Digital addiction

This can span any type of addiction related to digital pastimes, including social media addiction, internet addiction, phone addiction, and gaming addiction.

The stats on digital addiction are bleak, particularly when it comes to social media. Worldwide, an estimated 210 million people suffer from social media addiction.¹ And it's no wonder: social media sites like Facebook and Instagram are literally designed to be addictive. Ex-employees of big tech giants have admitted as much. After all, the more time we spend scrolling and tapping, the more companies like Facebook earn in advertising revenue. And so these apps are designed to maximize the amount of time we spend on them—with astonishing effectiveness. American teens spend an average of nine hours a day on social media; and adults aren't much better, with 50 percent admitting they've used social media while driving.²

But it's not just social media sites that are addictive. Smartphones have us constantly coming back for more. Americans now check their phones on average 262 times a day (that's every 5.5 minutes), with 80 percent reaching for their phone within 10 minutes of waking up. So I wasn't surprised to read that 75.4 percent of Americans consider themselves addicted to their smartphone, and 43 percent say their phone is their most valuable possession.³ (More surprising perhaps is the fact that 45 percent of people would rather give up sex for a year than give up their smartphone.) True, much of the time we spend on our phones is spent scratching that social media itch, but there's no doubt that the phone itself has become something we turn to for validation and distraction—so much so that Dr. Anna Lembke, a world leader in the treatment of addiction, refers to the smartphone as “the modern-day hypodermic needle.”⁴ As she puts it, we now struggle to be alone with our thoughts, and instead prefer the instant dopamine release that comes from reaching for our phones. “We're losing our capacity to delay gratification, solve problems and deal with frustration and pain in its many forms,” she says.

So how can you spot the signs of digital addiction? Depression is a key indicator, especially for social media addiction. Teens, for example, are twice as likely to exhibit symptoms of depression when they spend more than five hours a day on their smartphones.⁵

Thankfully, there are many practical strategies we can all employ to limit the amount of time we spend on our phones. You can set time limits for apps in your phone's settings. You can set a “bedtime” mode, where your phone turns off notifications between the evening and the morning—or simply turn off app notifications altogether. If you want to be really strict, you can delete the most distracting apps from your phone (you can always log in on your computer if you feel a desperate urge to see Cousin Gary's holiday pictures).

Then there's helping your children to build healthy (or healthier) digital habits. For example, in my family we have a “one-screen” rule, which means literally one screen at a time—so no going on their phones during family movie night. (My wife and I follow the same rules!) We also try to teach our children that it's okay not to log in to an app every day. Gaming apps can be particularly pernicious, encouraging players to log in daily to complete their “login streak” to gather extra points or the like. This caused my 10-year-old son to feel pressured to log in just for the sake of logging in. We had to explain to him that it's okay to break that streak.

Online privacy, digital devices, and the need to protect your data

Your data is a precious commodity, and the chances are you're earning money for companies without even knowing it, simply by using their app or service.

As a rule of thumb, the free apps are the worst for gathering and selling masses of data. In other words, if it's free, you can be pretty sure you (or, more accurately, your data) is the real product. You'd be surprised how many apps and services are harvesting your data and selling it on to third parties. Social media platforms are among the worst culprits. No surprise there. But did you know that food delivery apps like DoorDash, Deliveroo, Caviar, and Uber Eats rank right up there with social media sites when it comes to gathering and selling personal data?^{6, 7}

What sort of data are we talking about? Not just your name and location. Depending on the app, it could be your email address, health and fitness data, financial information, browser history, purchase history, and even your contacts. Of course, sometimes this info is purely used by the company gathering the data, but in many cases—in as many as 52 percent of apps⁸—that data can be sold on to other companies who then use it to build up a clear profile of you and the products you're most likely to purchase. (As an example, Apple has come under fire for its most popular apps gathering user data while people sleep and sending that info to third parties—info including location, emails, phone numbers, and IP addresses.⁹)

This data can be turned directly into corporate profits. Take Cosmose AI for example. Cosmose buys data from more than 400,000 apps and 1 billion smartphones, and shares detailed insights about consumer behavior with some of the world's biggest brands, including Walmart, which in turn allows those brands to sell you more products.¹⁰ The good thing about Cosmose is the data is anonymized, but it still shows how valuable our data is (Cosmose is valued at $100 million), and how little most people understand about the sheer volume of data being gathered.

Then there's the plethora of smart devices now plugged into our homes, such as smart doorbells and smart speakers. These, too, are gathering data and potentially sharing it with others. This is incredibly personal data—think of all the things you say and do in your home.

While it's true that our personal data is generally used to make valuable improvements to the products and services we use (Alexa voice recordings, for example, help Amazon troubleshoot commands and increase Alexa's vocabulary), we also need to remember that our private data is a valuable product—and stop giving it away for free without thinking. Personally, before signing up for any new app or buying a new smart device, I always comb through the terms and conditions to check I'm happy with the privacy settings. The two biggest questions to answer here are what data is gathered and who is that data shared with? I do the same for the many apps my children want to use. (Apple makes this easy for me by applying privacy labels to apps available on Apple devices, and these labels tell me at a glance what info the app will collect.) The same goes for browsers—in fact, I'd recommend browsing in “private” or “incognito” mode whenever possible, because this means third parties won't be able to trace your browsing history (although your internet service provider—and employer, if browsing on a company device—can still see your activity).

In many cases, you can also ask your smart home devices either not to listen constantly for activation phrases, or delete recordings they've made. (You can ask Alexa, for example, to delete everything you've said in the last day.)

Passwords

You'd be amazed how many people have something like “12345” or the word “password” as their password, and how many use the same password for everything, despite the clear warnings not to. If that sounds like you, take this as a wakeup call. It's time to start taking password security seriously.

Consider this frightening stat: thanks to the thousands of data breaches that have occurred in recent years, more than 15 billion stolen account credentials—meaning usernames and passwords—are available for sale on the dark web, with such account information granting criminals access to everything from social media and financial accounts to admin accounts for organizational IT systems.¹¹ What's more, using these lists of stolen credentials, hackers can easily try using the same info to access your other accounts (known as “credential stuffing”)—which is why it's so important not to reuse the same combination of user ID and password. Hackers can also use phishing techniques to trick people into giving up their login information (more on phishing coming up later in the chapter). There's also a technique known as “brute force,” in which AIs work through potentially billions of combinations to work out the correct password, and the “password spraying” approach, where the system simply tries commonly used passwords like 12345 against user account names.

AI means this can all be done automatically now. In other words, we're no longer talking about the stereotypical “loner in a dark room” trying to guess your password—machines are cracking passwords effortlessly using a range of techniques.

So what to do about it? The most basic defense is to create robust passwords that have at least eight characters (12 is even better), using a mixture of cases, special characters, and numbers. And to do this for every account (rather than reusing passwords). Avoid predictable passwords that can be easily guessed from a glance at your social media profile. (While we're on the subject, avoid sharing too much personal information on Facebook and other social media sites, and ensure your profiles are visible only to friends.)

Even better, you can use a random password generator to create passwords that are harder to guess in a brute force attack (Chrome, for example, can suggest strong passwords for you). I'd also recommend using a password manager tool, such as Google's Password Manager, to securely store all your unique passwords. In addition, you can use two-factor authentication to secure your accounts—so even if a password is compromised, criminals still can't access your accounts.

Cyberbullying

Sadly, I think cyberbullying is now the most prevalent form of bullying that takes place. According to leading UK bullying charity, Bullying UK, 56 percent of young people have seen others be bullied online, and 42 percent have felt unsafe online.¹² With three children of my own, I am hugely concerned about this—especially since cyberbullying can happen 24 hours a day, seven days a week, and can even go viral. That's why we all need to be able to recognize cyberbullying, to teach our children what cyberbullying looks like, and to take appropriate action when it occurs.

But what counts as cyberbullying? It's basically any form of bullying that takes place online or through smartphones or tablets, which includes mediums like text messages, Snapchat, WhatsApp, and other messaging services, gaming sites, social media platforms, chat rooms, and message boards. Cyberbullying can take the form of harassment (such as sending offensive messages, or making nasty comments on social media posts), sharing damaging photos or information about another person, making threats, spreading fake rumors and gossip, stalking, intentionally excluding someone from online activities, and even impersonating someone online.

Parents should be on the lookout for signs that their child is being cyberbullied—signs such as becoming noticeably upset after being on their phone, showing signs of depression, not participating in activities they previously enjoyed, not engaging with family and friends, and a drop in school grades.

So what can we do about cyberbullying, aside from never going online (which isn't an option for most of us or our children)? The first step is to know your rights, in particular whether cyberbullying is a criminal offence in your country or state. In the UK, for example, it's against the law to use the phone system—which includes the internet—to cause alarm or distress. Specific activities may even fall under the UK's 1997 Harassment Act. Threats of harm should always be reported to the police, using screenshots as evidence. (As a general rule, always keep a log of evidence of cyberbullying because you never know when you may need it.)

Where children are involved, you should absolutely report cyberbullying to the school. In many jurisdictions, schools are legally required to take action; all US states, for example, have laws that require schools to respond to bullying, and many states now include cyberbullying under these laws.

In the case of social media and messaging boards, you (or your children) can take action to block specific users outright, and/or report them to the platform in question. Or, for a more discreet approach, Facebook and Instagram both have a feature called Restrict that lets you block a specific user without that person ever knowing. (Basically, the bully will still be able to comment and see their comments on your posts, but you and other users will never see what they say.) Both sites also have settings that you can turn on to automatically filter offensive comments and DMs.

To get offensive or inappropriate content removed, you can either report it to the platform in question, or get help from bullying organizations to get things taken down. (There's an organization online called Remove Harmful Content, which is a good start.)

Finally, keeping your social media profiles private and secure (by which I mean with secure passwords) and not oversharing personal information and images are other good ways to defend against the various forms of cyberbullying.

Digital impersonation

As more of our lives go online (including images, videos, and recordings of us), digital identity theft is becoming more of a threat. Social media impersonation is a particular threat to watch out for. Here, fraudsters create social media accounts that use someone else's (or even an organization's) name, image, and other identifying features to create fake accounts. Indeed, I've experienced this myself, with my public photos being used to create fake (but authentic-looking) Facebook accounts in my name. Even if your identity isn't used by fraudsters, there's still a risk that you could be interacting with fake accounts online.

Why would anyone want to create an account in someone else's name? In some cases it can be related to a vendetta or stalking. Or it can be part of a wider scam to filch other users' money or personal data (particularly when it's a brand or a figure in the public eye that's being impersonated).

Social media impersonation is also a key feature of catfishing—where fake identities are used to form dishonest relationships online. Catfishing can be used for revenge and harassment, or it may simply be because the person doing the catfishing lacks confidence in their real identity, or has mental health issues. Whatever the underlying reason, the effects of catfishing can be devasting to the victim, especially if they were emotionally invested in the relationship.

Spotting fake accounts online can be tricky, but it's something we must all become accustomed to in our increasingly digital world. As a general rule, fake accounts may be recently created, with few friends or images on their profile. To avoid being targeted by fake accounts on social media, you can adjust your privacy settings so your profile isn't public, and only friends see your posts. And whenever you do accept new friend or follower requests, or follow a new account yourself, be vigilant; don't be rushed into sharing personal information or images, and never give money to anyone who asks for it online.

If you're concerned that your identity might be used by others, do a regular search of your name and look for images of you. (A reverse image search lets you upload your images and find out where they exist online.) Also think very carefully about the information you share on social media—personal information, photos, and so on—because it can all be used to create authentic-looking accounts in your name. This also ties back into the password security, since thieves can use information gleaned from social media accounts either to steal your login credentials or to attempt to change your password without your knowing. So think twice before taking those ubiquitous online quizzes and sharing things like your mother's maiden name, pets' names, your high school mascot's name, or where you met your partner—all information that is commonly used as security questions to change passwords on accounts.

Data breaches

Data breaches, or the theft of data by a malicious actor, are a huge problem for organizations—not to mention the individuals who have trusted those organizations with their personal data. The billions of login credentials available for sale on the dark web show the sheer extent of data breaches, which are often the result of a phishing scam or malware, and several other concerns in this realm.

Phishing

In phishing, scammers target victims with spam messages (usually emails, but sometimes through SMS and other messages) that prompt the reader to take urgent action, such as changing a password. The email may contain a link that takes the recipient to a fake (but potentially legitimate-looking) version of a website, often with the goal of nabbing their username and password or financial details. Alternatively, the email may contain a malicious attachment or link that infects the target's system with malware. Unfortunately, phishing is now so common and sophisticated that it can be difficult to spot a fake message when it lands in your inbox, so you need to be extremely wary of clicking on any links or attachments sent to you (more on this coming up later).

Malware

There are many types of malware—malicious software—with the Trojan being perhaps the best known. Malware is essentially a piece of malicious code that is planted on the target's computer or network to perform a specific activity, such as gathering sensitive information from the system, or infecting the system with a virus. Typically malware enters the target system when a user clicks on something that may look entirely genuine, such as a software update, or an innocuous link or advertisement.

Ransomware

A particularly damaging form of malware, ransomware is where files on the target's system are encrypted, and can no longer be accessed. The target basically has to pay the perpetrator a ransom to regain access to their own systems. This can be very lucrative for criminals; according to cybersecurity firm Coveware, the average ransomware payout grew to almost $234,000 per event in 2020.¹³ Increasingly, ransomware attackers are using a technique called data exfiltration, where the target's data is copied as well as being encrypted—and the attackers threaten to release the data publicly if the ransom isn't paid (and sometimes even if the ransom is paid).

IOT attacks

Thanks to the huge rise in smart Internet of Things devices in our homes and offices—plus the fact that these devices are often unsecured and operating on out-of-date software—hackers can now use these devices to cause havoc. In particular, hackers can harness thousands of these devices at once and use them to overwhelm target systems, such as websites, with fake traffic (known as a distributed denial of service, or DDoS, attack), causing the system or site to crash from overload. This is usually done to cause disruption or embarrassment, rather than to steal data.

Tips for organizations

The same tips that apply to individuals generally apply to organizations as well. But to successfully implement these tips at an organizational level, you'll need a company culture that prioritizes cybersecurity, which means you need to train your people so they can identify threats and know what to do when they spot something suspicious.

In addition to this, you should:

• Use threat-detection tools as part of your cybersecurity toolkit.
• Regularly test your systems to ensure they are up to date and protected.
• Have a plan in place that sets out what happens in the event of a security breach. This should cover the technology response (how you plan to stop the attack and secure systems), the people response (who you need to tell), and the post-breach investigation (learning from the attack so it doesn't happen again).

This is by no means an exhaustive list—more a reminder to take steps to protect your organization and raise awareness of cyber threats among employees.