Towards Closing the Cyber Sanitation Gap
While the revelations of former NSA contractor Edward Snowden about state-sponsored intrusions into online privacy have been deeply unsettling to many, the growing everyday threats to our online activities posed by cyber criminals receive little public attention. Yet, in reality the chances of someone you know being actively monitored by the NSA or its European counterparts are rather slim. The hacking of a friend’s or perhaps your own email, social media or online banking account are, to the contrary, instances of cyber crime that probably most of us have come in contact with. Personal consequences can be unpleasant (i.e. sending a round of spam emails to your digital contacts) or wholly devastating (in the case of online identity theft or serious financial loss). Although public policy and business practices have an important role to play in combating such malicious cyber activity, the key to making cyberspace safer is the adoption of effective digital hygiene habits by all of us.
In the debate about cyber security, one is faced with a multifaceted calculus of social, technological and institutional problems. But just as cyber crime affects everybody, every internet user plays a crucial role in the aggregate. Individuals may both become victims as well as involuntary helpers of cyber criminals. Once compromised, users can unknowingly spread malware, become part of a malicious botnet or have their personal information exploited for targeted phishing attacks on friends or colleagues. However, the best cyber security defenses of banks, retailers and social media sites are useless if individuals use weak passwords or the same one for all online accounts. Thus, effective long-term commitment to increase cyber security has to harden the weakest link: human users.
The explosive growth in the adoption of electronic devices by the general population has created an environment which is comparable to the health situation at the beginning of the 19th century when life expectancy was significantly shorter due to infectious disease, plagues, unclean food and water. The role of personal hygiene in maintaining good health was neither understood by the public nor by governments. A similar situation has arisen in cyberspace today: poor digital hygiene is the major factor contributing to increasing danger to cyber security and online privacy. More than technological advancements and governmental regulations, it was a change in human behavior that precipitated the dramatic decrease in infectious diseases until the 20th century. The history of disease and the role personal hygiene had in driving better health outcomes should be translated to the cyber security context of today.
In view of these circumstances, it is surprising how few resources are devoted to increasing digital hygiene and raising awareness among the general population. Organizations and individuals are not just poorly equipped to recognize security breaches. Moreover, internet users are not conscious of the need to protect themselves at all times. When shopping, sharing and banking online are only a click away, security often takes a backseat to convenience. To increase cyber security, users firstly have to accept that digital hygiene is important and that a set of practices have to be undertaken for the preservation both of their own and, ultimately, the public’s health.
Thus, perhaps even more than developing grand strategies and new governance arrangements for cyber security, it is important to raise awareness and strengthen cyber security skills of users. It is necessary to establish a common social understanding of how to keep users and systems safe when interacting with computers and networks. People and institutions have to make cyber security as high a priority as other day-to-day tasks. To quote Albert Schweizer: “To me, good health is more than just exercise and diet. It’s really a point of view and a mental attitude you have about yourself.”
Governments should integrate digital hygiene into educational curricula and implement targeted “cyber sanitation” campaigns. Companies, especially those handling sensitive personal data, must educate and constantly remind not only their employees but especially their customers about digital hygiene needs. Through these public and private initiatives, we must integrate an effective digital hygiene routine into everyday digital life – and constantly adapt. Just as diseases continue to exist and germs have changed with the development of new medicine, malicious software will continue to evolve.
The internet has transformed our world and revolutionized our daily lifes. While insecurity in cyber space may not (yet) put your life at risk, it can make your life and the lives of those around you quite uncomfortable. Like personal hygiene is essential for good health, digital hygiene is crucial for a safe and enjoyable online experience. In the end, the old health motto also applies to the cyber realm – you can’t enjoy wealth if you’re not in good health!
This essay was originally published by the EastWest Institute as the winning entry of their nextgen’s second essay competition in December 2013, which invited contributions from under-35 year old professionals and academics asking them how they would make cyberspace safer.