Over the past few months I’ve discussed security with family, colleagues and friends. During these conversations I’ve heard the most bizarre statements, ranging from: “anybody can see my data, I don’t have anything to hide” as an excuse to not install recent updates (that admittedly screwed up the system), to “I use weak passwords and don’t mind if these get hacked” as an excuse to not use a password manager and “I want to be online as little as possible so that I can’t lose anything”. People conveniently forget that there’s a lot more going on and all these statements assume that only large scraping bot networks roam the interwebs and are only interested in seeing the data.

Unfortunately, that’s not the case. Firstly, it fails to take into account that there are usually people operating those bots, and obtaining data is just step 1 in a grander scheme. Moreover, you think they can only get your documents, but your operating system hides much more information. If you do your tax declarations on your machine, they can easily get your personal identification and even other passwords, enough to easily steal your identity. Then if they can see your data, they’ll likely be able to hold your data hostage by encrypting it. While local law enforcement might sometimes be able to get your data back, that’s certainly the exception and not the rule.

We tend to find some solace in the fact that if they get one of the weaker passwords, they’ll “only own access to the forum you visit”. What most fail to understand is that this can be extremely valuable for two reasons. Firstly, and most obviously, people usually choose this weaker password because it’s easier to reuse, so access to one site may easily enable access to another site. Secondly, access to a forum may be used for other nefarious purposes, for example, you might be threatened with these criminals using your access to ruin your reputation. Posting in your name may be valuable for them in different ways. Either to damage your reputation or abuse it, such as posting malicious links or misinformation in your name.

Behind these criminal activities are humans, desperate humans, inventive humans. Out of comfort or simply lack of imagination, you might think that these are idle threats, nothing to worry about, but you couldn’t be more wrong. It all doesn’t seem so bad until someone’s actually breaking in. You might suddenly find out what your data and your identity is worth to you, and you might even be surprised how much more this is than you realized.