One of the things that continually amazes me as a parent of young(er) children is their ability to quickly understand technology and its uses. Not only have my children learned the art of swiping to use different devices, but they've also learned how to access apps, take pictures, answer calls (both phone and Skype), and more. My children could teach their grandparents a lesson or two on how to use technology.
But, as a student of cybersecurity, I have seen a greater need to educate my children - as well as so many others - on the cybersecurity. This goes beyond posting inappropriate pictures and unfriendly words on social media (although these lessons must also be taught). This goes into the nature of understanding the benefits and risks of using technology and the privacy lost to it. The major premise that must be understood in regards to cybersecurity is that information/data is money. It's value is continually increasing. We need to secure our information just as we would secure any other item of value to us.
I'll be focusing future posts on cybersecurity lessons, but for now let's talk about Cybersecurity 101 and five key points that must be understood.
1. Humans are the weakest link. We are our own worst enemy when it comes to security and privacy. There will always be someone who inadvertently - or purposefully - gives away information that can lead to identity or data theft. In order to increase security and awareness of the need for it, we must continually understand this basic premise. We need to continually assess our own - and others - threat to security. In doing this, we can better educate ourselves and those around us as well as respond to the threats we will face.
2. Passwords only do so much. Password - or better yet passphrase - strength and security if extremely important. Not using your name, Password1234, or other easy-to-guess passwords will help strengthen security. Think about using a passphrase that is difficult to guess - maybe four simple, unrelated words like ShoesTacoPhoneCoffee or then changing these words to include numbers and symbols like $h03$T@c0Ph0n3C0ff33 (notice the S = $, o = 0, e = 3, a = @). But, you must also understand that you are not the only person who knows your password/passphrase. The company/service you use it with also knows it. So, if their information is compromised, this may include your own username/password. So, don't use the same password/passphrase for every website/service...you don't want one compromised and then realize all of your accounts are compromised.
3. Phishing is changing. Phishing attacks have become much more sophisticated and harder to spot; no longer are they just long lost relatives and Nigerian princes. Question every email that contains any clickable content or attachments. Do you know the sender? Can you verify that it was actually that person (and that their email wasn't compromised)? Does the link listed match the actual hyperlink (and not another site)? Does the email sound fishy (or phishy)? If you have any doubts about the email, contact the sender directly to verify. If you don't know the sender, cannot verify it, and it seems phishy, then it probably is phishing.
4. Think before you app. Have you ever taken a look at the terms of agreement (or end-user license agreement: EULA) or privacy statements that you must accept in order to use services and/or apps? If not, you may be giving up ownership of information and permitting access to your device(s) without fully understanding this. If you're uploading photos or videos, does the service now get to use them without your permission or compensation for advertising/marketing or other reasons? Are you allowing the app (and ultimately the company behind it) permission to record you via your microphone or camera and, if so, do they really need this permission? Are you allowing the app to monitor your location and, if so, are they selling this data to 3rd parties? Beyond these, are you updating your apps? Often times increased security is included in updates. And, are you deleting apps that you no longer need? They may be continuing to store data about you and how you use your device(s).
5. Think big picture. There are massive amounts of information being collected on all of us. This comes via our own online searches and purchases, smart devices we use, social media posts (that we post and that others post about us), online articles that mention us, and so much more. If we want to maintain security and privacy in an exponentially growing cyber world, then we need to understand where and how information is being collected about us.
But, as a student of cybersecurity, I have seen a greater need to educate my children - as well as so many others - on the cybersecurity. This goes beyond posting inappropriate pictures and unfriendly words on social media (although these lessons must also be taught). This goes into the nature of understanding the benefits and risks of using technology and the privacy lost to it. The major premise that must be understood in regards to cybersecurity is that information/data is money. It's value is continually increasing. We need to secure our information just as we would secure any other item of value to us.
I'll be focusing future posts on cybersecurity lessons, but for now let's talk about Cybersecurity 101 and five key points that must be understood.
1. Humans are the weakest link. We are our own worst enemy when it comes to security and privacy. There will always be someone who inadvertently - or purposefully - gives away information that can lead to identity or data theft. In order to increase security and awareness of the need for it, we must continually understand this basic premise. We need to continually assess our own - and others - threat to security. In doing this, we can better educate ourselves and those around us as well as respond to the threats we will face.
2. Passwords only do so much. Password - or better yet passphrase - strength and security if extremely important. Not using your name, Password1234, or other easy-to-guess passwords will help strengthen security. Think about using a passphrase that is difficult to guess - maybe four simple, unrelated words like ShoesTacoPhoneCoffee or then changing these words to include numbers and symbols like $h03$T@c0Ph0n3C0ff33 (notice the S = $, o = 0, e = 3, a = @). But, you must also understand that you are not the only person who knows your password/passphrase. The company/service you use it with also knows it. So, if their information is compromised, this may include your own username/password. So, don't use the same password/passphrase for every website/service...you don't want one compromised and then realize all of your accounts are compromised.
3. Phishing is changing. Phishing attacks have become much more sophisticated and harder to spot; no longer are they just long lost relatives and Nigerian princes. Question every email that contains any clickable content or attachments. Do you know the sender? Can you verify that it was actually that person (and that their email wasn't compromised)? Does the link listed match the actual hyperlink (and not another site)? Does the email sound fishy (or phishy)? If you have any doubts about the email, contact the sender directly to verify. If you don't know the sender, cannot verify it, and it seems phishy, then it probably is phishing.
4. Think before you app. Have you ever taken a look at the terms of agreement (or end-user license agreement: EULA) or privacy statements that you must accept in order to use services and/or apps? If not, you may be giving up ownership of information and permitting access to your device(s) without fully understanding this. If you're uploading photos or videos, does the service now get to use them without your permission or compensation for advertising/marketing or other reasons? Are you allowing the app (and ultimately the company behind it) permission to record you via your microphone or camera and, if so, do they really need this permission? Are you allowing the app to monitor your location and, if so, are they selling this data to 3rd parties? Beyond these, are you updating your apps? Often times increased security is included in updates. And, are you deleting apps that you no longer need? They may be continuing to store data about you and how you use your device(s).
5. Think big picture. There are massive amounts of information being collected on all of us. This comes via our own online searches and purchases, smart devices we use, social media posts (that we post and that others post about us), online articles that mention us, and so much more. If we want to maintain security and privacy in an exponentially growing cyber world, then we need to understand where and how information is being collected about us.
Comments
Post a Comment