A research poll found that 70% of fraud victims want the federal government to ensure that businesses meet basic data security standards. And 64% of victims believe that they should have the right to hold companies legally accountable when their information is compromised. –USA Today
Excuse me while I kick my milk create over here. Let me line it up…okay, now I am ready. WTF?
How about we step back from the brink? Sure, companies are often to blame for security problems. But before we discuss litigation, we also need to start asking when it is the user’s fault for being so stupid. Let’s look at basic data security standards from a user’s perspective.
Most people have problems with simple passwords.
Passwords are everyone’s passport to the digital world. In the real world, our actual passport is very difficult to replicate and even harder to forge. It features photo ID, personal information, holographic images, elaborate printed emblems, and UV light-sensitive elements that are hard for a forger to fake. New passports even include an e-chip. With digital passwords, we have much less to work with—just numbers, letters and symbols. So it’s important to get it right.
In most cases users use the simplest of passwords and replicate them across the digital world. They use dictionary words, only use five characters or fewer, and use easy-to-guess phrases like their child’s name or birthday. These simple passwords really do not protect people from anything—and then they complain when its gets stolen.
One of the biggest problems that we have is getting people to stop using the same username and password on everything in the digital world. This is dangerous because if it is stolen from one location, the automated systems will try that combination on every website on the internet.
This may not be a problem if the account they access is for ABC News or the fantasy football website (a common place for passwords to be stolen). But if they also have access to your PayPal account, your bank account and your email account, they can do a lot of damage very fast.
They have access to critical PII (Personal Identification Information)—the digital you. With that information they can move out of the digital world into the real world and make your life a misery. They can open bank accounts, apply for credit and take out overdrafts. If your credit is good, it may not stay that way for long.
Don’t get me wrong, businesses do need to do more. But so do the users. Ordinary users could prevent a lot of these problems simply by creating complex passwords and using a different password for each site they use (link here to one of your articles that tells how to make good passwords). When users don’t do the minimum to protect themselves, it’s foolish to blame anyone else.
Do you think lawsuits are the answer? Comment below.