Courtesy of Mary Wang
For the past several months, I have been working on an interdisciplinary team of students and faculty at Duke that explored the ways in which data breaches and the misappropriation of personal information can harm ordinary consumers. This issue matters because recent breaches have affected nearly every American, many of whom have had their identities stolen and credit scores altered. And the problem continues to grow; more than 16 million Americans were victims of identity theft in 2017, a 32% increase from 5 years earlier.
Our team studied the Equifax breach, where over 145 million people had their social security numbers, dates of birth, and addresses stolen. We also studied the WannaCry attack, where ransomware was installed on unsuspecting users machines. Once deployed, the ransomware encrypted users’ data and required payment in bitcoin to get it back. WannaCry crippled the UK’s National Health Service, highlighting how cyberattacks can directly impact the health of millions of people.
We studied potential solutions to both prevent data breaches and lessen their impact. We learned that many of our current laws that govern cybersecurity and data breaches were passed before the development of cell phones. For example, the Computer Fraud and Abuse Act, which continues to be the main tool prosecutors yield to hold cyber criminals accountable, was passed in 1986. We discussed how up to date legislation would be toothless if the government lacks sufficient talent and experience in cybersecurity and that acquiring such talent and experience is extremely difficult when the government cannot offer the level of compensation the private sector can. We also studied the private sector’s efforts in mitigating the impact of data breaches, including the development of cyber insurance and the concomitant standards promulgated by insurance companies.
Despite all the obvious pitfalls associated with our digital economy, companies and governments are continuing to explore new ways of capturing and monetizing our data. Companies now analyze biometric data, including the way we hold and type on our devices, which renders a unique ID similar to a digital fingerprint. The Communist Party in China has begun to roll out a social credit system, whereby people’s actions in public and online are scored and fed into a system that will influence the cost of credit and access to government services for every Chinese consumer.
Given rapid technological advancements, the ubiquity of technology in our daily lives, and the frequency of large data breaches, many of us have come to experience “breach fatigue.” Breach fatigue embodies the feeling of helplessness and indifference we experience after hearing about the latest data breach. This past semester, our team has focused on developing a product that overcomes breach fatigue and encourages consumers to take meaningful action to protect themselves and their loved ones.
This is why we are pleased to announce the launch of “Cybersecurity for American Families: A 10-Step Data Security Guide for the People You Love.” It is a resource that includes ten easy and actionable steps that we can all take to better protect ourselves from data misappropriation and online attacks. The guide also has a corresponding website, which includes engaging videos that feature real people who have suffered breaches. The goal is to educate and empower consumers, and our hope is to show people that being safer online is easier than they think.
To view the guide and learn more, visit: https://sites.duke.edu/10steps/.
For other inquiries, you may contact the team at: email@example.com.