The internet is a very large place. Some estimates place it at 1 exabyte (1 billion billion bytes). Or almost 5 billion web pages. Take note that these are horrible simplifications as the internet is comprised of much more than just the World Wide Web. Regardless, every person who has ever interacted with anyone will probably have some kind of digital footprint. Do you have a driver's license? Passport? Health care card? Have you ever visited a doctor? Even though you may not have given any consent, interacting with the world will create digital traces of you all over the internet.
Unfortunately the internet is a little bit like entropy - it always only increase. The internet gets more complicated, bigger and with that, your privacy becomes more and more at risk. Every day we connect more devices to the internet than ever before. Think of the prefix "smart" that has become so commonplace. Smart phones. Smart baby monitors. Smart video cameras. Smart TV's. The list goes on. Most modern Blu-Ray players, TV's and amplifiers can connect via WiFi or ethernet to the internet. Your baby monitor can probably do that too - so too your security cameras, smart light bulbs, smart smoke detectors, smart air conditioning, smart car...
Being connected is cool - it makes many things much simpler and better. But there is a dark side to all these advancements. Unfortunately technology outpaces our ability to reason properly. We build smart cars that can download firmware updates over the air and update your status with Facebook, without stopping to think what the downsides of doing that might be. It is trivial for people to hack your smart car and take over control of the automated components such as braking, sometimes steering etc. This is a terrible risk. Many of these smart cars have no security whatsoever. I recently reviewed a smart surveillance camera that does not even support secure HTTPS connections - it only had HTTP. This for a security product!
We hear every day of passwords being compromised - look at this graph and compare how the breaches only increased since 2004. If you ever had an account with any of those companies, chances are your account was compromised. And if you share passwords between sites, all those other sites would have been compromised by association.
Just when you think you have a good strong password, you read that it will not help you. Passwords like
Philippians4:6-7 were cracked too.
So what about 2FA (Two Factor Authentication)? Surely, it helps but again there is some disheartening news.
So you think about going dark, but you still need a computer. You read up about air gapped computers - basically computers not connected to any network. You think you are safe but there are so many ways to breach such a computer you would fall off your chair.
What about anti virus? Not nearly as useful as people might think. I personally have had to rescue client's data multiple times even though they had up to date Avira anti virus on all their computers, and Ransomware sneaked right past it.
Social engineering have always worked, and will continue to do so. People just do not want to be educated, or they do not understand IT. Regardless, social engineering is one of the most powerful attack vectors around. It works so well even high profile targets get compromised.
One thing is clear - online security will only get worse as the pace of technological advancement exceeds our ability to control what we have created. However, things are not completely as bleak as they might seem. There are some things you can do to reduce your risk of exposure significantly. Note that there is nothing anyone, not even the NSA, can do to guarantee security. It is like the speed of light - a particle with mass can never reach the speed of light, the closer it gets the more energy is required to accelerate it. You will need infinite energy to reach the speed of light. Likewise, the more effort and money you spend on security, the better you can protect yourself but it will never be 100%.
Here are my recommendations in no particular order - only by doing ALL these things will you reduce your risk of exposure as IT security is like a chain with a weak link:
These are only some pointers, but following them will definitely reduce your risk significantly.
In the end it is about being informed. We no longer have the luxury to claim ignorance. We have a social responsibility to understand technology well enough to protect ourselves from the dark side. Without understanding we will never be safe. And since technology is ever changing, we too need to evolve with the times to understand the Next New Thing.