How to stay safe on the Internet – trust no-one

key
Working close to the IT industry as I do, it’s hard to avoid the blizzard of announcements and general excitement around the growth of the Internet of things allied to location-based services. This, we are told, will be a great new way to market your goods and services to consumers.

You can get your sales assistants to greet shoppers by name! You can tell them about bargains by text as they walk past your store! You might even ring them up! Exclamation marks added for general effect.

But here’s the thing. Most people don’t trust big corporations any more, according to the recently published 2013 IT Risk/Reward Barometer report. Instead, finds this international study: “Across all markets surveyed, the vast majority of consumers worry that their information will be stolen (US: 90%, Mexico: 91%, India: 88%, UK: 86%).”

As a result, blizzard marketing of the kind that triangulation technologies now permits makes people feel uneasy at best and downright annoyed at worst. People ask themselves questions about who has their data, how they got it, and what control they have over that data once it’s escaped into the ether.

From ICASA’s point of view, this is largely the fault of individuals who don’t control their passwords properly or otherwise secure their systems. It’s an auditing organisation, so that’s not an unusual position to adopt. But I think it goes further than that.

As the study also points out: “Institutional trust is a critical success factor in an increasingly connected world. […] Organisations have much work to do to increase consumer (and employee) trust in how personal information is used.”

In other words, companies need to work harder at winning your trust. Does that make you feel any better?

This is clearly not an issue that will be solved – ever. For every ten organisations that are trustworthy and manage personal data responsibly – you do read that text-wall of privacy policy each time you log onto a new site, don’t you? – there will be one that doesn’t. Even if all companies were trustworthy, people will still make mistakes and hackers will win the security battle from time to time, resulting in compromised personal data.

The only rational policy for the rest of us to adopt is to trust none of them, and that is what this study shows most people tend to do.

The least you should do is to use long, complex passwords and change them regularly, using a password safe (eg KeePass) so you don’t have commit them to memory – or worse, bits of paper.

FYI, the study was conducted by ICASA, which describes itself “an independent, nonprofit, global association, ISACA engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.”