This is what I specialize in, hopefully providing an entertaining education on why cybersecurity may become important to you, and how to mitigate the risk or even transfer it.

There are three main options we have to dealing with risk (some people suggest a fourth, but I go with three). I like to use the nemonic of ATM: accept, transfer or mitigate. It is your choice on how to address any identified risks and is made based on individual risk-tolerance.

Maybe you are the type of person that posts when you are leaving for vacation on facebook. I like to call these the “Please rob me during this timeframe” posts. If you have this high of risk tolerance and enjoy taking the risk while rationalizing that “it won’t happen to me”, well then I can’t help you. Those people probably don’t know that there is a website dedicated to tracking social media posts that people make about being on vacation or otherwise away from their property.

Are people aware of the risk? I want to help people understand the risks and where to prioritize their efforts.

Take for example 419 scams. We have probably all received them. A lawyer or barrister emails you about a large sum of money that they would like to move from a foreign country. Usually this county is Nigeria but the scam has expanded to include other countries. Once you contact the scammer they get your banking information to “transfer” you money and instead end up stealing it. These are still prevalent today and are usually in the form of a poorly worded email. These are by design and are considered a form of social engineering.

They are looking for a specific target. The typos are meant to relate to the type of person who identifies with the misspellings and feels they are helping out someone like themselves. A frequent assumption is that a 419 email scam would perform better if correctly written but actually they wouldn’t, because they aren’t targeting the demographic who thinks that way

The most susceptible are those who can be socially engineered to believe in receiving something for nothing, or a get rich quick scheme.

I respect that there are people with varying degrees of tolerance of risk. Many people accept a lot of risk for functionality. Functionality or usability appeals to those who download the latest thing, don’t delete old applications or update their current ones, use “Password1” or the season and the year for their password, all because it’s easy… all of these examples cater to functionality over security. For the complacent, it’s not a matter of if they’ll get hacked, but when.

We protect our physical world, by locking our door at night or installing a security system. We also exist in a digital world with its own unique set of risks.

To recognize where your digital risk lies, the first step is to identify:

What do you have that’s worth protecting?

Most respond to that question by stating they don’t have that much.

I follow this with, “Do you mind if I take a look at your bank account?”

I have yet had someone willing to have me take a look at it.  I respect that information is personal and private. In that light, I make the bold assumption that most people feel it’s worth protecting.

Other things that maybe be worth more than you realize: family pictures, contracts and agreements stored on your computer, email (even the silly ones can share information that can be useful in a scam), bank account information, passwords, and more…

What else can you think of that you would like to protect?

Wrapping up

So when I’m asked: Is Cybersecurity important?

Getting grounded on just what is important and significant for each person is the first step.

We mentioned the example of personal pictures. My daughter’s baby pictures are significant. I want the digital memories of getting to hold her as football and all of those things. If a black hat hacker accesses the computer where I pay bills, that gets serious really quickly. Those are the risks that are real today.

Personally, I don’t keep all my passwords on my computer, they are in a password safe tool that I protect with multi-factor authentication (MFA). I choose not to store that on the cloud, it’s local. My tradeoff is that I lose convenience, I can’t access all my passwords from my phone or any computer. Yes, it’s a hassle, but my risk is a lot lower.

How much risk are you incurring? Everyone from a cybersecurity expert to your IT guy at work will have a different assessment, but everyone has to decide where their risk tolerance lies. It’s my job to educate what the risks are and to make recommendations that lower them.

Often, we assume our reputable services are protecting our sensitive data but in the reality they are not…  Ultimately, businesses care about their global reputation but not necessarily repercussions to an individual.

Equifax lost the information of hundreds of millions of Americans. If you’ve ever used Yahoo your username and password has been exposed to people we would prefer to not have our information. It happens.

As far as being hacked by ransomware or losing our financial data, that is a lower percentage of people.  The risk is there but with several best practices and steps the risk can be significantly lowered.

The extent of accessing your information means I can now act on your behalf. The point is not to scare people but educate them enough to recognize a real threat enough to take even small measures to make yourself less of a target.

What you can do:

• Use multi-factor authentication everywhere possible

Authentication is the process or action of proving something is what it claims to be, with one of the most common examples being a username and password.  Authentication is typically something we HAVE, something we ARE or something we KNOW.  When we chose at least two fo these we are using multi-factor authentication.  (https://twofactorauth.org/ is a great site that can identify websites and applications that use multi-factor, or in this case two-factor authentication.)

• Use 15 character or longer passwords that are complex

(uppercase, lowercase, number, special character, etc.).

• Make each password unique…

Hacker’s guess a lot of passwords (don’t use “Password1” nor the season+year, Ex. “Summer2018”).  If I can get one of your passwords I will try it everywhere and odds are that I’ll get into accounts you would prefer I not get into.  Use unique passwords!

• Lastly install security updates as soon as they are available, on all your devices.

If you install anything plan on keeping it updated.  This includes phones, routers (please change your default password on your home router, PLEASE…), laptops, desktops, tablets, SmartTVs, home IoT devices, the list goes on and on…  even our cars need security updates now.