News

Why the security industry should stop giving useless security advice

Security Parrot Editorial Team

The Useless Advice of Cyber Security: Why We Should Focus on Real Risks

In April of this year, the FBI warned everyone not to use public charging stations to charge their smartphones. This warning is an example of a common trend in the security industry: the spreading of warnings and advisories that are useless or unrealistic.
Useless advice such as ‘do not scan unknown QR codes’ and ‘do not use public Wi-Fi networks’ cause confusion. If we shout “wolf” at every unrealistic threat, we risk no one listening when there are really serious problems. Warning people is an important part of cyber security, but let’s only do this when there is also a real threat and the advice is really of added value.

The Exception is Not the Rule

It is important to understand that this advice is based on exceptional and unrealistic situations and that for most people there is no need to worry about this. In most cases, phones and laptops are capable of protecting themselves against cyber-attacks and people can just scan QR codes and connect to public Wi-Fi networks without worrying too much.
Much of this advice is based on old habits and comes from a time when devices had much less good security technologies on board. Good security is standard today. For example, all the connections you use are now encrypted, making it more difficult for attackers to intercept sensitive information. So if there’s someone in the Starbucks who wants to watch with you (and that’s a big “if”), at most they can see which site you’re going to.
And then we’re just talking about the technology and not the fact that criminals don’t get to Starbucks sit down hoping someone will sit next to them. Because the big money is simply not there and they want to remain anonymous, which is difficult if you are on the security footage. The same applies to public charging points. Cybercriminals much prefer to engage in WhatsApp fraud, for example, because this can be done anonymously and on a large scale.

How Did This Useless Advice Come About?

Much of this useless advice comes from a combination of marketing, ignorance and sensationalism. For example, VPN providers benefit from people believing they need a VPN when using a public network, and advertise the idea that a VPN offers more privacy. But in reality, a VPN provider can know just as well as the ISP what websites you visit. Personally, I have more confidence in my internet provider, who must comply with GDPR legislation.
It is important to focus on the real risks and not focus too much on these exceptions. By informing people about the real risks and how they can protect themselves against them, it becomes much more attractive to be aware of cyber security and to protect themselves against possible cyber attacks.
We should only issue warnings when there is a real threat and the advice is of added value. This will help people to be more aware of cyber security and to protect themselves against possible cyber attacks.

Share this Article
Exit mobile version
Lost your password?