One day I was working on a client site, and throughout the meeting rooms and different working areas there were signs posted that covered habits to strive for success. These ‘success habits’ got me thinking. When providing awareness training, building security programmes, and tailoring hard controls within organisations I focus on habits as well.
Good habits to encourage, like taking a second to think before clicking a link or opening an attachment. Or not-so-amazing habits we want to address and ultimately change; such as oversharing online. This led me to introduce the 7 Habits of a Hacker, targeting habits that non-technical people can address in their own lives to protect themselves.
Habit 1: Investigate online
Hackers: identify publicly available information, of their targets, but also themselves in order to limit.
You: make a habit of choosing what information you want available to persons you don’t know.
Example: signing up for social media sites, do you need to make your date of birth public, and does it need to be accurate?
Habit 2: Take back control
Hackers: like to take control of situations, by choosing the narrative and setting themselves up as authority.
You: make a habit of taking back control, in conversations, social engagements, and even social media.
Example: when using social media accounts, enable multi-factor authentication. Anytime access is needed, you’re the one allowing it. Let's not forget keeping your apps and hardware up-to-date!
Habit 3: Knowledge share
Hackers: can work together in groups and/or use pre-existing tools to make their job easier.
You: make a habit of sharing ideas and solutions you found effective to keeping yourself secure.
Example: received a Phishing email or scam phone call, share this with friends and family so they are aware. Found a password manager you really like, talk to your loved ones on why it works for you.
Habit 4: Problem solving
Hackers: are faced with environments that aren’t supposed to let them in, but with a unique point of view and creativity, they can find ways around it.
You: make a habit of trying to view things in a different way, including how a malicious actor might see it.
Example: struggling to understand why work is requiring a new way of doing a task, consider from the operations side - is it making it easier to manage whilst still enabling you? Can you work together for an equally great solution?
Habit 5: Social engineering
Hackers: know how humans work, and use different degrees of influence to manipulation, in order to convince of authenticity.
You: make a habit of identifying the goal of the person contacting you or site you’re visiting.
Example: see a funny campaign around choosing your royal name, or others sharing pictures of sensitive information like their customised credit cards - are they trying to gain information you shouldn’t be sharing?
Habit 6: Lock things down
Hackers: use situations where we’re not paying attention or distractions to gain unauthorised access.
You: make a habit of locking down your computer when you walk away, enabling pass codes on your phone or apps, encrypting devices.
Example: working from a cafe but need to visit the loo, put your laptop in your bag and take it with you.
Habit 7: Trust but verity
Hackers: are known for taking social norms and flexing them - such as tailgating.
You: make a habit of questioning, does this sound too good to be true, is this too easy? Do I know this person/site?
Example: the Puppy Scam Wondersmith_Rae and Tokyo_v2 investigated or online shops that sell products at a massively reduced cost.