It’s Cyber Security Awareness Month and let’s take a moment to chat about something pretty important—how we all have a stake in preventing hackers and thwarting evil doers. Just this morning I listened to a bit on this piece about scammers based in India tricking people into thinking their machines are full of malware and viruses. And scamming them out of thousands of dollars—or worse.
How do people fall for this kind of scam?
It’s simple. We the techies and geeks of the world have done a terrible job at helping people understand the technology that powers their lives. We’ve made too many things impenetrably hard to understand, and hackers know this. Hackers know people will click on links, click yes to strangely worded dialog boxes, and open attachments that look legitimate.
And this is how things like three Ontario hospitals are crippled with malware at the moment happen. And the only way to fix it is for all of us who know how things work step up and help everyone else.
It’s not IT’s job. It’s not geeks’ job. We all have a stake in thwarting cybercrime
I read something pretty scary recently. Not surprising, mind you, but scary nonetheless. According to a study from McAfee 58% of people think keeping devices updated and secure is someone else’s problem. Hmm. The headline from the article I read was “CES 2019: 58% of consumers don’t secure their personal devices” which hides the real point. Securing here doesn’t mean encrypting files or picking complex passcodes. No, what securing here means is keeping devices updated and changing default passwords. And when a majority of people don’t think security is up to them—it’s no wonder we’re getting hacked in record numbers.
Computer security is a team sport
If there is one single thing everyone can do to help everyone’s online security it’s to keep your phones and computers updated. The OS, the apps, everything. It’s so important that Apple pushes and installs updates mostly automatically on newer iPhones and Macs. Why?
Security bugs and vulnerabilities to be exact. The little flaws that let hackers get into machines, accounts, devices, etc. When holes are patched, software is updated. Hole closed, hackers thwarted, done. I know we know this. We aren’t the problem. We keep our kit tight. It’s everybody else we need to worry about. I think we need to help people with the basics. Even the basics do a lot to prevent hacks.
We need to step up and help
I’m going to get on a bit of a soapbox here, but as the late Stan Lee wrote “With great power comes great responsibility.” Exactly because we know the risks and keep our devices updated and change the default password on our routers and do all the other stuff, it’s up to us to help people do the same. We know, as the Verge’s Nilay Patel wrote this year (and every year it seems), Everything is too complicated and it is hard for folks not immersed in tech to wrap their heads around all the stuff that makes modern tech…modern.
My mother-in-law asked why she should update her iPhone. She liked her iPhone just the way it was; why change things? Even though explaining technical things to non-technical people is literally what I do, my wife and I had trouble conveying the “why”:
Us: Because it fixes bugs
Her: I’m not having any problems.
Us: It makes your iPhone work better.
Her: I like how it works now. I don’t need anything new.
Us: Because it fixes security holes in the iPhone to prevent it from getting hacked.
Her: I’m going to get hacked!?!
Us: (Ugh). Just do it, it’s important.Real conversation…
See? It’s hard, but we know it’s important. One vulnerable device on a network can lead to a whole office getting ransomware. We lock our car doors for safety. We don’t let strangers follow us into key-card controlled buildings. We change the oil in our cars to keep them running.
We know and understand these things because they have been explained to us and make sense. We haven’t done the same for technology. We haven’t explained the basic maintenance needed today—and let’s not even get into passwords.
And it turns out we have our work cut out for us. And it’s not getting any easier.
IoT makers aren’t helping
I have a few smart devices at home. Couple speakers, few outlets, and a bit here and there. And routers and TVs and other internet-connected entertainment. The problem is that I’m pretty sure more than a couple devices don’t let me change the default passwords to the administration part of the device. Yeah, all smart devices have them and IoT makers are notoriously lax about security. So lax that California passed a law requiring devices sold there to have better security.
Even when you know what needs to be done, it’s hard to—often impossible—to do the right thing. That’s not cool.
Step up, help out, and we can make an impact
I believe that if we all helped non-techie friends and family with the basics—like keeping devices up to date—and help them understand because we’re all connected through the internet, it’s important. We’ll go a long way to slowing down hacks that take advantage of long-patched vulnerabilities. Not stop. Not eliminate, but slow down.
And let’s stay safe out there.