What cybersecurity threats should most worry you?

How to Figure Out What Cybersecurity Threats You Need to Protect Yourself Against

How to Figure Out What Cybersecurity Threats You Need to Protect Yourself Against

The citizen’s guide to the future.
Feb. 3 2017 9:42 AM
FROM SLATE, NEW AMERICA, AND ASU

What Cybersecurity Threats Should Most Worry You?

How to figure out whom you need to protect yourself against.

security.
Where to start?

Rawpixel/Thinkstock

160823_backToArt

When it comes to your data—be it Facebook posts, emails, or credit card information—there is a lot to worry about. Recent years have brought us a slew of cyber breaches and attacks that have put millions of people’s financial data on the black market, exposed company secrets, and maybe even swung the 2016 presidential election. With so many attacks, it can be difficult to know where to start protecting yourself.

The important first step—something that’s often overlooked—is to figure out what and whom you are worried about. If you are in the middle of a nasty divorce and custody battle, your emails and social media posts could be a lot more sensitive than if everything is going along smoothly in life. And just as life circumstances change, your cybersecurity priorities may change too.

Advertisement

Let’s start by considering whom you are afraid of. There are a lot of ways to break this down, but I think there are a few major categories that can effectively guide almost all of your decisions.

1. Criminal hackers: This group, obviously, attacks basically any system they can get access to. They may put a virus or ransomware on your computer, intercept your credit card number, or hijack your social media account to post spam. While their targets are broad, their goal is generally to make money off what they steal. Note that there are other kinds of hackers (kids messing around, snoopers, etc.), but any measures you take against the more dedicated criminal hackers will work for all types. If you are worried about hackers, you want to take measures to lock up your systems and data to make it hard to access and difficult to use if it is accessed.

2. Marketers and legitimate business: There is a perfectly legal market for our personal data. Social media and advertising companies sell access to it. Data brokers sell the information and derive insights. They know all kinds of things about you, from your grocery store purchase histories to your public court records. Some uses of your personal data are benign or even helpful, like helping you find a movie to watch on Netflix. But it can also be used for things like “personalized” pricing, where companies raise prices on items they know you want, or to track your every move. Or maybe you just find it creepy. If you are worried about this group collecting and using information about you, you want to take steps to hide your identity and use platforms that are encrypted and/or ephemeral. The less of your information they can access, the more protected you are.

3. Other people: Maybe you don’t want a friend to know you ditched her party to go on a date. Maybe you don’t want an opposing lawyer to find incriminating information about you. Maybe you’re a gay teenager and don’t want to be outed to your conservative family. In these kinds of cases, you will want to implement effective privacy settings, encrypt some data, use some ephemeral platforms, and delete other information.

Advertisement

4. Governments: We have been given plenty of reasons to worry about the U.S. government accessing private data (remember PRISM?), but other countries have much scarier records regarding the collection and use of people’s private data—including sending people to prison for their online activities. Governments have far more resources and control than any other group on this list, and the steps to take to protect your data from them—be it your own government or foreign powers—involve the use of more intense technology to cover your digital tracks and encrypt your communications.

It’s reasonable to have some anxiety related to all these groups to some degree, but knowing how much you worry about each group will guide your decisions about how to protect yourself. For example, if you are organizing a dinner party, you might send that information through social media with good privacy settings. If you’re organizing a resistance movement, you may want to use encrypted communication channels with ephemeral (i.e., automatically deleted) messages. The more protective options, like using the Tor browser, can be slow or disruptive compared with using standard technology. Knowing what is counterbalancing the inconvenience makes the decision easier.

For some people, their web histories and searches may require protection. For example, if you are getting divorced, you may not want your ex or kids seeing that you have visited certain social media or dating sites. There are tools that can help protect all of this information. Some are straightforward features to enable or apps to download; others are relatively disruptive in the process of protecting you.

From these personal insights, you can develop your own mix of cyber self-defense technology. An activist might eschew email for anything other than online shopping and account registration, use encrypted text and data apps for her organizing activities, and turn on basic security layers for personal social media and online activities. A wealthy retiree may only text and make phone calls to family members. If these communications are not especially sensitive, he may opt to take minimal cybersecurity measures. But he may be concerned about protecting his financial data and opt for using virtual private networks and other security enhancing tools when working online with financial information.

Advertisement

This month, as part of our Futurography series on cybersecurity self-defense, we will introduce a set of tools you can take advantage of for your cyber self-defense. For each how-to, we will indicate which of these groups it helps protect you from and rate the difficulty level. “Easy” projects involve downloading an app or installing an extension, no fancy configuration required. “Medium” projects are on the same difficulty level as setting up a simple email account. There’s no technical expertise required, but you will have to look for the right boxes to check and places to input information to get them configured. “Hard” projects require some technical know-how if you want to understand what you are doing. We will put a scale at the top of each project so you know if it’s right for you.

170201_FUT_difficultyScale_BLANK

What worries you about your online security? What protective skills do you want to learn? Tweet @FutureTenseNow and let us know.

This article is part of the cybersecurity self-defense installment of Futurography, a series in which Future Tense introduces readers to the technologies that will define tomorrow. Each month, we’ll choose a new technology and break it down. Future Tense is a collaboration among Arizona State University, New America, and Slate.

Jennifer Golbeck is director of the Human-Computer Interaction Lab and an associate professor at the University of Maryland.