In the Information Security industry there are a number things that we do well, and a few areas where we could improve. Often, as security professionals we devote a lot of our time working on or providing products and services to large enterprises and less time is spent with the less informed user. To me this is an overlooked problem as it is the regular user of the Internet who suffers the most when their accounts are compromised, their data is leaked online, they fall victim to phishing attacks, or their credit card is used unknowingly. For many users, if they could improve their security practices slightly they could significantly reduce their risk of falling victim to the wide range of threats that they are exposed to as they interact online.
When I meet new people or talk to friends about what I do, I often tell them that I am a “Professional Hacker.” I identify with this title because I think it speaks to a duality of views/perceptions, is fun, and usually triggers a deeper conversation. This introduction often invokes a wide range of responses from intrigue and curiosity, to disbelief, paranoia, and straight out fear. In many cases the following minutes of the conversation either revolves around me explaining what I do or trying hard to change someone’s perception of me to convince them I am a genuine guy who cares about making the user of software and the internet safer.
A few months ago, I spoke with a friend of mine about this and what she said resonated with me and has failed to leave my mind since. She said rather than trying to convince people that with my profession comes positive intent, I should just be a good person and give them security advice to help them protect themselves online. Once I starting doing this, another question came up that has had me thinking for months: How do I, as a Professional Hacker, use my knowledge and skills to do the most good in the world and help the most people?
I’ve been mulling this question around for a while now, coming up with some wild ideas and starting to create a list of ideas and assess their feasibility. It wasn’t until a few weeks ago where I had my first actionable. I was having dinner with my friend who is a Lawyer, which in my profession is complementary and makes for a great friend to have. Often as hacker it is my curiosity that leads me down a particular path, whether that be in investigating how a new technology works or how I might steer a conversation towards an interest. In this particular case I was curious about how my friend as a Lawyer views and practices information security. I began asking her questions about her security habits, how she communicates securely with clients, how she transmits/encrypts documents, and basic security decisions that I would make if I were in her role. I wouldn’t say that I was overly surprised by her uninformed response but it is still concerning that she is handling a wealth of sensitive data on a daily basis with limited knowledge about how to do that securely. What came out of the conversation was an obvious need that she and many others lack even a basic understanding of security best practices. After our dinner I said I would write down a few quick bullet points for her get started on improving her security and privacy online.
This effort grew over the next week and resulted in a new Essential Guide to Online Security. This guide is not an exhaustive list of everything one needs to do to keep themselves safe online. Rather, it is a helpful resource that provides tips you can apply immediately to reduce security and privacy risk regardless of your existing knowledge. The project is in its early stages and will evolve into a more comprehensive resource over time. Remember that all of the best practices in this guide are not hard and fast rules that must be implemented all at once. My advice would be to start with one or two areas most applicable to your online habits and make minor adjustments along the way as you continue to learn about more ways to better protect yourself.
While no one is immune to an online attack, better online security awareness can help make it more difficult for hackers to steal your personal and private information. Download the Essential Guide to Online Security to learn how to protect mobile phones, generate secure passwords, stay safe on social media, securely connect to WiFi, and more.