The most common response to talking about security and privacy is 'why should I care?' This post will answer that question for you. If at any point you throw up your arms and are like ‘ok, I’m scared already, and just want to start feeling safer!’ feel free to jump ahead to the lesson plan and get started.
The Scary Stuff (What Can Happen)
When a hacker compromises your password, they can lock you out of your own account, and do any of the following:
- Steal your money! — this is way easier than you think
- See and delete everything you care about — your messages, your photos, your documents, your memories
- Use your identity to send emails, sign up for services including loans, and use your private information to hijack others including your loved ones
- Get into your other accounts with the information from one account
- Encrypt (garble) your data and hold you hostage to have it decrypted (ungarbled)
All of the evil deeds above can be run by hackers with scripts, which are just like mini downloadable apps. This makes it extremely fast and easy to hack many people at the same time with the click of a button.
Common Fallacies
I find it can be easy to justify why you don’t need to think about security. Here are the most common ways people convince themselves they’re ok:
- “There’s nobody looking for me!” — WRONG: Hackers attack indiscriminately, usually by first coming across your information in a compromised online account you have and then using that to get into other accounts.
- “I have nothing to hide, so I’m not a target” — WRONG: Even if you have nothing to hide, your private information (banking info, private convos, private documents) can be used to build up a false identity, steal your assets and create a world of nightmares that could cost thousands and stick with you your entire life.
- “I don’t use my computer or phone for that much” — WRONG: Unless you don’t use the internet and have zero accounts with any private information, you are a target.
- “I have anti-virus, so I’m ok” — WRONG: Viruses are only one of many methods to hack you. There are social engineering tricks based on human psychology, phishing, security failures of systems you use and fraudulent companies to be worried about, just to name several.
- “My bank locks out after 3 failed attempts, so I’m ok!” — WRONG: Hackers don’t tend to use the website itself to crack your password, they crack passwords offline and only try them once they know they are correct.
Those Devious Hackers (How It Happens)
Today’s world is getting more connected, and with that comes a whole bunch of ways attackers can compromise your life. How do hackers actually get at your data?
- Human Psychology — hackers know how we make our passwords
- Security vulnerabilities — engineers accidentally leave flaws in programs like the iPhone software, your web browser, the WiFi network you’re on, etc. Hackers exploit these.
- Phishing attacks — trickster emails or sites that try to look legitimate to get you to enter your information
- Malware / Viruses — programs that run on your computer or phone and scrape up information including passwords
- Brute Force attacks — scripts that run on lists of passwords from hacked websites to break everyone’s passwords; how easy this is depends on how much attention each site puts into security
Listen to this 6-minute snippet from the “Slack Variety Pack” podcast for a story about how passwords get stolen and some general tips.
At an absolute minimum you need to:
- Have strong passwords
- Be careful opening files or apps downloaded from the internet
- Be careful browsing and clicking on links while browsing
- Be careful clicking on links from emails, even from loved ones
OMG my security is TERRIBLE (What now??)
You should be sufficiently scared and sweating by now. But fear not, I promise it isn’t very hard to get to a much better place. And don’t feel bad, this is a normal feeling!
The chart above visualizes what you’re feeling right now, having just realized your perception of your own security was WAY higher than your actual security. We can fix that together. And as a bonus, the more you do, the easier to handle internet life will be!
Have no fear, let's jump into the lessons and get safer right now!
Fear mongering warning: Working in technology, I am thinking about security risks all the time. Thankfully, this is not a mental burden on all of us, but I do care passionately. Trust me, the risks are real!Header image credit: Olesya Yemets
If these lessons look hard, fear not, just grab a techie that you trust (very important!!), and get them to go through the lessons with you.
This lesson plan is my attempt at balancing pretty great security with something that people will actually do. I will try to continuously make this better, so feedback is appreciated!