Modern field guide to security and privacy

Opinion: For many Americans, cybersecurity tips aren't realistic. Here's how to change that

When handing out practical cybersecurity advice, experts should consider the millions of Americans who can’t afford their own computers and whose only Web access is through insecure connections.

|
Damian Dovarganes/AP/File
For many Americans without home Internet connections, their only access to the Web is via public networks and shared computers. In this file photo, patrons used computers at the Los Angeles Public Library.

As a young and idealistic researcher, one of the most painful lessons for me to learn was this: In real life, not everyone is able to follow best-case security recommendations.

This is especially true for the 46.5 million people in the US living under the poverty line. For many of them, even getting Web access means using open and insecure wireless networks and logging in with shared computers in public libraries. For Americans applying for government assistance, they often have to reveal sensitive personal data on websites that aren’t well protected.

Those of us who are called upon to give out security advice should consider times when our recommendations are simply unrealistic, such as: 

“Use credit cards instead of debit cards”

Credit cards offer an added layer or protection against fraud, in that they link to a line of credit rather than directly to funds. Those who don’t qualify for a credit card, may only have access to a bank card or Electronic Benefit Transfer (EBT) card. When this is the case, it makes theft, fraud, and breaches a potential nightmare. Since there is no law requiring speedy refunds in case of fraud, EBT cards have even less protection than debit cards.

“If in doubt, ask for a replacement card”

If you have a credit card, requesting a replacement in case of suspected theft, fraud or a breach might mean switching to a different method of payment for a while. People without a secondary payment card may not have a backup; requesting a replacement may disable all access to funds for several days at minimum, leaving them stranded in an emergency.

“Do not disclose too much information online"

 Having options allows you to be choosy: What information will you disclose? What sites will you use, and which will you avoid? People requesting government assistance often do so as a last resort. As part of the application process for public assistance, people are required to give a significant amount of personal information that is often stored or entered online. And those sites may not be adequately protected against attack.

 “Don’t use public machines/public WiFi”

The great irony of government assistance programs increasingly depending on online access is that many of the people who receive assistance may not have safe access to the Internet. If you can be selective about what machines you use and how you connect them to the Internet, you can decrease your risk of eavesdropping. If not, you can’t know the intentions of those who’ve shared that computer or network.

“Install security software and encrypt your data” 

If you use only your own devices to get online, you can protect your sensitive data and scan your machine for suspicious code. But that may not be a realistic expectation. If you can’t control your computing environment, you can’t be entirely sure of its integrity. This leaves data at risk.

Despite the added difficulty for people in challenging financial situations, however, there are still things that can help:

Choose strong passwords, utilize two-factor authentication

So much of online security relies on the strength of our passwords. If you have fewer alternate means of protection, this is even more important. Choose a strong password that is different for each site you use, and do not share it with others. On any accounts where it’s available, add another factor of authentication to your login process: This is as simple as enabling the site to send a one-time passcode to your email or mobile phone.

Change your passwords regularly

Those who have to use public computers or networks are at greater risk of password theft. Changing your password often limits the amount of time an attacker has access to your account.

Avoid pirated software

When funds are tight, there may be a temptation to avoid paying for software. Unfortunately, criminals know this, and will often disguise malware as popular apps. These days there are free or low-cost alternatives for most types of software. A few minutes spent researching can save hours of costly repairs.

Monitor your accounts/credit report

Many online accounts now provide a way for you to see who is logged into your account, and where they’re located. You can also receive notifications of all login attempts. Check sites’ security settings to see if these options are available, and disable any login instances that seem unfamiliar. It is also important to regularly check your financial accounts and credit reports for unexpected transactions.

Weak security affects more than just the individual or company who is initially targeted. As we saw with the Home Depot and Target breaches, the expense of replacing affected cards was borne by their customers’ banks. This cost then gets passed on to banks’ other customers, too. Likewise, fraud against individuals potentially can cost financial institutions, which are likely to be recuperated by passing the costs on to other customers.

When any one of us is compelled to compromise his or her security, there is a cost to all of us.

Lysa Myers began her security career in malware research in the days before the Melissa virus outbreak in 1999. Because keeping up with all that change can be difficult, as a security researcher at ESET, she aims to provide practical analysis of security trends and events for companies and consumers alike. Follow her @LysaMyers.

 

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: For many Americans, cybersecurity tips aren't realistic. Here's how to change that
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0220/Opinion-For-many-Americans-cybersecurity-tips-aren-t-realistic.-Here-s-how-to-change-that
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe