In a breakout session during The Internet of Finance: Innovation in Financial Services and Cyber Security Event, a question was posed to the audience about what was more important to them: convenience or security. People fidgeted and looked around uneasily, knowing as business and IT professionals that security should be their priority. Most people took the easy way out by answering “both” while a few hippies admitted to choosing convenience.
What do you think, what’s more important to you?
I can help you answer this question. Think about the passwords you use. Is your password your birthday, your first or last name, or worse “password”? Or is it a more complex mixture of numbers, characters and capitalized and lower case letters? (It doesn’t count if the account required it). If you fall into the first category then you –admit it or not– value convenience over security. Don’t worry, you are not alone.
It would be extremely naive to think that the majority of consumers wouldn’t mind three extra annoying steps to checkout in an online shopping cart, access their mobile banking app, or make a phone order. Heck, in one Office 365 training I did, I got complaints that there were too many verification pop-ups (one) that had to be confirmed before being able to send an email. And this was after the person had just voiced concerns about accidently sending an email to the wrong recipients!
The truth is, convenience rules- that’s why we have drive-thrus, Amazon 1-click ordering, check deposits through mobile apps, Apple Pay (A clear-as-day example of Convenience trumping Security) and so on. Now with the Internet of Things we can only expect a plethora of products pushing the edge of connectedness and accessibility. But how do we make sure we keep our should-be-priorities straight and find a balance between security and convenience?
First of all, security cannot be an afterthought. It must be taken into account during the initial design phases of a project. Similar to evolving software development strategies moving away from waterfall software releases to an agile development methodology, security must be treated the same way.
What if I told you that the security for that application in which you enter your credit card information was actually designed and implemented in the last month before release? Now doesn’t that make you just feel warm and fuzzy? But then again, would that information prompt you to remove your credit card number from your digital wallet service? Probably not.
Second of all, we must be aware. Now that the Internet of Things is growing fast and infiltrating pretty much every aspect of our lives, industries that are not as regulated as the payment industry have to step up. The Internet of Things is going well beyond wearables; we're talking medical devices, home automation, automobiles, etc. and people to need to be wary of how this complete integration into our everyday lives can affect us, while manufacturers need to be prepared for new classes of threats and fraudsters.
I have a great example that just happened this past month. I received a USB Drive in the mail from Dodge along with a notice to update the software in my vehicle to provide additional safety features. The software that was at risk actually controlled the truck’s dashboard functions, steering, brakes and transmission. That means theoretically someone could hack into my Dodge from a laptop and hijack the truck remotely.
Unfortunately, as technology gets cooler, threats get creepier. There may be light at the end of the tunnel though. As security measures become regulated across all industries and consumers become educated and aware of potential threats and best security practices, hopefully we will move towards more of a balance between security and convenience. But until then- be smart…and go change your password.