Security, privacy, and trust are three very different things—but when it comes to our digital lives, they are all interrelated. It’s tempting to use the three-legged stool analogy here, but it doesn’t quite work because one of these concepts—trust—is more of a lever than a leg. But we’re getting ahead of ourselves…
Let’s Start with Security
The basic definition of security is the state of being free from danger or threat. Cybersecurity is about protecting internet-connected (computerized or digital) systems from cyberattacks. If we were to arrange our three concepts in a Maslow-like hierarchy, security would be at the bottom, which means before we can even begin to consider privacy, we need to take care of security.
The two big tools we—both enterprises and individuals—have in our security arsenal are education and tools. Knowing the basics of safe computing helps users avoid making poor choices, like downloading a weird .EXE from a stranger, that leave them vulnerable. But education can only take even the most cybersmart users so far; hackers look for ways to trick users, such as hiding malicious executable files in otherwise legitimate-looking vehicles. That’s where tools come in. Just like you put a lock on your front door to secure your home from physical invasion, you use tools to secure your digital life from cyber invasion. And, just like your front-door lock, these tools aren’t invincible; however, they do offer a critical layer of basic protection.
Then There’s Privacy
Privacy and security sometimes get conflated, but they are, in fact, pretty different. Privacy is the state of being free from observation or disruption by other people. Online privacy is about protecting sensitive and private data, communications, and preferences. The exponentially increasing volume of personal data created as a byproduct of our digital activities has led to data protection regulations. The “right to be forgotten” is a separate but related concept. Privacy focuses on preventing personal information from becoming publicly known, whereas the right to be forgotten refers to removing information that was publicly known at a certain point in time.
Privacy isn’t just about any one piece of information; it’s also about how individual data points can be put together to create a fleshed-out picture—and how those profiles are used to target you for (at best) marketing or (at worst) attack purposes. That’s when things start to get really creepy. And it’s why the young ‘uns have embraced Snapchat and other more private messaging platforms.
The reason so many apps and sites are “free” is because the data you furnish in the course of using those services is far more valuable to the providers than any usage fees they could extract from you. While Snapchat makes its money from ads, they don’t tailor those ads based on individual behavior the way Facebook, Twitter, and other platforms do. Only time will tell if advertisers, who may be in full-blown addiction to privacy-busting personalization, will continue to invest in untargeted campaigns, or if privacy-friendly platforms eventually evolve their business models.
Security tools provide some level of privacy protection, but they don’t help with the lawful collection of privacy-impacting details. There are tools such as private browsers and private search engines available that can keep your web searches and site visits—well, private—but users generally need to proactively seek them out.
Where Trust Fits In
Trust is the firm belief in the reliability, truth, ability, or strength of someone or something. At first blush, it seems that we need security and privacy protections because we lack trust, but it’s not that simple. In fact, if we were operating in an environment completely devoid of trust, we wouldn’t be online at all. We manage to find a balance we’re willing to live with because there is a level of trust. We trust our security tools to do their job. We trust reputable providers to both protect our data and refrain from misusing it. This becomes convoluted as data gets consolidated, appended, and shared among third parties.
We trust Facebook (sort of), and Facebook trusted Cambridge Analytica. It was Cambridge Analytica that used the information gathered in non-sanctioned ways, but when the trust chain is broken, does it ultimately matter which link was responsible? In theory, no—but people are quirky, and it turns out that Facebook usage went up after the Cambridge Analytica scandal. Go figure. But this reality check does demonstrate the complicated role trust plays in security and privacy.
The Choices We Make
Now, back to trust as a lever. You need to take precautions to protect your security and privacy online when you don’t trust, for whatever reason, that you or your data are safe. There are some general rules of thumb that you should follow, and most of them fall on the paranoid side of the equation. For example, while a public WiFi connection is fine for basic browsing, never trust it for anything involving passwords, transactions, or other sensitive activities.
From there, you make decisions about whether to use a provider, channel, or feature based on your level of trust. Chances are you trust your bank. But do you trust your bank’s mobile app? Many people do—or at least they trust it enough to opt for a higher level of convenience. Do you trust Facebook or Google? You could choose to err completely on the side of security and privacy and shun online activity altogether. Or you could plow ahead with blind trust and a que será, será attitude.
The vast majority of us are going to fall somewhere in between. The point is that you need to understand the tradeoffs you’re willing to make, and then make a conscious decision, not a blind one, about where you surf, what you click, and who you trust.
Related Resources:
Why Small Business Facing Security Risks
Security Breach Warning to All Executives
The Risks and Realities of Security
How Women in Information Security