Information security expert and non-fiction writer Petteri Järvinen sits in a café in the heart of Helsinki and glances at Mannerheimintie. If, for example, the Finnish backbone network was attacked and disabled, the center of the capital—and soon the whole of Finland—would become stuck very quickly.
Traffic would jam with the traffic lights out of commission, electronic services and ATMs would not work, heating radiators in houses would go cold, mobile networks would crash… Life would quickly become a struggle for survival.
We are so attached to the various networks in our everyday lives that cyber security has emerged as one of the most essential things in our society. But an invisible threat is always difficult to comprehend—in a similar way that bacteria and viruses threaten our health.
It’s difficult for us to grasp all the things that can be done through us. This power lives on smartphone screens."
“With those, however, the threat is aimed directly at yourself. A threat from a computer may be directed at a company, the banking system, or anything else besides myself,” Järvinen says.
“It’s difficult for us to grasp all the things that can be done through us. This power lives on smartphone screens and in Ethernet ports.
This is why each and every one of us should know our duty regarding cyber security. Our negligence could, for example, expose a company or society to a wider range of hacking and online attacks, without our knowledge.
“Company employees form the first defensive line. What you click and whether you can avoid traps really matters,” Järvinen says.
The current traps are no longer the same as those easy-to-detect Nigerian letters. Their language can be error-free and even contain phrases that are used within the company. Scammers follow businesses closely.
Cyber security basics as civic skills
Järvinen is the author of a new book on cyber security dangers, published last fall, and one of many where he deals with this issue.
In his view, the basics of cyber security are already essential civic skills.
“We can either support or endanger cyber security in our everyday lives. None of us may be important as a single person, but when there are five million, the group size begins to get interesting,” Järvinen points out.
While it is easy to think that no one could be interested in my information in particular, our networks can include people who are important and interesting from a certain perspective. Each one of us can be the weakest link in this network.
We can either support or endanger cyber security in our everyday lives."
The same applies to our homes. When our abodes are filled with networked smart devices, they can be used easily in denial of service attacks, for example, without us even noticing it.
“It's like a zombie machine army that can be exploited. You need to know how to use smart devices safely”, Järvinen says.
Simple tasks which everyone is personally responsible for include regular updating of systems and using passwords in a smart way—which means not having passwords that are too easy and not using the same password everywhere.
“One of the reasons Trump is now president is that one of the leading Democrats used a poor password and his e-mails were compromised,” Järvinen points out.
According to Järvinen, passwords can and should be written down somewhere, such as a note or a booklet at home, and kept in a safe place. Alternatively, you could use a password manager program. Järvinen says that it is impossible for anyone to remember every single one of their different passwords. And if the demands are unreasonable, the result is often failure. For example, this could lead to people using the same password in more than one place.
Järvinen points out that corporate information security should make sure that the information security instructions seem realistic and sensible to the employees and that they do not excessively complicate basic activities.
“For example, if you’re forced to change your password every couple of months, it might actually be detrimental to security, because people are likely to start using weaker passwords. And in order to make changing your password frequently have real impact, it should be changed daily,” Järvinen points out.
“Fortunately, things are now being done with more sense in this respect.”
Media literacy is part of security
According to Järvinen, one of the biggest threats to future—and present—security is lurking in social media. It is being used to influence people in a deeper, psychological level, straight into their minds.
“There is a real war going on over the minds of people,” Järvinen says, confessing that even he catches himself often believing something only because it reinforces his own preconceptions.
There is a real war going on over the minds of people.”
“It’s so easy to believe something that I would like to be true.”
In Järvinen’s opinion, media literacy and viewing media critically are vital skills now and in the future. Fake news is being spread and people’s opinions are being influenced skillfully and discreetly in social media.
As technology advances, different ways of image manipulation are also increasing. It’s possible to create videos of people saying things they’ve never actually said, and according to Järvinen, in the future these can be generated even from ordinary still photos.
Social media influencing is no small matter. Psychological manipulation of people’s minds can spur on large mass movements, which can cause mayhem and disorder.
“In order to resist this, you need media literacy skills. In Finland, we are still at a good level on average,” Järvinen says.
He also points out that although there are many hidden threats lurking on our phones, computers, and social media, many aspects of information security, for example, have moved forward over the last ten years.
“Many of the information security threats that we had 10 years ago no longer exist. Better technology is being developed all the time.”
Petteri Järvinen is an instructor at Aalto PRO's Diploma in Digital Security program, which provides up-to-date information and tools for the security management of a digitalizing business. Read more about the program.