Frequently, I hear people who fail to practice even basic cybersecurity hygiene justify their actions with some form of claim that they have nothing to fear because they have nothing to hide.
We must stop deceiving ourselves into believing such nonsense.
While there are many reasons that maintaining proper cyber-hygiene is essential for everybody, here are three important ideas that should not only be read, but also contemplated and internalized:
1. Each and every person has information that he or she keeps private.
Whether we consciously think about our adhering to such norms or not, we follow both society’s unwritten rules and our individual self-established policies of refraining from sharing certain information. Whether related to personal behavior (details regarding our restroom visits, sexual activity, etc.), medical issues, previously made mistakes, grades in school, or other matters, we all have certain information that we simply do not feel comfortable sharing with the world at large. Furthermore, nearly all adults in the West today have identity numbers (Social Security Numbers or their foreign equivalents, passport numbers, driver’s license numbers, etc.), credit card and/or banking information, passwords, and other data whose privacy helps ensure that we do not have our money – or our identities – stolen. And of course, many folks possess images and/or videos that they do not wish leaked to the public.
2. Data that today appears totally harmless may prove to be of tremendous value to an adversary at some point in the future – perhaps even creating national security risks.
To understand how dangerous today’s harmless data can become over time, consider, for example, that the person who will be President of the United States 30 years from today is likely oversharing personal information on social media right now, as are future members of Congress, the Senate, the Judiciary, the Cabinet, the military, and senior law enforcement officials. As are their future counterparts around the world. None of these people know it now – but various data elements that they are now providing to to the public could prove invaluable to any one or more of the governments and/or criminal enterprises that are currently collecting and storing such data for potential use down the road. Governments and criminals know that, unlike in previous generations, storage of electronic-information is inexpensive – and the return on investment for the long-term storage of personal information about as many people as possible can provide a huge payoff down the line. (In another piece I will discuss why such parties even strive to capture encrypted data.) The danger will only grow as increasingly powerful artificial intelligence (AI) agents gain the ability to analyze and correlate data in ways that are, as of yet, unimaginable.
Furthermore, even prior to the arrival of modern AIs, we have witnessed clearly that even the greatest experts on information security often cannot predict the future consequences of particular data sets being shared today. Consider, for example, that just one generation ago, nearly all universities throughout the United States used students’ Social Security Numbers as student ID numbers – sometimes even posting grades publicly by Social Security Number as a means of obscuring who earned which grades. Medical insurance companies also regularly used Social Security Numbers as member numbers – and information-security companies throughout the country did not hesitate for a moment to utilize them as such. I still have in my possession medical insurance cards that I received in the 1990s as an employee of great cybersecurity companies that successfully exited for large sums of money – and on each of those cards (that I had to present anytime I went to the doctor) my name and Social Security Number appear in bold lettering.
In short – even experts often have no idea about the future value of the information within their possession.
3. If your device is breached, it may be used as a launching pad for attacking others.
Nearly all denial of service attacks today are executed through the use of networks of “zombie” computers – that is, computers that have previously been breached and over which a hacker can then (often surreptitiously, and without the device’s owner realizing) exert control. Even worse, one of the ways that criminals obscure the source of system breaches is to route cyberattacks through chains of compromised computers – do you really want law enforcement knocking on your door and asking if you are aware that your computer was used to try to hack into the Pentagon?
Of course, there are many more reasons that you should be concerned about the security and privacy of your data. But, if you internalize the three mentioned above, you should not need any more convincing.
(To learn about how you can easily improve your cyber-hygiene please see the article, 13 Tips to Achieve Great CyberSecurity Without Spending a Fortune. If you would like even more information, please consider obtaining a copy of the book, Cybersecurity For Dummies.)