Did Hackers Gain Access to All Your Personal Information?!?

Introduction

“Out of sight, out of mind.” This is true of so many important aspects of life. We know we should do something about them, but we don’t – because we forget about them or the effort seems greater than the benefit.

Unfortunately, sometimes these important aspects of life decide to blow up in our faces. For example, most of us have learned the importance of keeping oil in our cars and performing regular oil changes. We know that while this is “out of sight” it cannot be “out of mind.” But, have you ever been in a that ran out of oil? I have and it is not a pleasant experience. The engine implodes on itself with many strange, loud, and scary sounds while smoke billows from the hood and nauseous odors waft through the vents. The car slows to a stop and never starts again. Cue tears, tow truck, and etc.

Burglar from OpenClipart.org. Thanks to tzunghaor for his generosity.

Burglar from OpenClipart.org. Thanks to tzunghaor for his generosity in making this image freely available.

It is time that our technology security becomes one of these “out of sight” but better not be “out of mind” aspects. It has long been time…but if you are a casual technology (computer, smartphone, etc.) user you probably don’t think much about security – and if you do, I hate to say it, but a good bit of your knowledge is probably based on outdated or downright false information.

Today, LivingSocial, a company with over 50 million users, was hacked. This follows a few weeks after Evernote was compromised with its similarly millions of users. Whether you are or are not a customer of these services isn’t the point. What is the point is this: Your identity, personal information, and financials are not safe.

Don’t wait until your Facebook page is plastered with pornographic images to change your password. Or until you send all of your friends emails explaining how you are really lost in London and need them to send money orders to a bank near you. Or until your credit report shows debts you never accumulated. Or your personal emails and documents are flouted across the web for all to see.

Don’t Unplug

Resist the temptation to unplug the computer. I know what I’m saying is a lot of FUD (Fear, Uncertainty, Doubt) and in general I hate when people use FUD. It is usually uncalled for and unproductive. In this case I think it is both called for and productive – but it will only be productive if you take the right steps. The right steps are not to unplug your computer and abandon technology forever. The right answer is to take the time and energy it will take to learn how to live and act in a more secure way in a technological world.

Why not just unplug? Good question – this is the usual action folks who spread FUD about technology are hoping to provoke. That or they want to convince you to buy expensive technological solutions to resolve your issues. Let me give you a few good reasons not to unplug:

  1. Technology is not going away. To withdraw from it is to withdraw from reality. Yes, technology can be overwhelming, addictive, insecure, and bad – but you have to learn how to utilize technology and not be enslaved to it. This is necessary for your job, for communicating with friends and relatives, and for living a productive life.[1]
  2. This isn’t just about your connection to the internet.¬†Look, part of this is simply an educational campaign, b/c the truth is that technology security is horribly weak everywhere. You can unplug from technology – but you can’t force your bank, your relatives, your credit card companies, or so on to withdraw – and so your information is still out there.
  3. We are on the edge of extinction. By this I mean, don’t allow fear to control your life. Take reasonable steps towards risk management – but don’t stop living. Look, this entire world, this entire universe is crazy. At any moment we could all be dead. Don’t believe me? Look at the earthquakes that hit Haiti and Japan or the tsunamai that wiped out hundreds of thousands of lives in moments just a few years ago. “But Dave, that wouldn’t happen here. We aren’t on tectonic plate faults, etc., etc.” Then look at the Spanish Flu which wiped out millions of lives – many of the young and strong – during the early 1900’s, the millions that died in World War I and World War II in combat, or even better – look at the Black Plague which wiped out perhaps 50% of the world’s population a few hundred years ago.
  4. Manage risk, don’t run from it. Let me reiterate on the above point – everything is a risk. We can’t avoid risk, we aren’t in control. We can manage stupid risks. Don’t run in front of someone with a loaded gun; don’t drive a car at excessive speeds in bad weather[2]; and don’t wait until your identity or finances have been compromised to get serious about security.

What Should I Do?

  1. Remember, we are talking about risk management – not risk elimination. These steps will reduce the likelihood of exposure, but they won’t eliminate it.
  2. Invest some time into learning about technology generally and security specifically. The better you understand what you are working with, the better you can utilize it safely. For learning about computers generally, check out GCF’s Free Computer Training courses. For information on security specifically consider reading materials available from US-CERT[3] They are a government organization focused on technology security and offer a number of documents aimed towards the general reader.
  3. Begin utilizing LastPass to manage your passwords, ensure you have secure passwords, eliminate weak passwords, and so on. It is a little bit of a learning curve – but once configured it’ll make life easier and it is free.
  4. Continue to learn about technology generally and technology security specifically on an ongoing basis. Think about how many hours you spend using technology (not just on a computer but also a phone, tablet, using an atm, credit card checkouts at local stores, and so on) and also about all the ways your information is used technologically (banks, schools, non-profits, government, and so on). Consider the total number of hours you spend each year and then choose a reasonable number (say five or ten…or maybe twenty five…depending on how quickly you pick up on technology subjects) to spend on learning about technology and security in the upcoming year. Note how small of an investment you are making relative to the amount of time and energy you spend with these technologies.
  5. Consider talking to someone who knows technology who can make more personalized suggestions for you and who can review your technology overall for safety. If this individual tells you not to spend any time on security – find someone else. Make sure what they are saying is lining up with what you are learning from US-CERT or similar authoritative sources of security information.
  6. On a similar note, most techs (in my experience), including myself don’t mind talking to people about security – but feel frustrated when asked about security and then ignored. Please make the conscious effort to listen and understand. Far too many technology conversations are started with someone asking me a technology question and immediately letting their eyes glaze over. This communicates two things, “What you are saying isn’t important” (and for many of this, this is our livelihood) and “I didn’t mean I wanted to learn, I meant can I use you to make me secure so I don’t have to learn?” (okay, okay, maybe you wouldn’t put it in those words, but when we regularly get these questions with a regular lack of interested in the answers…it is hurtful).[4]
  7. Consider the practices your employer utilizes for maintaining security. Do they exist? Are they realistic? Many companies are horribly insecure…and it might be time to sit down with your boss (if they are open to that sort of conversation) and talk to them about the need for technology security in the workplace.
  8. Share this article or similar articles and the documents from the US-CERT with friends, family, and co-workers. Help raise awareness about the significant issue that is before us in a way that encourages others to do something about it rather than being overwhelmed by fear and running away.

Conclusion

Technology security is everyone’s concern. This is not a hopeless awareness issue. We’ve brought awareness about drinking and driving, drug addiction, mental illness, and healthy eating to varying levels of public awareness – the same is necessary for security.

You will be safer and more productive using technology securely. You will be a better employee but helping encourage safe technology at work. You will be a helpful citizen by encouraging proper security implementations at local, state, and national governmental levels.

I’m available to answer questions, comments, and criticisms via

the comments on this post. Please feel free to write me with your technology security concerns, if any of this is confusing, or if you find the materials I provided for training in technology or technology security too difficult and I will do my best to assist you in finding materials which will work with your current knowledge level regarding technology.

  1. [1]Those who aren’t convinced might consider reading Kirkpatrick Sale’s Rebels Against the Future: The Luddites and Their War on the Industrial Revolution: Lessons for the Computer Age.
  2. [2]Or at all, but I’m just trying to emphasize the outrageous.
  3. [3]United States Computer Emergency Readiness Team.
  4. [4]Yes, geeks/techs do have feelings, even if they may not express them.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: