Conversation with Andra Zaharia
I met Andra, who’s a cybersecurity content marketer via Twitter, and I’ve been following her posts for a week or so. A few days before our Conversation she posted an article titled How to Protect Your Freelance Business from Cyberattacks and Fraud, it intrigued me. So I thought it would be great to have a Conversation with her.
After our conversation, I walked away with so much information and insight. Even though I help my clients secure their data and devices, it was great to get a perspective from an expert in this field. Not only that, but the idea she brings forward about ‘communicating simply’ is dear to my heart.
Transcript
So I had an amazing, amazing, amazing chat with Andrew. The hour went so quick. We think kind of realised as soon as I noticed the clock was like an hour as long enough, but after actually we spoke for another 20 minutes or so, she has such amazing insight. And we also think quite like actually in the way we think communication matters in the way we present our technical know-how, it's all well and good throwing buzzwords and throwing keywords.
That's very much tech-oriented, but if the client or the person doesn't understand that, then what's the point. And she being a marketer that's in the cyberspace, cybersecurity space. It made me think about how again, made me think about how it people and, and people in general. Talk tech without people understanding.
And she really has some really interesting insight into the psychological aspects of how we need to kind of educate people into how cybersecurity and security in general, social media. We actually talked about the whole, a lot, lot of stuff, how it really impacts us and how we interact with our devices, our technology and stuff.
It's really I'm not taking anything away from any of my past episodes, but this one I go to say was one of my favourite ones. And hopefully you enjoy it as well. Here's our conversation. I really wanted to talk to you because of that blog post, you posted about security and so on. It was security for freelances.
Was that, was that correct?
Yes. Yes. It was a guys for security for freelancers? Yes. So
what prompted you to write it? Basically?
Oh, I developed. Several security guides for several kinds of, you know, different kinds of people. But what prompted this particular guide was a story that I came across on Twitter.
It was a freelancer who got her identity stolen. Someone said set up a profile in her name, using her work and all of her details and portfolio on a freelancing platform. She didn't have an account on and that camera and impersonator was using her good name to pitch clients. And how she found out is that a client who found it dialogue a bit fishy on that platform, reached out to her sent her a message and asked her like, Hey, this is, is this you?
I thought this was a little off. And that's how she realised that this whole thing had been going on without her realising. And from my experience, I know that people are responsive to these kinds of things. So to, you know, taking proactive behavior and just doing things before things get bad only when they have a story that impacts them emotionally.
So I thought it was a good moment. And plus I wanted to, so I published his guide in a community for freelancers of one of my friends set up. And it honestly, it had a much bigger impact than I expected in the sense that I've been doing cybersecurity content for six and a half years now. And it's usually you know, it, it, it, it has, there's some emotional distance there and it's difficult for people to connect emotionally to these abstract notions.
So what I try to do is to find that connection point and to find that trigger that gets people to pay attention. And get people to see themselves through the eyes of, let's say, an adversary which kind of changes your perspective on things.
Yeah. I mean, it, it prompted me to read it purely because it said freelances and the, and the reason why it prompted me the headline was because I deal with a lot of freelancers and consultants and have done so for like 30 odd years and pretty much 98% of them have no idea about this stuff.
And it amazes me because they care about their wallets. Not, not many, but they care about their wallet, but they don't care about their computers and the computer. The email, your email address. In fact, your email mailbox is the most important thing. Anywhere you could lose your wallet and you can get your cards back.
If you lose your email credentials, it's very hard to get everything that's connected with your email address back. And this is the thing that I'm trying to tell people. And I hope people who listen to this and watch this, understand that not just email, but security, so important, encrypt your hard drive, make sure you have different passwords.
This, this is basically what you talk about. And so when I read it in total, I'm just basically nothing like, yeah, yeah. Let's, let's talk to this person. I want to know who she is. So it was really cool. To have this conversation with someone who does it for their job, I mean, this is, this is what you do, right?
Yes. Yes, this is exactly what I'm doing. And I'm, you know, I'm, I'm thrilled that I have the opportunity to talk to people outside of the cybersecurity industry because this industry in particular tends to have a very strong echo chamber. So we talk to each other, we know things are bad, we know what's going on, but we have a hard time getting outside of it.
And that's because, and what I realised over the past couple of years is that there aren't a lot of enough people that are focused on communication in the sense of translating things so that, you know, regular people like, you know, not you and me, 'cause you're definitely an exception, but you know, regular people who are freelancers or whatever they do in their job, get this kind of, let's say literacy because it is fundamental.
I mean, we can no longer separate our identity, our offline identity from our online one, no matter how we still. Feel about the separation. It does not exist anymore. And what impacts us in real life, except the impacts our online lives and vice versa. And the more we ignore this, we're only making it more difficult for ourselves in the long run because the concept of identity and that's what fascinates me.
And you were talking about this earlier, when you mentioned email, the concept of identity is changing and the way that we define not just our identity as humans, as individuals, but as humans in cyberspace and society in general, it's changing so much, it's influenced by so many things. And there are plenty of, let's say, mental models and ways to look at ourselves and what's going on around us that in cybersecurity work, and again can really elevate your perspective and it can help you get.
Grounded and also help you understand and navigate all of this complexity because it's not going to get easier, no matter how much companies try to simplify things, it's not going to get easy. Really,
definitely not. And this is, this is the angle I'm coming from, being in the tech space, you know, being in the tech space for 30 years.
And I've always liked simplicity, not minimalism simplicity, although I call it tech minimalism, because it was the buzzword simplicity. I used to call it laziness. And the thing is what you, what you touched on saying. We need to make people understand with basically common language, you know, being so w knowing tech people and the, the, the reasons that they use tech is because they like the tech, not because of the client needs it.
And when I noticed that in the early stages of my career, I'm like, okay, this is stupid because this person doesn't need this because it wasn't communicated properly. And I think communication, no matter where you are, and if you're in a relationship, we're all in relationships one way or another, the communication breaks down.
Everything basically explodes, right? So if you don't have the right communication, doesn't matter where you are. It's a huge problem. And I love the fact that you talk about the communication because not many people do really, not many people do. And that's really strange because you will. As you said, echo chamber, we all talk about tech.
We all talk about anything, any, it could be actually anything, but if the person that you're trying to communicate it to doesn't understand those buzz words and who you talking to. What's the point of it, but there's no reason to it. And that's why I've never liked hacks. I call them hacks. I've never liked creating.
A space where people couldn't get the information that they wanted. So I always talk in normal language. I mean, like it, if, if, if it was a case of you have to put it in the band, you have to do this because of this. Like no, put it in the bin, empty the trash. It's fricking simple. It's not, you don't have to.
Over-explain the thing. And often what I do and I found myself doing it. Like, it sounds like I'm talking to a child sometimes, but it helps. I had a client call me talking about my, my computer is full and I'm like, well, I couldn't understand why. So I remoted in there putting stuff in the trash, but not emptying the trash for the past.
God knows how long. And I'm like, how can I explain this? So I've literally said you have a trash can in your kitchen who comes and takes it out of your kitchen. Well, I do. Well, there you go. Right? Simple, simple. And they appreciated it because they understood it. So clear, simple language matters a lot. And I'm going to start following a lot more now because of what you said as well, because it matters simple language matters.
It definitely does. And I think that it's also simplifying language, but also finding that clarity and finding that, that, that emotional trigger, not in the sense of manipulating people, but in the sense of striking that core, that means something to them. When I first started in cybersecurity well working as a marketer in cybersecurity, there was very little content.
There was like super technical content and then very superficial and fragmented content and not much in between while a lot has changed over the last six years. And there has been a substantial and exponential increase in, in the quantity and quality of content that's out there in terms of, you know, cybersecurity, education and awareness and things like that.
There are still, there's still too much generic content that's made for everyone and talks to no one and speaks to no one. And most
people don't. I got to stop you preach, carry on. Preach Jesus. Yes.
They will not, people will not listen to this. I, what I try to always do is that I always talk to as many people as possible, who are, you know, they're not my friends, they're not intact like regular folk.
And I try to understand, you know, What's bothering them and who they trust for advice because often more often than not tech and security, which is obviously part of typology they will feel, they will make people feel incompetent and people don't like to feel. Stupid or unable to do things. And unless they feel capable of doing that thing, like whatever it is, you know, installing antivirus or, you know, start using a password manager or whatever it is, if they don't have the self-confidence, they're just going to reject it right away.
And they're going to say like, this is not part of my identity. I'm not going to take on something that makes me feel less capable than I think of myself. And it's, it's, it all boils down to human psychology. And what I love about this industry in particular is that it is packed with people who understand that, you know, human psychology is the most important element of technology and cybersecurity is like 2% and the other 98% is getting processes.
Right. And communication. Right. And things like that.
It's D it's. Yeah. It's going back to the communication thing. If you're just talking in buzzwords and technical. Babble, which is what I call it. I mean, I'm in tech. I know all the Babel. I still call it Babel because even, you know, the funny thing is even some of it, I don't understand.
I gotta be honest. Sometimes when people talk in real tech, I'm like, dude, just say, you're putting this phone from here to here. I mean, why are you using all this babble full? What's the point? I don't, if I don't understand it, how on earth do you think the average person who doesn't really care about it, they just want to know everything is safe.
Everything is secure. My computer works or whatever it is, how are they going to understand it? If you can't explain it to me simply. To me, the tech guy. Right? So how, how, who, wait, who's employing you. How, how, how are you getting any work? You know, because, you know, you say in the past, well, you said six years, but obviously past 10, 15 years, computers have got so ingrained in our lives, the phones and so on.
I mean, you can go back further than that, but but the men, the, the, the thoughts of how people interact with them, haven't changed so much in the, and, and I see this because I'm feet on the ground talking to people all the time with my clients. And when I changed their minds and whether when they are open to the idea of working the way.
I would say work, not because I say so, because it's better for you. They're so happy with it. So I had one client who was just all over the place with the computer and stuff. She needed a new computer, so she bought a brand new computer. We changed everything. So it was online, safe, secure password, protected, etc.
Her computer got stolen and she was on the phone, crying her eyes out. Oh my God, K what can I do, et cetera? I said, calm down, firstly, secondly, everything's backed up. Everything is secure. Just go to the apple store, pick up a computer log in our latest. She called back, and she said, oh my God, is that it? Is that all I have to do?
Because now I have everything. If you sent me so many chocolates, it was this crazy. I'm like, yeah, it's not that hard. Once it's all set up. It's not actually that hard to set up. It's just whether you can do it or not, whether you want the help to do it is so it's not rocket science. It can actually be done without professionals doing it.
But if you're not confident enough, you hire a professional to do it. I can build it. I mean, I've built cars, but you know what, I'd rather just take my car to a garage so I can, I'm confident to do it, but I'd just rather pay someone. So it was the same thing, but she was so happy because everything was safe.
Everything was secure. We, we encrypted our computer. So there was no way that the person could ever use that computer again, et cetera, et cetera. And she was so happy about it. And it's happened a few times now since then, but again, it's really simple because of the communication between me and the PO and the client, explain to her all of this stuff and calming her down and making sure that they understand where the data is, why we need to do this.
So it was a hard, you know, it's a hard slog. To change people's minds when they've had this 20 years of experience with it people. Right? Cause I hate being called it. I hate it with a passion. So they have this notion of what an it person is. And then when they work with me, they're like, you're not an it guy.
I'm like, no shit.
Exactly, exactly. People have so many misconceptions that we need to work on, that we need to address and make it feel like things are part of normality that they're attainable in that I love success stories like these because when you get that feeling, when, when you have that initial panic that, oh shit, something really bad has happened.
Oh wait, I have a backup. I have like all my stuff back top, I'll have everything, you know, access like two factor authentication. My accounts are protected. Then the, just the feeling of release and of, of peace is just, it's exhilarating honestly. And I've seen people do that. And honestly, it's happened to me as well, because at some point I remember losing like a Google sheet with something that was super important, and I realised that.
Obviously I had backed it up, and everything went back to normal, and just in the span, Spanish 30 seconds, I was like, oh wait. Oh, everything's fine. It's cool. It's cool. I have this because past me was careful enough about doing things. And to me, it is also. People when you even the term cybersecurity fields, alien and foreign and super complicated one, in fact, it is something well, anything cyber-related feels a bit, Saifai still, although with like, we've gone way past that besides by scenarios.
But there are simple things that you can do that only, that that's also playing to simplicity. So it's not just. About it's like getting your ducks in a row. It helps you put things in order. It helps, you know, where things are, especially the most important things, because that's what you want to prioritise.
Like, you know, whatever super important documents you have like client work that you don't want to lose anyone who's lost work at some point or another knows that that is very, very painful and do not want that to happen. It's it's a simple,
yeah, sure. No, I was, sorry, I didn't want to stop you, but you, you said about keeping your client's information safe, and that's so vitally important that freelances.
Yeah. Never understand. So again, I work with a lot of coaches and consultants, and they have a ton of information from their clients. So when you say to them, where are you keeping this stuff? And they say, w my Google personal Google. And I'm like, oh, you know, not, not personal personal, you know, I think, you know, as well, Google too, Google's, there's the personal free one.
And then there's the paid one. And they, even though it's the same company, they're actually two different companies in the sense of security and blah, blah, blah. They're completely separate. And a lot of people don't understand this either, which is which is again, communication because they say Google, I don't want to touch Google.
Cause I'm one of those people that don't use any Google products because of them don't be evil is turned into be evil. So I don't use anything. Right. I do, however, what's YouTube and that's about it really. Yeah, but anyway, they don't know the difference between the paid Google and the unpaid. So when you say to them, actually, I have ethics that of not using Google, but they don't so Google a workspace now it's called, it was called G suite is actually probably a really good product for for a lot of these people to use, but not the free one.
So when they say to you, or will you don't use Google? Why should I I'm like, that's a personal ethic issue. So this is, this is the, this is my ethics. It's up to you. If you want to use it, if not, we'll find something else, you know? So you have to think of those kinds of things as well. Cause I only recommend things that I use.
But then you have to think of the client and what their needs are as well. So it kind of depends on how you do it. So if someone says, well, I need to use Microsoft Excel. I'm like, well, you have a Mac. You can use numbers. Why you do want to pay extra? Because I don't use it, I don't use it. If they say, well, I'm an accountant and I use macros.
Yeah. Okay. You have to use it. Right. But I'm not like, no, don't use it. You have to know it. You have to use the right tool for the right job. And if you have a specific job and a specific thing that you need to do with that app, just because I don't like it, I'm not forcing you not to use it, right. Yes. But the security part of it matters.
So again, Google. There's a good Google and the bad Google don't use the bad Google, but I just don't use the Google.
No, I know. And that you, you, you brought up actually conversation that happens very often insecurity, which is so first of all, the, to your point about using, you know, free Google accounts, I would just like to remind whoever will be watching or listening that if you lose documents, Google will not be able to bring them back.
I haven't seen this happen. They will not be able to bring them back if you're on a free plan. So one that once that's gone and once you've deleted it, that's by, by, and you're not going to be able to retrieve it no matter how hard you try. So keep backups and use a paid accounts. The second thing is that to your point, that we should recommend stuff that people can actually use and people actually need.
In the tech space and in the security space, there's always the debate of, oh, if you want to be secure, you should use Linux. No one, no, no. We're not going to use that. That's absurd. You're not white. Why are you doing one of these people? It's even more complicated than they already are. Let's try to teach people to just, you know, what's your setup.
This is my setup. Okay. Let's see what you can do. Like what's the baseline, what are the baseline things you can do to keep yourself safe? Like, I am better passwords, things like that. We have, you know, there are so many simple solutions to use now that aren't even that expensive, and they're totally worth the money, especially in terms of password management.
If that's where manager were simplify your life, make it more productive and take a big pain off your back in terms of of, of managing this stuff. And also, so it doesn't matter which operating system you choose to use, whether on mobile or on your laptop or desktop, whatever it is on your tablets, it's just important to try to figure out, you know, what's the best way that you can profit from that, you know, product or platform also in terms of security, no matter what that is.
And no Macs are not safe by default. No, I, well, there, there a great system there, so great system. I switched to the Apple ecosystem. Because of their focus on security and I, I still like routes for them in that direction. They're not perfect. No company is there as, and they're, they're good enough for me.
Like you mentioned
for, this is what I tell people. If it's good enough for a cybersecurity expert, it's good enough for everyone else. And as you say, you, I mean, every everything you have, it doesn't matter what it is. You have to be secure security conscious about it. If you have a wallet. It's going to fall out your pocket, someone's going to steal it.
Someone's going to RFID it. There's they're going to there's some things going to happen with it, right? That's why we pay insurance. It's not because necessarily because of the law, although it is illegal, not to have the car insurance, but the point is, if you have insurance, you're safe in the knowledge that that's your backup, right?
This is the tech speak. We have a backup of our fouls files and we have insurance just in case we crash our car so we can get our car back. Right. It's kind of the same thing. So if you don't insure yourself, like you said, with your documents and, and, and personal information, then only your, your to blame, not anyone else, right?
Because they're not. There's so much information out there. Good or bad, but at least you can get the basic information that you need going back to the Mac and PC thing. Yes, Lennox, blah, blah, blah. Let's not go there because that, to me, is it talk, but the Mac and PC again? Yes, max are way more safer than, than PCs are purely because of the operating system, not because of the box itself.
And what people don't understand is that PC stands for piece of crap, but that's my personal Felipe, but PCs are not, it's not a company. It's, it's a bar Hawks that Microsoft has a license to put the operating system on. So those things don't work together. Just like an apple does an apple, the operating system and the hardware work Harmon hominis lit hum work well together.
I can't say some words. So then he worked really well together. So the, so the, the security part of it say is way better than a PC because because of that factor now there's still flaws. There's still flaws. And they're always constantly finding flaws. It's like bugs in software. They have to fix the holes.
But. You can encrypt your hard drive. How do you do that? Push a button it's encrypted. No one else can touch it, you know, and things like that, that the fact that they've made it so simple is so much more reachable by, by non-techies that I mean, there were, there was a time where I got fed up with max MPCs and I said, get a Chromebook, get, get Google, blah, blah, blah, and get a Chromebook because it's cheaper.
And I've told some parents because they don't like the apple or the PC to get Chromebooks for their kids. Because why not? Because a lot of schools here in Holland, they use Google ecosystem kind of thing, get a Chromebook. There's nothing wrong with Chromebooks, but again, you have to secure yourself with it.
It's the same.
Yes, yes, absolutely. And plus there's, so there are so many, you know, various entry points. To your personal identity and belongings and data. And besides like the operating system itself, you know, it's good to be in a secure ecosystem to have to, to, to realise what your kind of your main kind of castle that you're trying to predict is whether it's your email address or your, you know, your apple account or whatever, your kind of main email address that ties into all of the other main accounts that you've have, because that's how it starts.
You use a weak password for your email, and that gets cracked and you don't have like two factor authentication enabled, and they just, you know, attackers can just spin out from there and reach all of the other accounts that you set up using that email, including your online banking account and so many other things.
But while the operating system can be safe Your browser is one of the most important entry points into your ecosystem ever. And that's often the least protected kind of piece of real estate that people have in their digital lives. So, first of all, I would like to ask whoever is listening or watching to not store passwords in your browser, please do not do it.
They are stored in plain text. You can like if a malicious ad-on or yeah, and that that was not malicious, but turn malicious in the meantime, people that sell add-ons for all sorts of things, if that turns malicious, it w the fruit, the thing that it'll do is it'll look for your password. So all of the passwords that you have saved in your, in your browser, and those are so easy to reach.
If you can see them, you can imagine that someone who knows what they're doing. Is, you know, it has a much more like it's so much faster and easier for them to reach them and using those passwords while you can guess, what are you going to do next, but do not store passwords in your browser. I've seen people in security companies do this, and it broke my heart.
And because often people don't eat their own dog food. Often people even insecurity companies. Cause they're still people and they're still, you know, failable they will not practice what they preach. And I am very adamant about this. I strongly believe that you cannot be, you know, persuasive when you're trying to help other people in this direction.
If you don't do things yourself, cause you don't know how they feel, you don't know how to switch fields. You don't even know what kind of questions pop up in your head and things like that. So please don't store passwords in your browser. And second of all, when you get. You know, whatever security suite that you decide to use, use their browser.
Add-ons they almost, I mean, all of the good ones have browser add-ons and they will filter the traffic coming into your browser and stop malicious pages and ads, and even like malicious software that sits behind infected websites that you can see. And that. Actually affects your, you know, your device without you noticing or clicking on anything or doing anything and you know, the bad guys, there's this the saying in cybersecurity that I really feel explained the entire situation quite well, which is the bad guys.
Only need to hack you once and you have to protect all of those, you know, entry points your system. And if you're just leaving, like your browser is like just, you know, leaving the door open for them or a window opening. Like you go on holiday and leave your window open. Well, you're going to have a bad time to post about it on social media.
Yeah. Which, which you shouldn't do. No, I mean, it's true because you're using a web browser. I mean, the amount of people that use. What I call the wrong browser. But a lot of people like it please don't use Google Chrome. I use safari it's built-in now you brought up, brought up an interesting point, but there's a, this there's a distinction between the browser holding your passwords and a password manager working through a browser, right?
So one password is something I use there's last pass. There's a few others. I use one password because I've used it from the beginning of them, whatever. Anyway however, safari. Even though it stores part, even though it gives you the ability to store passwords, it doesn't store them in the browser because the Mac has the key chain, which is a secure password manager effectively.
So not all browsers are the same. I just wanna, I just wanna make sure that that's out there because Chrome does hold it in the browser and it does hold it in plain text. And I think Firefox also does it, I mean, they all do it. The only one that doesn't do it from what I understand is safari, because it's built with the software and hardware in mind, but it's, but it's built into the operating system, the key chain.
So even though if you, so if you're, if you are using a Mac, the built-in one for safari. Works. I'm not saying Safaria is fallible. I mean, there's some problems with safari as well that the co you know, they're finding, but that's like bugs in any piece of software. And the other thing I like about safari, even though people think, you know, apple walled garden, you can't do much, it's kind of to protect you, but it is an annoyance as well, to a certain degree for people who like to change things and manipulate and, you know, stuff like that.
But those manipulations, like in Android devices can be exactly right. Can be high act and et cetera. So, yeah, I don't like people messing with the shit that I buy. I E apple, let me do what I want to do. However, there's the other side of it. Whereas they're actually doing it for two reasons, one for their own financial gain, blah, blah, blah, to keep it in your system.
But they're also doing it because it's actually safer to do it that way. As well. So I'm not saying they, they good, but yeah,
that's a very good point. And security is a compromise. It'll always be, I think, one of the most difficult things and one of the biggest challenges of our let's see era and going forward is to figure out how to get security, to be usable and to beat out an invisible layer.
That's built into the system, but doesn't add friction points like we have. Now, when you lose your password, you have to retrieve it. You have to go into your email and go through a bunch of hoops to, you know, get stuff done. But at the same time, we must realise as adults that we are, that there will be some compromises that we have to make, because I feel like gameification, and in making things super simple has sometimes led to kind of infantilise people.
They just, just, you know, treat people like kids and not. Not not give them, you know, the responsibility that they have. Security is a shared responsibility to tag that you use has, of course, terms of use that no one reads that, you know, give you your share of responsibility. And I feel like You know, it's it's of course it's one thing to try to make things simpler and smoother and you know, less, you know, friction creating and things like that.
But it's another thing to, to try to, you know, get people to feel like they don't have to do anything at all, because that will breed responsibility and it will read a false sense of security that so many people live with generally. And that leads to more security issues than we realise, you know, people just not thinking like, sure, I'm going to send all of these sensitive documents via WhatsApp.
It's secure it's as it's encrypted.
Yeah. No, it's crazy. I mean, it's, it's things like we transfer I know lawyers who send stuff through, we transfer them like, dude, are you serious? I mean, this is no, you shouldn't do that because they store it and they can access the files. Now, if it's a file, sending it, sending a dog picture to your granddad or whatever it is.
Yeah. Whatever that, but lawyers, doctors who use, we transfer and Dropbox, they're not great for security either. The thing is, I'm not a cybersecurity expert in any shape or form, but because being, I've been in tech firm, From the age of 103 from a long time ago. I know how it's transpired, and I know how to protect myself.
Cause I've always been in tech since I was like eight years old. But but a lot of people just don't get it. And as you say, they want the simplicity of it, but I turn it back and throw it back at them. So I say to them, if you lose your bank card and someone picks it up and goes to the bank, would you be happy if the bank says, oh, you've got the card?
Yeah, no problem. This is your account. Here's your pin number. You won't be happy. You worry about that. Right? You wouldn't because your bank is gone. Not because, because you wanted the simplicity of, I just want my pen. Can you just give it to me over the counter? You know, it's me now. It doesn't work like that.
They have to post it to you. So I'm, I want to ag advocate companies posting your email password because it's never going to happen, but yeah. I mean, that's where we've got to now. So yeah, the simplicity of it, I think making things simple as very hard. Right. It is the hardest, it's the hardest. However, people sometimes make things accompany sometimes make things simple because it's easy for them to make it simple.
But that doesn't mean security-wise. It's good. Right. Which is exactly what you're saying and, and simplicity. If you want to get it, if you want to do it right. Is really fricking difficult, really fricking difficult. It
is. And it can leave loopholes like this one. So when you mentioned the bank example, there's actually a type of attack.
That preys on telecom operators, inability to have secure processes for transferring your phone number to a different SIM they're called SIM swap attacks. And what an attacker will do is that they will call your telecom with information that they can easily find about you online. And if your telecom provider doesn't have strong authentication mechanisms and validated, that's you.
You know, with multiple details. And if you've posted those details on the internet or they got leaked in some way or form, you know, cybercriminals can easily get those about you. And they will call the telecom operators and say like, Hey, can you transfer, you know, this phone number to a different SIM?
And at some point, you know, you realise that, Hey, I don't have a signal when what's going on with my phone number. And by the time you've realised that this is happening and you figure out a way to get it back and, you know, block this camera and so on, they will have already used your phone number to maybe get those two factor authentication codes and log into your email or your online banking account and every other, you know, things that they can use through your phone number, which is also a core part of our identity, along with our email.
And you might say like, Hey, yeah, but I don't have that much money to my account. Or, you know, my, like my cards are emptying. What can they do with that? They can use them for money laundering. Yeah, they will use your empty accounts to transfer money that they have, you know, made through illegal activities like cybercrime or ransomware, or a bunch of other things.
And you will become, you know, part of an illegal operation. Exactly. And you can face charges and all those sorts of things. So, yes, you can be a target and be a victim. Even if they have, in theory, nothing to steal from you, they will find a way to use you in their operations, because that's what they do.
That's their thing
is easy. It's easy for them to do it. It's easy money, and this is what people don't understand. Oh, it won't happen to me until it happens to you. If it's happened to someone I know very close to me, his wife, girlfriend, whatever his partner called me and said, I just got a call and they wanted to log into my computer.
I was like, you didn't, did you? She said, well, yeah. And I was like, but. You know me, why would someone else call you for a computer? So she was on the phone. And as soon as they said, give the credit card number, she actually started reading it a credit card. And I'm like, you didn't give all of it. I said, no, because I thought it was fishy.
So I didn't give them the last four digits. Luckily, luckily, and I'm like, this is, I mean, the person, they no stupid people. These people, they, I mean, you know, they're not stupid people, but anyone could be duped. This is the thing. This is why these cyber-criminals are so fricking clever that, that you don't expect that I had a client.
Who's what you just said about SIM swap happened to him and I'm like, well w and he called me to say, can you help me? I'm like, well, I'm not a cybersecurity guy, but I'll help what I can let's change. All your passwords everywhere. Let's start with that first. And we did, and luckily nothing else was changed, but they were trying to get into his his bank account.
That's what they were trying to do. Someone else called me about that. They said I CA I couldn't log into my LinkedIn and I couldn't understand why and what they did. He had a Hotmail account or something, so they duped some thing or whatever they got into the Hotmail. And luckily all they did was they created a rule.
This is so clever. They created a rule that said anything about Hotmail, ransomware, whatever, just got deleted or got archived automatically. So even though you could use the email, you wouldn't see those emails coming in. And what they did when they went into their LinkedIn account and sent a bunch of messages.
So there were literally just getting into the LinkedIn account without him knowing, basically. Yeah. Yeah. A lot of them it's crazy.
Yeah. The examples are so powerful because they show us that first of all, we can be the victims, but maybe what hurts most is that people we care about can become victims.
Because of us or through us, you know, using us as a stepping stone in a way you're talking about, you know, children have their identity stolen and their futures compromised. People open up, you know, this mostly happens in the states, but because, you know, in Europe we have a much more bureaucratic society, which sometimes helps us.
Especially in terms of security, it's painful to live with it, but at least we have that going for us. But in the us, when people, you know, when once cameras and cybercriminals steal children's identities and they set up credit cards and loans and their accounts, and, you know, you realise that you're a 13 year old child now has thousands, tens of thousands of dollars in debt.
Exactly. And you know, all like loan sharks come to your door and try to, you know, get their money. And it just, it can get so messed up with consequences that are in really longterm, even when data breach has happened. So they happen today, but their effect is cumulative. And the more data leaks about you.
The easier it is for them to compound all this data and to profile you like really deeply and to automate attacks against billions of people, because that's what happens. And I guess that, you know, we may be, you know, people in countries that don't have English as their primary language were mostly sheltered up until a few years ago when separate criminals started translating and adapting their emails in their tactics.
And making them really professional, like not too many grammar ruins, not too many Nigerian princes.
I said, you know, I started replying to them. This is the hilarious thing that when I, when I was using I, when I was using Facebook years ago, years and years ago before it became the stupid thing it is now I used to get lots of spam messages and I was like, you know what, I'm never going to stop this.
So let's play, play with them. And I'm fortunately I think keep them, but they're all, they were all on my. Facebook account at the time. So I was just posting. So you just play with them. So what I started doing was reply with absolute and utter jibberish. Like things like, yes, I would like to buy your goats, but only if one of them had three feet, but I'm not sure if they could use a telephone, because if they can use a telephone, they might be able to phone ITI and it's not possible to be able to buy a bunch of corn and just complete nonsense and you reply and they would just.
Sometimes reply back and then you'll reply again. And after two replies, they'll just leave you alone, and they'll take you off the email list because that email account still exists, but they're like, okay, this guy's crazy. So that's how I personally, I'm not saying it works. I'm just saying I have worked for me and I wouldn't recommend doing this, but it did work for me.
It was,
it is fun to do. Sometimes it is fun to do, but yeah, I also recommend like, just mark it as spam and email
address, but they're professionals, let us do it.
I know we're at least we know what we're getting into, so yes, definitely.
Yeah. It's, it's crazy how you can really confuse them, but they are really clever as you say that the language has changed the way they are communicating.
And a lot of the times what I've noticed that because there's a lot of YouTube channels that I watch. I called Ben something. He goes after the scammers in Pakistan and India and stuff like that. Brilliant videos. Cause he does stuff with the BBC as well. And they are, so the scammers I'm talking about, they're so sophisticated that they hire people in the country to receive the money.
So they don't have foreign accents and things like this, you know what I mean? So they can't be deemed as you know, illegitimate and stuff like this. They're getting very, very clever about this kind of stuff
that is. And with all the information we're willingly this closing about ourselves online, we're just making it super easy for them.
I mean, even burglars. Go on Facebook and see when people are leaving on vacation. Cause they're posting their plane tickets, please do not do this. And they know exactly like how long they're going to, you know, not be home and where they left and all of the other details. And we're just making you like you're inviting them into your home.
Yeah.
It's an open invitation, so, okay. Let's go through this because someone asked me this, my one of my first conversations I had with Sebastian actually, cause he was amazed that I don't use Facebook. What's up, blah, blah, blah, all this stuff. Let's go. Let's let's ask you. Do you, do you use any of those products?
Those platforms
I do not use. So I closed my Facebook account years ago. Same with Instagram I, before I deleted I, you can basically delete all of the geotags on Instagram. At least you used to be able to do that, but it's been years. So I don't know if they still have that option, but if you want to go back, if you want to still keep using Instagram, but you want to delete all of your check-ins, you can go and have all of that data wipeout.
And don't, I don't use those anymore. And it's been a massive burden lifted from my life. And I work in marketing and people ask me, you know, not too many people because people don't understand nowadays, you know why I've decided to do this. But when I went in first. You know, when I first closed my accounts like years ago the few people ask me, but how are you going to work in marketing?
If you're not on Facebook? Like the internet, it is so extensive. There are so many places on the internet where you can talk to people that are not Facebook and the other ones. And yeah, I haven't been able to move like my parents from WhatsApp to signal. Unfortunately, I, I it's, it's difficult, but I've taught them like a couple of things that have stuck with them.
Things like if you receive strange messages or see a promo or things like that, send it to me first. They'll take a look at it. I'll tell you if it's okay to click or not. So they do that, which, which is really good. But I try to keep my set up. To a minimum. So even though I have a much larger digital footprint that most people simply, because I've been working in digital marketing for over 10 years and it's just, it is part of my life.
It is something that I've done knowingly. And I know what I, I took extra precautions to protect myself, but I try to keep things minimal. I try to keep my, let's say, identity small in the sense of, you know, not oversharing it don't, I never liked posting pictures from my home or things like that. And I always, I look at these bloggers and influencers, and they're like, you're just mapping out your home to millions of people.
This is not healthy in any way.
I mean, the thing, I mean with, with me, I, the only social networks I use actually uses Twitter and LinkedIn. Yeah, LinkedIn, I'll probably post my feet out the window or something, same with Twitter, but have I, I mean, I record in my office. So I, I used to also use Twitter, Instagram boa, or, you know, all of that stuff back 10 years ago kind of thing.
But I started thinking, do I need to, what am I gaining from it? And well now, but you know, five years ago, why the fuck am I giving my details to, to these, these companies? Right? I'm I'm, but I'm a strong believer in owning your own audience. So if anything happens to any social media, I can still work, right?
Because something happened to me back in 2009 via Google. And I was like, whoa, what could stop what's going on? Because I put my eggs in one basket, which was Google ads. Google went to evil, I stopped using them. Facebook went to evil. I don't use any of their products. From a security point of view, it's very rare for me to post check-ins.
Actually, I don't know I used to have, I mean, Foursquare was a big thing as well as a huge tank, but the only thing I posted there was I'm in my office, but everyone knew my office cause I had a walk-in thing. So that wasn't a big deal, but I wouldn't post anything else or not too much. And then I started realising about this own your audience.
Why am I giving my data away? Then it turned into, wait a minute, this is a security issue, not an audience issue. It's a security issue. But it ties in
together. Everything ties in together.
Yeah. Together. But that's, that's how I, that's how I moved it from one to the other kind of thing. First I thought about a ethics issue for me kind of thing.
And then I turned it into a security issue, but it is actually both effectively.
It is, it is both. And it affects us society-wide because right now we're, we're obviously the commissioner with the speed of transformation and things like that. But besides that, the societal impact that technology has now is so deep, and it brings on so many ethical dilemmas and ethical issues.
Like you mentioned that we need to fix because otherwise not that we need to fix, but because we're never going to be able to fix them as a whole, but at least keep them in check. So we don't add that living in a dystopia that we've seen in movies. And it's fun when you get to leave at the end of the movie, but not if you end up the fan of society.
Exactly, exactly. So I strongly believe so. I don't, you know, Or tech literacy and the security part that comes with that is not optional. It is essential. It is. And it's even more important for the younger generations who are born with technology to don't know what a world looks like without it. We have, you know, having been the generations that no, what life looked like before the internet, we have some sense of, let's say a different understanding of.
Social relationships and things like that and interaction and what's artificial and what's authentic and things like that. And I think we have a stronger radar of knowing when things like really drift from, you know, they, they become like really divergent with what is healthy. But kids don't have that.
They were born. They think this is normal to be constantly connected. And like you mentioned, at the beginning of our conversation, our brain, our biology has not evolved to keep up with these things. And that's where we were dealing with so much anxiety and so much pressure. And Lord I'm just happy and not a teenager in 2021.
It does suck. Yeah. I mean, the thing is, I'm so lucky that I was born back in the sixties, late sixties, that I could go outside and play with sticks and not worry about it. There's some, you know, is there a, like was waiting for me? Is there a heart waiting for me? Did someone did my stick plane go? It go viral or whatever.
I'm so glad of that because we, cause we, we shouldn't care about that. And that's not how kids, people forget kids. That's how people shouldn't be living. We're living in a society where we're waiting for confirmation of what we're doing rather than actually doing what we need to do, which is live our lives.
Our life shouldn't be Dick. I mean, you know, I have this thing where life should be, sorry. I have this saying where basically work should be incidental to life and life shouldn't be incidental to work. And social media now plays a big role in that because life should be the main thing. So social media should be just in a plaything.
That's incidental. It shouldn't be your main focus. And, but people in influences. And I fucking hate that saying, but influences have created this, like you say, this, this Vision of how the world is, which isn't true, which is basically like adverts and magazines, that there were restrictions on those things.
And I think restrictions should happen on the internet to a certain degree as well. The thing is the internet, you know, I was there at the beginning as well, and it was such a beautiful thing. It was like, wow, I can send this file to my friend. I can tack I can, what I can do this now, instead of sending a letter, this is awesome.
And it's turned into this closed system where these big tech companies have basically said, this is my area. This is, you know, this is my area. And they've changed the landscape of all of what the internet was supposed to be. And I wished, and I w I really do wish or wished that. Tim Berners Lee did charge a nano cent every time someone used www no for the money for him, because he didn't want that.
What he wanted was the world wide web to be free and open, unfortunately, and not blaming him. He didn't charge for it because he wanted it to be open. But if he had charged for it, that money would have gone into not the crap that we have now, the education, the, the, the, the different kinds of infrastructure, the lawyers, et cetera, et cetera, he would have, he would be the richest guy in a planet, basically, if it if that ha but then again, would it have been with the internet be as big as it is if he did do that, because then some people
see it, probably not.
That's a different timeline. And I think that it is. The internet. I still think about, you know, you mentioned, you know, just being able to play outside without any kind of afterthoughts whatsoever. I was in college, and I didn't have a smartphone in college and it was the best experience. I did not feel compelled to check anything.
And I, I gave a class at a master's program like two years ago. In-person and 80% of the kids who were staring down their phones because it was the first. First time for me like doing this in front of students, I can not monster up the cars to say like, you know what, if you don't get off your phone, get the fuck out.
Cause I'm not, oh, I wish I did. Oh, I wish he did as well. Going to do that again. If that happens again, I promise that I will tell them yeah,
go viral.
Oh no, no. I didn't want to go viral. Yes. Then, the internet is a magical thing, and they still appreciate it so much because, because of the internet and because of, you know, due to Twitter, which I love, it's my favorite social network.
I've met the best people there. We're having this conversation now. And it's just, it's changed my life in so many ways. It's made me a better person in so many ways, but it also scares the crap out of me because I feel like things are, are. We're we're losing control of things, and we're losing control.
And in the sense that too much power is in too few hands, and that's never good for anyone ever. And what Tim Berners Lee wanted to do with the internet was avoid specifically that to keep the internet free and decentralised and, and, you know, independent of political control. But as the humans that we are as the species that we are politics always yes, everywhere.
It's greed. It's, it's not just politics. It's more to do with greed. It starts with greed and then turns into politics. And it's always greed. It doesn't matter what country you're in. It doesn't matter how high you are. It's it's, you know, my balls are bigger than yours and I want more money and it's greed.
That's, that's basically it. And, and that's the unfortunate thing. But anyway Hey, this has been an awesome, awesome chat. I'm definitely, we're going to definitely got to do this again, especially if you. Yeah. Especially if you record the, get the fuck out my room, we'll talk about that. Definitely as well.
But Hey, honestly, it was great. Chat it time flies. Cause I can't, I can't believe it's been an hour already, but when you enjoy a chat at the time, time flies. Hey again, thanks again. Have a great day. And I'll talk to you soon. Thank
you. Thank you too. This has been incredible. And I feel like this renewed sense of energy, and it is so nice to talk to people like fighting the good fight and trying to help others.
I think that is one of the best things that we can do with our lives in general. So thank you for this.
Absolutely. Awesome. I'll see you on Twitter. Yes. See you later. Ciao.