Q: Why was the goldfish afraid of the computer?
A: He didn’t want to get caught in the Internet.
Silly joke, but it made me smile.
Are You Afraid?
Are you afraid of the Internet? Perhaps this question would have been better asked in the 1990s when the Internet was starting to make its boom. This question still has merit today due to the risks often heard about in the media regarding data theft, identity fraud, and malware.
Perceived Risk vs. Actual Risk
Bruce Schneier, wrote an interesting article on Perceived Risk vs. Actual Risk. In the blog post, he quotes an applicable point:
People underestimate risks they willingly take and overestimate risks in situations they can’t control. When people voluntarily take a risk, they tend to underestimate it. When they have no choice but to take the risk, they tend to overestimate it
Moving Beyond the Fear
How can the problem of people underestimating the risks of malicious software be solved, when they don’t patch their system, or utilize available security features? How can the issue of someone underestimating the risk of identity theft by using weak passwords, and irresponsible security practices? How can the business and technology industry teach new and experienced users the skills they need to move beyond the fear, and into confident, and better security practices?
A lot of the solution comes down to basic education, training, and moving beyond the fear. This simple education, knowledge of best practices, and heightened awareness increases security posture greatly. Many businesses employ formal training and seminars. While this is a worthwhile endeavor, this isn’t the end all, be all. Find ways to create an informed group, through open communication, such as newsletters. The simpler the better, because folks, while they typically like to be informed, don’t always have time to muddle through the details.