Top 10 Terrible Cybersecurity Tips
Welcome to Terrible Cyber Tips, teaching you exactly what NOT to do online!
Why is this, you ask? Well, just because cybersecurity is serious, it doesnât mean it canât be fun. Having fun engages people, and Iâve found that sharing these types of terrible tips somehow gained more attention than sharing âDonât reuse your passwordâ or âTurn on 2FA.â
I wrote a terrible cyber tip just as a joke on LinkedIn a few months ago and got a shocking amount of interaction. Throughout years of writing good cyber tips, I never received feedback like this, which made something click: With so much fleeting news and information received every day online, itâs important to stand out and keep cybersecurity at the forefront of peopleâs minds. So, please enjoy these top 10 terrible tips that you SHOULD NOT follow. (Disclaimer: Unfortunately, some of these are based on a few real-life events.)
1. Got hit with ransomware? You should PANIC.
Purposefully
Avoid
Notifying
IT
Completely
Your IT department isnât out to get you. In fact, they should be there to help you. If this is not true, talk to a manager about building a security culture that encourages an open line of communication between IT and your organizationâs employees.
2. Spend years handcrafting the perfect password, then use it for every single account. One password to rule them all.
Even if youâre proud of the amazing, strong password you came up with, the second you use it twice, it becomes useless. So, get those creative juices flowing to create new passwords!
3. Someone hacked that password you named after your dog? Time to rename your dog.
Letâs leave the dog out of this. And while weâre at it, this also applies to your family membersâ names, your date of birth, and any other information that I can find on Facebook (or Meta?).
4. Donât feel bad when your Twitter account gets hacked, your password is trending.
There are a few ways to get famous, but this is not one of them. Remember: If your account has been involved in a data breach, change your credentials immediately!
5. A computer virus is a lot like the common cold: Itâll go away on its own.
The cold is going around, but this tip shouldnât. A computer virus can linger, isnât going anywhere, and will cost a lot more than cough drops!
6. Lonely? Allow pop-ups to find singles in your area. Thereâs nothing more romantic than sharing your credit card information.
As tempting as this may be, I recommend a dating app. Think of the money youâll be able to save to spend on romantic dinners.
7. Itâs casual Friday? Let your hair down, unclip your tie, and turn off your two-factor authentication (2FA).
Enjoy the win of being able to wear jeans because 2FA should be there to stay. A casual turn-off can turn into a disastrous breach.
8. Only do your cybersecurity training once a year, just like a fire drill.
Cybersecurity is a little more complicated than stop, drop, and roll! Cyberthreats are always advancing, so once a year isnât going to cut it.
9. Donât buy security awareness training, just send an email to your team asking them to not get hacked.
As engaging as emails are, the odds of this working are slim to none. Cutting corners is one thing, but this is like telling someone to get a perfect score on the Bar Exam without any education from law school. I donât think that person is going to become a lawyer.
10. The more money youâre wiring, the less you need to worry about security. Rich people donât need to double-check account details.
I donât care if youâre Elon Muskâno amount of money is worth risking due to a rushed bank transfer without double-checking its legitimacy.
I hope the absurdity of these tips helped you realize what you should not do when it comes to cybersecurity best practices and, more importantly, how to become a little bit safer online. All of these tips show the very real threat of a lack of security awareness education. As mentioned, some of these are based on true events, so even though we can have a laugh about it now, keep in mind that hackers can someday use manipulative tactics to make you commit Terrible Cyber practices, as well.
Nick Santora (CISA, CISSP) is CEO of Curricula. After spending nearly a decade working for the federal government in critical infrastructure protection, Nick founded Curricula with the mission of making security awareness training fun. You can follow him on LinkedIn here.
Gloss