In the past, this article has been more technically focused. For this article, I decided to take a different approach. In the IT Security field, we stay pretty plugged into the technical community. Most of us have our favorite articles or publication that we check on a daily or weekly basis. This helps us stay current on our knowledge, as well as relate to our colleagues. For this article, I’d like to discuss what it’s like for people who are not plugged into the IT Security community. We live in a world that is constantly connected. None of us more so than today’s youth. Snapchat and Instagram are the modern equivalents of staying up all night talking to your girlfriend on the phone, only with less awkward silence. For this article, I decided to expose the filthy underbelly of today’s social-media connected youth, by interviewing my 17-year-old daughter. To protect the identities of the innocent, we’ll call her Marie. For all intents and purposes, Marie is a pretty typical 17-year-old girl. She does homework, argues with her mom, and, much to my dismay, talks about boys. This article is not about any of that. You see she’s also an avid Snapchatter and Instagrammer. I sat down with her for a hard-hitting question and answer session about her knowledge of cybersecurity, to determine how aware she is of cybersecurity today, and (hopefully) teach her a few things about what I do every day. The below is a transcript of that interview.
Me: Who am I?
Marie: My stepfather…?
Me: That’s correct. So far off to a good start.
Me: Do you know what I do for a living?
Marie: You do computer stuff and try to get into people’s computers.
Me: close enough.
Me: Do you know what a data breach is?
Marie: uh...yeah. It’s when people get access to your information
Me: Do you have a computer?
Marie: I have a Chromebook, does that count?
Me: not really.
Me: Do you have a cell phone?
Me: Do you use your Chromebook or your phone more?
Marie: My phone. (She answered this question after looking up from her phone)
Me: What kind of phone do you have?
Marie: I have an iPhone
Me: Did you know about the iCloud breach that took place in 2014 where a bunch of celebrity photos were exposed?
Marie: Sort of.
Me: Do you know what data was breached?
Marie: Not really.
Me: Hackers got about 500 photos of celebrities, many of them NSFW. Does that change what you upload to iCloud? Did you also know that iCloud continues to be breached?
Marie: No, I don’t do that kind of stuff.
Me: What social media apps do you have installed on your phone?
Marie: Twitter, Insta and Snapchat
Marie: oh yeah, I forgot that was social media
Me: audible sigh…..Facebook?
Marie: I don’t have Facebook.
Me: I see.
Me: Of the apps listed, which do you use the most?
Me: What makes Snapchat your favorite?
Marie: I use Snapchat for messages, I text my friends through there.
Me: Do you worry about people snooping on your posts?
Me: Did you hear about the employees of Snapchat snooping on users?
Me: In April 2019, it was found that Snapchat employees were snooping on user posts. While I know this is not that recent, does that bother you or change the way you look at Snapchat from a user point of view?
Marie: Not really. I don’t post anything that I care about people seeing.
Me: Score one for mediocre parenting.
Me: Do you post to social media?
Me: Once a day? Twice a day?
Marie: once a day
Me: Are you aware of past data breaches?
Marie: Not really
Me: When posting to social media, do you take data breaches into consideration?
Me: Last question, do you take an “out of sight, out of mind” approach to your data and social media?
Marie: Yeah, I guess. I just don’t think about it really.
In the end, this conversation went pretty much as how I thought it would. Honestly, I would not expect her to be “plugged in” to the cybersecurity community. Thinking back some years, I would likely be of the same mindset. At some point, it just becomes too much to process. In today’s always-on world, it can be almost paralyzing to have to consider all of the repercussions of every post, picture, comment, or like. For those of us that work in the Cybersecurity field, it’s sort of obvious what you should and should not do online. Ultimately the responsibility is held with the user, it’s our job to inform the user and allow the user to make decisions about the risks they take online. This translates well to the corporate world. As we take a risk-based approach to Cybersecurity, our role becomes about identifying the risk and allowing people to make decisions about what risks they want to take both in their personal lives and in business.
Written by Nathan Rice
Nate has fifteen years of IT experience spanning a variety of domains with a focus in defensive security. Nate currently holds the following certifications: CEH, CompTia Security+ and CompTia A+. Prior to TechGuard Security, Nate was a Senior IT Security Engineer at a Fortune 100 organization. As a Security Engineer, Nate focused on new technology integration and implementation. Along with a variety of application administration roles in security operations, his past project work includes, Implementation of a DLP Program, Single Sign On Program and Multifactor Authentication. At TechGuard Security, Nate conducts audit control assessments, penetration tests, vulnerability assessments and social engineering exercises. Nate’s focus is on customer service and support, as well as providing customer solutions to complex IT security challenges. When not working or studying Nate enjoys being outdoors and spending time with his wife and kids.