Cybersecurity is everyone's business.
I’ve never worked a cybersecurity job in my life.
Odd thing to confess to when writing the first post on a newsletter about cybersecurity, right ? A lot of people would agree. Well I don’t.
Technology has been a lifeline for many during the pandemic - I don’t expect that this is news to anyone reading this.
What I found most interesting in that Pew Research Poll - was this little gem :
And for 40% of Americans, digital tools have taken on new relevance: They report they used technology or the internet in ways that were new or different to them
This new digital sprawl is downright scary considering how little the average user knows about data privacy and security.
What doesn’t help is the fact that any discussion about cybersecurity instantly buries a newcomer under a mountain of jargon (what is Log4J and why is it important anyway?).
This is why I’m starting this newsletter, despite having very little direct experience in InfoSec. I want to share the things I’ve learned with you and I want to try to explain them in a way that anyone can understand, not just tech enthusiasts, not just software devs. Basically - I’m writing this newsletter for my mom (thanks for subscribing, Mom !) and hoping you’ll read it with her.
So what’s the first thing on the menu ?
The first thing anyone should know about cybersecurity is that no solution is perfect. Every decision you make will be a trade-off between safety and comfort.
For example:
Using social media apps like Facebook is convenient, free and allows you to communicate with it’s 2.9 BILLION users.
On the flipside, because these apps have access to and store your data, you risk having that data exposed whenever something goes wrong on their end.
Despite it being beneficial for their mental health, not many people are willing to step away from these apps entirely.
This looks like a good place to ask you to share this newsletter with your friends if you think it’s interesting :)
So what trade-off should we be making to improve our privacy given what we’ve seen ?
Let’s talk about Access Control.
Have you ever seen a movie where one of the characters is told “you don’t have security clearance for XYZ” ?
That’s access control. The more people have access to a certain piece of information, the more likely it is that it will leak to the public. That’s why the 3-letter-agencies restrict access to sensitive information and only allow access on a need-to-know basis.
Whenever a Social Media company asks you for something, the question to ask is “do they need to know ?”
Facebook will ask for your phone number. They say it’s to keep your account secure (that’s BS - I will explain why in a future post) - but do they need it ? No, they don’t.
Facebook will ask you to provide your real name. Do they need it ? Well … Maybe … but Twitter doesn’t, YouTube doesn’t and neither do many others.
One thing that these ghouls should never have access to is your secrets. As I was writing this entry, news broke that an app that allows users to anonymously share secrets has suffered a breach and users’ data is now available for download.
Here’s the part that caught my eye :
The exposed data was in two separate databases.
One contained about 1.2 billion records that included some combination of shared secrets, geolocation and timestamps for those secrets, usernames and nicknames
The other database contained 361 million records with similar information.
The word that gave me chills is ‘Geolocation’.
Imagine a scenario where a user confesses to being LGBT in a country where being LGBT is punishable by death, or where members of the LGBT community are four times more likely to be victims of violence and now anybody can look up your house on google maps and pay you a visit. It’s downright terrifying !
On this rather depressing note I’m getting ready to close the first issue of the Casual Cyber Security newsletter.
Today we learned a concept that we can apply to keep our data and lives more secure.
Whenever you get a few minutes, try to look through your privacy settings on your Social Media apps and check if there’s anything you can remove or hide.
The sun is going down, stay safe and sound. I’ll see you next week.
A.
I think this is a very well written post and very informative. I think that so many people are used to just accepting what every guidelines applications are allowed access to without looking at what they are accessing, including myself. I believe it can be a little scary that so many applications have so much information on their users and are able to track what they like, what they don't like. While some may find this convenient I do believe it is a little scary.