I am often asked (being in the business if IT security and cybercrime intel & defense) what can I do to prevent from being "hacked or breached"? I bet I get this question at least every other day and try to answer it to the best of my ability knowing that none of the questions or my answers are the same; similar? Yes, but identical? No. I also don't claim to be the "EXPERT" because I have met some of the best and brightest in this industry that fight this type of scourge on our behalf every day, from the cybercrime professionals at the FBI to those fighting cyber terrorism across numerous government and private agencies. To my astonishment I am also regularly amazed at the sheer lack of knowledge most people have when it comes to talking/understanding this topic given we have been hearing about it for years now. I do however, find a genuine "thirst" for learning about cybercrime and all of its offshoots. Unfortunately, this topic is complex and always on the morph. It is not easily "5-minute rice" or "Cliff Notes" addressable. So, let me start by discussing the most common, and likely most relevant, areas to begin a learning curve.
Building Blocks of Understanding
Today, I find myself talking about (3) three fundamental but relevant building blocks in understanding this very intrusive, ugly and very REAL threat facing everyone in today's digital world:
- Educate yourself on the real threats of cybercrime (take your head out of the sand)
- "Become cyber aware" and read about cyber security, cybercrime, etc...
- "Know the enemy" and read about their strategies & tools; malware, bitcoin, dark web etc...
- "Don't be an ostrich" and stay current on breaches like the Equifax breach of 143 MILLION Americans
2. Adopt BEST practices around the basics: passwords, email, personal information
- Strong vs weak passwords with regular changes
- What links to "open" or "click" vs NOT in email
- What information should I provide on the web and to whom?
3. Protect your valuables: identity, assets, family and friends, personal information
- REPEAT steps 1 thru 3 and graduate to a "Security level 200" by expanding your expertise!
- Read about technologies that are coming fast....Driverless cars, the IoT (Internet of Things), block chain, AI (Artificial Intelligence) etc.
- REPEAT steps 1 thru 3 again! Graduate to a "Security level 300" course by expanding your knowledge and putting into practice what you have learned...that's right, always keep learning :)
- Invest in your ability to prevent a breach from happening to you....to the best of your ability.
When you find yourself consciously sacrificing convenience for security (ie. strong passwords vs. weak passwords) you will have taken a HUGE step towards getting out in front of the bad guys in securing/protecting your assets. At this point you are to be congratulated because you are now in the upper tier of humanity that currently is cyber aware and fighting cybercrime!