Select Page

If you want my national insurance number, just ask!

CYBSAFE-SebDB Webinar-preblog-221011MS-36

1 November 2017

Why we’re so comfortable handing out personal details online – and how we may be able to reverse the trend

On a mild July evening in 2010, Leo Hickman set out to meet a woman named Louise.

At the time Louise, a 30-something recruitment consultant with straight, auburn hair, was doing her best to smile and mingle at a networking event in a London pub. Leo made his way into the pub’s main bar. He already knew a lot about Louise.

Leo knew London was not Louise’s hometown. He also knew where Louise grew up.

Leo knew of the precise train station Louise so frequently used and he knew where she liked to shop. He had a picture of Louise saved to his phone. Crucially, he knew where Louise would be that night in July.

On that evening in July, when Leo set out to meet Louise, he knew more about her than some of her closest friends.

Louise, on the other hand, did not know Leo.

The rise and rise of sharing online

Even back in 2010, when the above encounter took place, the amount you could learn about another person online was remarkable. Seven years on, it’d be hard to argue the situation has done anything but intensify.

Following the proliferation of social media, blogs, geo-tracking and even professional career profiles, some rudimentary online research now reveals a great deal about a person.

Trying to glean the same amount of information in the physical world would be near enough impossible. In the physical world, people tend to keep information about their personal lives to themselves. Online, though, the rules shift.

It’s a phenomenon that increases our chances of both physical and cyber attack.

Why, then, do our inhibitions decrease so dramatically online?

Why we let our guard down online

Psychologists believe there are at least six reasons: anonymity, invisibility, asynchronicity, introjection, imagination and status-upset.

It’s thanks to these six principles, academics believe, that people disguised by pseudonyms can issue digital death threats while cooking a meal for two.

It’s thanks to these six principles that people readily give out their national insurance numbers, employee numbers and names and dates of birth online.

It’s thanks to these six principles that people report more sexual partners to STD clinicians when asked via computer; that sites like exist; and that more people admit suicidal thoughts by email than they do by telephone.

Ultimately, it’s these six principles that facilitate socially-engineered attacks of both the digital and physical kind – as the recruitment consultant Louise found on that evening in July.

The positives of sharing

Using Twitter, Leo Hickman coaxed Louise from her privately-booked function room and into a public bar to meet him.

It was there that Leo revealed that he was a journalist, and that he was conducting research for an article on cyber stalking. He’d chosen Louise because she had a posted a considerable amount of personal information and he wanted to understand why. He then showed Louise how he’d been able to track her down and how much information he’d been able to collate about her simply by searching the web. Louise’s reaction was noteworthy.

In the moments after it was revealed Louise had been tracked down by a stranger thanks to her social media presence, Louise recounted the benefits of her online presence. She posited theories of professional advantages and attributed our desire to share to “habit” and “social competitiveness”.

Despite the risks, Louise did not rule out sharing her location online in the future.

Addressing the problem

The reduction in our inhibitions whilst online poses a challenge for cyber security professionals all over the world. The most-often touted solution is to simply replicate offline behaviour online.

Few of us would hand over our dates of birth and national insurance numbers to someone who whimsically knocked on the front door. We shouldn’t, then, be handing over our personal details via email, instant message or social media bulletin board. Or so the theory says.

The problem is: that’s not what’s currently happening.

90% of the people Security Through Education ask give their names and email addresses without confirming the company’s identity.

67% go as far as social security numbers, employee numbers or dates of birth.

It’s our job as managers and leaders to ensure the good theory starts to become the good practice. In our minds, that’s not going to happen by simply continuing to bang the same drum in the same way.

Following the publication of John Suler’s The Online Disinhibition Effect, psychologists now have a much better idea why people are so comfortable sharing online. We’re (usually) anonymous and invisible and are deprived of both immediate feedback and regulation. Our imaginations are let loose. Fantasy becomes reality.

To curb over-sharing, we’re going to need to address the principles that melt our inhibitions whenever we fire up a computer. Let’s hope we manage to do it sooner rather than later.

Cyber criminals have been exploiting human psychology for far too long. It’s about time we started to use our understanding of this to guard against their exploitation.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like