One of the joys of being a book doctor is that we get to meet so many cool and unusual people who give us a constant education. So when Sean M. Bailey approached us about his book regarding the perils of being hacked, and what to do about it, we were overjoyed. As we watch the horrors of Hillary's Hackgate unfold, it became clear that no one was immune. Now that his book, Hack-Proof Your Life Now!, is out, we thought we'd pick his brain about what the hack to do regarding the safety of our electronic life.
The Book Doctors: Someone recently broke the Internet by hacking into Dyn. Please explain how that could happen, and what can we do to protect ourselves?
Sean Bailey: In Kurt Vonnegut's Cat's Cradle, the military creates something called “Ice-9,” which gets out of control and causes all water on the planet to freeze and only melts above 114.4 F degrees. Now imagine a digital version of Ice-9 where suddenly the entire World Wide Web “freezes.” We had a glimpse of what that might be like with the Dyn attack. It’s a scary development and especially tough to stop.
It opened up people’s eyes because the hackers hijacked unsecured, web-connected devices like DVRs and video cameras to flood Dyn’s servers, which play a critical role in managing web traffic to big websites like Amazon and Twitter. Here’s how they did it: Those devices are protected with passwords, just like smartphones, tablets, and computers. But people who bought those devices NEVER changed the passwords from the default setting they had when they left the factory. The hackers knew that and developed a malware program that could identify these devices and enslave them into a robot network of about 100,000 devices. The hackers then trained those devices to shoot requests for information at the Dyn servers and by doing so, overwhelmed those servers to the degree that people who legitimately wanted to get to websites like Amazon or Twitter could not access those pages. Even though those websites were open and operating normally, people couldn’t reach them. It would be like driving to the mall on the highway but discovering the exit ramp was closed—you could see the mall was open but you just couldn’t get there.
The Dyn attack is a poignant reminder, again, of the importance of good, strong passwords. Now we can see that that rule applies beyond our smartphones, tablets, and computers to now include any devices in our homes that connect to the Internet.
TBD: There is so much hysteria and hype about Internet security, including of course the presidential election, and Hillary's hacked emails. Do you think the average Joe or Jane has a chance of getting hacked, and what could be the consequences?
SB: Hackers never sleep. They blast out 94 billion dangerous spam emails every day. Everyone is vulnerable. One wrong click can cause you to stumble into a variety of nightmares including identity theft, blackmail, or unwittingly enslaving your computer to a criminal robot network. I think everyone knows someone who’s been hacked or ensnared in a computer scam. The consequences range from spending dozens of hours trying to fix an identity-theft stained credit report, to paying a $500 to $1,000 ransom to blackmailers who seized your computer, and all the way to the workplace where companies have seen hundreds of thousands, even millions, of dollars disappear from their bank accounts that have been breached by cyber thieves.
Of course, during the recent election, we’ve seen the devastating impact of having one’s email hacked. Our emails contain tons and tons of sensitive, private personal and business information that potentially can ruin relationships and businesses.
TBD: Give us three simple things we can do so we don't get hacked.
SB: Here are three easy things you can do to quickly boost your security and reduce the likelihood of getting hacked.
First, stop using your personal email address for your online banking and credit accounts. Create a “financial-only” email address that you use just for your online financial transactions and activities. That way, that important email address is not sitting on dozens, even hundreds, of websites exposed to data breaches and hacks. You don’t want the bad guys to have the first step to logging into any of your financial accounts.
Second, turn on two-step login (two-factor authentication) on your email and bank accounts. That way, should a hacker ever begin trying to break in to your accounts, you’ll receive a notification code on your phone. The hackers will never get the code because it’s on your smartphone and you’ll be tipped off that something is happening.
Third, put a security freeze, also known as a credit freeze, on your credit files at Experian, Equifax, and Transunion. This takes just a couple of minutes and it ensures that no identity thief can take out credit in your name. When your files are in a “freeze,” no new credit can be added unless YOU lift the freeze with your own personal PIN.
TBD: What were some of the difficulties of putting together a book of practical nonfiction?
SB: I think the biggest challenge is breaking down scary-sounding, and occasionally complex, concepts into easy to understand actions and then motivating the reader to act.
In Hack-Proof Your Life Now!, we’re trying to deliver on our promise of “online security made easy for everyone.” It’s true, we’re no longer in the innocent “you’ve got mail” era. It’s much more serious. Our computers and devices are connected to everything. That’s fine, even good, as long as everyone realizes they need to adopt a certain number smart security activities. It’s not unlike driving a car. You need to do a few important things to keep your car in good running order and you always need to follow common-sense actions when you’re operating your car out in the world. It’s the same for using our Internet-connected devices.
Another challenge was making the book fun, action-oriented and accessible. Cybersecurity is regularly cast as a dark, dangerous underworld of hooded miscreants looking to ruin our lives and drain our bank accounts. That’s partly true and contributes to people feeling overwhelmed and frightened by the topic. Our challenge was to show the reader how to break through that inertia. In the beginning of the book, the reader measures their “cybersecurity score.” Normally, people score very low. But we then lead the reader through taking a handful of simple actions that quickly boost their security and give them confidence and knowledge that being secure online is completely possible.
TBD: Did you find that writing a book based on your business helped you to articulate even further exactly what you do? Has this helped your business as a result?
SB: The book grew out of a workshop we created for the public called “One Hour to Savvy Cybersecurity.” The reception from the workshop, presented hundreds of times in the U.S. and Canada, told us we needed to find a way to get our message to the wider public.
Going to the next step of writing a book just forced us to continue to struggle with refining and organizing our cybersecurity concepts so that the reader could see a clear, easy path to taking action.
Cybersecurity is a very big, sprawling topic. Many books on the topic focus on crime, the underworld, terrorism or cyberwar—all informative, even entertaining. Some books that focus on personal security deliver long, comprehensive lists of threats and 50, 60, 70 things we should do to stay safe.
People will usually throw up their hands when faced with a huge list of possible threats and actions. So writing Hack-Proof Your Life Now! meant continually honing our recommendations to the most important, do-able actions people can take to boost their online security. By doing that, it’s also caused us to see more deeply into the topic and identify other areas where we can take our “online security made easy for everyone” mantra. For instance, business owners and executives face a separate group of actions in order to “hack-proof” their enterprises. So writing the book, and struggling with what to exclude rather than include, crystalized in our minds new areas of focus for the future.
TBD: Our children are on our computers all the time downloading who knows what. How do we protect ourselves from our kids and how do we make our kids aware of the risks?
SB: Hack-proofing your kids is a second order of business many of us face once we’ve protected ourselves. Any family that is sharing a computer with young children needs to restrict the ability for the child to download files and programs on their own. (Just search Google for “how to restrict downloads” for your computer’s operating system.) If you don’t do that, your child can easily download dangerous malware when they think they’re actually getting something that will help with a game like Club Penguin or Minecraft. For teenagers, learning good cybersecurity is right up there with safe sex and driving skills—key things you must learn as you approach adulthood.
TBD: How did you get into the business of helping people not get hacked?
SB: My company, Horsesmouth, helps financial planners deliver financial education in their communities. It’s our mission to help people make the right decisions about the complex financial decisions they face in life, including protecting their identities and finances from fraud. After the infamous Target breach in 2013, we realized no one in the public’s life acts as a guide, or professional “nudge,” to encourage people to boost their online security.
It became our aim to help Internet users quickly and easily boost their online security, especially those worried about identity theft, concerned about hackers getting into their email and bank accounts, and people who want to use the Internet with confidence that they’re in control of their safety, not the hackers.
So we created a workshop called “One Hour to Savvy Cybersecurity.” It is based on surveying more than 1,500 people. The workshop has been delivered hundreds of times in the U.S. and Canada to rave reviews.
During our research, we discovered that people can actually quickly and easily boost their online security. How we do this is by getting people to measure their current “Cybersecurity Score” and then showing them simple, clear, and effective action steps they can take right now to dramatically boost their safety—usually for little or no cost.
TBD: What's the worst hacking story you've come across?
SB: Wow. We run into new stories every day. For instance, last week I had two friends, within two hours, tell me identical stories about getting lured into the phony Apple Tech Support scam. Don’t ever respond to a pop-up on your screen telling you to contact any organization because you have a “virus.” It’s a scam. Just close your browser, and if you still have any trouble, restart your computer. Whatever you do, don’t call them.
The worst stories these days involve the growing ransomware threat. This happens when people click on a fake email link that suddenly encrypts their computer and demands ransom in order to get back access to their computer and its files. It happened to a colleague, right in front of us, while we were writing the book. It happened last week to an entire hospital in the U.K., causing the cancellations of surgeries, closing of their emergency room, and cancellation of nearly all doctors’ appointments. Totally devastating. And it happened because one person clicked on a dangerous link. In our book, we teach the “10-Second EMAIL Rule” where EMAIL stands for “examine message and inspect links.” It’s an easy system to remember and it shows you how to unmask the true identity of someone sending a suspicious email and see the true destination of the dangerous link they’re trying to get you to click.
TBD: What’s one simple thing we can do to better protect our smartphones?
SB: Everyone should put the strongest passcodes on their smartphones and tablets. The strongest codes are the six-digit options. Most phones started with a four-digits. When you change from four digits to six digits, you increase the possible combinations from 10,000 to one million, which makes cracking your code much harder.
TBD: We hate to ask you this, but do you have any advice for writers?
SB: For writers, I’d offer two bits of important advice. First, start using a “cloud service” to routinely and automatically back up your files to the cloud. When you set up one of these services, such as Drobox or Google Drive, your files are saved locally to your computer and also out on the web, in “the cloud.” Once you set it up, you don’t need to do anything special. It’s a safe, easy, and affordable way to always have backup copies of your files. If you ever click into a ransomware scam—where hackers encrypt your computer and hold it for ransom—you can ignore them and retrieve your files from the cloud.
Two, we all need to change our views about updating software and do it all the time—routinely. That’s because many hackers exploit dangerous security holes in widely used software programs. If you visit a malware-infected website, the hackers’ program can tell if your programs are not updated and quietly slip a malware program onto your computer. Then you’re in trouble and you might not even know it. Updating your software is the one thing nearly all security experts do religiously. That’s because they know that the software updates are closing security holes that could inflict serious damage to them and their computers and devices. You can set many of your most important software programs to automatically update.
Sean M. Bailey is the co-creator of the Savvy Cybersecurity training program, an interactive workshop to teach people to boost their online security. He is the co-author, along with Devin Kropp, of Hack- Proof Your Life Now! The New Cybersecurity Rules: Protect your email, computers, and bank accounts from hacks, malware, and identity theft.
Arielle Eckstut and David Henry Sterry are co-founders of The Book Doctors, a company that has helped countless authors get their books published. They are co-authors of The Essential Guide to Getting Your Book Published: How To Write It, Sell It, and Market It... Successfully (Workman, 2015). They are also book editors, and between them they have authored 25 books, and appeared on National Public Radio, the London Times, and the front cover of the Sunday New York Times Book Review.