Copy

One small decision for you,
HUGE ripple effects for your life

About 8 years ago, my Romanian blog got hacked. 

Out of nowhere, a pop-up kept displaying on all the pages of my blog. I can’t remember what it said, but at least I know it wasn’t some obscene stuff. 

Luckily, some of my colleagues at the time were developers, so I asked them for help. They cleaned up the infection and I thought I was in the clear. 

Two days after that, it popped back up. :facepalm:

This time, I asked for help from someone who worked at an antivirus company. After a bit of digging, they discovered that the attacker had compromised my cPanel password (cPanel is a web hosting control panel that helps website owners manage the server where their site is hosted). 

The reason for that? I hadn’t changed the default password. : another facepalm:

At the time, I had some basic concepts about how to stay safe online but, comparing it to my current knowledge, I can tell that what I thought was a decent layer of security was, in fact, embarrassingly poor. 

That’s how I found out how important password security is, especially when those passwords protect publicly accessible assets, such as websites. I didn’t want to be responsible for getting other people’s computers infected. 

I’m sharing this story because, since my blog got hacked, my life - and our lives as a whole - have become inseparable from internet-connected technology to a much, MUCH larger extent than we realize. That’s not inherently bad or good, but it can become extremely dangerous if we downplay the importance of keeping our data and behavior safe - online and off.


Basic hygiene 

“But I don’t own a website. Why are you telling me this?” 

The issue of online security has become a bit more complicated than that. The reason I’m dedicating this newsletter to it is that cybersecurity is an excellent lens we can use to look at how we make decisions. Because it’s a more straightforward application of decision-making, looking at our online safety habits helps us gain an objective perspective and see whether we’re as responsible as we think we are. (Spoiler alert: we’re not.)

Just like good health is the essential condition for us to live a good life, cybersecurity is essential for us to use technology to thrive. It’s basic hygiene. 

My goal today is to help you:

  • see that you take more risks online than you realize 

  • understand why your online safety matters

  • and do one key, simple thing to improve your security. 


Protect the keys to the city

I won’t bore with endless statistics about how bad the situation is. If you want to dig deeper, I wrote a 28,000 word article that covers pretty much all you need to know, from email scams to geopolitical issues. 

After I started to work in cybersecurity as a content creator, I learned early on that people rarely change their behavior or choices based on scary statistics. Because of the way we’re wired, us, humans, respond better to real stories from real people who felt the real impact of cyber attacks. 

About 4 years ago, a delivery guy walked into our office at the time and said:

“I heard you work in cybersecurity. My laptop got infected with ransomware and that’s where I had a huge collection of music I’ve been building for the past 20 years. How can I get it back?” 

I asked if he had a backup. He didn’t.

Because I never recommend paying the attackers (would you trust cybercriminals to keep their promise and decrypt your data in exchange for money? I don’t!), I advised him to try some of the ransomware decryption tools that various cybersecurity experts have created.

Sadly, the chances to recover data after an attack like this are slim. 


Another story that stuck with me was from someone who read my articles and emailed me to ask if there’s any way they could retrieve pictures from a ransomware-infected laptop. The pictures were of their baby, from ages 0 to 2, and that was the only place where they stored them. 

There are too many stories like these. People often think:

“This can’t happen to me”, a situation when optimism bias leads us to ignore evidence-based risks and make poor decisions as a consequence

or 

“I have nothing to hide” when the real risk is having something to lose, something of emotional value or, equally bad for some, your hard-earned money.  

To dig a little deeper into the topic, I invited cybersecurity specialist John Opdenakker to the How do you know? Podcast. He’s an active advocate who tries to teach non-technical people how to be safe online through free guides he publishes on his blog and a weekly newsletter packed with useful info.  

A key topic during our conversation was password security.

This is central to both our individual security and to our safety as a society. 


Using the same password to most (or all) of your accounts is like using the same key for all the doors in a city. 

When a data breach like those we often read about happens, it’s like someone just copied that key (and many others). The attackers instantly gain access to everyone’s homes at the same time. 

Unsettling, isn’t it? 

When the most common passwords in the world are these ones, it takes just 10 “keys” to unlock millions of “doors” to email addresses, social media accounts, bank accounts, surveillance cameras, internet-connected baby monitors, and so many more devices! 

It's funny to see how "dragon" dropped out of fashion in 2015.
I wonder why that happened.

Why are these passwords so bad?”, you may ask.

Because: 

  • millions of people use the same passwords 

  • these millions of people reuse these weak passwords for multiple accounts

  • attackers can easily break these passwords through simple dictionary attacks that automatically try all the words in dictionaries in various languages plus common passwords against accounts until one fits

  • it’s easier to be an online criminal or a scammer than ever before

  • there’s a wealth of data about your life and your finances behind these weak, reused passwords

  • your data makes cybercriminals and crooks money, one way or another (through extortion, scams and tricks, by selling your data, or by simply plundering your bank accounts).

 

This is how a small, seemingly harmless decision such as setting a weak password for an account has ripple effects that go beyond your online activity.

For example, if GDPR were in force when my blog was hacked and I got someone else infected, I would’ve been liable in a lawsuit, for paying damages, and guilt-ridden for a long time. 

We’re not in Kansas anymore and the internet is not the wild west it used to be. Keep that in mind.

“Ok. You freaked me out enough. What can I do?”

Start with the simplest thing you can do right now: turn on 2FA for your main email address

Two-factor authentication (2FA) is a second layer of security to protect an account or system. 

As a user, you must go through two layers of security before being granted access to an account or system. 

Layer 1: your password
Layer 2: a unique code that you receive as an SMS to your phone. 


You can find guides to enable 2FA for a huge number of services (you most likely use) in this huge repository.

Because getting access to your phone requires extra effort, 2FA is a very effective security layer for your online accounts. Even if attackers guess your password, they won’t be able to get in without the SMS code. 

If you have any questions about this, I’d be happy to answer them!

Remember you can reply to any of the newsletters I send.


Ask yourself this for better decisions regarding your online security

If I were an attacker, what publicly available information could I gather about you from what you've posted online?

Think about details such as: date of birth, where you live, where you work, your pet's name, your Facebook check-ins (letting anyone know when you're not home - also a danger to your offline safety). 

All this personal information is often used in security questions to unlock access to your account, which a skilled attacker can easily do. 

Seeing yourself through the eyes of an attacker has a powerful effect, as John can tell you:


Dig deeper into the online security mindset


Move around online with security in mind this week, 
Andra 

Find me on Twitter
The blog
My Medium posts






This email was sent to <<Email Address>>
why did I get this?    unsubscribe from this list    update subscription preferences
AndraZaharia.com · Aleea Poiana Sibiului · Bucharest 061531 · Romania

Email Marketing Powered by Mailchimp