Sometimes it seems like our online lives are every bit as lawless – and dangerous – as a saloon in 1880s Dakota Territory. Whenever we turn on the news we’re seemingly confronted by yet another data breach compromising the personal information of millions of people, with the hacks just getting larger and larger. That’s without even considering cases where organizations themselves give out access to users’ personal information without their consent. As was the case when Facebook allowed London-based Cambridge Analytica to sift through the personal information of tens of millions of users worldwide.
Given the world we live in, it’s no surprise that people are scared. Research published by Gallup in late 2017 found that “Americans worry far more about becoming the victims of cybercrime than the victims of conventional crimes, with two-thirds of U.S. adults worrying at least occasionally about computer hackers stealing their personal information (67%) and having their identity stolen (66%).” Likewise, research published that same year by the Pew Research Center found that “roughly half of Americans (49%) feel that their personal information is less secure than it was five years ago. Around one-in-five (18%) feel that their information has gotten more secure in recent years, while 31% feel that their information is about as safe as it was five years ago.” It’s worth noting that these findings were published before the Cambridge Analytics scandal.
Sometimes data is shared in a way that is technically disclosed but unclear to users, as in the Facebook example. It can be difficult, if not impossible, for users to read through the lengthy user agreements attached to each one of their applications. Even if they did, it would frequently be impossible to translate them into layman’s terms without the help of a lawyer. As a result, organizations like the New York Times have stepped in to help consumers understand how their data is being used and the steps they can take to protect their privacy. Still, the onus is on businesses that store and traffic in consumer data to be transparent about how it’s being used.
…the onus is on businesses that store and traffic in consumer data to be transparent about how it’s being used.
Unfortunately, Pew also found that members of the public regularly “fail to follow cybersecurity best practices,” thus opening themselves up to breaches. According to Pew, “cybersecurity experts generally recommend password management software as the safest and most secure way to track and maintain online passwords. Still, just 12% of internet users say that they ever use password management software themselves – and only 3% say that this is the password technique they rely on most.” Separately, “41% of online adults have shared the password to one of their online accounts with a friend or family member,” another practice that most security experts recommend against.
This tendency to commit risky behavior online, even among otherwise sophisticated professionals, is something app developers need to bear in mind at all times. Nothing illustrates this better than the recent furor surrounding two Android applications, KILSWITCH and APASS, that were used by Navy and Marine Corps personnel to communicate in the field, view mission objectives and even call in air strikes. While popular with troops on the ground, reporting by ZDNet on the Navy Inspector General’s subsequent report reveals that the applications