On Sept. 15, Yahoo announced that data from at least 500 million user accounts had been stolen in late 2014. As one of the most extensive cybersecurity breaches ever, it is even more alarming that Yahoo’s executives did not realize what had happened until recently. While this news surely came as a shock to many users, I cannot genuinely believe that this breach will change an individual’s approach to online security. There may be a sense that something bad has happened, but because it appears that no immediate change is needed, it is likely that none will occur. The problem is not that we are unaware of the issues facing the world today, but rather that we are reluctant to take simple actions to repair cybersecurity weaknesses even when doing so is in our best interests.
A prime example of this informational osmosis, whether passive or active, is our generally blase attitude towards online security. A recent survey showed that 75 percent of respondents expressed some concern over email hacks and identity theft. It would seem odd then that 37 percent would say that they have no security enabled on their mobile devices and that 44 percent use the same password for multiple accounts. While this may be a relatively small sample size, it is indicative of a larger issue facing technology users. We have no problem with learning and understanding the dangers of poor online security, but when it comes to actually taking the precautions of changing passwords and implementing two-factor authentication — where a secure key is messaged to phones as an additional security measure — people tend to be complacent with the risk and avoid action.
That is not to say that companies should not be held accountable. Yahoo’s CEO, Marissa Mayer, is partly responsible for the recent security problems in their online resources. She believes that it was more important to develop a user-friendly platform and design new products than improve security and even objected to a mandatory password reset after a breach, for fear of causing inconvenience to users. Other tech companies like Apple, Facebook and Google have prioritized online security, and all companies handling personal user data must follow suit. But when customers express frustration with added verification tools, they are telling these corporations that they do not value their own privacy and safety.
Both people and the websites they visit must be willing to take action in the interest of online security. Hacking scandals have begun to make headlines with worrisome regularity, and waiting to implement extra cautions until one affects us personally would be too late. The responsibility to secure servers falls on companies first, but by opting for safety over convenience, users can protect their privacy on increasingly treacherous networks.
Opinions expressed on the editorial pages are not necessarily those of WSN, and our publication of opinions is not an endorsement of them.
Email Jack Campbell at [email protected]