Episode 11: Carrie Kerskie Notes
Today, we talk with Carrie Kerskie. Carrie Kerskie is a highly sought-after national speaker, author, and consultant on cyber security culture, identity theft, and fraud. She is the author of two books, Your Public Identity; Because Nothing is Private Anymore and Protect Your Identity. Carrie’s the host of Privacy Mentor Podcast. As a media favorite, she’s been featured in numerous publications such as Consumer Reports, KrebsOnSecurity.com, and MarketWatch. She appears regularly on NBC, ABC, and FOX.
-
Technology is associated with so much unknown, constantly changing and fear of listening to “antivirus software”
-
Difficult telling what’s real and what’s not
-
Malicious pop-ups
-
-
Assumption that “everyone should know”
-
Remote access software allows them to look at browsing history, especially dangerous when you have passwords stored in your browser
-
Allows hackers to really understand/know personal information
-
-
These fraudsters are really good at what they do, right?
-
This is their full time job
-
Hackers go to school to learn how to do this
-
In Nigeria, you can get a college degree in “how to do the Nigerian scam”
-
These are opportunities for individuals, particularly in impoverished areas
-
-
Run like corporations (entry level employees to CEOs)
-
-
In today’s world, you can’t get off or stay away from technology. You speak about shifts to keep privacy intact and be able to use technology, can you elaborate on this?
-
Really, it boils down to “the human factor”, which is still the weak link
-
3 simple shifts, which we call the “CQ” (Cyber intelligence)
-
First, your personal culture shift: your social interactions around technology
-
There is a fear and embarrassment culture around technology
-
People become fearful to ask for help- we need to change this!
-
We need to change this culture of fear to a culture of empowerment
-
Talk to your friends, family and neighbors
-
One of the biggest advantage these criminals have is that we don’t talk about it
-
-
Importance of security: if it’s easy for you to login, it’s easy for the “bad guys” to get in
-
-
Second, a mindset shift: shift from a mindset of convenience to a mindset of privacy
-
We are in a convenience mindset: there’s an app for that
-
Always looking for short cuts and ways to outsource
-
The more convenience you have, the less secure your information is
-
Think of it like a sliding scale
-
-
Anything that is free, you are the product
-
Your information is the product and that’s what you’re giving up for the convenience of a free app
-
-
Make long passwords: minimum of 12-14 characters
-
Make them unique for each online account
-
Don’t recycle passwords
-
Hackers will use “credential stuffing” to plug the same password into multiple accounts and see if they get a hit
-
-
-
-
Third, your habit shift: how you use technology
-
Validate or eliminate
-
Anything you receive, before you ACT (call, open a link, etc), validate!
-
Verify that person or organization is the one that sent it to you
-
Pick up the phone and call (look up the phone number from the organizations website and call!)
-
If you can’t verify the original sender, eliminate it!
-
If it’s that important, they’ll find another way to contact you
-
-
-
-
-
Where do you keep your passwords? What’s the best way to keep passwords?
-
Paper and pencil! You can’t hack it!
-
Hide it, lock it up, put it somewhere someone can’t find it
-
Not under your keyboard!
-
-
Password managers are also available, may be more convenient
-
Look for 2 things:
-
Encryption in transit: protecting your passwords as they move from your device to the password manager server
-
Scrambles the code so it can’t be intercepted
-
-
Encryption at rest: when your passwords are stored on the password manager server, should the server get hacked, your password is scrambled
-
Must be an encryption key that puts passwords and characters back in order
-
-
-
-
Another resource: Digital vaults
-
Some reside in Switzerland (phenomenal privacy laws)
-
More than just passwords: can upload files
-
Your own individual vault is encrypted (in addition to the server encryption)
-
Can establish a beneficiary
-
If anyone needs any access to your passwords or your formal documents, allows them to do so
-
-
-
-
-
If you had to tell our audience one thing to do today to start protecting themselves, what would you say?
-
In the big picture—think about privacy vs. convenience!
-
Contact information
Email: ck@kerskie.com
Phone: (239) 435-9111
Website: https://carriekerskie.com
Tip Sheet on Identity Threats: https://kerskie.com/tipsheet
Follow Carrie on social media @CarrieKerskie
Listen to Privacy Mentor on Apple, Spotify, and more