On September 30th, President Obama proclaimed October 2014 National Cybersecurity Awareness Month. While the proclamation focused on critical national infrastructure, it also reminded us of our individual role in security. From the proclamation:
“Americans of all ages can take action to raise the level of our collective cybersecurity, and the Department of Homeland Security’s “Stop.Think.Connect.” campaign is empowering individuals to do their part. Everyone should utilize secure passwords online and change them regularly. Internet users should take advantage of all available methods to protect their private accounts and information, and parents can teach their children not to share personal information over the Internet.”
We all take steps to protect our finances, our family, and the security of our home. Doesn’t your personal information merit the same level of attention? How are you protecting your own critical infrastructure?
Security begins with awareness
According to the most recent breach report by the Identity Theft Resource Center (pdf), more than 75 million records have been compromised this year in approximately 568 distinct breaches. Medical and healthcare companies reported the majority of the breaches and the number of breaches is likely to grow.
In an email to SCMagazine, Mark Malizia, CTO of RKON Technologies said,
“I think it will escalate from here until companies start taking the threat seriously and put the resources and cutting edge technologies in place to protect these devices.”
Add to this the growing doubts over the security of consumer information maintained by banks, lenders and financial institutions – as the recent JPMorgan Chase breach highlights. This week the bank disclosed the full extent of the breach – customer information pertaining to roughly 76 million households and 7 million small businesses was compromised.
So how widespread are vulnerabilities? Are they rare exceptions? The article “96% of Business Websites Have Security Blind Spots” in Direct Marketing News, cites a report by the company Ghostery in which “one-hundred percent of insurance, retail, and airline websites had security blindspots, as well as 90% of financial and news sites.” (Ghostery technology lets consumers identify and block company tracking on website pages. They define blind spots as “non-secure tags that are present without the permission or knowledge of the host company.”)
Awareness doesn’t mean we should live in fear. It means understanding that the odds of experiencing the fall-out from a security breach are increasingly likely. How much do you value your information?
Public Enemy #1: Apathy
When Target announced its point-of-sale system data breach, the story rocked headlines. When Home Depot recently revealed a data breach worse than Target’s, consumer reaction was much more mild. What gives?
A Poneman Institute Report suggest “breach fatigue” may be behind the phenomenon. Despite consumer interest in the media reporting security breaches, the repeated headlines cultivate indifference.
Apathy can turn us into our own worst enemy. Rather than accepting poor security practices as a form of weather we must endure, the wake of a security breach is a perfect time to assert our concerns.
1. Let companies know that lax security is directly tied to brand reputation. As the Experian Report “The Aftermath of a Mega Data Breach: Consumer Sentiment” asserts, “a data breach is among the top three choices of occurrences that affect reputation, along with poor customer service and an environmental incident. These incidents were selected ahead of publicized lawsuits, government fines, and labor or union disputes.”
2. Urge media outlets to continue coverage of security breaches. According to the Experian report, consumers believe it is important for media companies to cover security breaches. Keeping media attention on breaches can force companies to be more responsive to victims, alert victims to take action, and create greater awareness about data security and identity fraud.
Education is the best defense
Adopting a proactive mindset is preferable to mindlessly accepting the fall-out. Just like washing our hands and locking our front door at night, there are simple, sound habits we can adopt which have profound effects. Educate yourself about cybersecurity issues and encourage your family to adopt privacy practices to enhance the security of your personal information.
1. Know your allies.
Right now you have regulators and representatives working to balance complexities of convenience, privacy, and data security. Do you know who they are? Now is a great time to get to know them.
2. Reduce your risks.
Both the FTC and the California Attorney General have excellent tips for reducing your risk of identity theft. This includes both online and offline tips as well as advice concerning device security.
3. Engage your community
The Stop.Think.Connect campaign not only offers tips and resources, the group encourages consumers to get involved and promote cyberawareness in their community.
4. Be vigilant.
You don’t have to be an early adopter of emerging and new technology, but you should be aware of the way these innovations may impact society. The Internet of Things (IoT), near-field communication payment platforms (like those in the iPhone 6), and other innovations will have implications for privacy and security. Keeping up with tech news isn’t just for venture capitalists. It’s part of a healthy privacy habit.
We have many amazing opportunities ahead of us, but we must balance the power of the myriad of benefits with a sensible, security-conscious practice. How will you promote National Cybersecurity Awareness Month?