It's not impossible. Digital security on the cheap

Internet users on the lower end of the income scale are especially vulnerable to malicious software because public computers and cheap cell phones are the ideal place for cybercriminals to test their new hacks.

Max Rossi/Reuters

July 27, 2016

How we get online matters. When people cannot afford their own broadband connection, or a private computer loaded with security software, they have little control over what can be loaded onto their machine, or what data leaves without permission. Outdated and unprotected public computers and Wi-Fi networks are like Petri dishes for malicious software, which puts us all at greater risk.

The clearest example of this is in Indonesia, which was deemed responsible for 38 percent of the world’s malicious internet traffic in 2013 (more than China) despite only 15 percent of the population using the web at the time. The likeliest explanation is that nearly half of Indonesian internet users logged on at an internet cafe, where computers are notoriously insecure, and 86 percent were using pirated software, which drastically increases the risk of infection. Once malware affects one computer, that machine is used to target others.

It doesn't stop there. Customers who need to buy cheaper mobile phones will have fewer choices offering the latest, and thus the most secure, operating systems installed. That also means they’re unlikely to receive regular security updates or software patches, two critical components in protecting user security.

Why many in Ukraine oppose a ‘land for peace’ formula to end the war

Spending less on a phone often means choosing an option that’s subsidized by advertisers or software developers. For instance, popular PC and mobile device manufacturers pre-install sponsored software programs, which display ads, in order to reduce consumer costs. But these freebies bring an extra risk: Sponsored software is often full of security holes, and mobile app ads may leak personal information. Also, some advertising networks have had a hard time weeding out malware-laden ads.

Major carriers offer inexpensive Android devices with the latest operating system (Lollipop, at the time of writing) from hardware manufacturers with a good reputation for updating devices promptly. For less than $50 you can get a prepaid device, and avoid credit checks that would otherwise require you to surrender your social security number.

Learn to use the security features that are freely available in most operating systems (changing your password regularly, using a credit card instead of debit), and on online services, like encryption and two-factor authentication. Check your credit report for free at least yearly (if not more often), and update your software regularly.

There are also steps you can take to advocate for more affordable, and less risky ways for people to get online: Reputable ad networks know that they have a lot to lose when the perception of online ads is negative. Many are taking steps to decrease the number of fraudulent and malicious ads. The popularity of the Kindle with Special Offers shows that sponsored devices can be a good compromise for all concerned when done well. We can support free or inexpensive content by disabling ad blockers on sites that thoroughly vet ads or that use ad networks with proven track records for tackling fraud.

You can also get involved with the Connecting America initiative, the US government’s plan to increase the availability of broadband internet and improve digital literacy. In the end, a safe and secure way to get online is something that we should all have access to, without having to come up with a substantial chunk of change to avoid additional risk.

Howard University hoped to make history. Now it’s ready for a different role.

Recent figures show that a nearly 50 million Americans are living in poverty. And nearly half of middle class Americans would have trouble finding $400 to pay for an emergency. It’s a tough situation, but don’t make it worse by failing to take the right security steps.

Lysa Myers is a security researcher at ESET. Follow her @LysaMyers.