When it Comes to Security, The User is Always the Weakest Link

Blue-Tech-Earth-Web.jpg Editor's Note: In today's blog we discuss the vulenerabilities of mobile devices. While most users understand the risk involved with relaying personal information over mobile apps, many choose to ignore these risks due to the convenience that it provides. Still, the burden is left on financial institutions and companies alike, to make sure the end user is as safe as possible.

The number one reason often cited by consumers for not adopting mobile financial products is their concern over fraud. Those working with any product or service accessible through a mobile device understand this concern is not entirely without merit. The mobile device environment that apps run on is inherently vulnerable to outside attacks. However, most of that vulnerability can be exploited largely because of the end user's tendency to choose convenience over security.

The rapid adoption of mobile devices and the ubiquitous connectivity that makes them useful is driven by convenience.  This causes more customers to move to mobile devices where they can access applications with the expectation that it will save them time when doing their mobile banking. Through these devices and the connectivity provided by free Wi-Fi networks that blanket our cities, towns, and airports, valuable information is exposed hundreds of millions of times daily by consumers as they go about their smartphone dependent lives.

In addition, studies show the average consumer has stored personal information on more than two dozen websites protected by fewer than five unique passwords. In fact, that information may be a generous read of the situation as the most common password used today remains "Password123." Meanwhile, reverse engineering methods have become increasingly sophisticated, meaning that a single nugget of information can be used to determine all that is needed to gain full access to accounts, social security numbers, addresses and more. 

The consumer's willingness to trade convenience for security without even realizing they are doing so is based on the fact that time remains our most precious commodity. It is the one thing that we cannot make more of and the one thing most under siege in our multi-tasking based lives. Things are probably going to get even more complex as the "Internet of Things" is extended into homes with the promise of letting our chip-enabled, fully connected homes take over more of the mundane, repetitive tasks.

All of these IoT devices offer opportunities for hackers and fraudsters to more easily go about their business. It was IoT devices that were exploited in the distributed denial of service attacks that knocked major sites like Twitter offline last fall. Although far less serious, the general lack of security in these devices has also led to at least one documented case of someone (a D3 Banking employee) accidentally buying a FitBit through Amazon's Alexa.

While IT experts can vent their frustration over end user behavior, their complaints are largely moot. In today's tech environment, the consumer dictates the rules of engagement. Insistence on stringent constraints that run counter to those rules is a recipe for lost market share and product irrelevance. By all means, IT professionals should continue to promote data hygiene and work tirelessly behind the scenes to provide the most secure environment possible. However, these tasks should be approached with a healthy does of realism; i.e. "meeting the consumer halfway" should be considered a "uuge" win.