How To Stay Safe In CyberspaceEric Riggan
So between a security conference that has half the people at my day job out of town, the conversation I had after quiz with a couple of patrons, and this whole WannaCry virus going around, I figured I would take a break from the usual revelry to talk about some cybersecurity basics. A note before we do though, congratulations to "Better Late Than Pregnant" for taking down Stan's! They've been consistently in 3rd for a long time, and it's great to see them finally break through. Well done!
As for security... the average consumer can take a few small steps to ensure that their personal information is secure and to prevent being the target of a major attack like WannaCry. And I do mean small steps. A thorough understanding of IT and computing isn't necessary to secure your data. Here's the basics:
- Use good passwords
- Don't repeat passwords
- Patch your computer
- Treat Social Media like a public space
- Don't Talk to strangers
Starting at the top: A good password is not merely long, it is complex and difficult to guess. Guessing for a computer is not the same as guessing for a human. A human who knows you may know that you are a big fan of Doctor Who and may make their password something like Doctor10. A computer doesn't know that. A computer will take some more general assumptions, and will suppose that you, like most people, have their password set to a capitalized word followed by a number. This means that instead of having many quadrillions of passwords to guess at, they have a couple million, because they can just go through a list of words instead of combinations of characters- a number that a computer can break in a hurry. My recommendation: use a password manager to create randomized passwords that can be retreived when needed. Randomized passwords mean that someone trying to break your account now HAS to try every combination of characters to find your password, exponentially increasing the time it takes to break. Secure that password manager with a longer, complex password (12 characters or more).
While we're using password managers, don't use the same password in multiple places. A single password is easier to remember than several, but since we're letting a password manager create complicated passwords for us then there just isn't a reason not to. Imagine, for instance if the same key could unlock my car, my home, my safe, my workplace, my bank account... you get the idea. Use a different password for everything, and let the password manager make it.
Despite having good passwords, there are sometimes ways for an attacker to gain access to your computer or phone by circumventing your password. Makers like Microsoft, Android and Apple will occasionally publish patches or updates for your device. Most of the time, these updates are fixing security flaws big and small. The vulnerability exploited by WannaCry, the attack that took down most of the UK's NHS for instance, was patched 2 months ago... its just that those machines had not updated their systems. Had they done so, they would have been protected. Patch your devices.
All of that said, all of the security measures in the world are useless if you publicize your information or give it to anyone who asks. Social Media is not private. Yes, there are privacy settings on most applications. Some, like Facebook's, are even quite good. But most people don't turn those settings on. And even if they do, they don't consider who can see what they post. Go look at Tom Scott's video "I Know What You Did Five Minutes Ago" for an example of what this looks like (essentially, on stage, he finds a Facebook account that has not been made private, and is able to obtain enough information to open a bank account in his name if he wanted to). Basically, before hitting Share, consider the "Bitter Ex Test" - can someone who hates you, ruin you with this information?
And lastly, if you don't know where the email / text / PM / phone call / etc came from, ignore it. A couple of years ago, Sony Pictures was hacked and several final cuts of upcoming films were leaked to the public... because one of the attackers called Sony Pictures and convinced one of the employees to give them access to their computer. No sabotage, no coding... just a phone call and some software. Be smart. Be safe.
Join us next week where we'll be lampooning Russian Espionage for fun and profit!
Because who doesn't like an energetic spaz behind the mic? 1 year and counting @ Geeks Who Drink