Why do people ignore computer security like they do preventive medicine?
In order to live a health life, I’m going to make a big assumption that everyone knows they need to eat right, exercise and visit their doctors and dentist on a regular basis. Everyone learns these things in school, many start ignoring these things in college and by the time many join the workforce, they’re paving the way to an early grave by completely ignoring everything they’ve learned. While everyone wants to remain healthy and illness free, many people’s behavior suggests otherwise. Why is it that so many people don’t start taking care of themselves until something bad happens?
When it comes to computer security, I can’t make any assumptions about people’s knowledge. I can’t assume they know they’re suppose to be running anti-malware software and applying security patches. I can’t assume people won’t open executable email attachments, fall for phishing schemes or visit malicious Websites. I can’t even assume that people use strong passwords. The only thing I can assume, is that people don’t want their computers to be hacked, they don’t want to be the victim of identify theft and they don’t want anyone tampering with their finances. So why is it that so many people don’t start thinking about computer security until something bad happens?
There must be something going on in people’s minds to lead them to believe that nothing bad will happen to them. Don’t people know about computers being hacked, identify theft, compromised passwords and phishing from the news? Don’t people pay attention to security advice presented at the end of these news stories? Are people truly so under exposed to information about computer security or do they ignore it like they do stories, information and advice about preventive health?
I’ve never understood why some people are comfortable telling everyone around them that they don’t know a thing about computers. Is it the same reason why people feel comfortable telling others they eat unhealthy food, don’t exercise and can’t remember the last time they saw a doctor or dentist? Perhaps a psychologist knows the answer to this question.
If people don’t take responsibility for learning about computer security and following best practices, they should expect to be hacked – just like those who don’t take care of their body should expect illness and hospitalization.