Who is responsible for net user security?
It might be easier and cheaper than ever to connect to the Internet, but the security threats facing users are also greater than ever. But who is responsible for the security of these users?
BBC News has a report on a survey of 2,441 people carried out for a UK government-backed online safety campaign which shows that fewer than half feel that the job of keeping their system secure was down to them. What is more interesting is that one in six feel that it is up to the banks to do more to protect them online. Also, almost one in 10 of those surveyed had been a victim of online fraud within the last 12 months.
[poll id=117]
The problem with security is that it's a complex subject and the landscape is constantly changing. Also, despite what the security companies say, there is no "one stop" protection package that protects users against all threats, and even if there was, it would still come down to the end user making some critical decisions about what to install, what sites to visit and who to allow access to their system. On top of that, there's no guarantee that the systems put in place will work when they're expected to. It's a bit like driving safely and always wearing a seatbelt – it’s still no guarantee that things won't go wrong.
The way I see it is that there are a number of bricks and mortar companies (banks and retailers especially) of gently encouraging customers to use web facilities because it saves both time and money. Most companies take simple precautions to protect online accounts by using SSL and requiring usernames and passwords, while banks take this a step or two further by asking for certain characters from your passphrase and so on. But considering the risks, these security measures don't seem like nearly enough. To be honest I really don't understand why all banks don't offer security tokens to customers. If PayPal can do this for free to business customers and for $5 to others, given the profits that banks and credit card companies pull in, this should be a trivial cost.
I think that more could also be done to offer basic security software to customers at various stages. For example, a 15 day trial of a security product shipped with a Dell or HP is just another craplet to uninstall, but a pre-installed product with 12 month subscription would be worthwhile. Similarly, free security software from ISPs and modem/router manufacturers would be a good idea and benefit everyone.
The lack of security on home PCs is affecting everyone on the Internet, no matter whether you're a business or not. It's time to make it a lot harder for the bad guys to find and make use of unprotected PCs.