In a time where companies, celebrities, and even governments are coming under cyber-attacks, getting hacked might seem inevitable. But according to former NSA hacker David Kennedy, there are steps you can take to prevent it from happening to you. Kennedy shares his five must-do tips for protecting yourself from hackers. Following is a transcript of the video.
David Kennedy: "Mr. Robot" is probably one of the most accurate portrayals of what hackers can actively do. If you're interested in hacking and don't understand a lot of this, the TV show itself actually employs hackers to work on the show to depict real-life hacks that could happen in real life and it's a very very accurate portrayal of everything that we see in today. From being able to hack Smartphones to getting access to a big corporation and being able to bring them to their knees from a cyber perspective.
So what's the top five things that you can do to make yourself more secure both at your business and your home?
Number one, use two-factor authentication or two-step verification everywhere that you can. Your banking systems, Twitter, Facebook all support the ability for you to enable an additional security feature that you may not know. You go to your settings, it's in there. You can enable it and every time that you log in, it'll register your computer, and you can then get a text message to go into that system as a second form of verification. And why that's important is because if a hacker gets access to your password, they still have to have access to your phone to get access to your account. And that's really important by enabling that specific security step, probably number one.
Number two, don't use the same password everywhere. I know it's hard, but using the same password everywhere is one of probably the easiest ways that we break in as hackers. So if you have the same Twitter password as your same banking information, those are things that can get you in some serious trouble.
Number three, make sure that you stay up to date. Those security patches. Every time you have a Windows update that says hey I need to update your computer, it's usually to fix a known attack that hackers have figured out to get access to your computer. So keep up to date whether you're using a Mac, they aren't impervious to attack, or you're using Windows, same thing, update your systems. That's the most important thing, always keep up to date with what you're having out there. Same thing for third-party applications. If you're using Java, Adobe, PDFs, Office documents, those are all things that you want to keep up to date and that makes it much harder for us as hackers to break in to your system.
Number four, social media, be careful with how much information you actually put online. We as attackers can look at that. Look at what you do, your spending habits, what you might be doing from a day-to-day perspective, going and buying Starbucks at a certain location. Those are all things that we can use to identify when you're gonna be out of the country or when you're gonna be at a business meeting. We can use that as a method to attack you. One of the main things that we do as hackers, especially when it comes to social engineering, is we create a sense of urgency. Something that you're familiar with, but you have to take action upon. So let's just say for example, I'm a Verizon customer and I have an Amazon package that's getting delivered. Well, if I, as an attacker, know an Amazon package is getting delivered, sending a text message from a Verizon customer support service line coming from Amazon saying hey your package is being rerouted, you need to log into the site to get it delivered again, is something that an attacker can use. So those are things that attackers can leverage as urgency, how you actually operate, and all that information that you post online are things that we can use as attacks.
And last but not least, personal information. That's one of the biggest things that attackers can leverage to get access to your data. Things like social security numbers, your credit card numbers. A person is not going to call you on the phone from a banking service and ask you for that type of information. So whenever you get a call, that's too good to be true, or a call that is a fraud services line, call them back. Look at the number on the website themselves and call it back cause a lot of times attackers will impersonate financial services. They'll impersonate different organizations to try to get your personal information and use that to be able to make fraudulent charges. So when it comes to that, your phone, verify first. Go to their site, call the site itself, off from there and then call to an actual person that's actually at that institute itself.