Governments can help citizens protect their own cybersecurity by providing practical advice and meaningful support.
Most people can’t keep up with the latest in technology, which puts them at risk as cybercriminals exploit human and technical weaknesses.
For example, William and Nancy Skog hoped to retire to a beautiful new home. Then a fraudster fooled them into transferring US$307,000 to his bank account. Their entire life savings disappeared in the blink of an eye.
Public officials around the world – and in the U.S. – are beginning to understand that their cybersecurity efforts need to do more than defend businesses and government agencies. Citizens’ personal cybersecurity is a key element of national security.
Governments have long addressed physical security through public safety services, like police and fire departments, as well as public health programs for water purification, sewage treatment and inoculation against infectious diseases. Similar efforts could – and, in our view, should – help citizens cope with cyberthreats.
We are cybersecurity behavioral researchers working with Craig Orgeron, who heads the state of Mississippi’s Department of Information Technology Services, contemplating how government could support its citizens when it comes to cybercrime. A new endeavor demonstrates what is possible. New York City’s government has launched a campaign to help residents to defend themselves against hacking, online fraud and other cybersecurity threats.
New York City offers its citizens a free smartphone app called “NYC Secure.” Any U.S. resident can download it, no matter where they live. It scans the person’s smartphone for a range of threats, and offers advice on how to fix any problems it finds. The app has some key strengths.
Most importantly, it targets citizens individually, delivering advice from a trustworthy authority directly to their pockets. This does not require people to search for information online and then figure out which web source to trust.
The app essentially empowers citizens. Many hackers succeed because they exploit previously unknown vulnerabilities. Operating system providers and anti-malware software vendors make updates available to remove these, but the average citizen might not be aware of the need to install it. The app could bridge this gap, ensuring that far fewer devices can be successfully attacked.
As the app gains popularity, it could easily be extended to warn users as and when a new attack emerges. For instance, the widespread WannaCry attack of May 2017 compromised only computers that did not have a particular update installed. The app could easily warn people to install updates, tell them exactly how to check their devices for infection and even give directions for cleanup.
The city’s campaign to protect its residents’ cybersecurity will bolster New Yorkers’ awareness of a wide range of online dangers. That could encourage them to take other protective actions. For example, many people use public Wi-Fi, which can easily allow attackers to eavesdrop on communications. An app that warned users about the dangers of Wi-Fi networks could help people choose whether to connect or not, and know that some activities – like bank transactions – should be conducted only on secure Wi-Fi networks.
In terms of privacy, too, people need help. Health care apps, mostly provided by private companies, are not particularly respectful of their users’ extremely sensitive data. The “NYC Secure” app, by contrast, diligently preserves its users’ privacy. The app embodies government’s goal to serve the citizenry without need for profit, which builds trust with users, making people more likely to use it.
It is impossible to wipe out all cyber threats – just as it is to eradicate all infectious diseases. Of course, even apps designed specifically to support and empower citizens may be targeted by hackers. The New York model is one other cities and states could emulate and extend: Give advice and provide tools to help citizens to repel cyber attacks. Governments could promote the “NYC Secure” app itself or provide something similar for their own citizens, especially if it provides regularly updated advice tailored specifically to address current and emerging threats. We believe governments have the responsibility to help their citizens protect themselves – both in the physical world and online.