This entry is part 16 of 39 in the series 40 years online

Getting the inside scoop on Santa Claus. Finding out what really happened to your childhood pet when your parents took him to “the farm”. Realizing that your favorite TV show didn’t mention one car company four times in a single episode simply because it was a natural extension of the plot.

We all remember those moments of disillusionment. For the first generation of Internet users, one such moment came on November 2, 1988. That was the night that a Cornell graduate student, Robert Morris, released a worm – a destructive computer program — onto the Internet.¬†Before the Morris worm, the Internet was a largely unguarded space, plagued only by occasional, accidental mishaps.

The Morris worm opened a new chapter in Internet history, a new industry, and a new preoccupation: online security. Thanks in part to the worm, system administrators devoted new levels of attention to defending their networks. A generation later, the question of how to secure a network — or any data that is or could go online — remains a major preoccupation for tech professionals and tech users.

What’s interesting about this particular case of disillusionment is the variation in subjective response. In a world with many well-documented online threats, some people devote hours (or careers) to securing their systems and data. Other people spend little or no time worrying about computer security, living their online lives as if the Internet were still that pre-1988 Garden of Eden.

Most surprising is the lack of correlation between offline risk profile and online risk-taking. In a rigorously unscientific study of people with whom I have discussed privacy protection, data backup and other security-related issues, I have observed a near-total disconnect between security awareness on- and offline. People who are religious about arming their houses with the latest alarm systems may post their minute-to-minute movements on FourSquare; free spirits might eschew motorcycle helmets but guard every e-mail transmission with 1024-bit encryption.

Writing a dissertation about computer hackers left me on the slightly cautious end of the spectrum, but I try not to force my security religion on others. (Other than frequently relaying the single most useful thing I heard from any of my research subjects: “Until you have your data in at least two places, you don’t have your data.”) What I’d like to encourage is some simple consistency: a degree of alignment between one’s offline risk profile and the level of security pursued online.

To that end, let me introduce a new security enhancement tool, not coming soon to a women’s magazine near you:

What level of online security is right for you?

By completing these questions, you can identify the level of network security appropriate to your personal risk profile.


Cyber-security practices for your personal risk profile

Now that you know your appetite for (or aversion to) risk, let’s look at how that translates to a set of online security practices.

Easy Rider: Approach the Internet with the same devil-may-care attitude you take in offline life:

  • Use library or caf√© computers to do your banking and email, so you don’t have to buy a laptop
  • Snap up the great deal in that pop-up ad by entering your credit card number when prompted
  • Use a single password for everything you do online (preferably “password”)
  • You’re an open book: why not share those photos of your new inner thigh tattoo?
  • Don’t bother with “logout” buttons on those public computers

Trusting Tom: Embrace the social web with your characteristic spirit of generosity:

  • Buy a Mac; it’s easier than worrying about viruses
  • Use your credit card online as needed; if Visa has to replace your card a couple of times due to security issues, so be it
  • Sign up for FourSquare under your full name and keep your location updated at all times so your friends can find you
  • Post your family photos to Facebook and Flickr, without passwords, so your friends can enjoy them
  • Use one password for your online banking and another password for everything else

Clear and careful: Take precautions that will allow you to enjoy your life online:

  • Install anti-virus software on your computer
  • Use your credit card only in reputable online stores
  • Turn on private browsing when surfing porn or other potentially embarrassing content
  • Share kid photos and news with a very limited circle of people online, and never post your kids’ identifying details (names or school)
  • Use a secure, encrypted password manager like 1Password

Wary Larry: Implement the security measures that keep you from lying awake at night, worrying about your online exposure:

  • Buy a Mac and run anti-virus software weekly
  • Use a separate, low-limit credit card for any online transactions
  • Read a couple of security blogs on a daily basis so you know about any emergent viruses or security issues
  • Use PGP encryption for all e-mail correspondence
  • Never post any photos or news about your kids online
  • Keep all your passwords on a keychain drive

Nervous Nellie: Exercise the same level of constant alertness online and off:

  • Keep separate computers for on- and offline activities, just in case you get infected on your network-connected machine
  • Limit your online shopping to Craigslist and complete all transactions in cash
  • Complete all online forms with false information, just to throw off the data collectors
  • Avoid all social media
  • Get Google to do the same thing for your house that they did for Dick Cheney’s

The bottom line is that there is no one-size-fits-all approach to network security. How much effort you put into staying safe online, and how you define safety, is a personal choice. Just make sure that your online safety decisions are driven not by apathy or alarmism, but by reliable information and clear boundaries.


Series Navigation<< Core tenets of the social webOnline innovators turn foresight into insight >>