to react appropriately – the abundance of news may have a desensitizing effect. Instead of helping us identify problem areas to avoid (like phishing scams, what vendors have been hacked so we can change our passwords, etc.), the bleak headlines seems to push many people into a sort of learned helplessness and acceptance: a sense that bad things are inevitable and that it’s out of their power to protect themselves.
Cybercrime can be defined as illegal activities that use technology and the reach and anonymity of the internet to target victims. One way of looking at online crime is that it involves putting together pieces of puzzles, each of which is an individual’s identity. Online, we exist as pieces of info about us. Bad guys try to put those pieces together for their personal gain. Even an incomplete picture is worth something in the underworld. It’s up to us to protect those pieces.
For cyber bad guys, any data is good data for ID theft. 2 or 3 pieces of info about you can give them access to YOUR accounts. It’s very much like a Rebus puzzle. A lot of the time, you don’t have to solve for all the clues in order to reveal the answer: in this case, your identity!
A new survey* shows that a whopping 96% of people are concerned about their privacy and security when using social media – that sounds promising – yet 80% don’t let their own anxiety get in the way of using the social media services they don’t trust to be keeping them safe.
It’s hard to understand what that means.
a) Is it that people know how to protect themselves from online threats? In other words, could it be that all those people expressing concern for their security are actually taking action to protecting themselves on the services they don’t find to be trustworthy?
b) Is it that people are concerned about online privacy and security, but they think they are helpless to do anything about it, so they continue to do what they do online because they don’t know what else to do.
c) Or, maybe it’s that people know the “right” answers to questions about online security and privacy, but that they don’t let that get in the way of their own online behavior (I was going to say, carelessness or recklessness, but decided not to)?
d) All of the above.
Given the level of password reuse and sharing across multiple accounts, as well as the continued use of bad passwords, it’s hard to believe that a large percentage of people are applying practical online security. We often hear things like, “yes, I’m very concerned about my online security – something should be done!” The implication is that security is something that is done for you, not something you have to practice. We’re going to go with d) as the answer.
Awareness is a critical part of the learning process. Awareness is the ability to recognize the circumstances of a situation so that you know what to do. Awareness is like the deliberate practice that we’re familiar with in sports (muscle memory), cooking, self-defense and other areas of our lives. Awareness is that voice in the back of your head that raises a flag that something isn’t quite right. Awareness is being able to react reflexively when something’s wrong instead of having to think about it.
We were pleased to join a slew of security experts for another #ChatSTC hosted by the team at StopThinkConnect.org on the topic of Recognizing and Combating Cybercrime. Review the informative twitter chat with all the questions and answers from all the participants.
Sticky Password recommends including a password manager as part of your basic online safety kit. In addition to creating and remembering your passwords and passphrases for you, Sticky Password will fill in online forms for you.
* National poll conducted by Craig Newmark, Rad Campaign and Lincoln Park Strategies.