“Common sense, ain’t so common” has got to be the most advice rolled up in a yokel adage I have ever heard. Everyone seems to think they are on the intelligent side of the argument, but the fact is if humans were just a fraction more cognizant of their actions online, we wouldn’t be seeing record numbers in cyber crimes, and those malware magnets would be that much harder of a target.
“The People will not revolt”
The general widespread apathy toward cybersecurity astonishes me, privacy to the founding fathers was “their persons, houses, papers, and effects” but now the data that is flowing around, from, and through all your devices has become a goldmine for someone who wants to hurt you. OPSEC stands for operational security, good OPSEC analyses every spoken word, text, picture, video, and action for a possible exploit before it is shared; for the most part Americans don’t have it. If an adversary wanted to come after the average American all they would need to do is get hooked in to social media feeds and watch all the data surface (geo data, pictures, relationship status, personality analyzers, see what I’m saying). The BLUF (Bottom Line Up Front) is that no one cares that you’re “Heading down to the @7Eleven on Coit,Rd to grab a #MTNDew with your dog Spot #DewDog “, and in fact you just gave a ton of personal info to anyone paying attention to your post. Orwell screams at us almost 70 years later begging us to invest in our privacy.
Ignorance is Bliss
Did Jim just call me ignorant? Now that you are feverishly trying to find a way to file a grievance against me, hear me out; do you understand the 3 way handshake of TCP? What is a CA’s role in DNS? or what do you know about the inner workings of an EIEIO board? The last one was a joke, fundamentally proving my argument, you don’t know what you don’t know. It has nothing to do with your intelligence, I’m sure you could talk circles around me in your perspective field; cybersecurity affects everyone, and your lack of it is putting your family, friends, and business at risk. If you just take the time to educate yourself and start enacting good practices, your bad habits can be transformed into good procedures for security and safety. Effectively knowing what possibilities are out there IS the first line of defense, making you, and yours harder to see, analyze, and (most importantly) predict; making you harder to hit.
Why are we so ready to believe in Pizzagate, Lizardmen politicians, or that American astronauts never landed on the moon, but the idea that someone might be watching our every post and “check-in” to find the most opportune time to grab you is being paranoid? I propose that, in general, our paranoia seems to stop at our street, that is to say, we are only suspicious of our neighbors; but when it comes to our “loyal followers” online we believe, for whatever reason, they are our closest friends. How many of your Facebook “friends” have you shaken hands with? Who was the last twitter follower you had coffee with? Yet you trust these people with intimate information. I hate that my wife puts pictures of our girls and herself online, because I loathe the idea of some creep ogling the three most important people in my life; we just willingly update the world of our latest haircut, preferred clothing styles, and even our particular facial features, who started the selfie trend anyway?
What should we do? What could we do? Those are quite different things, we should change course as a culture, make it “cool” to be cybersecure; do I think that will happen? Absolutely not, but what could we do? We could all start using VPNs, filtered DNS, and encrypting traffic, in transit and at rest. Encryption is your best shot at anonymity and therefore privacy. Also, can we stop the whole, “I don’t have anything to hide, why do I care” argument? It’s just a defense mechanism, I guarantee it would send shivers down your spine if someone had your address, pictures from your laptop, or access to your email. Please start thinking about your online actions and stop being an easy mark.
Now that I have cemented myself as the alarmist in your life, know that I just want you to be more perceptive to WHAT you are sharing, with WHO and what entities. Your action, or lack of action, can extrapolate to big issues for you, or the people around you. Your security is never a sure thing, it’s a balancing act, risk vs. reward; all we can do is change the odds, and we have to take the opportunity, whenever possible, to stack the deck in our favor, be a hard target.