For the longest time, Hollywood gave us an inane picture of hacking. Hacking simply meant pounding at a keyboard while mysterious symbols popped up on a screen.
To the typical movie-goer this was a form of magic. And hacking was this mystical art that only a select few understood.
In Mr. Robot, hacking is as real as our current technological culture. While the techniques Elliot and his cohorts employ are probably still a mystery to some, the words used to define the hacker’s actions are all too familiar to almost all of us.
Terms like DDOS attack, spyware, malware, and brute force password hack all appear in our current news. These aren’t magic words. They’re as real threats to our safety as burglars and cancer.
That’s why, when watching Mr. Robot, you should sit up and pay attention. Mr. Robot is the most realistic portrayal of hacking culture ever put on film. And there are a lot of things we can learn about cybersecurity by analyzing the show.
1. Hacking Is More Than Computers
Going back to the myth of hacking we see a damaging misconception. Hacking doesn’t merely mean creating viruses and computer programs to gain access to computers and the information stored there. It’s more than that.
Elliot’s encounter with Whiterose, a Chinese hacker associated with the Dark Army in the show, teaches us more about hacking than anything else in the show. She tells Elliot, “You hack people. I hack time.”
She reveals to us that Elliot isn’t a computer hacker and neither is she. The computer is only a tool and a resource.
What hackers, the great hackers, do is hack people.
Humans are imperfect creatures. They are often lazy or ignorant or selfish. And it’s these imperfections hackers use against us.
From our propensity to never change our router password straight out of the box (laziness or ignorance) to our use of public wifi for our banking (ignorance again), humans are hackable.
Cybersecurity Begins With You
So, the first lesson about cybersecurity Mr. Robot teaches us: cybersecurity starts with people and ends with computers.
If you run a business, say you’re an SEO expert who started your own service, you need to educate. Educate first yourself and then your employees (if you have them).
People will still be lazy (heck, I’m lazy), but you can at least dispel ignorance. Start by writing a cybersecurity policy. Regulate every aspect of your business’ life on the internet and locally.
And then hold a training session with your employees.
This cybersecurity policy shouldn’t get dusty either. Hold a quarterly security meeting.
Studies show that 90% of skills taught in a training course disappear if left unrefreshed for a year. And your business’ security isn’t something to let slide like that.
2. Don’t Let People Create Passwords
Most people don’t understand that the point of a password isn’t its ease of recall. It’s like we’re all kids in a “secret fort” up in a tree somewhere. Our most common passwords are insanely simple.
And Mr. Robot highlights this fact beautifully. Elliot can hack almost everyone in his life because they don’t protect themselves with good passwords.
Of course, Mr. Robot only reveals the problem, weak passwords. But how do you create strong passwords?
The Longer The Better
My family complains about my passwords. But if you want to access my stuff, you have to use your typing fingers. Why? Because the longer the password, the more secure it is.
If you use a long password, brute force hacking programs have a harder time figuring out your passphrase.
But even if you create a long password, if it’s too simple, watch out!
Two by Two
How do you create a more complicated password? Remember the rule of two’s.
While most secure websites require one special character or number in their passwords, you should go beyond this. If you use simple words as your password, a machine with a dictionary could hack it. Therefore you need to use more than mere words.
A more complicated password includes two uppercase letters, two non-letter symbols, and two numbers. This will increase the complexity of the password and satisfy the security requirements of most sites.
Nothing Wrong With Random
Remember, hacking isn’t about computers, it’s about people. And to make a password memorable, most people use something personal.
Pet people tend to use their pet’s name in their password. Don’t do that.
Also, don’t use your daughter, son, mother, spouse, second cousin twice removed’s name in the password. Anyone with access to your public Facebook page could figure out who is in your life.
Instead, use something random. I typically look around my office and say, “What should I use as a password today.” And I use some variance of my choice.
Never use a whole word. Remember, most programs use a dictionary to crack passwords. Don’t make it easy for the hacker.
3. Never Allow a BYOS Policy
Darlene Alderson, Ellliot’s sister in the show, gives us a glimpse of how easy it is to infiltrate a computer system. She builds a malware program, loads it onto a bunch of thumb drives and drops them near a police vehicle.
The unwitting policeman finds the thumb drives (branded by a trusted corporation) and gets curious. He plugs the drive into his computer and an ad pops up. He stupidly clicks it. Bam, instant access to the police network.
Now, you might think your employees can’t be this stupid. But you never know. And while you might not be able to stop this kind of attack, you can at least educate employees about why they should always clear software and devices with IT before plugging them into the company computers.
There should be no “bring your own software policy” (whether intentional or not). Every employee should be aware of the dangers inherent in outside, uninspected devices and software packages.
You can’t stop every cyber attack. You can change your own practices and create a culture of awareness and security.
It takes only a little bit of time to save a lot of money and avoid disastrous situations.
Are you shoring up your business’ cyber security? How could you improve in your own personal security? Let me know in the comments below.