You’re at the right place to understand the dangers of living online in the modern age. The dangers on our internet are huge and important to protect against. This can be intimidating, but it shouldn’t be and can even make life online easier.
I created this simple lesson plan to help you live a safer digital life. Even doing the first lesson, which will only take 10 minutes, can get you substantial security gains. I come at this from a perspective of having managed software teams delivering enterprise-grade software to multi-national corporations with a focus on security, and having assessed and observed poor security practices in those organizations. I have also long seen how people walk around with a false sense of security and I am genuinely concerned for their well-being.
These lessons are for two audiences:
- If you don’t know much about security, but want to be safer and don’t know where to start.
- If you’re a techie and scared about the safety of your loved ones, and want a helpful lesson plan to guide you through making them safer.
If at any point you throw up your arms and are like ‘ok, I’m scared already, and just want to start feeling safer!’ feel free to jump ahead to the lesson plan and get started.
The Scary Stuff (What Can Happen)
When a hacker compromises your password, they can lock you out of your own account, and do any of the following:
- Steal your money! — this is way easier than you think
- See and delete everything you care about — your messages, your photos, your documents, your memories
- Use your identity to send emails, sign up for services including loans, and use your private information to hijack others including your loved ones
- Get into your other accounts with the information from one account
- Encrypt (garble) your data and hold you hostage to have it decrypted (ungarbled)
All of the evil deeds above can be run by hackers with scripts, which are just like mini downloadable apps. This makes it extremely fast and easy to hack many people at the same time with the click of a button.
I find it can be easy to justify why you don’t need to think about security. Here are the most common ways people convince themselves they’re ok:
- “There’s nobody looking for me!” — WRONG: Hackers attack indiscriminately, usually by first coming across your information in a compromised online account you have and then using that to get into other accounts.
- “I have nothing to hide, so I’m not a target” — WRONG: Even if you have nothing to hide, your private information (banking info, private convos, private documents) can be used to build up a false identity, steal your assets and create a world of nightmares that could cost thousands and stick with you your entire life.
- “I don’t use my computer or phone for that much” — WRONG: Unless you don’t use the internet and have zero accounts with any private information, you are a target.
- “I have anti-virus, so I’m ok” — WRONG: Viruses are only one of many methods to hack you. There are social engineering tricks based on human psychology, phishing, security failures of systems you use and fraudulent companies to be worried about, just to name several.
- “My bank locks out after 3 failed attempts, so I’m ok!” — WRONG: Hackers don’t tend to use the website itself to crack your password, they crack passwords offline and only try them once they know they are correct.
Those Devious Hackers (How It Happens)
Today’s world is getting more connected, and with that comes a whole bunch of ways attackers can compromise your life. How do hackers actually get at your data?
- Human Psychology — hackers know how we make our passwords
- Security vulnerabilities — engineers accidentally leave flaws in programs like the iPhone software, your web browser, the WiFi network you’re on, etc. Hackers exploit these.
- Phishing attacks — trickster emails or sites that try to look legitimate to get you to enter your information
- Malware / Viruses — programs that run on your computer or phone and scrape up information including passwords
- Brute Force attacks — scripts that run on lists of passwords from hacked websites to break everyone’s passwords; how easy this is depends on how much attention each site puts into security
Listen to this 6-minute segment (14:25 to 20:22) from “Slack Variety Pack” podcast for a story about how passwords get stolen and some general tips:
At an absolute minimum you need to:
- Have strong passwords
- Be careful opening files or apps downloaded from the internet
- Be careful browsing and clicking on links while browsing
- Be careful clicking on links from emails, even from loved ones
OMG my security is TERRIBLE (What now??)
You should be sufficiently scared and sweating by now. But fear not, I promise it isn’t very hard to get to a much better place. And don’t feel bad, this is a normal feeling!
The chart above visualizes what you’re feeling right now, having just realized your perception of your own security was WAY higher than your actual security. We can fix that together. And as a bonus, the more you do, the easier to handle internet life will be!
I am even more of an efficiency nerd than a security nerd and do NOT want to add complexity or intrusion to your day. I believe security can be convenient. Hop in below and start getting more secure right now.
- Lesson 1: 10-minute Quick Win
- Lesson 2: Protect your Devices
- Lesson 3: Passwords Be Gone!
- Lesson 4: Play Safer Online [coming soon!]
- Lesson 5: Don’t Lose Your Memories [coming soon!]
- Lesson 6: Think Like a Hacker [coming soon!]
- Lesson 7: Snowden-Level Security [coming soon!]
This scorecard will give you an idea of where you’re at. You can download it, print it and fill it out. If you don’t understand something, give yourself a zero.
Fear mongering warning: Working in technology, I am thinking about security risks all the time. Thankfully, this is not a mental burden on all of us, but I do care passionately. Trust me, the risks are real!
If these lessons look hard, fear not, just grab a techie that you trust (very important!!), and get them to go through the lessons with you.
This lesson plan is my attempt at balancing pretty great security with something that people will actually do. I will try to continuously make this better, so feedback is appreciated!