I wrote previously about how people are the likely the most dangerous element of the cybersecurity ecosystem – how we, and our various limitations, often undermine cybersecurity policies, procedures, and technologies. I discussed how it is not just rogue actors who cause problems, but, rather, how human mistakes, whether oversharing information on social media, falling prey to social engineering attacks, or misconfiguring technology – are often the source of cyber-catastrophes.
Another area of human psychology that is important to recognize when it comes to information security, but which is often overlooked, is the impact of marketing, language, and biology.
Consider, for a moment, “smartphones.” “Smartphone” is, of course, a term that we all use – but it is, in reality, a misnomer that leads to security vulnerabilities.
The name “smartphones” emerged because these devices were originally marketed a decade ago by wireless phone companies that sold them as replacements for our then, non-smart phones. When we bought smartphones, we typically retained our “calling plans” and “texting allowances” – both of which were contract terms that we associated with mobile phones. At the time that smartphones emerged, it would have been far more difficult for providers to convince us to abandon our older phones for “pocket computers that have a phone app” than to upgrade from a regular phone to a “smart phone.” And, so, despite voice calling being a tiny portion of smartphones’ capabilities and typical usage, the term “smartphone” was born and became a staple of language.
The perception of smartphones as phones, rather than as full blown computers, however, has led to people who would never run a computer without anti-virus software to do exactly that on their phones. Many people who would never allow someone else to access their computer files, or who have strong passwords to their laptops at work and at home, don’t bother password protecting their phones. Folks carried to their smartphones the practices that they previously used for their older phones; they did not apply those which they had long been using to protect their computers.
It is likely that our inability to easily perceive how the replacement for an item is something totally different than its predecessor, rather than the next version of it, results from our biology; we are programmed to expect the child of a cat to be a cat, of a dog to be a dog, etc.; it takes many human lifetimes for evolution to transform one species into another. In the technological world, however, change can happen rapidly – the replacement for a phone may be a computer that looks like a phone. To improve information security, we must better recognize the risks that such transformations bring.
This post was sponsored by Microsoft Office, which which recently aired a Modern Workplace webcast entitled Cyber Security: The Human Element. To watch a replay please click here.