Conveniently Insecure

 

Welcome to the 21^st century, it is a world filled with innovation, technology and convenience. Each day we stumble upon some amazing breakthroughs that will change our lives. Someone will create a device that will make our lives easier, that is the trend now and every manufacturer is rushing to push the latest and greatest in what is technologically possible and it shows, we now use Siri or Google Assistant to help us in basic tasks, what seems to be a normal technology to use was a dream a couple of years ago, it was not long ago when having such tech would be exclusive to sci-fi movies such as Star Trek which saw the first iteration of a Siri-like interactive computers including iPad-like tablets.

All this major rush to provide the ultimate convenience tools for the average citizen, scientists scrambling to install the newest machine learning algorithm that will help us save money by using their smart thermostat, or having a speaker that we can chat with to provide us with the weather and the latest and greatest cooking recipes. All of this created a dystopia where our lives depends on these machines to get by in our days. Until someone lose the access to their device or finds out that their beloved smart speaker was silently listening to their most intimate moments. This is not out of a horror movie because when these companies work hard to provide simplicity and a minimalistic interface, they lag on a different category: Security.

How much are you willing to pay to see what kind of information is available about you on the internet?  Are you willing to face the fact that someone was monitoring everything you are doing or is it the usual response of “no one cares to collect data about me, I am a nobody”, well sorry to tell you that every byte of information has its value and someone will pay good money just to learn your habits.

So let us take a stroll down this wormhole and see just how much the added convenience functionality has affected our basic human right, security and privacy on the web.

We constantly trade between security, usability and convenience. Frequently, cyber security comes in the way of IT users going about their daily tasks. Security experts frequently advocate for increased security and work to put in place strong and effective measures to keep their company's digital assets safe from cyber thieves. With all of the hacking that we hear about in the news every day, this is understandable. However, security is fast becoming an impediment, an inconvenience, and, in many cases a business disabler rather than an enabler for users. It was all about users interacting and participating on the Internet without fear, according to security providers using web 2.0, users were able to freely travel the internet thanks to the rise of social media, creating excellent content, interacting, making the most of social media, and clicking away at will.

These days, the picture is different. Users should be cautious when clicking on web links, according to security experts. Users should be wary of hyper-links received by email. I'm sure users are perplexed and frustrated by all of these security warnings. The majority of consumers are most likely perplexed and fatigued by security awareness. And it’s understandable as a casual user need to finish what they are doing as fast as possible and get on onto something else, high paced modern life requires fast interaction with daily devices, at every corner users will choose convenience with a risk than to think they are wasting time instead of finishing something else. The problem is figuring out how to use smart technology to its full potential. The benefits of smart, connected devices sound fantastic until there's a security breach, hacking event, or privacy violation, which is frequently followed by the statement that "this is the trade-off we have to accept for the sake of convenience."

According to the 2018 Norton LifeLock Cyber Safety Insights Report, 85% of Americans are concerned about their privacy. However, 66% accept that their online privacy comes with risks in order to make life more convenient. Apparently, risking our privacy appears to be a trade-off that the majority of us are willing to undertake. I believe the same is true in terms of security, especially given that according to Norton's survey, 75% of Americans are aware that their smart gadgets can be hacked, and 80% are aware that unauthorized access to one's email account can lead to access to all associated devices. [1]

In other news, and due to the Covid-19 situation most of us have been working or learning from home, online learning has become an essential part of learning for students all around the globe. Among many of its platforms, Zoom, developed by Eric Yuan, has undoubtedly become a leading figure in online learning. While the platform provides a number of convenient features, such as webinar, reaction system and breakout rooms system, critics insist that it still has a critical downside–its lack of cybersecurity.[2]

Quoting Mr. Brian Feldman on his findings; “ Feldman expressed his concerns with the app’s installer Zoom’s installer, Feldman stated, had an issue where it took over admin authority to gain root access to the user’s computer. This issue could potentially allow the app to install programs that can access the user’s webcam and microphone. The app also has a dubious routing system that again puts the user’s security in danger.  Feldman further elaborated that Zoom was found to be sending the users’ data to Facebook, even if the user was not logged in to Facebook. What’s worse, Zoom has recently apologized for routing the data through China, where the internet is largely controlled by the government.” [3]

While Zoom claims that it provides end-to-end encryption, the reality is that they only provide such encryption, which prevents anyone from accessing one’s zoom meetings or chats, to paid users only. This makes the majority of the 300 million daily users vulnerable to cyber attacks, such as bombing and hijacking.

This goes to show that even multi-billion companies use the model of relying to provide convenience to their users and apologizing when they are caught red handed carelessly storing their users’ data.

Users on the other hand while knowing this might happen to them, choose the turn a blind eye because nothing happened yet, and the issue is summarized by an example as follows; How many of you will use 15 digit unique character and two-factor authentication plus biometric verification to access your Facebook accounts? Chances are it’s a slim percentage of people.

Understandable! Manufacturers are lagging behind in implementing cutting-edge security solutions to their platforms and security became an added feature rather than a core structure.  In a nutshell, the more secure the network, the more inconvenient the access becomes for end users. This poses a great risk for information security teams trying to protect their organizations from attacks while doing everything possible to preserve the security of their weakest link, the human factor.

 I can rant endlessly about this issue and provide endless material where smart devices where used as zombies to mine data from users or to provide excellent habit stalking material for shady individuals on the internet. But this will not help with our battle to secure users from prying eyes.

What needs to be done must come from finding balance between security and convenience, the key to overcoming this dilemma is to strike a balance. One should not be made to suffer for the sake of the other. However, in the short run, we will have to forego some comfort in order to obtain a high level of security. Implementing app based two-factor authentication (Google Authenticator, Authy), use a complex password and store it on a password manager if needed, never leave the default login authentication that came from the manufacture and most importantly always update your devices to the latest patch available. These may seem like some simple things to do but the benefits are outstanding to protect yourself.

Businesses must also hold themselves accountable for security breaches involving their customers. They should be open and honest about how they protect and use their clients' data, as well as do their share to keep the information secure. This will inevitably result in a decrease in data dissemination and the excel attachment containing the client's individual data. Many firms will undoubtedly be able to reduce their current cyber security challenges as a result of this.

In my closing statement I want to point the fact that security and privacy are a human right and should not be taken for granted. Introducing some due diligence into our daily lives can aid in avoiding so much problems, moreover help keep us and our loved ones safe in this digital age.

REFERENCE:

[1] 2018 Norton LifeLock Cyber Safety Insights Report

[2] ConvenienceVs. Security: Is It Possible To Have Both?

[3] Zoom:the dilemma of convenience and security

This article does not contain advice or recommendations. Every move involves risk, and readers should conduct their own research when making a decision. The views, thoughts and opinions expressed here are the author’s alone.