Who Should Protect You?

This week, web usability guru Jakob Nielsen posted an article titled User Education is Not the Answer to Security Problems]. The summary states:

Internet scams cannot be thwarted by placing the burden on users to defend themselves at all times. Beleaguered users need protection, and the technology must change to provide this.

The article comes close, but doesn’t quite say, that the average computer user isn’t smart enough to protect him- or herself from the dangers of the Internet, and places the burden squarely on the shoulders of those making the technology. While I sure would be happy if my computer came pre-configured to single-handedly combat all the viruses, spyware, phishing scams and other bad things lurking on the Internet, I think this whole security thing should be, and is, a joint effort, and a smart computer user is an essential part of the equation. I disagree with Nielsen’s assertion that user education doesn’t work, at least to the extent that we’re talking about computer users who are actually concerned about protecting their computers from harm. While it’s probably true that most computer users don’t have (and don’t want to have) the technological expertise to know everything about computer security, I find that users who recognize the problems are willing to (and do) learn how to guard against them. No, this is not the Wild West, where everyone carried a gun to protect themselves. However, we also don’t leave the front doors of our homes wide open for just anyone to walk in. We take basic precautions to protect ourselves, and I would argue that anyone who doesn’t is asking for trouble. As I said, having a computer come with all of the solutions Jakob proposes would sure be nice, but I don’t see it happening anytime soon. Until then, I think I’ll continue to advocate user education, because an educated computer user is hopefully a safer computer user.