I'm frequently appalled by the complete lack of security that people display, and I've written several articles about this. This is most apparent in the field of IT, and ironically, IT security is probably the easiest form of security to implement.
I recently watched an excerpt from a BBC programme warning people about the dangers of transmitting personal details over insecure public wifi networks. The people involved were shocked that somebody could hack into anything that they logged into via these wifi networks.
So, in short, these people were surprised that an insecure network is less secure than a secure network. Is there a better definition of a moron?
Seriously. Why would anybody think it's a good idea to transmit their personal details and various login details over a network labelled as "insecure"? How much more obvious does it need to be that it's not a good idea?
I've never understood why so many non-techies are so relaxed with their IT security. Non-techies are aware that they do not understand technology very well, so they should go out of their way to understand the security implications of the technology they're using. To techies, it just comes naturally. We understand exactly how it works, so we know what can and cannot be done with it by malicious people.
If you are not a techy person, you should find out exactly what is safe, and what is not safe. Here's a starter: insecure wifi networks are not safe to transmit anything you would not tell a total stranger, no passwords, no credit card details, nothing. Stop logging into your online banking via these networks.
People often say to me that there are so many things that you shouldn't do with computers, and so many companies losing your personal data that IT itself is now very scary. But I disagree. I think it's the fact that so few people are scared by IT security that is the scary thing.
There are so many people who are responsible for your personal data who are not bothered enough by IT security to really look after it. There are even more people who are completely irresponsible with their own data that in my opinion, they deserve to be defrauded.
People are quite literally doing the online equivalent of leaving their front door open, with their full set of keys by the front gate, and are adveretising it with a massive poster at the end of the street with their full address. If you did that, your insurance company would quite rightly say that you deserved to have your house ransacked and would not pay out. The same is true with your IT security.
I should also bring the Data Protection Act to your attention. This act covers what you can do with other people's information, whether stored in a computer, on paper, or in your head. It also outlines your responsibility that you have towards that information. You cannot, for example, give somebody's phone number to a friend if they have asked you not to, or if it would be reasonable to assume that they would not want you to give it out.
The same is true with IT.
If somebody emails you, their email address is now stored on your computer and you are responsible for it. You can either remove that responsibility by completely destroying the data, or you can look after it properly. If your computer becomes infected with a virus, and it steals their email address and passes it on to spammers, you have failed in your responsibility to look after it and are technically liable to prosecution under the Data Protection Act.
Most people are either ignorant of this fact, or can't be bothered to take it seriously. But I take it very seriously. I give all of my friends a unique email address to contact me. If that email address becomes compromised, I know exactly who hasn't been looking after my personal data (as it's a unique email address), and so I know exactly who will never be able to contact me again when I block that email address completely.
In the 21st century, IT security is deadly serious. The media have invented the term "identity fraud", which is bollocks because all fraud is identity fraud. That's what fraud means.
But just because it's a bullshit term used to sell more newspapers and to sell worthless insurance, doesn't mean that you can ignore it. You can quite literally be bankrupted by fraud and you'll never get it back.
You should take your IT security just as seriously as every other form of security. If you don't, you've only got yourself to blame. Ignorance of the technology is no excuse.
