The Art of Digital Self Defense
I want to let you understand how hackers think, and if you understand how they think, then you can anticipate what it is that they're going to do, and most importantly, you can protect yourself. So you need to think like a bad guy to protect yourself from a bad guy, and for some of you, that will be very, very easy, to have that criminal mindset. For others of you, you'll have to work at it a little bit, but I'm happy to point you in the right direction. So let's go into the hacker mind, and the first thing you need to understand about hackers is this, hackers gonna hack. That's what they do, that's their fun. They do this for fun, they do this for enjoyment, they do this for the personal challenge of it, and of course they do it for financial means. And increasingly, this is a job for people, right? There are hundreds and hundreds of thousands of people around the world who get paid to be white hat hackers, meaning that they're hacking for good, or black hat hackers, meaning that they...
're hacking for criminal purposes, or gray hat hackers, who are doing something in between. So this is, you may go work at McDonald's or at Walmart, or in a doctor's office, or as a teacher, this is their full time job. This is what they do, and so, you just need to get into their mindset. Now I want to go ahead and set your expectations, there is no such thing as perfect security, right? You know, you can think you've got great security, think about again World War II, the Maginot Line. We're gonna build this big wall and huge defenses, and then people are just gonna walk around the other side, where there aren't big walls and defenses. The thing you need to understand about security generally, and in particular about cyber security is that with enough time, energy, effort, and resources, any security can be broken, any computer can be hacked. So there's not perfect security, but there's damn strong security, and taking all the steps that we've discussed this far, is gonna get you there. The trick is not to be the low hanging fruit, right? This can actually protect you quite a bit, as I mentioned previously, if you've got a great two or three deadbolt locks on your door and your back door is open, or your garage is open, or your window's open, that's obviously where the bad guys are going to go. And what you want to do is give the appearance of being a difficult target. I worked a lot of auto crime back in the day, these are not that hard to get off, but if somebody wants to do a burglary for a motor vehicle is walkin' down the street, then he'll say, meh too much trouble. There's another car, I'll just go break into that one. That's where you wanna be, and I'm reminded of the old joke, there's two hikers out in the wilderness of Alaska, and all of a sudden they see the bear, and one of them turns to the other and says, oh my god, it's a bear, we'll never outrun it, and his friend turns to him and says, I don't need to outrun the bear, I only need to outrun you, okay? And that's the trick here. You guys don't have to be perfect, you just need to be better than everybody else, which frankly is not that hard to do, and you can outrun the bear that is the hacker out there. And the reason why you want to do this, and to build up your own skill set, is because there's no such thing as a cyber cavalry. There's no troops that are coming to the rescue. Take it from somebody who's worked many, many years in law enforcement, if you dial and say, operator will say what's your emergency? You're like, I have ransomware on my computer, sir stay where you are, don't move, we're sending the SWAT team, they're en route to your house right now. This is not how that works, they're gonna hang up on you first. If you call back, they'll probably prosecute you for bothering them. So you need to learn how to do this, you need to do it yourself, and if you do that, then you can protect yourself. That's why I talked about cyber judo, you're on your own, there's a big, huge opponent out there, learn how they operate so that you can use their own weight against them. And that's why I again wanna mention, that there are so many good resources in this class, actionable tools as Lara was mentioning, particularly in the workbook, the resource guide, the infographics and the like, they'll give you specific things to think on. But today what I want you to focus on in this particular lesson is the human factor right? Most people when they think of hackers, they think, oh they broke into my computer. There are definitely lots of criminals that will try to subvert your technology, but there's a much greater number of hackers that are going to try to subvert you, your technology, the human technology. It's something called social engineering, and it's incredibly easy to do, we see it all the time. Remember earlier in another lesson, I mentioned the example of testyourpasswordstrength.com, I'm making that up, but basically, enter your Bank of America email address and your password, and we'll tell you how strong it is. That's a social engineering trick, right? They didn't infect your computer, they didn't put ransomware on it, they just tricked your mind, they hacked your mind if you will. So I talked about software firewalls, I talked about hardware firewalls, now it's time for the human firewall, right? This is you. This is where you get to step up. You are the most powerful tool in preventing cyber attacks, there's only one thing you need to do to become that human firewall, you need to turn this on, right? If you have one of these, I strongly suggest you use it, and it sounds like a joke, but if you've investigated some of the cases that I have, your mind would quite literally, would be blown at silly people tricks. And I think it was our 16th president who famously said, "Don't believe everything you read on the Internet." Right? Because it may not be true. It's easy to trick people. And just to underline this from a research perspective, back in 2014, IBM security research did a phenomenal study of again, millions and millions of data breaches, and here's what they learned. 95% of all security incidents are as a result of human error. Any humans in the room? This impacts you, this is you. And so in order to help you slow down and deal with these threats, I offer you these three words, Stop, think, and click. Whenever you're doing stuff online, stop, stop. Think for a second about what you're going to do, and then, and only then, click, because once you've clicked, it's too late. Please repeat after me. Stop.