Debunking Cybersecurity Myths

Cybersecurity expert Eva Galperin -- @evacide -- helps debunk some common myths about cybersecurity.

☑️​ Is the government watching you through your computer camera?

☑️​ Does Google read all your Gmail?

☑️​ Does a strong password protect you from hackers?

☑️​ Will encryption keep my data safe?

☑️​ Are all hackers bad people?

Eva answers all these questions and much more using clear language that's easy to understand.

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff

Rathedr read than listen? A helpful transcript is available.

https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths

#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation

You clicked on what?

Check out this piece of conference swag.

An infosec vendor gave out these T-shirts at a conference last year.

Initially this shirt made me laugh, but just wondering if we should try not to make fun of “the stoopid users” so much.

Are "people" really the weakest link in the cybersecurity chain?

Lance Spitzner prefers the phrase:

"People are the primary attack vector."

This subtle change in messaging reframes the conversation, and moves the blame away from the user.

He encourages all of us to stop *blaming* others and figure out how to *enable* instead.

"After all, how many operating systems do you know of that self-report when they've been hacked?"

Just wondering if there are other ways to shift the convo when we engage with ordinary consumers / end users without talking down or making them feel “less than” for their lack of technical skillz?

Cybersecurity savvy *isn't* evenly distributed in the general public. Lots of folks are living below the cybersecurity poverty line, and don't even know it.

#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining

Lance Spitzner is a board member of the National Cybersecurity Alliance.

🔥 La #sicurezza informatica è una preoccupazione globale per tutte le organizzazioni.

Con l'aumento dell’esposizione è cruciale preoccuparsi per la sicurezza della propria azienda. Nel 2022 in Italia sono stati registrati 12.294 attacchi informatici con il punto debole spesso rappresentato da dipendenti inconsapevoli.

⚠️ Attenzione, partecipando a questo corso sosterrai la comunità #redhotcyber, pertanto effettua la tua iscrizione qua: https://www.cybersecurityup.it/csaw-aziende-rhc

#redhotcyber #cybercrime #BeCyberSafe #BeCyberSmart #SicurezzaInformatica #Aziende #MinacceCyber #AttacchiInformatici #ConsapevolezzaCyber #CompetenzeCyber #ProtezioneAziendale #SocialEngineering #Gamification #Quiz #Infografiche #SimulazioniPhishing #CertificazioneCyber #FirewallUmano #Cyberspazio #RedHotCyber #HackerAcademy.

WhatAreKeyloggers? They are malicious software that records keystrokes to steal personal information. #CyberSecurity #DataProtection #KeyloggerDefense - Protect yourself. #BeCyberSmart

https://redbeardsec.com/what-are-keyloggers-and-how-to-defend-against-it/

Which Password Manager Is Better?
Standalone or Built-In?

Tavis Ormandy Sounds Off

Should ordinary folks use a separate, standalone Password Manager, or the Password Manager built into their browser?

Tavis Ormandy is an Information Security Engineer from England currently employed by Google as a member of their Project Zero team.

After discussing various technical problems with password managers, and after downplaying the need for "nuance," Tavis says:

"If you want to use an online password manager, I would recommend using the one already built into your browser. They provide the same functionality, and can sidestep these fundamental problems with extensions.

I use Chrome, but the other major browsers like Edge or Firefox are fine too. They can isolate their trusted UI (user interface) from websites, they don’t break the sandbox security model, they have world-class security teams, and they couldn’t be easier to use."

Tavis also recommends writing down and securely storing passwords.

Thinking about what would work best for most people, where do you think this advice lands?

Good idea, bad idea, or somewhere in between?

#Infosec
#Cybersecurity
#BeCyberSmart
#MoreThanAPassword
#InfosecTraining
#Passwords
#PasswordManagers

https://lock.cmpxchg8b.com/passmgrs.html

Debunking Cybersecurity Myths

Cybersecurity expert Eva Galperin -- @evacide -- helps debunk (and confirm!) some common myths about cybersecurity.

☑️​ Is the government watching you through your computer camera?

☑️​ Does Google read all your Gmail?

☑️​ Does a strong password protect you from hackers?

☑️​ Will encryption keep my data safe?

☑️​ Are all hackers bad people?

Eva answers all these questions and much more using clear language that's easy to understand.

Eva Galperin is the Director of Cybersecurity at the Electronic Frontier Foundation -- @eff

A helpful transcript is available.

https://www.wired.com/video/watch/expert-debunks-cybersecurity-myths

#Infosec #Cybersecurity #BeCyberSmart
#MoreThanAPassword #InfosecTraining
#DiceWare #Encryption #Passwords
#PasswordManagers #PublicWiFi #VPN
#EFF #ElectronicFrontierFoundation

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Whether you've read all of IRIS Tsunami, skimmed it, or bookmarked it for later, be sure to check out our blog post written by
John Sturgis: https://www.cyentia.com/iris-tsunami-lessons/

#BeCyberSmart #SupplyChain #cybersecurity #infosec

Referenced link: https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1603444787562123266#m

#BeCyberSmart All Year Round With Educational Resources From @msftsecurity #PartnerPerspectives https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft

Referenced link: https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1602677741949689857#m

#BeCyberSmart All Year Round With Educational Resources From @msftsecurity #PartnerPerspectives https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft

“Catching” People Doing The Right Thing

What if we put some effort into incentivizing security behaviors in an overt way?

In some situations, could the work of infosec leadership be more about reinforcing positive behavior than correcting behavior that falls short?

Is that even possible to do in a way that doesn’t seem like intrusive surveillance, or feels creepy?

Some years ago business writers explored the concept of incentivizing behaviors through “catching” employees doing the right thing.

One writer suggested:
☑️​ Brainstorming the behaviors the organization wants to see more of.
☑️​ Writing the specific behaviors down on pieces of paper.
☑️​ Putting them all into a bowl or hat.
☑️​ Pulling one behavior out of the bowl/hat once each day.

During the day, business managers would look for employees doing the “right thing,” and make a point of calling out their good behavior.

Is there some way to do this with typical consumers that would move the needle in the right direction?

Perhaps at the point of signing in to a website, we could celebrate with users their strong password, or their use of MFA to log in, or . . . any other security behavior we want to encourage?

Is it possible to do this in a way that doesn’t feel like they’re being watched too closely?

This article from Harvard Business Review details putting these concepts to work at a large bank using stickers, and a Canadian law enforcement organization issuing “positive tickets.”

https://hbr.org/2012/10/catch-people-in-the-act-of-doing-things-right

Just sitting here wondering if there’s a way to incorporate this into helping ordinary consumers become more safe online.

Have you noticed anything along these lines that worked well? Or that failed?

#Infosec
#Cybersecurity
#BeCyberSmart
#InfosecTraining

:boost_ok:​ Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.

:mastodon: ​Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.

Referenced link: https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1601249818961231872#m

#BeCyberSmart All Year Round With Educational Resources From @msftsecurity #PartnerPerspectives https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft

Referenced link: https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1600552984177516544#m

#BeCyberSmart All Year Round With Educational Resources From @msftsecurity #PartnerPerspectives https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft

Referenced link: https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1594735157394694153#m

Cybersecurity awareness is more than a one-month effort. How to protect users and their identities, devices, and data. The latest from @msftsecurity #PartnerPerspectives #BeCyberSmart
#BeCyberSmart All Year Round With Educational Resources From Microsoft https://www.darkreading.com/microsoft/-becybersmart-all-year-round-with-educational-resources-from-microsoft

This is a good week to restart your devices (if you haven't already) so your updates can finish installing. #BeCyberSmart

If you're a Microsoft 365 Family or Personal subscriber you can install Microsoft Defender on up to 5 devices - Android, iOS, Mac, or Windows.
https://support.microsoft.com/en-us/topic/installing-microsoft-defender-ba7d17d7-464b-444d-bb47-990b7278369d
#Cybersecurity #BeCyberSmart

RT @robmay70
⭕️ What do your devices know about you? Do your part #BeCyberSmart #CybersecurityAwarenessMonth

The digital world is filled with accounts we no longer use and an important part of digital security is cleaning them up. On 10/26 at 3pm ET, join Gus Andrews and I as we discuss how to find the accounts you don't remember creating. #BeCyberSmart

https://action.consumerreports.org/webinar_20221026_find_and_delete_accounts

RT @SecureOwl
Every year @particle we make an internal #infosec awareness training video for our team. In honor of #CybersecurityAwarenessMonth I have been given permission to share this years with you all. Heads up, it’s cutting edge. https://www.youtube.com/watch?v=v4xOsLTU0gM #SeeYourselfInCyber #BeCyberSmart

Passwords alone are no longer enough to protect your data! On 10/20 at 3pm ET, join Paul Schreiber and I to learn how to add an extra layer of security to your devices and accounts. #BeCyberSmart this #CybersecurityAwarenessMonth 📱 https://action.consumerreports.org/webinar_20221020_cybersecurity101_use_multifactor_authentication https://pic.twitter.com/iCEq1Wggnz

Listen up 4 – CYBERSECURITY FIRST! Purple teaming – learning to think like your adversaries - Michelle Farenci knows her stuff, because she's a cybersecurity practitioner inside a cyb... https://nakedsecurity.sophos.com/2021/10/25/listen-up-4-cybersecurity-first-purple-teaming-learning-to-think-like-your-adversaries/ #securityleadership #cybermonth2021 ##becybersmart ##cybermonth #blueteam #sos-2021 #podcast #redteam