Online fraud now affects almost one in 10 of us, and according to the official guidelines, one of the best things you can do to defend yourself against it is to create a strong passphrase – that is a password made up of a few memorable words strung together, such as “WhyGoToAllThatTrouble?”, for instance. One you’ve applied the passphrase, you should leave it be rather than regularly changing it, as was the old government line on fraud protection.
Simple, in theory. The problem is, you can’t just think about doing it, you actually have to do it. But as Joseph Ferrari, professor of psychology at DePaul University, Chicago and author of Still Procrastinating? The No-Regret Guide To Getting it Done explains, for a number of us it is not that simple. “As my Italian grandmother used to say: ‘Some people don’t get off the beach until the water hits their behind.’
“Everybody procrastinates, but not everybody is a procrastinator. Twenty per cent of men and women are clinical procrastinators, in school, at home, at work, in relationships. Though it is often treated as a light problem, clinical procrastination is not a matter of poor time management,” he explains. “To tell a clinical procrastinator ‘just do it’ would not work – it’s like telling a clinically depressed person ‘just cheer up’.”
Whether you are a casual or clinical procrastinator, it is not just inappropriate passwords that are leaving us vulnerable to digital fraud. Vince Warrington, director of cybersecurity service Protective Intelligence, says software such as operating systems, web browsers, anti-virus and malware protection these days tend to be self-updating. But, he adds, an alarming number of people continue to run outdated software, such as Windows XP, which is no longer supported by Microsoft, unaware that their computer is therefore outdated and vulnerable to attack.
“Although people like to stick with the familiar, it makes an awful lot of sense to move to modern versions of software … I fear many people do not make the jump because they don’t know how to do it, or are worried that updating might make their computer stop working,” explains Warrington.
Anas Baig, cybersecurity consultant at PureVPN, agrees it’s a problem. “Many people don’t update software simply because it’s time consuming,” he says. Baig highlights research carried out by insurance firm Insureon last year, which revealed that one-third of small business owners surveyed admitted to only updating their antivirus and malware software “sometimes” or, in some cases, “never”. As the survey concluded, this was a pretty shocking revelation.
Warrington’s company recently ran a survey of 2,000 people, which found 25% never backed up their desktop computers or laptops. On this basis, he says: “I would estimate the figures would be very similar for keeping software updated if it were not for auto-updating.”
When it comes to offering security to customers, an increasing number of companies are opting for two-factor authentication, or 2FA, which requires not only a password and username but also something that the user has on them, eg a bank card. But the success of these systems relies on consumer uptake, which Warrington suggests may be problematic: “The most common 2FA method used by websites requires the use of a mobile phone or tablet to send the code to, and I suspect many people will see it as an inconvenience rather than an essential security tool.”
Users not making their data more secure on social media accounts, where many of us share a huge amount of personal information, is yet another way we are playing into the hands of cybercriminals. A number of companies involved are slowly making steps towards “privacy by default” for users.
But, Warrington explains, the need for social media companies to be able to access your personal data, in order to sell advertising, means privacy controls will always be set fairly low by default and will require the user to make a conscious choice to alter the settings. “People are becoming more aware of how to protect their data on sites, but I have run security awareness training courses … half of the people on every course have not bothered to change their security settings on social media sites, allowing me to demonstrate just how much information a stranger can discover about them with minimal effort.”
With so many cyber attacks avoidable if we only took the time to safeguard ourselves against them, Ferrari’s advice is simple: “So often the tendency is to wait until tragedy strikes before we take action, but we need to stop making excuses – get on with it.”
