I was sitting at the Genius Bar last week in lovely Monterey, CA waiting for a technician to come by and check out my Mac. If you’ve ever lost the backlight in your screen, it’s really a challenging problem. Confession. I tried wearing my son’s dino themed headlamp to light up the screen and when that didn't work I went to typing in the laundry room with the door shut and lights off to finish a document I was working on (an entertaining but not effective solution).
So fast forward 24 hours and I’m sitting across from this lovely, sweet woman in her 60s. She was needing some help getting her new MacBook up and going. A technical assistant came over to see what her needs were and I sat across from the pair of them passing the time by observing the trouble-shooting process. It was perhaps his fifth question that turned me from casual observer to scrutinizer.
“Mary, do you happen to have FireVault turned on for a reason?”
“I’m not sure. Can you tell me what FireVault is?”
“Yeah, it’s an extra layer of security I don’t really recommend. It just makes your computer run super slow.”
“Oh no, in that case let’s turn it off.”
Whoa! A lot of problems here. But let’s start with the facts. FireVault, if you’re not familiar, is a standard, built-in feature on most Apple laptop computers that allows the user to encrypt their hard drive. It’s not right for everyone, but it is a very important layer of security for many people. And users should know what it is, what it does, and how to decide if they want to use it or not. I was really disappointed in how, let’s call him Joe, Joe handled this situation. It’s not necessarily completely his fault, but it does illustrate why cyber security for most people feels so inaccessible.
So, this guy at the Genius Bar looked at his client and decided that sweet Mary with her silver bob and stylish red reading glasses around her neck must not have anything so important as to require the use of full disk encryption. He offered nothing that would have helped Mary decide for herself what she wanted or needed. Now fair enough Joe might not have, in fact probably didn’t, understand FireVault and the many use cases that make it a valuable tool for Mac users. But he should have--he’s oddly in a position of authority as one of the tech guys at an Apple store.
Tech repair is like the car repair shop of today's generation. A lot of dudes (mostly) who have an acquired authority to tell people a lot of things because most people don't understand what's under their hood.
Many of us are convinced that we ourselves cannot possibly understand the complexities of our devices and the security measures that might keep our information more private. As a result we can't even make an informed decision about what we do or don't want. What’s most concerning about this type of adverse relationship to cyber security is that it reinforces the idea that “SECURITY isn’t for you. It’s complex and heavy and inaccessible.” This is one of the biggest barriers holding back consumer driven demands for privacy and security measures and tools. This idea that cyber security is for someone else, certainly not Mary and her new MacBook, creates a mental block that makes it hard to even have straightforward conversations about personal cyber security needs with typical consumers.
Technical advisors or people in positions of tech-authority often ask leading questions or use phrasing that implies a tool or technique is not appropriate for an end-user.
They’re often acting in good faith, and I totally understand why they do it, but it’s a disservice to the education of the user and how they choose to manage their data. Most of these people don't even recognize the authority they have! So the best strategy is to assess your data security needs yourself and to feel confident that you can make understand enough to make an informed decision about how you do or don't protect your digital life.
Assess Your Own Data Security NeedsI’m going to offer you my basic three step process for determining what data matters to you and if you should be taking additional measures to keep it safe. You might be able to secure the data yourself, or you’ll want to seek guidance in doing that from someone who can help.
1. First, ask yourself: What do you have that you want to keep private?
This is a hard question to answer because we all have SO MUCH data. And we make more of it all the time. Most of us haven’t stopped to ask ourselves what matters the most and then prioritize protecting that data. Because it's generally not reasonable to protect all of your digital life to the max--which is possible of course, and totally an option for you. But if you want to hone in on protecting just the stuff that truly matters to you, consider this exercise. If you asked my aviation-photography, geek-out husband what he would prioritize —he would immediately shout, “my airplane photos!” because everyone has their thing…
Try thinking about it this way—if you had to wear a sandwich board around all day, everywhere you went with every piece of data you had ever created representing a sticky note, which sticky notes would you immediately pull off and put out of sight in your pocket? Text messages? Emails? Credit card numbers? Bills? Medical reports? Photos? Your Amazon purchases?
Because can I just say I’m not going to advertise ordering size 9 odor eater insoles from Amazon. I’d just rather not have any person knowing that.
So those sticky notes you pull off, that’s the data that matters to you. And if you haven’t thought about protecting it, someone, somewhere can probably see it. If that makes you feel icky or uncomfortable, move on to step 2.
2. Now ask yourself, who might want your information?
If you’re a company, think about competitors foreign and domestic. Think about customers and what information they’ve given you to protect. Consider not just who might want your information but what would happen if you lost that data (and had to pay to get it back)? Consider how a data loss or theft would slow down your workflow, impede your growth, or just be a headache that you'd rather not have. If all of your data was printed out and sitting in three-ring binders, which binders would you keep in a locked drawer?
If you’re just you, you might be tempted to say “let them look! I’ve got nothing to hide!” Okay, fine, fine. You’ve got nothing to hide. But do you still want random cyber space roamers knowing where you live? That you’re trying to get pregnant (think Amazon purchases...and Google searches…)? How about knowing where you live, that you’re trying to get pregnant, and then selling that information to Target so they can send ads to your house for a new prenatal vitamin? (that really happens btw) Maybe you don’t have anything to hide, but that doesn’t mean you don’t want your privacy. Privacy=Good.
3. Finally, and be honest. There’s no shame in it! Are you willing to consistently take extra steps when using your devices or data in order to keep that information private?
And to be a little more concrete about it—are you willing to add an additional step to your communication routine each and every time you use your phone or computer? If the answer is “hard pass”--extra security measures like FireVault probably aren’t right for you. Cool.
But if you’re willing to add another step to your routine to keep your information safer, more private--awesome. Let's make that happen. More on that in upcoming posts...
And maybe you’ve gone through these three steps of asking yourself these questions and you’re not sure, but maybe you just want extra security for your data. Maybe you are just a person that treasures their privacy, great!
Let me just say to the emotional security users out there-- if you have data, you can choose to protect it in whatever way works for you technically and emotionally.
Sometimes people just FEEL better knowing they’ve done the extra thing or the safest thing to protect something that matters to them. And that’s okay! You’re allowed to decide how much life insurance you carry, and you’re also allowed to decide how much you want to protect your digital life.
While I wish all of the Joe tech guys would sit down and get a training on making digital security more accessible, that's not going to happen fast enough. We are working on that :) So in the meantime, get to know your cyber security needs, understand what you want to keep more private, and know what security YOU want before you sit down for any tech advice. Informed consumers are powerful, intentional and drive the market to better serve their needs.