Security

Consumers Still Don't Get Security: How Can IT Pros Help?

A new survey suggests that Australians are more worried about security breaches at their bank than their airline. What this really proves is that consumers don’t understand the interconnected nature of personal information and the risks that even innocuous breaches might pose.

Confusion picture from Shutterstock

The Unisys Security Index ranks consumer attitudes based on a survey of 1200 Australians. While the index produces an overall ‘score’ ranking concern over security issues, what jumped out at me this time were the figures concerning the kinds of breaches that most concerned the average Australian. The biggest area of concern was financial information, the hacking of which rated as an issue for 74 per cent of those surveyed. Next up were phone companies and ISPs (67 per cent), government departments (59 per cent), health organisations (56 per cent) and travel organisations such as airlines and hotels (50 per cent).

It’s entirely understandable that people are paranoid about their financial details being accessed, since that equates fairly directly to stealing your hard-earned money. However, when you reflect on it for more than the moment the survey question would have taken to answer, you realise that it’s actually illogical to separate out any of these areas. Airlines already have your credit card details; a government department could have much more information about you than a bank, particularly in terms of the kinds of details which someone trying to steal your identity might want. Every one of those minor details could be useful. And if you’re the kind of person who uses the same password for every site, any hack equates to opening up your entire universe.

What can we do about it? First and foremost, we can work hard to ensure that the systems which we build are as secure as possible, and that security is an integral part of the design and coding process, not an afterthought. There’s no such thing as a completely secure system, but there is definitely a clear distinction between a reasonable effort and a half-hearted attempt.

Secondly, we can spend time documenting procedures for end users thoroughly. This is rarely the most appealing part of any tech project, but it’s an essential one.

Finally, we can adopt good security processes ourselves and lead by example. If your non-tech colleagues can see you don’t have a password on your smartphone, why would they bother doing that themselves? You’re the expert; act like it.

Unisys