During the week of Black Hat and Defcon, tens of thousands of security experts and hackers flock to Las Vegas for the back-to-back conferences. They hold discussions on issues like smart cities getting hacked, two-factor authentication, and security issues with voice assistants.
It can all get a little technical. But with so much cybersecurity knowledge in one place, I decided to ask individual experts for a single usefultip for the average person.
One of these tips may end up making all the difference when a hacker comes after you. Learning a little about how to protect yourself is increasingly critical at a time when hacker attacks on companies likeand Yahoo can expose your personal information. But cybersecurity advice tends to be technical or inconvenient, which is why a lot of people tend to ignore it.
Think about how many 32-character passwords you really have, or how often you reuse your passwords. It’s a Cybersecurity 101 practice, but might not be simple for everyone. As a parallel, think about how often dentists say you should floss twice every day, and how you lie every time by saying that you do.
“Security people are rarely the best people to advise about mass usability,” Parisa Tabriz, Google’s director of engineering, said in her keynote speech at the Black Hat cybersecurity conference Aug. 8.
So here’s our roundup of advice on cybersecurity from the experts at Black Hat and Defcon. See for yourselves which tips you think are actually usable.
Parisa Tabriz, director of engineering at Google
I’m obviously biased, but Chrome stays up-to-date, and there are a lot of things we build in to keep people from ever encountering a phishing site or a site that’s going to download malware. We definitely invest in making it the most secure browser from an exploitation standpoint.
Think about the software you’re using in the same way that you’d look at a safety report for a car you’re going to buy.
Marcela A. Denniston, vice president of field engineering at ShieldX Networks
Use dual-factor authentication and biometrics as often as possible to make gaining access to personal accounts, systems and data more difficult for hackers.
Mårten Mickos, CEO of HackerOne
Cybersecurity works only when everybody is concerned about it. Learn about it, ask your friends what they’re doing, and have a daily discipline of thinking, “What could go wrong?”
Craig Williams, director of outreach at Cisco Talos Intelligence Group
Set things to automatically patch. It would probably take care of 85 percent of your problems. That goes for your computers, your IoT devices — anything that has a button.
Stina Ehrensvärd, CEO and founder at Yubico
Two-factor authentication is my obvious answer, but just some basic simple learning around what not to do and what to do is important. Learn to watch for phishing, don’t download stupid things, just some hygiene.
If you start there, and then have two-factor authentication, you’re gonna be really good.
Jonathan Couch, senior vice president of strategy at ThreatQuotient
Don’t trust anything. Or trust, but verify. Most attacks these days come from email, or you’re getting phone calls all the time. Before you take any action to give any money, give any personal information, you should trust but verify.
Don’t take people at their word at who they are over email or over the phone. Get some information, go out, do your own research and make sure you actually verify who this person is before you ever give away any personal information — or especially money.
Haiyan Song, senior vice president of security markets at Splunk
Be super vigilant. I send my team to Defcon, and I tell them to just go there, even if they don’t understand some of the talks. I want them to listen to these stories because I want them to feel paranoid.
Mikko Hyppönen, chief research officer at F-Secure
Back up your phone, back up your computer, back up your tablet, then make a backup of your backup so you can restore them even if your house burns down.
Patrick Sullivan, director of security at Akamai
If you have to use a password, and you’re not using something like a multifactor solution, take a look at a password manager. That makes it pretty easy to log in to sites and have a variety of passwords.
Chris Wysopal, chief technology officer at CA Veracode
Be skeptical about any information that’s pushed to you, whether it’s a messaging system or an email system. Just always be skeptical and always find another way of figuring out how to validate that that stuff is real.
Daniel Crowley, research director at IBM X-Force Red
The weakest link is definitely passwords. Expecting someone to remember 200 passwords that are 30 characters, mixed with numbers and symbols, is impossible. While we’re still using passwords, use a password manager.
Hyrum Anderson, technical director of data science at Endgame
This is what I tell my mom: Hover before you click so you see the actual URL at the bottom. Be suspicious of email, install an antivirus, install a DNS filter so you don’t have porn accidentally served to you. You present the greatest point of vulnerability to your safety.
Frank Mir, former UFC heavyweight champion*
Keep your passwords diverse and don’t use the same one for everything. Once I did that, I don’t think I ever had any problems. Just making sure I didn’t pick any simple passwords, and not using the same ones multiple times over. At times it can be a pain in the ass, trying to remember 30 different ones or keeping them in a safe place, but in the long run, it’s given me a lot fewer headaches.
For my children, for every device, whether it’s a Microsoft account all the way to their PlayStation account, use different passwords.
* Yes, we know Frank Mir is not a cybersecurity expert. But he did give some pretty good advice.