People don't care about computer security.
OK, perhaps that's a bit harsh. But if it it is, it's not by much. Two articles on SiliconValley.com this week -- here and here -- make the case that folks are not careful about guarding their information and, perhaps even worse, don't seem to care.
The first is a feature that makes no bones about the fact that people simply don't pay enough attention to the security of their devices.
From eBay to Ford, from UCLA to the laptop on your kitchen table, Americans have left themselves vulnerable to vicious cyber-criminal assaults. Citizens unwittingly click on Internet links that drop malware on their computers; major corporations allow PCs inside their firewalls to be taken over remotely by criminals; bureaucrats in charge of our precious private information can easily be duped out of their passwords.
The long piece goes into great detail about the problem. It really is three overlapping problems: The first is the existence of criminals itching to rip off anyone they can. The second is a technical landscape so complex is provides opportunities for the first group. The third leg is a user base blase about these potential problems.
That attitude is amply on display in the other SiliconValley.com piece. The writer describes RoboForm, a widget that can store all of a person's passwords and smooth the manner in which they gain access to various password-protected databases and applications. The problem is that new security procedures are making it harder for RoboForm to operate. The interesting issue here is the writer's response: While he is happy that security is improved, he is disappointed that his life has been made more complex.
As [a] consumer I have two reactions to these new security procedures. The cautious side of me applauds them for helping protect my online identity and making it harder for thieves to break into my accounts. But the side of me that craves convenience curses them whenever I have to take the time to enter information.
On one level, this is an understandable reaction (though "curses" seems a tad strong). It also makes it obvious why we live in world in which executives write their passwords on Post-It notes affixed to their desktops and millions of computer records are stolen when a sales person leaves a laptop unattended while ordering another caf� latte.
The problem doesn't seem to be going away. For instance this vnunet.com piece reports on a SafeNet study that says as many as 8,500 mobile devices are lost at airports in Great Britain every year. The situation is worst at the major airports in London, where 400 laptops and 2,500 other devices go missing every year. SafeNet said that almost 800 laptops and 2,500 other mobile devices were lost in Germany over the study period.
It's not that people aren't being warned. According to The Columbian, Washington State Attorney General Rob McKenna urged people in repeated public meetings to use paper shredders and to take other precautions to guard their data. He counseled people to be careful with placement of outgoing physical mail and to guard against phishing scams. The AG echoed an interesting reality -- which is more or less verified here -- that less than 10 percent of identity theft occurs on the Internet. People between the ages of 18 and 30 are the most common victims, the AG says.
This posting at FindTech Blogs begins with a vignette about an older couple who were completely computer illiterate. He helped them over their troubles -- they just had their PC reformatted and were confused about where things were -- and came to the conclusion that most people simply want convenience from their machines and are unwilling or unable to do much in the way of security. The writer then offers a number of conclusions, many of which are so basic that it seems they don't stand a chance against clever and devious bad guys.
The end of the piece is a list of best practices for private users. There are two takeaways here, neither of which is upbeat: The first is that people just don't care much and are unlikely to follow the writer's -- or anyone else's -- best practices. Perhaps the more frightening conclusion is that these ignorant and lazy people inhabit the same Internet as folks whose well-being, at least from a financial point of view, depends on it remaining relatively stable.
EDS recently released eight suggestions on how to stay safe on the Internet. The company says users should learn what threats exist; use available safety tools online; never respond to unsolicited e-mails asking for personal data and be aware of phishing. People also should avoid using personal (and thus predictable) information for passwords; review policies and procedures for companies with which they do business and monitor all online business activities on a regular basis.
The EDS and FindTech Blogs lists are good, and people using them will be in good shape. The problem is that a majority of people will go on their merry way, unwittingly waiting for scams and malware to ruin their online experiences -- and perhaps other people's as well.