Security and the Structure of the Internet
The Internet is a worldwide network of computers, phones, and other devices communicating through cables, data-routing equipment, and wireless (radio) transmissions via cell phone towers and satellites. Telecom and Internet service providers (ISPs) like AT&T, Comcast, and Verizon provide the infrastructure that connects your devices with the servers and data centers that store information for websites, web-based email services, and "cloud-based" file systems. Every link in the network, which includes many intermediary machines and systems, is a point where someone could listen in or collect data. In other words, the Internet is not structured to make security easy.
While online privacy is (in part) about who you authorize to see your personal information, online security helps you prevent unauthorized access to that same information. One important strategy for keeping information more secure is encryption. Encrypted information is scrambled so that it looks like gibberish to anyone who doesn’t have the key to decipher the code. Whenever you sign into your email or shop online, you should see "HTTPS" in the address bar. The “S” means that your connection to the website is secured by encryption, so others can't eavesdrop—but the website itself can still read any messages you send to or through it.
The first point in your link to the Internet is your local network connection. If you're connecting through an unencrypted wireless network, anyone around you with a computer can see what you're doing. On the other hand, password-secured wireless networks are encrypted, and therefore limit who can join or monitor them. However, even an encrypted network may effectively be public, like those at your local library or coffee shop, where the password is accessible to anyone. In such cases, other layers of encryption like HTTPS are even more important.
Security Breaches and Identity Theft
Online services and websites generally have a vested interest in protecting your information from unauthorized access. However, flaws in technology mean that security breaches still happen all the time, with information being stolen from a data center or as it travels over the Internet. And as technology changes, new flaws can turn up. This is why software providers constantly send out security updates.
However, a thief doesn’t need to be a computer expert to steal your information. Internet scams take advantage of the fact that identity is difficult to verify over the Internet. For example, phishing is when a thief pretends to be someone you might trust with your information, like a bank or government agency. When you receive an email asking for your password, your social security number, or your credit card number, it might very well be a phishing scam. Emails that appear to be from family members asking you to download files or visit websites may lead to malicious software (malware) such as viruses being installed on your computer. Some malware can be used to collect your financial and personal information. In identity theft, a thief uses your stolen personal information to pretend to be you. An identity thief could potentially read your email, sign up for a credit card, shop online using your account, or impersonate you on a website.
Passwords and Security Risks
Security breaches often occur because people do what seems convenient at the moment, like signing up with an easy password. But insecure passwords are one of the major causes of information theft. Using computer programs, hackers can automatically try to log into thousands of accounts at a time with common passwords, like "password" and "12345". In addition, many online services offer you the convenient option of logging in using your Facebook or Google (etc.) username and password. Unfortunately, if a thief ever breaks into your Facebook account, they will also be able to break into every other account you authenticated with Facebook. Similarly, if you use the same password for every online service, a thief only needs to figure out your password once.
However, having many different strong passwords can also lead to problems. Because people tend to forget passwords, online services often allow you to reset them with a "security question". But the answers to security questions are often easy to guess because so much personal information is posted on social media or available in public records. There is no perfect solution, but the action items in your privacy toolkit will help you decide which options work best for you.