REMINDER: The #1 thing you can do to support the site is share the articles!
This may come as a bit of a shock to you, but the technology we use every single day is not 100% secure. It’s true! We read about it on a website that promised it was telling us the truth. In fact, renowned security expert Gene Spafford’s 1989 opinion on the matter is probably still closer to reality, even today:
“The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.”
But that doesn’t mean we should set fire to all of our devices and live off the grid – we just need to be more careful about how we handle them. Because the truth is, often times it’s human error, and not the technology itself, that plays the primary role in security breaches. Hell, Kevin Mitnick, arguably the world’s most famous hacker, didn’t get his start with complicated computer wizardry, but with simple social engineering.
Fortunately, there are a few super easy things you can start doing today that might help prevent you from having your life turned into some weird-ass horror movie.
Do Not Leave Your Computer Unattended
This might seem like annoyingly obvious advice, but we’re not talking about leaving your computer logged in, sitting on a park bench while you go for a jog or defend Earth from the secret cabal of underground lizard people or whatever it is you do for fun. If you’re in a public place or, quite frankly, anywhere there might be people you don’t know and trust, it’s probably best not to let it leave your sight.
As Shannon Morse from Hak5 shows us, USB devices exist that can swipe files from your computer by simply being plugged in for an extremely short amount of time. That’s honestly the extent of it: Plug it in, let it work its voodoo, then unplug it. That’s ... kind of terrifying, actually. A simple, “Can you watch my stuff real quick?” could end up leading to your identity being stolen – or worse, those photos from last year’s New Year’s Eve party being seen. In fact, come to think of it, you should probably just delete those.
Oh, and it’s worth mentioning that you should never stick a USB drive into your computer that you found in some random place, for the same reason. That exact same thing could happen, with files being sent to who the hell knows where, resulting in you unwittingly sharing your Tom and Jerry fan fiction stories with the world.
Choose A Longer Password
For years we’ve been taught that the best passwords are the ones that don’t look like words – they should consist of a goofy string of numbers and letters and Wingdings. Which makes sense, because some password crackers use dictionary files that use common words and phrases to try to guess your password. Obviously, that’s an oversimplification, and there are many different types of password crackers out there, but the general idea seems sound: Make it hard to guess, be it for people or for software.
The reality, however, is that the longer you can make your password, the better. “H3110!” is far easier to crack than, say, “leprechaunkeyboardtomandjerrybutts.” Yes, the longer and more complicated the better, but being easy to remember is also critical, so that you’re not having to write it down or change it all the time. And while that may seem at odds with what you’ve been taught up to this point, as this XKCD comic points out, it’s simply a matter of (complicated) math.
Be Paranoid About Any Incoming Correspondence
Even though we’re way more aware of it, phishing continues to be a massive problem. And really, it’s because the practice becomes more sophisticated over time. Sure, you’ll probably recognize and not respond to an email that opens with: “Dear Jsaon, this is Bank of America and we are in need of your accountt information because of reasons.” But not all scams are like that anymore – the emails in your Spam folder are no longer a measure of how high the bar is set.
There are still quite a few telltale signs of a phishing attack, but if you’re not super-versed in this whole technology thing or haven’t already experienced an attempt yourself, it’s possible you might not see it coming. Typically, a good rule of thumb is that if you receive correspondence from what even seems to be a trusted source, the best course of action might be to ignore it altogether and initiate contact yourself.
“Hi, yes, this is Jason. The Squirrel Dancing World Championship I’m judging was just interrupted by a phone call from someone claiming to represent Bank of America. So, is there a problem with my card, or ...?” At least that way you know for sure that you’re talking to the right people.
Or, you know, just take your chances, we guess.*
* We don’t actually recommend this.
Like these videos? Check out “4 Lessons We Should Never Forget From Historic Breaches Of Security” and “5 Ridiculous Cybercrimes You’ll Be Amazed Were Pulled Off”.
Want to write for The Modern Rogue? You can! Just sign up for our writers’ workshop.