The majority of cyberattacks aren’t large-scale, coordinated efforts to break through tough defenses and acquire valuable data; instead, they’re simple and opportunistic. A “hacker” might stumble upon someone’s password because they left it written on a sticky note, or they might take advantage of an account that was left logged in on a public computer.
It can happen to individuals and businesses alike, despite the latter’s access to more resources and more valuable assets to protect. The strange thing is, most of these opportunistic attacks could be easily prevented with a handful of simple techniques, commonly known to the public. So why aren’t more consumers implementing these basic steps for cybercrime prevention?
Why the Best Security Measures Are Simple
Let’s start by taking a look at some of the most effective practices a person can implement to reduce their likelihood of being “hacked,” and examine what makes them both simple and effective:
- Choosing a strong password and updating it regularly. “Strong” passwords need to meet several requirements, such as including a mix of upper-case letters, lower-case letters, numbers, and special characters, including many characters, and avoiding easy-to-guess patterns, like common words or birthdays. It’s also important to update those passwords on a regular basis, or someone can learn an old password and use it to gain access to all your accounts.
- Logging out of public devices. If you leave an account logged in on a public device, even someone with zero technical know-how can access your information.
- Securing your networks. Too many people leave their home Wi-Fi network unsecured, or use a public Wi-Fi network without taking any precautions. All it takes is one stray connection to compromise the integrity of this system.
- Choosing secure apps and services. Consumers aren’t the only ones that fall victim to hacking attempts; tech companies can also be targeted by hackers, and when they are, the event can end up affecting millions of people. Choosing only reliable tech products, from brands with a demonstrated history of security, can mitigate this threat, as can encrypting your most commonly used accounts.
- Avoiding common schemes. There are dozens of common schemes designed to gain access to your personal information. For example, phishing schemes tend to send a message mimicking a trusted source in an attempt to get you to reveal your password. One gullible response can make a thousand of these messages worth sending—and many of these schemes are easier to fall for than most people believe.
The best analogy here is to home security. It’s true that even the most comprehensively secured properties can be taken advantage of; security cameras can be disabled, alarm systems can be turned off, and even the sturdiest windows can be broken. In that regard, no amount of money can keep you 100 percent safe. Yet on the other end of the spectrum, even basic security precautions, many of which are free, can greatly reduce your chances of being burglarized; locking your doors and windows at night, and preventing your home from seeming empty when you’re away can reduce the vast majority of attempted thievery.
The basic principle is that criminals want an easy job. If you make things even slightly harder for them, they’ll be discouraged, and will likely move onto an easier target. You can put money, time, and effort into building more defenses, but they’re still no guarantee that you’ll avoid a committed attacker.
When Knowledge Isn’t Enough
Part of the problem is certainly the knowledge that these strategies exist, and the understanding of how effective they are. Older populations, for example, may have little experience engaging with people online, and may be more likely to fall for a phishing scheme or some similar attempt to rob them of personal information.
However, you’ll find that the majority of the population understands the basics about cybersecurity; they know which of their devices and software platforms are vulnerable, they know they shouldn’t give out their passwords to strangers, and they know their password shouldn’t be “password1234” or any similar variation.
So why is there such an overwhelming number of people who disregard these basic protocols?
- Laziness. Part of the problem boils down to sheer laziness. When you get an email from an online service provider who recommends that you change your password, how often do you just ignore it? And if you take it seriously and change your password, do you feel a little irritated that the task is taking up your time? Do you change your password as little as possible so you don’t have to deal with committing a new one to memory? That’s because even though these security measures are simple, they still take up time and effort, and most of us don’t want to go through the hassle. It’s hard to convince people to go out of their way to do anything, even if it’s only a few minutes’ worth of effort.
- Forgetfulness. People who understand the importance of these basic security measures also run the risk of forgetting them when they’re needed most. For example, they might access their email account on a computer at the library, and leave in a hurry, forgetting to log back out. Or they might not have any automatic reminders to tell them when to update their passwords, so they never go through with the change. It’s also easy to forget the key signs of an email scheme if you’re looking at a convincing message; for example, if it looks like an email from Google is genuinely asking for your password, you might provide it in an effort to preserve your account.
- A false sense of security. Many people also forgo these simple measures because they overestimate their level of security. They’ve never been the victim of a hacking attempt or identity theft, so they don’t think there’s anything to be worried about. Playing to our analogy earlier, this is akin to never locking your car because nobody’s ever attempted to steal your possessions inside it.
What Can We Do?
So what can we do, as developers, business owners, and ordinary consumers, to hold ourselves accountable to better standards?
- Improving convenience. First, developers need to create devices and software programs that are responsible, designing them so that it’s convenient to preserve a heightened level of security. For example, a device that uses a fingerprint as a method of identification doesn’t require that users create a strong password, or change that password regularly; instead, they can rely on the fact that they have a sufficiently unique identification mechanism, and one that doesn’t need to be remembered or stored.
- Setting minimum standards. Developers can also do more to set minimum standards for consumer security. For example, they might refuse to let new users create an account unless their submitted password is at least 10 characters, with multiple special characters, or they may force users to change their passwords at periodic intervals. Some developers are reluctant to adopt such measures, because they’re often seen as annoying, but they can significantly decrease the risk of users falling prey to cybercrimes.
- Acknowledging the threat. We also need to take the threat of cybercrime more seriously, especially as our homes become filled with more connected devices. It’s nearly impossible to force people to believe that they could be the victim of a cybercrime, but we can make an impact by demonstrating just how easy it is to gain access to someone’s account—and explain the realistic repercussions. For example, tech companies could do more to write about and publicize the real risks of having an account hacked.
As technology progresses, we’re going to encounter and rely on more and more vulnerable devices, so this problem isn’t going away. There’s no way to guarantee that people will take even the most basic security precautions on their own, so it’s our collective responsibility to help people make more informed decisions, and at times, force them to comply with higher security standards. That’s the only reliable path forward if we want a future where cybercrime is less rampant.