by Adam Levin
Sometimes people are dumb. There’s really no way to sugar coat this, and I say this with all humility, as I have done more than my fair share of dumb things. But when I read last week that a Twitter account had been created whose sole purpose was to re-tweet pictures people had taken of their own credit and debit cards, as a cautionary tale, what else could I say? What these people did was incredibly stupid, but also very telling.
There was a time when financial illiteracy meant that you couldn’t balance a check book. Now, as those tweets make clear, it demonstrates that people literally have no idea how their credit and debit cards work, because for too many people, understanding these products isn’t important — not as important as the consumption they enable.
Many of these tweets are essentially celebratory blasts, alerting their social networks (and essentially the rest of the human race) that they have new found purchasing power. The debit card tweets really get me, because somehow people forget that unlike credit cards, debit cards are the gateway to our bank accounts and our bank accounts are the Yellow Brick Road to much of our lives.
Hey, I like new toys as much as the next guy, but it’s time to grow up, America. We need to learn to walk softly, even when we’re carrying a fat wallet. This infatuation with sharing our consumption is bad for us because too many of us provide too many opportunities for those who are not our friends to access too much information.
Now, allow me to get on my soapbox, as we look at five of the dumbest ways we over share and over expose ourselves in both virtual and real world environments.
#1 — Yo, I’m on vacation!
Do we really need to bring the world on vacation with us? Is our thirst for sharing so unquenchable that we must post pictures of our swanky hotel room online one minute after walking into it? Because in doing so we’ve effectively alerted most members of the human race — family, “friends,” foes, stalkers and burglars alike — that we’re not at home, and that we can afford a nice hotel room. Nicely done.
#2 — Who is your daddy and what is his middle name?
Do we really need to take ridiculous quizzes on social networking sites which provide aspiring imposters the ability to collect seemingly harmless bits and pieces of our uniquely personal information like mother’s maiden name; our birth month; town where we grew up; favorite color(s), bands and teachers; as well as first dog, first friend, grade school, high school and the street where we first lived, all of which can then be cobbled together to help them steal our identities?
#3 — Free WiFi!
Do we really need to get on public WiFi systems in airports and hotels without thinking, even for a millisecond, if some non-descript fellow who wants to be our unauthorized biographer might be sitting a few seats away with an antenna? Free WiFi is the ultimate antidote to boredom, but only if it’s secure, and chances are the network you just jumped on isn’t. Check your Facebook page when you get home.
#4 — Dude, where’s my phone?
Do we really need to leave laptops with unencrypted information sitting on the backseats of unlocked cars; cell phones without data protection or passwords on bars, in taxis or resting on top of toilet paper rollers in restaurants and bars that we can’t even remember the next day? “Look at me! I’m online and I’m drunk!” Then, five minutes later, “Have you seen my phone?”
#5 — Take my child, please!
Do we really need to post hundreds of pictures of our children online, wearing a new outfit or playing with a new toy, all the while providing in exquisite detail their names, birth dates, favorite playgrounds, schools and sporting events, without making absolutely sure that we have disabled the geo-tagging code on our digital cameras and smart phones or ensuring that the site that hosts our pictorials scrambles the geo-tags?
(Bonus – The Password is “password”
As the recent Yahoo! Voices breach illustrates, do we really need to use dumb, easily decipherable passwords throughout our cyber-universe which can be cracked in minutes allowing thieves to get their grubby little fingers on our kids’ college education funds or tax return information?)
I could go on and on about these self-inflicted wounds. I want people to be smarter about these things, but I know it’s an uphill battle. (For those of you who are worried that you’ve made yourselves vulnerable, you can check your credit using our free tool.) Forgive me for venting.
However, I have far less sympathy for institutions that fail to implement proper data security measures. It’s beyond dumb. It’s immoral. Remember the intern who was given a tape to take home with information on millions of Ohio residents — and the tape was stolen? That helped bring down a Governor. What about the “brain surgeons” in a London-based UK Welfare Agency that put into the post a tape containing the personal identifying information of 40% of the British people. That wasn’t Prime Minister Brown’s finest moment, nor is he still the Prime Minister.
The Twitter debit-card incident was a cautionary tale, not for what it was, but for what it says about us. The same can be said of the hundreds of private sector breaches that occur every year because the “right” people aren’t paying attention while the “wrong” people are.
If someone removes something from a company without following proper protocols, fire them. If a company doesn’t have the appropriate security procedures in place and allows too many to have access to too much with too little training, the government should fine them mightily and then let’s all watch the class action litigators to sue them into the Stone Age. And while we’re at it, make officers and directors who fail to give the issue of cyber-security a second thought, much less enough respect, liable as well. How dare they run an organization that can do enormous harm without a proper understanding of how much harm that can be done to their employees or customers?
U.S. Attorney Preet Bharara wrote an Op-Ed for the New York Times in June wherein he mentioned an encounter with the board member of “a significant Internet-based company (who) took me aside and admitted, with some horror, that his company’s board had not spent a single minute discussing cyber security.”
Time-worn notification letter phraseology like, “I’m sorry;” “We’ll do better;” “We are working on making it safer;””Your privacy and security are of the utmost concern to us,” and so on and so on and so on, simply don’t feed the bulldog.
This only ends when we end it.