WASHINGTON– Though most people know basic online security protocol, there are a number of people who don’t even know what a password is.
The elderly, those with low incomes and people who speak limited English are especially at risk for targeting and personal information breaches online because they may not understand cybersecurity safeguards as well as the tech savvy.
One culprit? Computer access. Only about 51 percent of limited English-speaking households have Internet, compared with 76 percent of English-fluent households. Less than half of low-income (less than $25,000/year) households have Internet, according to a U.S. Census Bureau report.
Similar to combatting traditional illiteracy, overcoming technological illiteracy starts with education, advocates say.
Ironically enough, people in these communities may lead the cybersecurity workforce of the future.
Cybersecurity professionals are in high demand. The Washington metro area alone had 23,000 total cybersecurity job postings in 2013, far surpassing any other region. But there’s a severe shortage of people credentialed to fit these jobs.
Last fall, the Department of Homeland Security and National Security Agency granted Montgomery Community College in Maryland $15 million to support cyber-technology workforce development. The two departments also recognized Northern Virginia Community College as a leader in two-year information education programs.
As a result, students who can’t afford or don’t have the grades to attend a four-year university can still get the training necessary to become cybersecurity specialists.
“It’ll be crucial to make sure these programs don’t get too cookie cutter,” said Daniel Kahn Gillmor, a technology fellow at American Civil Liberties Union. “I’d love if these programs encouraged students to question core assumptions of the current cybersecurity agenda.”
Education for these technologically marginalized communities teach basic web skills, such as how to make a secure password, ensure sites are legitimate and avoid scams.
For most individuals in these groups, access usually means going to the library. Public libraries and other service organizations– including workplace development, computer training and senior centers– host these computer introduction and digital literacy classes.
Seeta Peña Gangadharan has observed many classes over the past three years as part of her research as a senior fellow at the New America Foundation, a nonpartisan think tank.
“I hear story after story about students from librarians, or from students themselves, saying, ‘I don’t understand why my email account has like 500 junk emails,’ ” she said. “They have no idea how to get off these lists.”
Gangadharan said that, on average, half of the students in these classes don’t speak fluent English.
Hackers have made it very easy for low-literacy learners to unknowingly submit to identity theft. They’ve created copycat websites for government and service organizations. Users who fall for the trap enter all their personal information into what they think is the Department of Labor’s website, for example, and end up fulfilling a hacker’s dream.
Roughly 20 percent of students have fallen victim to identity theft in the classes Gangadharan has observed.
The Internet brings optimism for the things these individuals can do, like connect with family overseas and research new things. But it also brings a sense of trepidation.
“They’re resigned to dealing with less-than-optimal service that can grate on you and how you think you’re valued in the world generally,” Gangadharan said.
Apart from the skills these workshops teach, security experts encourage users to be cautious with their social media use.
“People today share a lot about themselves on venues like Facebook: where they work, what they do for fun,” said Elizabeth Johnson, an attorney specializing in cybersecurity and privacy. “Folks in these [marginalized] communities are often less suspicious with phishing and spear phishing emails, and we see a lot of individually targeted attacks as result.”
Phishing refers to emails hackers send out to a large amount of people, seemingly from a legitimate source, like a bank. They lure users into divulging personal information, such as credit card or Social Security numbers, and then commit fraud with that information. Spear phishing is similar to phishing, except that hackers research the things someone puts on social media in order to tailor an email specifically to that person.
Johnson also encourages the monitoring of accounts that people normally wouldn’t expect to be hacked. Increasingly, social security, healthcare and insurance benefits, among others, are fraud targets.
In fact, Johnson recently handled a pro-bono case of a disabled orphaned boy whose uncle was using his social security number to get disability benefits, while using his own social security number to continue working. Hackers are sometimes closer to home than people think.
Another option is to freeze credit accounts with consumer reporting agencies. This is a good idea for elderly and low-income communities, as most of them don’t want or need to open up a new line of credit. Doing so prevents criminals from opening up new lines of credit, which is a growing form of identity theft. This service is free to victims of identity theft and generally ranges from $3-10 for non-victims, per person per bureau.
It’s unfair to expect users, especially those in these marginalized communities, to know about all dangers and means to prevent them. Public institutions and companies must share some of this responsibility, but not too much, according to the ACLU’s Kahn Gillmor.
“In practice, when the system moves to where companies and networks are fully responsible, we’re asking users to trust them fully,” he said. “It puts a vulnerability on end users.”
Education efforts are working to avoid this by developing teaching methods applicable to various skill levels, from introductory classes to specialized training.
As Gangadharan said, “we have to speak to people where they’re at.”