Law enforcement agencies are warning about the prevalence of cybercrime as part of National Cybersecurity Awareness Month and offering valuable advice on how consumers can protect themselves. Although such information is helpful, the effort sidesteps the primary concern: Are large companies in possession of huge databases of private information doing all they can to protect their consumers from becoming victims of cybercrime?
An analysis by the nonprofit World Economic Forum suggests companies dependent on online customers are not all up to the task of combating the burgeoning army of hackers and planters of malware. Reports also point to a shortage of qualified cybersecurity experts available to staff the front against cybercrime, with more than 1 million such jobs currently unfilled. Perhaps that merits a discussion of boosting job readiness training in high school and within higher education, but that’s for another day.
The primary responsibility for guarding against online security breaches falls to those companies and institutions with whom users entrust information they have solicited. The frequency and prevalence of large data breaches do not give consumers much confidence their information is always adequately protected. The recent breach of Facebook accounts that potentially exposed the private information of 50 million of the company’s users is one example. Google shutting down its Google Plus social network after a security vulnerability exposed 500,000 users’ private data is another. In these cases, the only foolproof protection a customer could have mustered on their own behalf would have been to never sign up for an account in the first place.
For the consumers who do sign up, the results of cybercrime can be devastating. More than $5 million was lost last year in Utah due to cybercriminal activity, according to the Department of Public Safety. Stuart Madnick, founding director of the Cybersecurity at MIT Sloan Initiative, says the situation should prompt a culture change in which consumers recognize their gullibility for phishing scams, while companies become more circumspect in sharing customer information.
However, from the consumer point of view, posting personal information is integral to most social media participation, and if people want an account with any number of online retail entities, they will be required to hand over financial information. Consumer gullibility aside, it is an ethical and legal obligation of those companies to protect that data.
While cybercrime is prolific and damaging, the world hasn’t come to the point yet where large numbers of consumers are refusing to share private information online. And with so much of modern commerce conducted in the online world, avoiding it is neither practical nor desirable. So while citizens are being encouraged to be vigilant in protecting themselves, large companies must not lose sight of the need for private and public interests to prioritize an investment in security measures. Patrons deserve fewer worries about their exposure to the malicious intruders of the cyberworld.