Future Tense

Practicing Good Personal Cybersecurity Isn’t Just About Protecting Yourself

Remember: The internet is a network.

509230618

g-stockstudio/iStock

Last Thanksgiving, while other people’s families were arguing about politics, my family and I managed to get into a fight over whether they should be paying more attention to the security of their computers and data. One insisted she doesn’t do any online banking; another pointed out that his email is incredibly boring; and, anyway, they pretty much all assume anyone who wanted to would be able to access everything anyway.

Computer security tools and tactics are a tough sell for many people: They’re not interested in learning about it, they don’t feel they have any particularly important data to protect, they can’t imagine that they would ever be interesting targets, or they don’t really believe they’ll be able to stop determined adversaries. I imagine those people (including my mother) feel about articles on how to configure a virtual private network or set up two-factor authentication roughly the way I feel about articles on how to turn old plastic bottles into sumo wrestler bowling pins.

I get it: You’re not an investigative journalist protecting sources, you’re not a criminal hiding illegal plots, and your work email consists mostly of passive-aggressive queries about moldy leftovers in the office refrigerator. But the security of your devices and your data does matter—for you, individually, and also for society.

You may not need to use a VPN constantly or activate two-factor authentication for every account or encrypt all your communications. But you should probably be doing all of these things at least some of the time. So even if you’ve convinced yourself that you have absolutely nothing to hide—that no one could conceivably be interested in the contents of your digital life—it’s worth taking 15 minutes to understand a few of the security options available to you and when and why you might want to be using them.

Rest assured, you have something to lose. You have money that can be stolen if criminals manage to find your financial information or account numbers tucked among your files and emails. You have work that can be lost if those same adversaries compromise your devices and delete the contents—or hold them for ransom. You’ve sent snarky text messages and emails, and you’ve searched Google for information about an embarrassing rash.

Protecting yourself online is about dealing with a lot of different threats all at once: your most hated colleagues, organized crime rings, and surveillance powers of both foreign nations and your own government. Many of the same technical tools that protect against one also protect against the others. So give up the idea that you, yourself, have nothing to defend and no one you need to defend it from.

Beyond just protecting your own self-interest, improving your computer security also benefits society at large. Even if your devices and communications contain absolutely nothing of any value to you or anyone else, they can still be used as weapons against others if compromised. For instance, your devices can be infected to become part of a bot and used to launch large-scale distributed denial of service attacks. Or your email account can be compromised and used to send emails to your contacts to breach their accounts. Or your computer can be used as an intermediary staging ground for routing an attack to its ultimate target, making it more difficult to identify the real perpetrator and easier to trick the target into accepting malicious traffic that appears to originate from an innocent or trusted network. Or the ransomware you accidentally downloaded could demand that you infect your friends in order to free your files.

Your online security has broader implications when it comes to government surveillance as well. You may feel you have absolutely nothing to hide from national governments, but there are probably some people whose work you think is important: political activists and journalists, for instance. Using tools such as DuckDuckGo, Tor, and Signal provides support for services that many people really do need, both by driving revenue or donations and by making these tools more ubiquitous and therefore better maintained. It also makes it harder to single out the people using these services and treat them as criminals.

If you’ve never gotten very worked up about digital surveillance because you’ve always basically trusted the U.S. government until now, this is a good moment to make it a little bit more difficult for it to collect and monitor all of your data. The U.S. government has vast surveillance powers, of course, and if it really wants to figure out what you’re doing, odds are good that it will find a way. But there’s value in making that process a little harder, a little slower, and a little more difficult to scale up and apply indiscriminately to the entire country.

Protecting computers and communications is ultimately about protecting people. And while the phrase “cybersecurity self-defense” suggests this is mostly about protecting yourself, that’s only one reason to finally learn about all the technologies you’ve been conscientiously avoiding for years. Ramping up your cybersecurity practices is as much—if not more—about protecting other people as it is about protecting yourself.

This article is part of the cybersecurity self-defense installment of Futurography, a series in which Future Tense introduces readers to the technologies that will define tomorrow. Each month, we’ll choose a new technology and break it down. Future Tense is a collaboration among Arizona State University, New America, and Slate.