Every day we hear about some new internet scam defrauding people of their hard earned money. It isn’t like crime is a new phenomena by any means. As long as there are people there will be a fraction who endeavour to make money the easy way; by preying on others. Unfortunately the ubiquity of email, wireless communications and on-line financial transactions has provided new, rich pastures for the criminals and more dangers for the unwary. Right now there is an “electronic” battle going on between “good” and “evil” and my senses tell me that evil is beginning to get the upper hand. Even if you aren’t a direct victim we are all indirect victims due to the increasing cost of “manning the battlements”. Whilst I wouldn’t ever dare to suggest that we don’t continue to fight the good fight on the current “front line” perhaps we also need to begin to tackle the root cause of the problem; lack of education of the victims.

As people who are much more techno-savvy than the average person, and very much in the minority, it is relatively easy for us to provide our own protection. The point being that we are more “educated” about the dangers, the ways to avoid those dangers and to fix things if our “defences” get breached. When I was working in the Process Industries understandably safety was always a very high profile issue. I was often involved in doing safety assessments for chemical plants and guess what was the most difficult element to predict and usually the weakest link! That’s right, people. So what did we do to help mitigate the “people risk”? Education, education and yet more education to the point where people behaved instinctively when faced with a dangerous situation. If the “electronic” criminals don’t have an “audience” then they wouldn’t have a motive.

Many of the people who get ���taken” may be employees of the company that you work for or their family members or friends. When I am teaching Windows and Office to the “average” person I always ask if there are any general questions that I can answer. Invariably I get asked about “internet/wireless security issues”. Most people are either “very ignorant” which tends to scare them away or “misinformed” which can be even more dangerous. They desperately want to be part of the electronic age, which is increasingly difficult to ignore, do on-line banking, get discounts for on-line shopping, etc. or simply know at least half of what their kids know :).  Unfortunately children rarely have the patience or interest in teaching their parents.

The big box stores are not really helping when it comes to “wireless”. Home “wireless” networks are pushed very heavily these days emphasising affordability, ease of setup and convenience but rarely do they warn the customer of the potential dangers. Many people go home and set things up as it comes out of the box and are totally oblivious to the fact it is wide open. I don’t know about you but it is rare that I go anywhere and cannot find at least one open network connection. There are several in my neighbourhood. People simply don’t read the manual. Even if they do they don’t understand most of what they read. I believe that the router manufacturers could do a better job of helping the average person, not by providing a help line for example, but by making the set up and maintenance of a secured network totally foolproof, eg. you are not permitted to operate the wireless component of the router without at least WPA encryption, changing the SSID, disabling broadcast, changing the default channel, MAC filtering, limiting the number of IP addresses, etc.. By foolproof I mean that the purchaser is led through the setup by some very simple wizard supplied on a CD and software takes care of the background technical stuff.

The “baby boomer” generation (I am a card carrying member :)) is probably one of the least knowledgeable (hopefully not in my case!) but one of the fastest growing. This group often has disposable income (not necessarily in my case!) and therefore makes a good target, or lacks income and therefore is more likely to forget, “if it looks too good to be true…”. Also, I often get asked by friends or my wife’s friends for help. I try and do my part but I feel like the little Dutch boy with his finger in the dike. We need a much more coordinated approach.

Although there is a wealth of information on the internet it rarely gets explained in words of one syllable. Our industry is full of “eye rolling, yawn inducing techno-babble” for the average person. Besides the average person is only interested in “show me” and not “go and read this”. I firmly believe that those “in the know” have a responsibility in life to help those who aren’t. As an IT Manager you are in a great position to start to educate your company’s employees in simple terms that they can understand and in terms that they can teach others and so on. I would even hazard a guess that people would be willing to give some of their own time to get the benefit of such knowledge. Human nature being what it is I would equally hazard a guess that they would feel good about educating family and friends. If we are to begin to counteract the current “evils” we need to raise the knowledge level of the average person and we need a ground swell to make people feel that they are taking back control of their “electronic” lives.

There are many parallels in history where the “oppressed” eventually rise up against their oppressors. This usually happens when people see and feel “leadership” and start to feel strength in numbers. The repressed anger becomes “infectious”. Right now the vast majority of people feel like isolated individuals left to the mercies of an increasingly complex and dangerous electronic world. It’s about time that we started “taking back some of the ground”.  

Providing more sophisticated technical safeguards to counter increasingly sophisticated attacks won’t solve the problem. That is at best a holding position. Ultimately, only the people as a whole can solve the problem by “drawing a line in the sand” but they don’t know how. To fight we need to train the “soldiers” how to defend themselves better. One could even argue that government has a responsibility to start free public programs to help. After all we are dealing with a problem that is now akin to a “disease” which has become a major social problem and is costing us all. Unfortunately, so far, government has tended to take a legal and policing approach and not an “education” approach to things. We need a form of “social health care”. I confidently predict that “electronic” crime will continue to increase steadily unless we help to take away the “victims”. I do not expect to eliminate the problem but I would like to think that we can put a substantial dent in the criminal’s “armour” through education.

Give serious thought to starting a program within your company and/or in your community. I assure you that you will have a very willing and grateful audience. It is only through regular, hands-on education that we will begin to make headway in solving this increasingly serious problem.

Cheers

Graham J.