There is no work-life balance in cybersecurity — part I
Where are the boundaries of trust?
This article is the first of a series of three through my journey to understand how people and companies are dealing with cybersecurity.
Part II — From board meetings to daily tasks, who owns cybersecurity risk for the company?
Part III — 3 steps to engage employees in cyber hygiene
Online interactions have real effects
Have you ever paid attention to the number of times you swipe, click, accept, share, reply using your cellphone/laptop/tablet/smart devices during the day? Most likely not, because these devices and software have been working pretty well. I can check my funds, get in touch with my friends, track my routine, listen to music, read articles, books, and buy all sorts of goods and services. Everything now and wherever I am. The borders and limitations of the physical world don’t seem to apply in the digital sphere. However, along with all this openness, new challenges arise.
I didn’t pay attention — until I had to
For me, it all started in 2012 when LinkedIn had a massive data breach exposing my email and password to the Internet¹. I don’t recall exactly how and when I came to know about this incident. But what I do remember, is what happened after. A few months later, I tried to log in on Skype, and my credentials weren’t working. The same happened to my eBay account. I had to go through the annoying process to prove that I was the owner of those accounts. Back then, I saw everything just as a run of bad luck.
There are many like me — some not that fortunate
Fast forward to 2019. Since that incident, I’ve been in touch with people with similar stories. Some of them not only had to prove their identities to those companies but also explain to their banks that they didn’t buy some items on eBay. More time, costs, and headaches. Now I can understand how those leaked credentials could have been misused. It doesn’t take much effort for someone to try the same email and password in other services and gain access to it. Of course, I had the same password for all my accounts. Why should I bother memorizing or managing a countless number of special characters for every single login?
It seemed legit
Some people had to learn how to protect their accounts in a hard way. I saw a friend who lost her professional Instagram account with thousands of followers², and I have seen people falling for email scams³. From innocent-looking scam messages to fake requests to transfer corporate money. They were victims of different techniques, but all shared the hopeless feeling of being deceived. It is easy to judge these cases as exceptions or isolated incidents that could never happen to you. But I would like to get your attention to the number of times we take online information as accurate, without even thinking twice. Have you ever read some news that, later on, you realized it was fake? Or clicked on a link and wasn’t exactly what you were expecting? In many cases, this questionable content comes from people close to us. Or maybe, just maybe, we were the one sending those.
Transactions and reputation
The stream of information that we manage makes virtually impossible the validation of every single online interaction. We may be good at reading situations and people in real life, but when the messages get behind a digital avatar, we need help. Before relying on someone that is in front of us, we like to know more about that person. It takes time. But online, everything is expected to be instantaneous, and we are still learning how to balance trust and efficiency⁴.
Taking responsibility
Companies and individuals have been working hard to keep ourselves secure online. We know that even if we are in an environment that cares about people’s health, we should take the initiative to keep wholesome habits. If we take care of our well-being and safety, why should we have our digital assets’ security left entirely in the hands of the companies? Slowly we realize that it is not just an online service out there; it is our privacy and safety that goes along with it. The good news is that it has been easier to check a message, website, or a link you are not sure about its source.
In the next article, I will share some insights on how companies have been dealing with the challenge of keeping our digital information secure. From board meetings to daily tasks, who owns cybersecurity risk in a company? And for the last one of this series, I will describe what we can do to combine security information, companies and individuals for safer online practices.
[1] Hacker advertises details of 117 million LinkedIn users on darknet — https://www.theguardian.com/technology/2016/may/18/hacker-advertises-details-of-117-million-linkedin-users-on-darknet
[2] Hackers Are Holding High Profile Instagram Accounts Hostage — https://www.vice.com/en_us/article/d3jdbk/hackers-high-profile-instagram-accounts-hostage-ransom-bitcoin
[3] 281 Alleged Email Scammers Arrested in Massive Global Sweep — https://www.wired.com/story/email-scammer-global-takedown/
[4] The Biggest Issue in Cybersecurity is Humans, Not Machines — https://www.youtube.com/watch?v=15lS2SfW4pM&list=WL&index=33&t=0s
