The recent problems surrounding the data compromise at Talk Talk an internet service provider have hit the headlines heavily over these past few days and frankly this is not a bad thing. True for Talk Talk it is not the sort of publicity that they would wish because along with all their irate customers, this is the third time something like this has happened to them in a year.
So its all their fault then ? Well NO it really isn’t and a situation like this is a good thing to get people to stop, think and change their own behaviour because as we become ever more dependent upon the internet, we also need to take a far more responsible attitude towards it as users, laying back and “leaving it to others” will never be good enough.
The lead picture on this article is chosen as a ‘symbol’ of the situation we face. It is a merry go round or what showman used to refer to as a “set of gallopers” but the point is that fun as they may be, there are inherent dangers in riding one, if you fall off but just as importantly, the owner needs to stop people trying to jump on whilst it is in motion hence the barrier.
I would suggest that using the internet and mobile devices is the same, there are inherent dangers to the user if they are stupid but also whilst using it, they need to to be protected from outside dangers. From this it follows that service providers of any type must erect and maintain effective defences to prevent external threats to their users but it also implies that users also need to behave well and use common sense when using their connected devices.
One of the main problems with mobile devices, facebook, twitter and so on is that they give many of the people who use them the impression that they are “technically capable” when in fact they are not and in order to be “safe” they need to become more knowledgeable about the digital world as a whole because it will dominate their lives in the years ahead.
Main Business Threats
Obviously any service provider and that includes on line retailers need to put in place highly secure procedures to protect customers personal details, encryption of such data in most cases, should be standard but this can only be of use if they employ suitably qualified staff to maintain and monitor their systems.
Having been involved in the past in IT and dealing with harmonizing IT services post an acquisition/merger, I can have some degree of sympathy for a company like Talk Talk who have been through that process with Tiscali. It is neither simple nor easy and all too often things do fall between the gaps because you are not just talking about trying to unify two live systems but also dealing with two sets of IT personnel from two different businesses. I am not by stating this claiming that we should ‘excuse’ companies when things go wrong that would not be correct.
What I am saying though is that the “money men” who like to buy and sell companies need to not only be aware of these sort of problems but factor in from outset both the time and costs involved in these areas. Regardless of whether we are talking about “retail businesses” where they deal directly with the consumer or “industrial”, for want of a better description of non retail businesses, all commerce is now so heavily reliant upon open and fast communications that serious money and resources need to be devoted to protecting these assets. It is not the case that either ‘The Government’ or somebody else is responsible, each business must be responsible and aware of the specific perils they face.
A mindset must be adopted that sees data security in the same way as ensuring that your premises have adequate bolts and locks on the doors. If you wouldn’t leave your business premises overnight without locking the place up, why should you not do the same with your business data ?
Main Consumer Threats
The first and main threat to every consumer is their own stupidity as is clear by the number of people who fall victim to Phishing or telephone scams where they are giving their personal details to complete strangers without even thinking things through. If this was your Bank/ISP or any other business you are already in touch with, would they really ask you to give them details that they would already have on file ?
However the list of potential threats and ‘user mistakes’ is pretty big from not running any up to date antivirus program, not doing backups, clicking on messages from totally unknown sources to downloading pirated software/music/videos which are often loaded with malware of one kind or another. The bad guys out there are pretty good at recognizing user patterns of behaviour based on greed and stupidity, consequently they deploy to trap the unwary.
The problem that I have often noticed over the years with consumers buying PCs is that unless youngsters used to what they are, older people have trouble grasping that a PC is not a TV, it is interactive and requires their input. Probably the main need is to keep trying to ‘educate’ users of all ages just how to use connected devices of whatever kind and companies who interact with their customers over these devices should see it as part of their ‘business mission’ to ensure their customer base is strongly guided into using their services properly and securely.
Threats are Ever Bigger
As someone pointed out, one of the problems is that the more “smart” devices there are out there the greater the risk and threat, as someone recently demonstrated, they were able to hack and control a car through its ‘connected’ software systems. Whilst it is fine to say that the Apple and Google Stores have thousands of Apps for sale to run on their phones and tablets, the truth is that each App could of itself represent a threat to the user. A recent story concerns Apple Apps: http://www.itv.com/news/2015-10-20/apple-withdraws-hundreds-of-apps-after-privacy-breach/
In this case the apps were feeding privacy data back to an advertising company which had provided an SDK – software development kit to developers who were unaware that this was the case. In this case the aim was purely commercial, harvesting consumer details for targeted advertising campaigns so in a sense ‘innocent’ but it could not have been the aim could have been criminal. That is where we are but this is only the beginning, we are threatened with “The Internet of Things” where all sorts of devices are connected from the car you drive, the appliances within your home and at each stage, the potential threat grows.
There is a need to train thousands of young people for a career in cyber defence and cyber forensics and it should have started a long time ago. This will be expensive but if society wants to reap the ‘benefits’ of this connected world then both business and consumers will have to fund this and the resulting jobs.
With a background in IT, I certainly don’t consider myself technophobic but as I didn’t come from a computer literate generation, I took out 3 years in my 40s to become so, as a consequence plus as I approach 70 years of age, I have a rather different take on most of these things. The optimist in me always hopes and expects ‘better’, the realist knows this is highly unlikely and a couple of examples to finish.
I like to read the news on the web but it is becoming increasingly annoying as all sites are connected to all manor of services that are carrying out constant polling to find out who is on line, then pumping down personalised ads and finally feeding results back. Even the BBC web site is constantly ‘refreshing’ itself and despite my having a 39mbs broadband connection, often takes forever to switch from one page to another.
It rather reminds me of when I lived and worked in the States, there were certain US shows like ER that I loved watching at the time in the UK but having tried watching it a couple of times in the US gave up, it was unbearable, far too many advertising breaks to enjoy the show. Far too many websites are like that today.
Because I’m into photography and graphics, I obviously use Adobe products who have largely ceased selling boxed software, they want you to buy into their subscription model – won’t go into what I think of that but they still sell one key product ‘boxed’ which is called Lightroom although I suspect they want to drop that too. I bought the latest version 6, I have been using the software since version 1 and this latest version seems ‘more connected’ and it is not as quick so I have fallen back to their last good version 5.7 which works better… Not everything is worth upgrading to is my opinion and there are always alternative software packages available.