Underlying all efforts to thwart internet crime and fraud lays the discipline of managing risk. We encounter risks daily. Health and safety risks endanger old and young. You take a risk when you jump in your vehicle. Being homebound as many work remotely adds risk, particularly in the relationship department since, as they say, too much of a good thing…. Of course, since the internet and modern communications entered daily life, there are new risks.
Risk is risk, to some degree, and whether managing it comes from capping pointy furniture edges with tennis balls for the kiddies’ sakes, or from backing up your laptop regularly, risk deserves our attention. You can attend to risk in a few ways according to risk managers who see it more formulaic than lay folk. They describe four ways to manage risk. First, you might answer risk by avoiding it. There’s a risk inherent to swimming in the open ocean, especially where sharks have developed a specific palate for Aussies. I can avoid that risk by not visiting Australia, and if I ever do, I’d stay on terra firma or in a pool. Note, according to PETA, you’re more likely to be killed by a sand hole than a shark. Maybe others decide to swim, Anchor, Chum, and Bruce be damned. They can’t avoid the risk, so now what?
Another response to risk is through mitigation. Reducing the likelihood of the risk or its effects might work. You must go to Australia and experience the shark phenomenon. However, you’re aware of the risk you so you opt for Benchley Tours, an outfitter that promises a safe encounter due to its diving cages. What could go wrong? One Brit, Mark Currie, knows. In 2005 he tried to mitigate the risk while the shark did not abide. The 18-foot great white overpowered the cage, then chewed off the cage’s buoys causing it to start sinking. Currie swam to safety somehow, and shifted his mitigation response to the third option: acceptance.
Some things cannot be avoided, or aren’t mitigated despite valiant, if not stubborn, tactics. Was it risky for Currie to swim with the sharks? Indeed. He tried to mitigate, then accepted it coming out ahead … that time. Back on land in Kentucky you might accept a different risk. Only since 2006 has the seatbelt law provoked enforcement. Many still prefer accepting both risks, safety and the risk of a fine. If that’s you, consider how fate may catch up. “It’s better late than never” could fit your scenario. Soapbox, alighted.
One final response exists. You’ve avoided the risks that you can, including facing unsympathetic sea creatures. For those risks that tempt you too much to avoid, you’ve researched and activated mitigation strategies, such as the false sense of security that a cage offers adventurous tourists. Some risks, you determine, are worth it. See next Thursday’s menu vis-à-vis your cardiologist’s warnings, for example. All that’s left, again according to risk specialists, is to transfer the risk. What?! Why not start with that approach, eh? You mean I can be safe by swimming with sharks so long as I transfer my risk to, say, another tourist I befriended on the boat as we sailed to the sharky hot spot? Sorry, chum. Transfer of risk doesn’t really work out like that, though. You don’t transfer the risk of downing that third piece of pie to someone else, though if ever there is a valid, reliable diet plan that follows that logic there will be a new job market for high metabolism types. More conventionally, transferring risk involves the insurance companies. My sense is that the shark example doesn’t suit this model, so back to your daily driving routine. You risk life and limb by hitting the highway. You also risk financial loss. See, The Hammer. While you cannot transfer the risk of safety to an insurance company, you can transfer the financial risk by pooling insurance premiums, one’s burden costing much less than a lawsuit’s claim, while the premiums amassed can afford such results.
The Insurance Information Institute collects and disseminates data about risk transference to its constituency, some 60-plus carriers such as Allstate, Lloyd’s of London, and State Farm. Triple-I is objective and focused on the information, not so much on the profits. There, we learn that some of our newest, daily risks that relate to internet crime, fraud, and abuse, are important to consider. “Consider,” meaning you should plan to avoid, mitigate, accept, or transfer the risk that you may right now at the moment be facing, assuming you’re reading this online; if you have that trusty, folded version of this, you already avoided the risks I’m discussing – Congrats!
At Triple-I (to compound your risks, visit www.iii.org) we can see, for example, how concerning identity theft is in any state. So how does the Commonwealth fare? Not bad, when compared to others. Only a handful of states reflect fewer ID theft complaints per capita, and over time we’ve improved. Nevertheless, most other statistics are climbing when it comes to these newfound technological risks.
You have four choices of action whenever you turn on a laptop, open your cellphone, or check your email. Avoidance seems unfitting for most of us. Acceptance is an irresponsible take because, recall, your leaving the door open makes the whole neighborhood more attractive to scofflaws. Transferring your risk either is not logically feasible—it’s your email account after all—nor fiscally feasible, yet. We’re not at the point of insurance saturation for affordable cybersecurity policies. Thus, you’re left with mitigation. Which, is where I tend to leave you. Educate yourself on the risks. Learn about how to reduce them, some tactics being easier than others I’ll admit. Then, preach it knowing that we’re all taking in the risks because we’re all swimming in the same waters of the internet.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at firstname.lastname@example.org.