Consumers Still Don’t Get Security: How Can IT Pros Help?

Consumers Still Don’t Get Security: How Can IT Pros Help?

A new survey suggests that Australians are more worried about security breaches at their bank than their airline. What this really proves is that consumers don’t understand the interconnected nature of personal information and the risks that even innocuous breaches might pose.

Confusion picture from Shutterstock

The Unisys Security Index ranks consumer attitudes based on a survey of 1200 Australians. While the index produces an overall ‘score’ ranking concern over security issues, what jumped out at me this time were the figures concerning the kinds of breaches that most concerned the average Australian. The biggest area of concern was financial information, the hacking of which rated as an issue for 74 per cent of those surveyed. Next up were phone companies and ISPs (67 per cent), government departments (59 per cent), health organisations (56 per cent) and travel organisations such as airlines and hotels (50 per cent).

It’s entirely understandable that people are paranoid about their financial details being accessed, since that equates fairly directly to stealing your hard-earned money. However, when you reflect on it for more than the moment the survey question would have taken to answer, you realise that it’s actually illogical to separate out any of these areas. Airlines already have your credit card details; a government department could have much more information about you than a bank, particularly in terms of the kinds of details which someone trying to steal your identity might want. Every one of those minor details could be useful. And if you’re the kind of person who uses the same password for every site, any hack equates to opening up your entire universe.

What can we do about it? First and foremost, we can work hard to ensure that the systems which we build are as secure as possible, and that security is an integral part of the design and coding process, not an afterthought. There’s no such thing as a completely secure system, but there is definitely a clear distinction between a reasonable effort and a half-hearted attempt.

Secondly, we can spend time documenting procedures for end users thoroughly. This is rarely the most appealing part of any tech project, but it’s an essential one.

Finally, we can adopt good security processes ourselves and lead by example. If your non-tech colleagues can see you don’t have a password on your smartphone, why would they bother doing that themselves? You’re the expert; act like it.



  • One of the other problems is, people take a “can’t someone else do it?!” attitude to security. Recently I went into a packaging supply warehouse. The man behind the counter was talking to a lady. She was trying to leave her credit card details with the guy so he could do the transaction later. He gave her a firm and rather loud “NO!” and explained why. She then went on to explain that the bank covers fraudulent transactions. If you can prove you didn’t buy the stuff, the bank’ll give you your money back if you pay your fees and stuff. Her sister had $5k taken from a credit card, and the bank refunded the money.

    I was ready to slap her. I’m sure the guy behind the counter wouldn’t have minded, as he half-turned away from her, as if to say “Go away. I’m done listening to your crazy talk”

  • oh come on…

    banks in Australia don’t seem to be able to secure their DNS and send out email unsigned
    (they seem pathologically against securing their DNS relying on third parties who have no interest in actually securing their DNS only maintaining their status as a supplier e.g. DNSSEC ext deployed even in the bank ? )

    They rely on cisco et. al. to secure their networks and have very little interest in actually securing their processing dept’s let alone the messages that they send to consumers…

    personally I would like it if banks actually signed the messages that they send me
    (DKIM or SMIME I’m not fussy )


    John Jones

  • Security for the average person is too hard. They are too lazy to take even the most basic security steps and want to blame everyone else because they picked up a virus or trojan or had their bank accounts raided. People in IT are sick of rescuing their sorry arses. I spend a large proportion of my day helping end users solve the same issue they had yesterday and are too lazy to look up the documentation that IT staff prepare for them. Maybe they should stop accessing Facebook and other social sites and learn something about the tools they are using

Log in to comment on this story!