Are Government/Schools responsible for your security – (or is it all up to you)?

Awhile back we posted findings of a Harris poll showing public perception of Internet security, with some interesting results. This time we take a look at whether respondents perceive the Government and/or their schools have an implicit responsibility, or whether it lands squarely on their shoulders in the end (or should).

Both schools and government have their work cut out for them. First let’s look at schools – According to the online survey conducted by Harris Interactive on behalf of ESET from August 25-27, 2011 among 2,202 adults ages 18 and over , 91 percent of U.S. online adults believe cybersecurity education would be most successful as part of a student curriculum.

Every year a flood of thousands of students descend on a campus all at once. Their focus tends to be (hopefully) on getting a leg up using education to climb the career ladder, not necessarily cyber security. Their hope is that the cyber staff on campus will just ‘take care of it.’ Easier said than done, every student represents one or more security endpoints with an unknowable security state. When they connect, they all compete for the limited network resources (and limited staff). They also introduce thousands of potential security issues. Schools face increasing budgetary pressure, and so are tasked with doing more with less. Something has to give.

Governments have a different set of marching orders. They have to ensure protected data is accessible to the right people, and locked down to the rest. This is complicated by inter-government (and public) data sharing initiatives for increased data access efficiency. They too are faced with shrinking budgets as legislation keeps descending on their organizations with more compliance-related issues to be solved at the same time. That said, the survey results found that 84 percent of U.S. online adults believe the government holds at least some responsibility for protecting their online identities.

Add to this the steady stream of data breach headlines at organizations we’re SUPPOSED to trust (because they have plenty of “experts” on staff). The Harris poll looked at how the general public felt about the subject, and who they feel should bear the onus of the protections we seem to need.

If confidence in the likelihood of a successful cyber attack is any measure, there’s a lot of unrest right now. After all, if the organizations with trained staff can’t stay out of the headlines for breaches, how will people stay secure who don’t have a dedicated IT team? Will relying on a relative who is a self-proclaimed “expert” allow users to fare any better? Our recent Harris Interactive Survey found 91 percent of U.S. online adults feel vulnerable to a cyber-attack.

As in life, the answers aren’t so black and white. Yes, respondents feel some component of cyber security should be borne by schools and governments. But in light of current day practicality, it also makes sense to protect yourself as a first (or last) line of defense.

The old wisdom applies about having a security posture that included defense-in-depth. It’s kind of like locking your car even if it’s in a locked garage. If the door on the garage were open, your house becomes more of a target for shenanigans than one that has a closed and locked door. The thieves would be interested in stealing a car, not necessarily YOUR car. This means they are looking for easy money, if you create several layers of defense, it’s much harder for them to get what they came for. Same goes with your laptop. If you use a firewall ALONG WITH an anti-malware product, the scammers have to get through both to do damage, a much tougher proposition.

In any case, education becomes a key component. After all, you didn’t learn to drive a car in a single day, so getting up to speed on cyber protection might take some time. Many respondents thought there should be some education baked in to the school curriculum, to help users get headed in the right direction.

So what should you do to protect yourself? As in most subjects, keeping an eye out for things that look “too good to be true” apply in real life, as online. If you can protect yourself with some simple, common sense steps, the issue of whether your school or the government should bear the brunt of cyber security for you becomes less of an issue. In this case, the best approach is to take security into your own hands and do your part.