Why we failed our digital security

A quick disclaimer before we begin — I am not an expert on digital security, but I do have some experience working in the cybersecurity space both as a consultant and a product manager.

Have you ever peeked behind the curtain of the digital world, only to find a tangled mess of digital security you’re not sure you want to untangle? You’re not alone. Consumer security is both fascinating and frightening to many, and while the details might make you want to hide under the covers, a little awareness goes a long way.

This article explores how to view consumer security from a personal perspective. We’ll delve into its significance, limitations, and basic steps that you and I can take to improve your security posture.

Let's start with the basics — What does cybersecurity mean for us as consumers?

If we were to compare it to our homes — our home, like our device(s), stores a lot of sensitive and important information about us.

The first line of defence for most homes is a door lock. Choosing the right lock requires considering various factors:

• Lock Type: Simple latch, key and lock, NFC, or biometrics?
• Quality: Budget-friendly, popular brand, or top-of-the-line?
• Location: Main door versus interior doors?

Just like we wouldn’t rely solely on a lock to protect our valuables, cybersecurity requires a layered approach. We might add CCTV cameras, intrusion alarms, or safes for additional security.

Why? Because we understand the inherent limitations and vulnerabilities of a door lock and that it is not capable of handling all types of threats that our home faces. Vulnerabilities refer to scenarios such as the lock getting picked or broken, while limitations refer to a lock being unable to protect us from threats already inside the house.

Therefore, we need to invest in additional layers of security such as CCTVs, intrusion alarms and/or safes/lockers and so on.

Similarly, all security “technologies” have limitations and vulnerabilities. The best approach depends on your needs and risk tolerance.

1. Technology’s Conveniences and Risks

From storing pictures of our precious moments in various “free” cloud storage services to saving passwords in browsers or reusing them across different sites, the convenience and time-saving benefits come with significant risks. One study highlighted that users typically reuse the same password across 113 online accounts.

Third-party breaches, which are largely beyond your control and often unavoidable, can lead to the leakage of credentials. This means your usernames, passwords, or other personal information could be compromised through data breaches and subsequently exposed on the dark web. Such exposure can result in identity theft, where malicious actors misuse your personal information for their gain.

Beyond third-party breaches, phishing remains a prevalent threat. This classic technique involves receiving emails that appear to be from legitimate sources like banks, credit card companies, or social media platforms, but are designed to trick you into divulging sensitive information.

By understanding these risks, you can take proactive steps to protect your digital identity and personal information.

2. Combating Threats: Your Digital Defence Toolkit

Before we begin, it’s important to reiterate that no single solution can address all your security needs. Different security controls and technologies have their limitations and must be complemented by other measures. With that in mind, here are some basic practices to enhance your day-to-day cybersecurity:

• Using strong, unique passwords: While the passwords should be long and complex, one can also incorporate “passphrases” instead of passwords and take their account security a notch higher. Probably go even further by using secure password managers. Also, it goes without saying to not write your password on sticky notes and leave them in locations that are accessible by others.
• Enabling multi-factor authentication (MFA) adds an extra layer of security. MFA is a methodology based on one of three types of information: (i) Something you know (knowledge), such as a password or PIN, (ii) Something you have (possession), such as a badge or smartphone and/or (iii) Something you are (inherence), such as a biometric like fingerprints or voice recognition. The process of using any two of these authenticators is called 2-factor authentication (2FA). Usually, it is a password and another factor.
• Enable Automatic Updates by configuring your devices to download and install updates automatically whenever possible. If automatic updates are disabled, set a reminder to check for updates manually at least once a month. Some updates may be marked as “critical” or “important.” These should be installed as soon as possible. By staying up-to-date with software updates, you’re essentially patching the holes in your digital defences and making it much harder for attackers to compromise your devices and steal your information. It’s a simple but crucial step in protecting yourself online.
• Utilising good antivirus and antimalware software to detect and prevent malicious attacks and ensure that your antivirus is always updated with the latest signatures. Please refrain from using free anti-virus applications — they often do more harm than good. While it may sound obvious, you will be surprised to know how many people use untrusted brands and end up jeopardising their security.
• Be cautious of phishing emails and avoid clicking on suspicious links or providing personal information. This is a broad topic encompassing various channels (email, voice, SMS, etc.) and methods (whaling, spear phishing, mass phishing, etc.). One key tip is to never trust any communication that tries to manipulate your emotions, such as creating a sense of urgency or fear.
• Review and adjust privacy settings on social media and other digital platforms (websites or apps) to limit data sharing and use relatively more secure browsers and search engines such as Brave and DuckDuckGo, respectively.

Here are a couple of additional tips for enhanced security:

• Get a good Virtual Private Network (VPN): A VPN encrypts your internet traffic and hides IP addresses when using public Wi-Fi. This is especially important when using untrustworthy Wi-Fi networks.
• Opting for a reliable identity theft protection service which will help you scan the dark web for personal information, monitor for signs of identity theft, notify you if any information is identified and provide recovery assistance.

3. Why do we lack awareness of the security threats?

Several factors contribute to the lack of consumer awareness:

• Limited education and understanding of digital security risks: Studies show that a significant percentage of consumers lack basic knowledge about good security practices, leaving them vulnerable to attacks. 53% admit they don’t know how to protect themselves from cybercrime.
• Complacency: 66% reuse passwords across accounts despite knowing the risks.
• Prioritizing convenience over security: 35% accept privacy risks for more convenience without even reading it.
• Overreliance on platforms or services to provide automatic protection.
• Overconfidence and Optimism bias: Many underestimate the likelihood of being targeted in an attack. A recent survey shares that 41% believe their accounts are not valuable enough for hackers. According to me, that number should be way higher. Optimism bias refers to the tendency to underestimate risks, contributing to inaction.

38% have never considered their identity could be stolen and believe “it won’t happen to me” and don’t take precautions.

A study found that 82% of people believe they are more likely to win the lottery than be a victim of identity theft [Source: Journal of Personality and Social Psychology]

4. How can we get more educated and stay informed about the security threats that affect us?

Consumers can get educated on security threats by:

• Following security blogs and relying on other reputable sources for the latest threats and best practices. Government agencies such as Cyber Security Agency of Singapore (CSA) have created material based on different personas such as for parents/educators, the elderly, students and even the general public. These are free educational resources that can greatly benefit you and your loved ones. Click on the aforementioned hyperlinks to explore the content.
• Considering interactive learning and gamified security training to make it engaging. You can also consider online interactive workshops & courses to understand the relevance and importance of cybersecurity in our daily lives.
• Reading news coverage and public advisories on major breaches and security incidents.

This is just the beginning of our journey into consumer security! To help you stay on top of your digital defence, consider signing up for my free posts at https://www.aroravardaan.com/ or following me on my Medium page.