I know that the news has many people left wondering that as well. It’s hard not to, when it seems like every other day there’s a report of some new compromise somewhere.
As you might expect, I have a slightly different perspective.
1) I don’t believe things are as dire as they seem.
2) I don’t believe avoiding the internet will help.
Become a Patron of Ask Leo! and go ad-free!
What makes “news”
One of the things that’s important to remember is exactly what makes “news”.
The commonplace, the average, the expected … these things don’t make news. Things that are routine don’t get reported as news.
News, almost by definition, means that something is exceptional or unusual.
Think about that for a minute. The mere fact that something is being reported on the news means that it is something that is not common. It might be big, it might be exceptional, it might impact a large number of people, but the reason it’s making news is that it was unexpected or unlikely.
It’s the uncommon and sensational that cause people to pay attention to the news, and that’s exactly what gets reported.
So, if you follow that logic, data breaches being reported as news mean that data breaches, in general, are not common.
Pandering for your eyeballs
Note that I said the uncommon and sensational.
One of the trends in the current media is that if something isn’t sensational enough, the news outlets do everything they can to portray it as such. With over-stated headlines and stories, media outlets compete with each other to get the most viewers, the most readers, and the most clicks. As a result, the actual severity of the story, the importance of the story, and the practical impact of the story on the average reader/viewer is left by the wayside.
So what do we see? News outlets, social media sites, even forwarded emails parrot the over-sensationalized story, making it out to be much worse than it really is, simply to attract your eyeballs.
Same news from different sources is still the same old news
The concept is very simple: when the exact same story from the exact same source is repeated, or “echoed”, by many different channels of information, it begins to appear as if it were many independent sources all arriving at the same conclusion.
It’s not. One source is still one source, no matter how many different places you hear it.
If you saw only one report of an incident, you’d probably give it no second thought. Seeing that same single report from several different venues, however, gives the impression it’s more important, since everyone’s reporting it. It’s not, necessarily. It’s still one story, from one source.
It’s almost impossible these days not to get that same story thrown at you from dozens of different venues. Radio and TV, to be sure, but throw in online technology and social media, and all of a sudden we’re inundated by everything – both important and trivial – with no real distinction between the two.
My point, of course, is that data breaches aren’t happening as often as you think.
They do happen, of course, and they do impact individuals. But it’s not “hackers gone wild”. At least not yet.
No matter how many times you hear of it.
Attacks happen from the other side
Of course everyone is quick to blame “the internet” (or “the cloud”) when breaches happen. Many people, such as yourself, may be thinking that both are things to be avoided as a result.
Not at all.
First, “the cloud” has been there all along. That thing we call “the cloud” is nothing more than online service providers and the servers used by the companies we do business with. If you’ve been using email for any length of time, you’ve been using “the cloud” since the day you started.
You might consider filling out paper forms and taking them physically to your bank or other institution, but you know what? Guess where that information goes once you hand it over or (snail) mail it in? It goes onto their servers, which are likely connected to the internet anyway, as a critical part of their operations.
The fact is that most of the breaches we hear about aren’t from any path that you or I have control over. It’s the back side, the internal systems, that most commonly get compromised when a hack is successful. Your actions wouldn’t have made any difference whatsoever in whether or not you’d be impacted.
Not all companies get it right
That puts the onus on each company holding our data to do it securely.
And most actually do. If it were otherwise, compromises would become commonplace and get reported in the equivalent of the local police blotter every day. In fact, much of the commercial infrastructure would simply collapse, or come to a halt, if hacks were really that prevalent.
But certainly some companies get it wrong – sometimes embarrassingly so – at least from a technical perspective.1 And, indeed, those companies should be held accountable.
When that has happened, however, most companies are quick to remedy the situation and follow up with various forms of support to the individuals affected – the most common example being free credit monitoring for some period of time.
Hacks happen. Just not as often as it might seem.
What I do
As you know, I’m all about technology and the opportunities it offers.
So it should come as no surprise to you that I’m pretty much “all in” when it comes to online services, both personal and business.
I don’t do so recklessly, however. I pick and choose what companies and services I do business with, based on reputation and my experience with the technologies they use. I select, or not select, services offered based on what I might feel as their potential for getting it right … or wrong. As an example, when my American Express card was somehow compromised some years ago – while I was out of town, no less – I heard about it from American Express. And they overnighted me a replacement card, in time for me to pay my hotel bill. 🙂 That kind of experience leads me to feel comfortable using their services even more.
Of course, I take sensible precautions – the same precautions I outline in The Ask Leo! Guide to Staying Safe on the Internet. I’m just like anyone else; those steps apply to me just as much as they do to you.
You can be safe
I don’t think that the average online user – which I assume describes you – needs to be overly paranoid when it comes to using most online services. Aware? Yes. Conscientious? Of course. Careful? Absolutely.
But by following basic safety principles, understanding what is and isn’t “news”, and doing business with trustworthy organizations, the opportunities – and sometimes the requirements – that the internet presents can be navigated safely.
If it were otherwise… well, I’d be in a whole lot of trouble. 🙂