Musings

My mental model for risk assessment or, why are people so paranoid?

My method of assessing risk is just as illogical as another person who might be paranoid about an undesired outcome. The percentages I use for risk are by no means accurate or based on anything – they’re more like placeholders. It is a visual representation of how I perform cost/benefit analysis. I recognize that anything is possible, but I am more than generous when it comes to trust. This innate trust often strikes discord and disbelief when confronted with someone who gives greater weight to that risk – and probably explains why my bike got stolen in college after a semester of being too lazy to lock it all the way.

In the diagram below, I use the example of having your credit card stolen from shopping for something online. This is pretty common, and as e-commerce grows bigger and bigger, one might assume that the level of trust is increasing. There is merit to this in the ever-improving computer science and network security professions, but just as someone invents a new safe, a new thief is born. Anything is possible.

Here are some common precautions that I try to be mindful of, and a good number of people might have no clue how to be safe(r) online.

    1. Look for HTTPS! Remember the S for “secure.”

    amazon1

    2. If you think people will snatch your computer, don’t save your passwords.

    amazon2

    3. If you still aren’t sure, Google’s Chrome browser highlights secure sites in green and you can actually click on the green area to read more about their security measures. Here you can see what Amazon uses, and continue to dig into greater detail as your paranoid heart desires.

    amazon3

    4. Most of your online activities are only as secure as your weakest link. If your email password is “football1” then don’t go preaching about how the web is really risky.

    5. Maybe I’m a lucky fellow, but even if all the breadcrumbs about my identity are spread across the internet somewhere, it’s still a matter of chance that someone is going to target me and collect all the information on me.

For anyone who chooses to be extra cautious with their data online, all the power to ya, and please don’t think that I insult you. For every fear that you exclaim, I feel equally within my rights to say “relax!” My tone is snarky, my intent is to educate. When I’m confronted with disclosing personal information online, I tend to think of things along the lines of an 80/20 chance – a 20% chance something bad will happen, and I think even that is incredibly high. Just remember that something like credit card theft would likely be a chain of events, not a direct result of buying something with a credit card. So when you worry about risk, think of the chances within a chance within a chance. Thus, I made a diagram of how my mind works:

Click to view the full size

Click to view the full size

P.S.

A little side-story for you:

When I worked for an e-commerce company, I had a slow, but steady stream of old ladies calling me to order something over the phone because they don’t trust putting their credit cards into the website. I politely obliged and took down their full names, billing address, credit card numbers, expiration dates, and 3-digit security codes into a plain text document on my desktop. Then I entered that information in our own website because that’s the only way to place an order (so I did what they feared so much) and placed the order all the same. Ironically, please note how I had every bit of information to go on a shopping spree with their credit cards! If they had ordered online, then I would only be able to read the last 4 digits, and the rest would be stored on a secure middle-man server between our banks. There’s a good chance that a web store is more secure than a person on the phone. Not all are as honest as I.

Standard