By Todd Dooling
As an adjunct instructor at a university, I have the privilege of working with men and women from all over the world. They vary in ages and experiences significantly. However, they do tend to have one thing in common — they like convenience. They like convenience so much they are willing to accept significant risk from a security perspective.
What is particularly astounding is when I discuss the risk, I am often met with a shoulder shrug. Why? Without exception, these men and women are appalled by news of security breaches, which expose very personal information to “the bad guys,” and yet they are reluctant to alter their behavior in any way that might make their online, interactive experiences less convenient. I ask again, why?
Today, everything is connected. The “internet of things” has become a convenience we all want. We want to use our smartphones to conduct all our personal business. We don’t want to be bothered with strong passwords that are different for each of the services we use each day. We don’t want to be bothered with changing our passwords periodically. Why? Do a few extra seconds really take away from the experience?
There is one additional facet that should be considered in the context of convenience versus security. That is the overlap between our personal and professional lives. Bringing your own device and working from home have blurred the lines between what we do on our time and what we do during working hours. Couple this overlap with our desire for convenience and we, potentially without knowing, are accepting risk for ourselves and for our employers.
Picture this: It’s early morning and you’re hanging out at your local coffee shop using the free Wi-Fi to catch up on your banking. Does this sound familiar? It should because many of us do it every day. Do you know what could be lurking in the background on that public Wi-Fi while you pay bills and transfer money?
A common method of accessing your personal information while you are working on a public Wi-Fi network is using a malicious hot spot. These rogue hot spots make you think you are connecting to a legitimate network because the name sounds reputable. Consider this: You are at ThePerkHouse coffee shop. You open your laptop and search for a Wi-Fi network to which you can connect. You see several. One might read “ThePerkHouse Inet” and another might say “ThePerkHouse Wifi.” You may think you’re selecting the correct one when you click on “ThePerkHouse Wifi,” but you haven’t. Instead, you’ve just connected to a rogue hot spot. The cyber criminal who set it up is sitting in the same coffee shop enjoying a cup of coffee and recording everything you do.
What about your passwords? Think about all the activities you conduct online and all the places you log in to in order to conduct those activities. There are many very common password mistakes people make that significantly increase their risk of experiencing a security breach. The top error people commit is using the same password everywhere. It’s convenient, but if you are breached everything is breached. The next most popular password error is using personal information in your password. Names of children, parents and pets are very common.
I certainly do not want to discourage anyone from enjoying all the convenient benefits available to us through technology, but I do want each of you to ask yourself if a few extra seconds really matters. One need only use their phone as a hot spot and purchase a password vault for their smartphone to avoid the risks I discussed. I challenge you to consider the question of convenience versus security in your own life. Ask yourself, Is your convenience really more important than your personal information?
• Todd Dooling is a senior adjunct faculty member in the California Lutheran University School of Management.