My personal stretch goal this year is to follow Eleanor Roosevelt’s advice: “Do one thing every day that scares you.” It’s a way of regaining a sense of control when it feels as though so much (climate, cost of living, health, social mores) is spinning out of control. Thankfully, I’ve managed to push facing my arachnophobia[i] and ergalilektriphobia[ii] waaaay down the list. After all, the daily practice Ms. Roosevelt recommended is admittedly aggressive—and other fears have taken precedence:
- Fear of letting go (just one more revision)
- Fear of growing old (denial)
- Fear of being hacked (take control)
For the latter, I have several organizations to thank, for example, B2B USA Business, PDL, Dropbox, Exactis, LinkedIn, Ticketfly, Verification.io, Evite. Experts estimate that hackers attack every 39 seconds,[iii] steal 75 records every second,[iv] and can purchase more than 45,000 different ransomware products online.[v] Is it any wonder that I’m a Luddite—or that security consultants and companies lead with fear in their sales pitches rather than with information?
All too often, information gets lost about how individuals and groups of individuals can accept the challenge and take incremental steps to improve their security posture. The psychology of fear takes over: “a mix of calibrated emotion and limited knowledge.”[vi] It may seem easier to procrastinate about making changes and just sigh over the inevitability of being hacked—a self-fulfilling prophecy in the making. Meanwhile, some 94% of successful hacks involve people doing something they oughtn’t have done. There are a few behavioral tweaks that anyone can make to take back some control over one’s digital information . . . and manage cyberphobia.[vii]
Anticipate Exposure. Individuals and organizations can register with the Cybersecurity and Infrastructure Security Agency (CISA) without fee. Participation offers access to timely alerts about current and emerging threats, remediation guidelines for identified attacks, and free cyber hygiene services (e.g., vulnerability and web application scanning).
Assess Your Exposure. One easy self-check is to visit haveibeenpwned.com, enter any email address, and discover whether that particular address was part of one of the large data breaches tracked by Troy Hunt and his team.
Control Known Exposure. If an email address has been breached, change the password immediately to one that is robust: a minimum of 12 characters, difficult to guess (check online tools for password strength), unique to that account, unshared. Password managers are useful. Salting passwords is another technique in which a “core” password is split apart and “salted.” That is, a string of characters is inserted to distinguish access to that specific account from others. (Note: This can get complicated, and it is easy to self-sabotage by just inserting the name of a recognizable account. If the core password is compromised, this strategy breaks down.)
Reduce Potential Exposure. “There’s an app for that” is not a comforting phrase. Hacking apps for Android and iOS devices abound.[viii] One of the best resources available is through the National Cybersecurity Alliance. It features tips on how to treat hacked accounts, secure the home network, activate parental controls, and protect mobile devices.
Watch for Exposure. Attacks against telecom carriers and other utilities are beyond individual control. Customers are required to provide certain information to open an account—perhaps more information than is justifiable, in my opinion. T-Mobile confirmed on 18 August 2021, for example, that 100 million records belonging to current and former customers are up for sale on the dark web. The information—including names, birthdates, phone numbers, social security numbers, addresses, driver’s license information—sold for about $280,000 in bitcoin.[ix] One can only hope that such large repositories of personally identifiable information (PII) will be encrypted or otherwise protected in the future. Meanwhile, this would be a good time to make sure that no passwords currently in use incorporate elements of PII.
Zen Your Exposure. Although the foregoing is not exactly an A to Z of “hacking phobia hacks,” making a regular practice of checking for email compromise does help address uncertainty by indicating where to start on your cybersecurity journey. Engaging CISA services to perform a vulnerability assessment may be another, as is working through the NIST SP 800-171r2 security controls. Many resources are available, including those offered through the NIST MEP network.
Exchange fear for information. As Yoda said, “Fear is the path to the Dark Side.”
[i] Fear of spiders
[ii] Fear of power tools
[iii] University of Maryland study from 2007 <https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds>
[v] Hosting Tribunal <https://hostingtribunal.com/blog/hacking-statistics/#gref>
[vii] In 2019, the 5th greatest fear among Australians https://www.mcafee.com/blogs/consumer/aussies-fear-snakes-spiders-and-getting-hacked/. A Gallup poll in 2020 indicated that 72% of Americans lose sleep over this fear <https://www.technologydecisions.com.au/content/security/news/americans-fear-being-hacked-more-than-being-murdered-588071437>.