February 21, 2019
(++++) GETTING DEFENSIVE
Cyber Smart: Five Habits to Protect Your Family, Money, and Identity from Cyber Criminals. By Bart R. McDonough. Wiley. $19.95.
This book could have been one page long but, thankfully, isn’t. The “five habits” referred to in the subtitle fit easily on a fraction of a page: 1) Update your devices; 2) Enable two-factor authentication; 3) Use a password manager; 4) Install antivirus software on everything and keep it updated; 5) Back up all your data. Easy, right? Nope – not even for corporate security departments that do nothing but protect data all the time. For the average adult, adding these five basic habits of digital life to a day already crammed with work, family and dozens upon dozens of other requirements and desires means allotting time to cybersecurity that many people feel they simply do not have.
Make the time, insists Bart R. McDonough, because you really, really have to “practice the essential cybersecurity habits to protect your family from bad actors” even though “it can feel like [sic] there’s nothing you can do.”
A little perspective is in order here. Understand that your personal information online will be hacked and almost certainly has been already. Even governments and corporations, with their billions of dollars to spend on security, get hacked all the time, and if you deal at all with governments and corporations – and you do – then your data are vulnerable. That’s the reality of the digital age. But McDonough’s point is that even if there is no way to protect 100% of your data, 100% of the time, the five basics of being “cyber smart” will help you “safeguard yourself from the vast majority of threats.” No system is perfect, but in a world where most consumers use little or no cyber protection, the ones who use a lot of it are, by definition, better protected.
McDonough, a professional cybersecurity expert whose company focuses on protecting the financial-services, healthcare and payments industries, spends the first hundred-or-so pages of Cyber Smart showing how the bad guys (and bad gals) work: what methods they use, what they are trying to get, how they handle their businesses (and they are businesses, albeit criminal ones), and how average people and legitimate businesses become their victims. These chapters are amply, even mind-numbingly footnoted: surely McDonough does not expect the everyday reader to wade through two pages containing 37 single-spaced footnotes, every one of them a Web reference beginning with https, in just the chapter on “Attack Methods.” But the point is that interested readers can go to the source material if they wish: Cyber Smart is exhaustively researched and has been assembled by someone whose professional life depends on understanding cyber criminals and outsmarting/outthinking them. But even knowledgeable people in positions of authority make mistakes – that is why government and corporate Web sites are continually hacked. So McDonough concludes the first part of Cyber Smart by explaining how to detect a successful phishing attack, malware insertion, ransomware infection or E-mail compromise – and what to do when you are the victim.
The main point of the book, though, is how not to become a victim. That is the topic of the remainder of Cyber Smart, which spends 150-some pages presenting a dozen chapters (again, all extensively footnoted) that begin with the words “Protecting Your...” The chapters deal with identity, children, money, E-mail, files, social media, website access and passwords, computer, mobile devices, home Wi-Fi, Internet of Things devices, and information when you are traveling. That is a lot of protection – but everything McDonough urges flows from his five basic protective notions, so the topic is not quite as overwhelming as it first seems to be. This second, longer section of the book essentially offers variations on a theme, tweaks to the basic approach. Identity protection, for example, means watching out for phishing E-mails, placing security freezes on your credit accounts, shredding sensitive documents, picking up incoming mail from your mailbox as soon as possible, and sending outgoing mail from your post office rather than letting it wait for pickup in your mailbox. Protecting children means, among other things, being aware of “smart toys” that connect to the Internet, using them only with encrypted and authenticated connections on trusted, secure networks, and monitoring your children’s use of them. File protection involves storing and backing up your files in the cloud, enabling two-factor authentication for cloud storage, using a password manager to create unique passwords for each cloud account – and by this point, the extent to which the specific recommendations flow from the general ones will be obvious to any reader who is paying attention.
Nothing McDonough calls for in Cyber Smart is particularly new: the urgings and remonstrances have been around for a long time, and reappear whenever there is another of those inevitable government or corporate data breaches. And some of McDonough’s clarion calls will inevitably fall on deaf ears because of the simple realities of everyday life: can time-constrained parents really spend considerable time monitoring their kids’ use of Internet-connected toys, especially after they have made daily detours to their nearest post office to drop off outgoing mail there? Indeed, the flaw in this book is that cyber protection comes across in Cyber Smart as almost a full-time job in itself – and it cannot possibly be that for all readers, even though of course it is a full-time concern for McDonough and others in the cybersecurity business. The rest of us, who simply want to get on with our lives without being forced to live under a perpetual cloud of threats to our data, will be unable to implement all McDonough’s ideas, all the time. But we can certainly absorb the basics – those five foundational concepts and recommendations – and use them as much as possible, as often as we can. Our data nevertheless will be compromised at some point, and almost certainly have been already. But by doing whatever is manageable to limit the inevitable damage, we can hopefully avert the worst effects of cyber criminality, such as full-blown identity theft – and find ways to rebuild our online lives, if not, ever, 100% of our trust.