I have a co-worker who has made the point that you never say “The building (or network) is secure.” You say “The building appears secure.” His years of experience in security and I.T. have taught him well.

I’ve spent the past week pondering to what extent true digital security exists. We experience varying levels of the feeling of security which in turn may broadly parallel reality in our personal level of digital security, but in all likelihood, our feeling of security is tied more to our ignorance of our vulnerability than it is to any real evaluation of our digital lives.

Among the interesting things I read this week was an article that pointed to a group of Wall Street heavyweights that avoid email for substantive communication, with some avoiding the medium altogether. Prosecutors have for years been using email communications to build legal cases in the financial world, and even if a court decides in favor of the organization, the contents of embarrassing emails have made their way to the public, unlikely to be forgotten.

A more frightening article I read this week described how a trio of hospitals in the UK were crippled by a computer virus outbreak. In response to the infection, the first hospital shut down the majority of its computer networks as they worked to fight the virus. Due to a shared IT system, a second hospital was taken offline by the same action. This caused the cancellation of most non-emergency procedures and forced many people to divert to nearby hospitals for their emergency medical needs. This account brought to mind the case earlier this year where a hospital in California had to pay a large Bitcoin ransom to decrypt their data following a cyber-attack.

Vulnerabilities in the sites, devices, and services we use are constantly being searched out by people like the hackers who breached Yahoo’s email system in 2014. News of the breach surfaced only within the last two months, years after the hackers gained access, retrieving information on roughly half of a billion users.

Another problem core to the insecurity of our digital lives is that in addition to flaws and vulnerabilities being found in the construction of the devices and services we use, often we the user can be “engineered” to work against our own security. So-called “social engineering” attacks target human nature rather than machine or software vulnerabilities.

The chairman of one of the major political campaigns this year was targeted with a message designed to get him to expose his email credentials. Being cautious, he ran the message past an IT technician who recommended the chairman change his password, but unfortunately, the advice was unclear and the resulting action revealed information not just about the campaign manager, his candidate, and campaign, but various people and organizations he had been in contact with via that email account.

All this with the recent rise of the Mirai Botnet (and subsequent fall of internet connectivity on the East Coast) has highlighted the issue: We must start considering the realities of our digital security. While there’s little logic in marching toward an offline lifestyle or even to start doing or purchasing drastic new security measures, there needs to be a renewed focus on some basics. For one, consider what you say and do, and where and how you say/do it. Assume that the services and devices you use are vulnerable. What should you change about your usage habits?

Postscript: There was a bright spot that came through my feed this week specific to digital security. Popular password manager LastPass this week announced they were making free a previously premium feature; You can now sync your LastPass database across an unlimited number of devices for free. Many people have the extremely insecure practice of using the same password across multiple (or all) sites and services. This means that as soon as one service you use is breached attackers can use your information to try logging into any other site or service. While maintaining unique passwords may seem too difficult a task, using a password manager can make it less onerous. Check out LastPass, 1Password, and KeePass and take a step toward a more secure digital life.