Pop's Two Cents

Cyber Basics: Start Here

Published

on

This is a place where people can find kind and respectful information about computer security. The material here is written with my parents in mind. I will try to only share jargon-free, easy to understand, simple instructions, and nothing is expected in return.

Before we get started talking about cybersecurity, let’s talk about who should use my advice. Just like dating, attackers are attracted to certain people more than others. We classify this attractiveness into three simple categories. Read through them and determine which you fall into.

High Value TargetsMedium Value TargetsLow Value Targets
Super richAccess to high value targets (yeah, that’s right, just knowing or being related to a famous person)Everyone else
FamousWork for a company with lots of secrets (tech/energy/bio)
Cool Twitter handle (very short)
You have a stalker

Based on where you fall, I’ve got something to say to you:

  1. If you are a low value target, you are in the right place. We’re going to have some fun helping you improve your defenses to make you a harder target.
  2. If you are a medium value target, we will get you started, but you’ll probably need to learn more.
  3. If you are a high value target, by all means make sure you have minimum defenses in place, but you will need to really study up or get some help. If you work for a high value target company, you’re probably already getting operations security (OPSEC) training. If not, continue your studies with IntelTechniques.com.

Okay, let’s talk about cybersecurity. This website looks at cybersecurity in a very simplified form.

We talk about TARGETS, VECTORS, ATTACKS, and DEFENSES.

TARGETS

The first thing to understand is that the attacker is seeking a target. Most targets can be described this way:

  • HARDWARE – Computers, networks, phones, and tablets.
  • IDENTITY – Email, Facebook, Twitter, other social media, and government accounts.
  • MONEY – Banks, brokers, credit cards, and cryptocurrency.

For lack of a better mnemonic, I try to remember that attacker are after HIM, Hardware, Identity, & Money. Why are these targets? They all lead to money.

  • If an attacker can take over your hardware and scramble your device, they can demand money from you to unscramble your data.
  • If they can take over your hardware to monitor your web camera, listen to your microphones, or just capture your keyboard, they can potentially hear or see sensitive information, like watching you type in passwords.
  • If an attacker can get access to your email, chances are they can take over all your accounts. Many companies use email to send password reset links. Whoever controls your email account can probably change all your passwords.
  • If an attacker can access your Facebook or Twitter, they can potential trick your friends into giving up their personal information or send money.
  • If an attacker can access your bank or broker, well, then they have your money.

Attackers go after HIM targets through vectors, or pathways into your personal space. We’re going to say a little bit about vectors now.

VECTORS

In cybersecurity, a vector is an attack path. It is a way that an attacker tries to get your personal data or access your personal devices. Every day, it seems like there is a new one that gets publicized and you probably think, “Oh, another hacker.” I think a lot of folks have been getting tired of hearing about the constant hacking and some have given up thinking they can do anything to protect themselves. I disagree. Just because burglary is high in my city doesn’t mean I’m leaving the door open. It may seem like there are a million vectors, but that’s not true. Just like there are only a few ways to break into your house (windows, doors, garage doors, skylights, and the fireplace on December 25th), there are essentially only a few ways to hack into your life.

People come to you through

  • WEB
  • INTERNET OF THINGS
  • SOCIAL MEDIA
  • EMAIL

This is the WISE model. If you protect WISE, you are taking actions to protect against attacks through the Web, IOT, Social Media, and Email to take over your HIM targets. On this website, I’ll occasionally talk about various ways to protect yourself. This starts by understanding the general types of attacks.

ATTACKS

First of all, there are lots of ways to be attacked. We can’t possibly list them all. For my Mom though, I say that most all attacks will fall into three categories:

  • Breaches – when a website you use is hacked
  • Social Engineering – spam emails (phishing), robocalls (vishing), and other scams
  • Viruses & Malware – malicious ads, links to bad websites, ransomware, and other things you click

If you can think of an attack that doesn’t fall into one of these categories, let me know and we’ll revise things.

DEFENSES

I’ll get to this in future posts. This whole effort is to teach Mom and Pop how to do a few things that will make them a harder target.

Leave a comment

Hello,

I’m Mike

Welcome to Pop’s Two Cents. Here you can find my advice to young people trying to navigate the modern world.

Follow

Join the fun!

Stay updated with my latest ideas by following the blog.

Recent posts