Is security worth the effort?

It’s been a week for hype. Yesterday, Fraser posted about the way the media jumps on interesting items such as Skype[1]. Today it is back to the subject of wi-fi. The BBC has an article about how security is seriously flawed and that all our data is at risk. Their sound bite is “WEP as a security measure is so broken that your (and everyone else’s) kid sister can easily circumvent it”

The thrust of the article is really that the data keys used are typically weak and that the newer encryption protocols are not yet sufficiently universal to be always available. Those are valid points but they deflect attention away from the millions of wi-fi points out there where there is no security – where the default setting was to use no encryption at all and the average home user has no idea how to change their settings.

However well intentioned, articles about security flaws must leave the average Joe wondering whether they should bother with security at all. By all means highlight the fact that security could be better but let’s not lull people into the thinking that security is so bad that they should never even bother with any of it. Let’s take every opportunity to highlight what security is available and how best to use it.