Who is responsible for net user security?

Who is responsible for net user security?

Summary: It might be easier and cheaper than ever to connect to the Internet, but the security threats facing users are also greater than ever. But who is responsible for the security of these users?

TOPICS: Security

It might be easier and cheaper than ever to connect to the Internet, but the security threats facing users are also greater than ever.  But who is responsible for the security of these users?

BBC News has a report on a survey of 2,441 people carried out for a UK government-backed online safety campaign which shows that fewer than half feel that the job of keeping their system secure was down to them.  What is more interesting is that one in six feel that it is up to the banks to do more to protect them online.  Also, almost one in 10 of those surveyed had been a victim of online fraud within the last 12 months.

[poll id=117]

The problem with security is that it's a complex subject and the landscape is constantly changing.  Also, despite what the security companies say, there is no "one stop" protection package that protects users against all threats, and even if there was, it would still come down to the end user making some critical decisions about what to install, what sites to visit and who to allow access to their system.  On top of that, there's no guarantee that the systems put in place will work when they're expected to.  It's a bit like driving safely and always wearing a seatbelt – it’s still no guarantee that things won't go wrong.

The way I see it is that there are a number of bricks and mortar companies (banks and retailers especially) of gently encouraging customers to use web facilities because it saves both time and money.  Most companies take simple precautions to protect online accounts by using SSL and requiring usernames and passwords, while banks take this a step or two further by asking for certain characters from your passphrase and so on.  But considering the risks, these security measures don't seem like nearly enough.  To be honest I really don't understand why all banks don't offer security tokens to customers.  If PayPal can do this for free to business customers and for $5 to others, given the profits that banks and credit card companies pull in, this should be a trivial cost.

I think that more could also be done to offer basic security software to customers at various stages.  For example, a 15 day trial of a security product shipped with a Dell or HP is just another craplet to uninstall, but a pre-installed product with 12 month subscription would be worthwhile.  Similarly, free security software from ISPs and modem/router manufacturers would be a good idea and benefit everyone.

The lack of security on home PCs is affecting everyone on the Internet, no matter whether you're a business or not.  It's time to make it a lot harder for the bad guys to find and make use of unprotected PCs.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Security is not a Home User problem

    Asking the home user to secure themselves is stupid. It is akin to having someone defend themselves in court without a lawyer. Sure, you are going to have that 1/2 percent do it effectively but the rest will fail. Security isn't something that Joe Average can do.

    You have to leave security to the people with the resources and the know how. Banks are going to be far better equipped to handle security than home users. If the banks want home users to bank online because it saves money then the banks must provide the security.

    Providing security software (free or not) does nothing for a home user if they have to manage it. If the home user manages it the security will take a huge hit.
  • The user. Period.

    Time for people to take some responsibility for their actions (or inaction as it may
    • So tell me

      Are you going to refuse to do business on the Net until someone offers you a reasonable degree of security, or are you going to start your own bank?
      Yagotta B. Kidding
  • Reasonable requirements

    Having done business in Europe, I continue to be amazed at the <expletive> excuse for security offered by US financial institutions.

    A SecureID token generator combined with password actually provides reasonable security, and was standard in Europe before US banks were forced to stop using <expletive> four-digit PINs as their only online authentication.

    The current "standard" of password/PIN or password/textpad are barely better than the PIN was.

    Anyone who wants to claim that online security is up to the user glosses over the fact that users can only choose better security if [b]someone[/b] offers it.
    Yagotta B. Kidding
    • Other simple precautions...

      ... used in the UK involve identifying you in a number of other ways. For instance many banks store details of your IP address (if static) and your PCs gross characteristics - processor, memory, hard disc capacity, etc.

      It means that if you upgrade or change you PC you need to call the bank so they can re-read and store your configuration because if you fail this test you won't even get the chance to enter a password.