How safe do you feel?
I don’t specifically mean in a computer-related environment but in a more general sense.
With all the stories we hear about conflict around the world – the recession, global warming, etc., if would be easy to dip your head, pop some pills and live in a constant state of depression. But, for most people, that is thankfully not the case.
Superficially, questions of security may enter your head but in reality we are quite fortunate really because I think the majority of us ‘feel’ safer than we perhaps should.
Think about it, if you cross the road there is the risk of being hit by a car. If you cycle to work you could fall off your bike. The plane you are on could crash or go missing. Someone could break into your house whilst you are at work. And, every day, an untold number of other catastrophes ‘could’ befall you.
Statistically speaking, some of those occurrences are far more likely than others but, even if you haven’t ever had an accident or fallen victim to a crime, I’m sure you know someone who has.
And yet it is highly unlikely you get out of bed every morning obsessed about the risks that every hour of the day will present to you.
Why is that?
I think its because we are very adept at calculating the likelihood of any event occurring, in combination with having an outlook that is generally far more positive than some of us may be aware.
There is a danger in that though and that is we may often underestimate some risks, often to our later detriment.
In terms of security, the risk assessment process that the average user runs through their head every time they switch their device on, or connect to the internet, is out of kilter for the most part. I’m sure we’ve all heard stories about people who miss the obvious and misplace their trust in ways they would never have considered before the computer age.
Such people are shocked when everything goes wrong because they never saw it coming, however obvious it was after the event.
Why is that?
It comes back to what I wrote about on Monday – security awareness.
I’m glad to see that security awareness is becoming something of a hot topic these days but it is still very much the preserve of the business environment. Not enough is being done for the home user who, it seems, typically has very little knowledge of how to protect themselves online.
And the problem is, there doesn’t seem to be very much being done to address that situation either.
Sure, we can keep on telling friends and family that they shouldn’t click on unknown links, open email attachments or send money to Nigerian princes, but we know some of them will do so anyway. We can also advise the general public to invest in security software but I think we all know now that that doesn’t fully guarantee their safety and it certainly won’t mitigate unknowing yet deliberate user actions.
So what is the answer?
I’ve previously said that I think some sort of mandatory security training would be desirable, preferably starting with children in school but how far should it go?
I’ve recently seen some comments about how there may be a need for some sort of “driving license” type of arrangement, requiring users to pass a test before they can connect a device to the internet. That, in my opinion, sounds like a good idea in theory, though I doubt it would be either actionable or enforceable in reality.
Instead, I think that any sort of security awareness program should focus on motivating users, rather than forcing them, to learn for their own benefit.
As I’ve mentioned before, this is a skill that they can then take into the workplace but, more than that, it will be a skill that can be passed onto future generations.
The days of annoyingly amusing viruses that were slightly tricky to remove are long gone. Nowadays we see botnets, financially motivated malware, nation state attacks and a huge drive against out own personal privacy.
Providing some awareness and training to help protect users from those threats shouldn’t be limited to a select few who work in a computer environment – its a necessity for everyone around the world and I feel someone, somewhere should have the obligation of providing it.
Where that impetus should come from is another question though, and certainly it is one I don’t have the answer to.
We’ve already see the UK government launch websites such as Get Safe Online to help educate and inform the public but, perhaps, with limited success – recent warnings about Gameover Zeus and Cryptolocker have hitherto been ignored by thousands.
Another approach is obviously required.