Wow, it’s November 7 already, and I still have all my National Cyber Security Awareness Month decorations up! I really need to take care of those. But, before I get to taking down all my 2FA authentication token lawn decorations, I figured it’d be a good time to chat it up with Olivia, and see how her NCSAM crash diet went.
Tod: So, over the course of the month, what’s the one task you performed that benefited you the most?
Olivia: I’d say that pretty much all of Week One was laying the groudwork for the rest of the diets. The topics and tasks covered in there are the building blocks of pretty much everything in the following weeks—WiFi awareness, passwords, updates, & backups. For example, it’s hard to talk about travel security without first talking about password maintenance.
That said, going through the backup and restore of my iPhone was 1000% the thing I dreaded the most, put off for three weeks, and (begrudgingly) the thing that I got the most value from. I used to be a security savvy person’s literal nightmare with my backup hygiene—triple digit days since my last backup, just living on a wing and a prayer. Luckily I came to my senses, and now that I’ve actually gone through a backup and restore process, I feel much better about things. I now agree that this intimidating step is important for security AND for anticipating non-security disasters, like when phone-meets-water and rice just isn’t enough to revive it—but also to know the extent of information, settings, and passwords that your back-ups cover.
Tod: Aside from the fear, uncertainty, and doubt of testing your backups, what was the worst part of the month for you?
Olivia: Cleansing my email was/is a pretty massive chore: I still haven’t finished pruning down all of my email subscriptions, let alone dealing with deleting old emails. Not exaggerating, there are thousands and thousands and THOUSANDS in there. Getting a handle on those mailing lists is a big, dull task—but I guess it’s more like a real diet in that you’ve gotta chip away at it in realistic portions. Slow and steady?
Tod: What did you learn this month that was particularly surprising or enlightening?
Olivia: I got a lot of out the app privacy management in Week Three permissions management; it’s kind of fun and borderline creepy to know what apps have access to my microphone, location, and photos. I’d definitely recommend just touring through all the permissions that your phone manages, even if you don’t change anything, because some of the apps that had access to things they didn’t really need were surprising. Also, I never really considered the implications of the difference between camera access and photo access, and I learned that photo access is also kinda, sorta location access.
As far as surprising, I was taken aback in Week Four by the lack of security information that’s readily available when it comes to IoT security. It seems weird that a device’s features page and marketing with brag about how there are seven microphones and that it’s listening all the time… but not a word about what happens with all that data – is it stored on the device (and for how long), is it copied out ot the cloud, is the storage secure, is the transmission secure, who gets access to all that info about me… all that. I had pretty low expectations going into it, but was shocked at just how bad it was.
Tod: Yeah, you pretty much have to be a superhero to figure out just what most IoT is actually up to under the hood. Pretty crazy.
Olivia: Speaking of “under the hood,” still pretty proud of my own tech savviness when it came to inspecting my WiFi router settings in Week One. I’m pretty psyched at how easy that was, and it’s well within reason for the average person to do. I wouldn’t go as far as saying it’s a fun party trick… but my roommates were pretty impressed.
Tod: Nice! So after this whole experience, what’s the one thing you would recommend to your friends and family to up their security game?
Olivia: Hmm… I’d say after putting these diets through their paces, there’s definitely a reason that password maintenance and NOT REPEATING PASSWORDS is at the top of most security tip lists. I mentioned how all the maintenance steps are interconnected earlier, so if you think of how one password/login leads to another, that’s the way that an attacker could move around collecting your info given the chance. And no, using the same bad password for only the “unimportant” accounts doesn’t fly – every account has a surprising amount of info, and if it leads to another, and another, that adds up quickly and it’s only a matter of time before it becomes important.
Tod: Welcome to your new life as the designated holiday-time troubleshooter, :) In fact, I hear that your adventures have been picked up by VentureFizz, so I wouldn’t be surprised if you start getting asked for security tech support from strangers, too.