Protect User Identities: Regulate Globally, Educate Locally

Is the key to protecting user identities today more regulation or more education? Well… Yes.

2017 09 12 9 09 56

As digital theft becomes increasingly profitable, what’s the best way to protect user identities and keep access secure? Do we need a unified international effort based on global standards and mandates? Or should we focus on localized efforts to educate users about the importance of data protection safeguards?

The truth is, there’s a good argument to be made for both.

The Case for a Unified International Effort

In 2015, over 164.4 million access identities were compromised in attacks ranging from prized corporate identities to personal bank accounts. It’s reasonable to speculate that localized standards played a role in allowing this. After all, when you have multiple standards, frameworks, regulations, and mandates in place, you create many variances in coverage and protection.

One way to address this vulnerability is with a more unified international effort against cybercrime. The EU’s General Data Protection Regulation (GDPR) is one step towards a broader set of data privacy and protection standards that’s supported by and for a larger populace. The idea is that the collective should be able to create a larger collection of more effective safeguards.

But are efforts like GDPR enough? Perhaps we need a new approach to combating threats that leverages the latest technologies and processes and relies on international leaders to support and enforce an expanded global set of mandates – sort of an IT version of NATO. And at the local level, maybe we need to educate users better on the importance of protecting data.

The Case for Educating Users at All Levels

Anytime someone logs into an account, you can be sure that they’re not thinking about information security, standards compliance, or data privacy safeguards. In fact, a recent MediaPro survey revealed that 88% of respondents lacked the necessary awareness to stop a preventable security incident.

That’s why we need more than standards to protect data; we also need user awareness and education. A large part of today’s population simply doesn’t understand the consequences of the use and misuse of digital information, especially their personal data. Just look how many people regularly post their personal data on social media, offering it to random websites and clicking on links in unsolicited emails.

It’s one thing to set a standard for requiring user consent to collect data; it’s another for users to provide consent in an informed way. We’ve all seen long consent forms that users scroll through and don’t read before clicking “agree.” The solution to this problem lies in education. When you teach people why it’s important to manage digital information securely, what the consequences are if they don’t, and what benefits they’ll enjoy if they do, they’ll come to the right decisions.

As we move toward the future, we must enable users to easily and securely access the things they need. Establishing standards and regulations is part of meeting that need – and so is educating people about the importance of working securely.

RSA is designing secure authentication and identity assurance solutions with both goals in mind.