(For my blog post, I want to focus on the audience regarding people who use Internet every single day and knows a lot about cybersecurity. Myself included.)
Imagine a scenario: you went to get your haircut and the place you went to requires you to enter an email address before you get your haircut. Why? Even if I do have a smartphone and I use Internet every single day, why must I put in my email address? For what purpose? To send spam? For businesses, they might say “we respect your privacy and take security seriously,” but in my mind, I would say that if an email gets compromised in a data breach, it’s more likely that those who are not tech-savvy are more likely to receive spam and phishing emails. Not thinking about security when using the Internet can lead to ransomware and identity theft. They might stop using the computer altogether because of fear of feeling unsafe online.
Okay, so I can imagine people asking…
What is ransomware?
So anyone who have not used the Internet before would then ask…
Okay, so what is malware? Oh, maybe I should click in the link. Oh, and what is a file?
Okay, I can imagine tech-savvy folks asking “what do you mean, ‘what is a file?’ Do you ever know how to use a computer before?” How can we guide people who does not use Internet every single day, let alone not knowing “what is an Internet?”
What is an operating system? Windows? Mac? Linux? What is an email address? What is a “file?” See where I’m going with? What is Android? iPhone? iOS? How do I manage files and folders in my computer? How do I check my email? I hope you get my point.
So back to the topic about email address requirement, people who have no plans to educate themselves regarding security and privacy should not have an email address and should not be using the Internet. Even a smartphone can be very complex compared to a cell phone that only make and receive phone calls and nothing else. Let alone how to send and read text messages. And yes, I’m talking about people who use cell phones with no capability for browsing the Internet. Not even Firefox, Chrome, or Safari.
Okay, so you say that your 90-year-old grandmother knows how to use the Internet, takes care of security themselves, and I should not overly-generalize myself. Well, that’s great. People should be educated regarding the implications regarding cyber attacks and how to protect themselves; however, as long as people out there (Demographics of Cybercrime Report) do not take their time to educate and protect themselves, businesses should not require them to have an email address when they check in. Even dentists should make email address requirement optional as well. Even though I have close to 200 email addresses (one email address per site with no plus addressing and no catchall for my domain), I do not want to enter my email address if I do not want to for privacy and security reasons.
Businesses say “we take security and privacy seriously,” yet businesses do not take their time to harden and patch their systems over time. Of course, training employees regarding how to protect themselves against phishing emails is a very important part of having a security culture for businesses. But then again, an email address would be a requirement for businesses for getting your customers to setup an account online, but in a physical world where people simply walk in, as long as people do not use the Internet and do not plan to educate themselves, an email address should not be a requirement. At all.