Security and Privacy as a Lifestyle – SPaaL

SPaaL – Dontcha just love all the acronyms?

This is one of the most important posts I have ever scribed.

Remaining secure and private in this world is something that I take very seriously – you should too. You don’t have to be an executive at a Fortune 500 company or even a small business owner. The fact is, everyone should take security and privacy seriously.

In the hacker world, there are “white hats” and “black hats”. White hats are the good guys – or ethical hackers – and work to secure our banks, defense and corporate networks. Black hats are the bad guys, and hack mostly for profit. In between are the ones that make political statements – think Anonymous or Edward Snowden.

While really good hackers have skills that take years to master, casual computer users with just a fundamental knowledge of computers and networks can be hackers. Tools are available here and here. Tools to hack are built-in to your computer’s operating system. You can even do it by just buying your way into the business.

By far, most of the unethical hacking is done automatically, at scale. Like millions. Malware is emailed through spam or placed on a legitimate websites (none are beyond being hacked). Visit the website or open the email, and bingo, you’ve just been hacked. Whether it ends up holding your data hostage or configuring your computer to spew spam, or whatever, it is making the creators money. It really has nothing to do with your personal data – the hackers are operating at a scale that is all about numbers. In other words, if you think that no one would be interested in your data, or that you have nothing to hide, that is irrelevant to hackers. In fact, they are counting on you to use poor security and privacy methods to continue to stay in business. And yes, it is a business – a HUGE business. This article at Info-Security Magazine references a 2014 McAfee report that “estimates the cost to the global economy from cybercrime at anywhere from $375bn to $575bn a year. These figures, the researchers point out, actually exceed the national incomes of many countries.”

See what I mean when I talk about “scale” in malware?

So what I’ve discovered is that when discussing these issue with people, whether business owners or individuals, most people’s eyes glaze over, then something like “I would love to protect myself and others, but it is a such a hassle to use good security” falls out of their mouth.

My response is “SO WHAT?” It’s a hassle to first get used to wearing a seatbelt. It’s a hassle to buy and pay for insurance. It’s a hassle to register to vote. Get over it, and start living the SPaaL lifestyle. Oops, that was redundant. I guess I didn’t plan my acronym out properly. That’s kinda like PIN number. I digress.

But it is a change of mindset. Being frustrated over using a password manager such as LastPass is understandable, but it’s a necessary evil. In fact, every time I use it I am thinking of all the times that I have prevented wide-scale infections or data breaches on my computer.

It is a commitment to dedicate yourself to the pain – the pain in setting up and using a VPN, having to generate and store secure passwords, etc. But you must. Until we all do this, the scourge will remain. It MUST be a lifestyle change.

Install and USE LastPass. Make all your passwords unique. Turn on Two Factor Authentication, or TFA (most times, you can set all your devices to not require the TFA if the site recognizes the device – this way if someone else uses it, they are the ones that have to use TFA).

By all means, make sure your email addresses use unique passwords, not shared with any other site, because once your email address is hackable, so is your bank account and any other site that is tied to that email address, because email access is the key for password resets.

Other Security Reading

If you think you have nothing to hide, 1) send me all your email addresses and passwords, then 2) watch this. Glenn Greenwald: Why privacy matters.

If your organization thinks that HIPAA compliance and PHI is not worth the hassle, read this. “We’re not in this for the money. We want to help put a plan together to bring you into compliance, while you’re paying your fine.” – Office of Civil Rights

If you think security is not important to your business, read this on Kirkham Systems.