The Amish Cybersecurity Model
Let's start with a thought experiment. What's the cyber risk profile of someone who doesn't use computers at all? Like, say, your average Amish person?
You might think "zero," but you'd be wrong. Even if you've never touched a computer in your life, someone can still try to open a credit card in your name or create online bank accounts pretending to be you. Identity theft doesn't require the victim to be online.
But here's the interesting part: aside from identity theft, pretty much every other cyber risk drops to zero if you don't use technology. No ransomware. No phishing. No password breaches. Nothing.
The iPad-Only Life
Now let's look at someone who only uses an iPad and iPhone with a handful of popular apps. Their risk is higher than our Amish friend, but still remarkably low. Why? Because:
- iOS ransomware basically doesn't exist (at least not yet)
- They can't get infected by sketchy websites like PC users can
- Their apps come from a controlled App Store environment
Their main risks come from just three things:
- Clicking bad links in emails
- Falling for scam text messages
- Using weak passwords that get guessed
The Real Problem: Our Browsing Adventures
The majority of cyber risk comes from our own behavior. It's like eating at sketchy roadside restaurants and then buying expensive stomach medicine to deal with the consequences. Instead of, you know, just eating at cleaner restaurants.
Most cyber risk comes from:
- Random Emails ("Click here to verify your account!")
- Text message treasure hunts ("Your package is lost, click to track")
- Web browsing chaos (jumping from random site to random site via search engines)
- Advertisement rabbit holes (clicking those "One weird trick..." ads)
The Security Product Paradox
Here's where it gets interesting. People know these behaviors are risky. But instead of changing the behavior, they buy security products to protect them while they keep doing the risky things.
It's like buying an expensive helmet so you can bang your head against the wall. Maybe don't bang your head against the wall?
The uncomfortable truth is that security products will eventually fail you. It's just a matter of time. They're like umbrellas in a hurricane—they might help for a bit, but they're not the real solution.
The Zero-Cost Security Plan
Want nearly bulletproof security without spending a dime? Here's how:
- Never click links in emails. If your bank emails you, manually type their website in your browser.
- Ignore ALL unsolicited text messages. Your friends can call if it's important.
- Do your risky browsing (random websites, clicking around) on your phone or tablet, not your computer.
- Use different passwords for important accounts. Write them down and keep them somewhere safe at home.
- Freeze your credit reports (this costs nothing in most states).
But What About All Those Security Tools?
Look, I'm not saying security tools are useless. They're like airbags in your car—great to have, but not a replacement for careful driving. The best security comes from not getting into accidents in the first place.
The beauty of behavioral security is that once you get used to it, it becomes second nature. You develop a healthy skepticism. You stop clicking random links. You start questioning whether you really need to check out that weird website someone mentioned.
The Bottom Line
You can eliminate most of your cyber risk without spending a penny. It's not about having the best security tools—it's about not doing risky things in the first place.
And the best part? This approach works forever. While security tools need constant updates to protect against new threats, good security behavior is timeless. Hackers can't bypass your security if you never click their malicious links in the first place.