.png){kind=small}
Account Overwhelm
Meet me, Denise. I’m a 30-something-year-old Millennial that has lived in three different countries. I have multiple bank accounts logins, official government logins, and streaming platforms logins for three different countries. There are more logins than that, I’m sure, but I think you get the point. Is this a humblebrag? No, quite the opposite. It’s a total embarrassment. It’s my deepest, most shameful secret.
Why?
The Mistake
Because I used to have just one password. Yes, you read that correctly. My entire online identity and security health hinged upon the security of just one, single, password. And not a very clever one at that.
I used this password for everything. Gmail, work, and bank logins? Same password. That random virtual greeting card service I signed up for? Same password. Netflix? Same password, just with a $ at the end.
It’s embarrassing, truly, but how can I really blame myself?
I guess you can say I should know better. I am a millennial, after all. We are the generation that grew up with the internet. But did I ever learn about the importance of my virtual health? Was I ever taught about the importance of safety and security?
Too Small to Phish ?
I think we all take comfort in the feeling that we’re too little of a fish to be worth catching. I’ve often heard my friends joke, “it would be funny if someone hacked my bank account and found no savings” or “I hope someone steals my identity - then they can pay my bills”. But this isn’t necessarily true. No matter how small of a fish you are, you’re still a target. Do you use the internet in any capacity? Social media? Email? Online banking? Gaming? Then, you’re a target.
I took comfort in feeling like I wasn’t worthy of a hack. I developed this mindset when I was in my early 20s, fresh out of university feeling broke and unemployable. This is when my brain birthed this one password. As I got older, I carried this password with me all the way into my 30s until I finally realised, “holy shit, what are you doing?”
So what changed? What made me realise how fast and loose I was playing it with my life? The answer is Security Awareness Training.
Security Awareness Training
I didn’t simply sign up for Security Awareness Training. Heck, I didn’t even know I needed this. I was totally blind to my own vulnerabilities. When I moved to Norway with my partner in 2019, I began the inevitable “Expat that doesn’t speak the language” job hunt. I had close to 10 years of experience and a knack for business operations and hoped a company would be willing to take a chance on me. The one that did? CYBR - a cybersecurity company located here in Oslo, Norway.
During my employee onboarding, the founders began to go over the security protocol for CYBR, specifically regarding password policies. As they were going over the policy with me, I could feel the blood rushing to my head. I began to think about how not secure my life really was. I began to think of my “only” password.
I knew I had to come clean.
Confessions and Password Manager
I sheepishly confessed about the use of my one, not-that-great password for everything. “Everything?”, they asked. “Everything.” I pleaded my case and mounted my defence. “But it’s fine! I’ve never been hacked - nobody would want to anyway.” They quickly pulled up haveIbeenpwned.com and showed me just how many times my password had been leaked to the world. Holy. Shit. Within minutes, I was the proud user of a password manager.
Security Culture Shift
But my security training didn’t end there. At CYBR, the main product we offer is Security Awareness Training. The training consists of fundamental security knowledge that progresses into tailor-made awareness training according to your weaknesses. I began working with the product and copy-editing the English content. The more security modules I proofread, the more my knowledge expanded.
Long gone were the days of buzzing random people into my apartment building because their “friend is in the shower and not answering”. Phishing emails? Good look tricking me with spoofed emails. I now have the knowledge to spot something phishy. Free WiFi? No thanks, not without a secure password and a VPN.
Two Things
So what’s the point of this post? Two things.
I believe that employers are under the assumption that all of their employees have a good grasp of security awareness, especially employees that are under 40. I’m proof that this is not true - my friends are proof that this is not true. Just because we are millennials (or younger) does not mean that we have the best security habits. Yes, we did grow up with the internet. But the internet continued to grow and our very limited security knowledge did not.
I also believe that you, the person reading this, have the same comfort that I used to feel -that I’m not worthy of being hacked. That I did not have enough money, clout, or status to be hacked. Mass phishing campaigns don’t discriminate - they are sent to all. But if you think about this logically, at the end of the day, who is easier to hack? If they are able to scam just $10 from just 10,000 people, that’s already $100,000. Ask yourself this, would you notice $10 missing from your savings or checking account?
Feeling scared? Don’t be. It’s never too late to begin learning how to secure your virtual footprint. Luckily there is an easy and simple solution where you can begin your journey - awareness training.
Read more on the future of phishing, or discover how to transform human error into human cyber defence.