I was listening to one of my favorite podcasts MacBreak Weekly, Episode 518. Host Leo Laporte was suggesting a new direction for Apple. They would have a central online location for all of a user’s files. The way I understood it that would be everything, pictures, documents, spreadsheets, music, EVERYTHING! It’s a good idea in theory but in terms of the real world today I thought that was a horrible idea.
You might not be old enough to remember but there was a time when computer speeds and features were increasing exponentially. They went from 90MHz to hundreds, then GHz and eventually multiple cores. At the same time the web was starting to take shape and modems gave way to high speed internet and wifi routers. At the time I think manufacturers wanted users to drive adoption of the technologies. Everything was made to work out of the box with no “geek” knowledge required. It was being aimed at the mainstream in order to help drive the adoption and further the advance. As things changed however no one stopped treating users like idiots. I think that is a part of the reason why passwords are constantly a weak point in a user’s online and computer security. The reason tools like password managers are little known or less used to create different and secure passwords. It’s the reason most Wifi routers are not properly and securely setup. The reason backup is a little known and little used resource. Even though the two major OSes right now include built in tools for it.
Lately data breaches at major companies are a common occurence. Even as a warning to this all in one place idea is the Dropbox breach. Here is a company where users data is stored in the cloud and they were breached. So putting all of a users’ data in one location is like dangling a carrot very closely in front of every hacker. Users will still create ridiculously simple passwords or do other things to compromise the security of their accounts. Then like having one password on multiple accounts. Hackers only need to break into one location to steal a treasure trove of information and data. Instead what I would like to see is someone step up to the plate and teach users. Create a free, easily accessible and widely promoted resource. Make it well known so that with zero barriers to entry it’s as close to mandatory as you can get for users. A resource that doesn’t leave the onus on the user to seek out the knowledge. A resource that is a one stop shop to teach users things like, why a secure password is needed, why they should create a different and secure password for each online account, how to create secure passwords, using a password manager to create and store secure passwords, how to tell the true destination of a link, online and email etiquette to keep the user safe, how to spot phishing emails, etc. Teach them all of that and more in order to raise the knowledge of users worldwide. The best part is that the benefit of it would be ten fold because more educated users would bring that knowledge to work. Work more closely with IT staff for the security of the network. They would be less likely to click that phishing link, open an infected attachment and use more secure passwords. Then those users will spread their knowledge and point others to the resource. I’ve also thought for a long time now that with the prevalence of computers schools should be teaching computer use from an early age. Rather than wait until they are older why not teach children about how to use a computer. Classes like touch typing should still be available in high schools like it once used to be, no more touch typing anymore, why don’t schools teach typing anymore. The lessons would increase in complexity as the children move to higher grades. Instead right now computers and technology are left as something children will enivitably discover for themselves. Teaching them important lessons about online and data security, scams, using social media and all the other tools. Instead of letting them figure it out for themselves would have such a great impact. On their skills, on their lives and on the world in general.
The next change that I think needs to happen is for corporations to look to the future. Look at future profits instead of current profits and invest in their networks and employees. Right now people don’t even bat an eye when a large corporation’s network is breached. How about those corporations invest in their hardware, software and employees. Make the necessary upgrades to their networks in order to patch and eliminate vulnerabilites. Make it either required or easier for employees to be trained about using computers. A lot of employees don’t know any more than the software that is needed to do their jobs. IT is tasked with the seemingly impossible job of protecting the network from anything dangerous including their own users. How many employees have clicked on phishing links, virus infected attachments or un-knowingly installed malware or worst on their computers? When asked to create a long and secure password the answer is always the same, Why? Users don’t understand the need for the secure password which makes it seems like cruel and unusual punishment. If the user knew the reason behind creating a secure password they would understand the why. This is just one example of how increasing their knowledge can be a benefit.
Maybe then users could be given the option of having all their data online in one location. When they would be able to use the service in a way that doesn’t put their data at increased risk. By using simple passwords, clicking links in emails and entering their credentials on a phony site or Installing malware, keyloggers or doing any other potential self sabotaging things.