How Not To Be Hacked: The Definitive Guide for Regular People


Posted on by Ben Rothke

The Advanced Encryption Standard (AES), also known as Rijndael, is susceptible to brute forces attacks. Mohit Arora of Freescale Semiconductor wrote in 2012 that it would take 1 billion billion years to crack the 128-bit AES key using brute force attack. No one ever said brute force had to be quick.

For those that don’t have a billion billion years, the alternative is to bypass the cryptography and try to attack the user. And therein is one of the weakest links within information security, the user.

HNTBH

In How Not To Be Hacked: The Definitive Guide for Regular People, author James DeLuccia has written an extremely useful guide that offers 63 valuable tips on how and what users can do to avoid being hacked.

When the author says the book is written for regular people, he means those folks who don’t know a device driver from a digital certificate. The book is written with no techno-babble or jargon, which makes it an enjoyable read for the novice.

The back cover says the book can help you become unhackable. While that’s a bit over the top, the tips in the book indeed go a long way to ensure that you won’t be an easy target.

Each of the tips in the book includes a meter showing low, medium or high; with the rating related to the type of information protection benefited from the tip. The book classifies each tip as either protecting: life, family or information.

The book focuses on pragmatic tips to help the regular user. Albeit that 2 of the tips may not be so pragmatic for most users. Tip #1 is don’t ever use your debit card again. But that may not work for the millions of Americans who don’t have access to credit cards. Tip #18 says do not use Internet Explorer ever again. Sage advice, but far too many regular users are not comfortable installing Chrome or Firefox. The other 61 tips though are straightforward, actionable and to the point.

Much of the information in the book will be obvious to information security professionals. But for the 99.9% of the populace that don’t have their CISSP, the information will be a huge benefit.

Phishing attacks often masquerade as banks with the request to share your password. Tip #6 notes that online service providers and banks will never ask for your password, as they already have it on hand. That observation is quite obvious, but for the regular user who doesn’t have that information or mindset, this tip alone will make the book worthwhile for most readers.

The book has a number of very low-tech, yet highly effective security recommendations. Tip #21 is to make up fictional answers to security challenge questions. If there is a breach and it’s known that you were born in Tallahassee, that information could be aggregated with other hacked data to launch a personal attack. But if you write different cities for different websites, that can obviate such an attack. Of course, such an approach requires you to securely write down your password. That is detailed in tip #30.

Credit card fraud is a fact of life, even with PCI and EMV smart payment cards. Tip #52 is to call your credit card company and request a new card every year. This ensures that anyone attempting to use your old credit card number will be denied. If you use autopayments, this could complicate things though.

The tips in the book are simple habits that if used, will go a long way to help the reader avoid being the victim.

For those looking for a book that as easy to read as it is helpful, How Not To Be Hacked: The Definitive Guide for Regular People is an excellent resource.


Contributors
Ben Rothke

Senior Information Security Manager, Tapad

data security security awareness

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs