Welcome to Terrible Cyber Tips, teaching you exactly what NOT to do online!
Why is this, you ask? Well, just because cybersecurity is serious, it doesn’t mean it can’t be fun. Having fun engages people, and I’ve found that sharing these types of terrible tips somehow gained more attention than sharing “Don’t reuse your password” or “Turn on 2FA.”
I wrote a terrible cyber tip just as a joke on LinkedIn a few months ago and got a shocking amount of interaction. Throughout years of writing good cyber tips, I never received feedback like this, which made something click: With so much fleeting news and information received every day online, it’s important to stand out and keep cybersecurity at the forefront of people’s minds. So, please enjoy these top 10 terrible tips that you SHOULD NOT follow. (Disclaimer: Unfortunately, some of these are based on a few real-life events.)
1. Got hit with ransomware? You should PANIC.
Your IT department isn’t out to get you. In fact, they should be there to help you. If this is not true, talk to a manager about building a security culture that encourages an open line of communication between IT and your organization’s employees.
2. Spend years handcrafting the perfect password, then use it for every single account. One password to rule them all.
Even if you’re proud of the amazing, strong password you came up with, the second you use it twice, it becomes useless. So, get those creative juices flowing to create new passwords!
3. Someone hacked that password you named after your dog? Time to rename your dog.
Let’s leave the dog out of this. And while we’re at it, this also applies to your family members’ names, your date of birth, and any other information that I can find on Facebook (or Meta?).
4. Don’t feel bad when your Twitter account gets hacked, your password is trending.
There are a few ways to get famous, but this is not one of them. Remember: If your account has been involved in a data breach, change your credentials immediately!
5. A computer virus is a lot like the common cold: It’ll go away on its own.
The cold is going around, but this tip shouldn’t. A computer virus can linger, isn’t going anywhere, and will cost a lot more than cough drops!
6. Lonely? Allow pop-ups to find singles in your area. There’s nothing more romantic than sharing your credit card information.
As tempting as this may be, I recommend a dating app. Think of the money you’ll be able to save to spend on romantic dinners.
7. It’s casual Friday? Let your hair down, unclip your tie, and turn off your two-factor authentication (2FA).
Enjoy the win of being able to wear jeans because 2FA should be there to stay. A casual turn-off can turn into a disastrous breach.
8. Only do your cybersecurity training once a year, just like a fire drill.
Cybersecurity is a little more complicated than stop, drop, and roll! Cyberthreats are always advancing, so once a year isn’t going to cut it.
9. Don’t buy security awareness training, just send an email to your team asking them to not get hacked.
As engaging as emails are, the odds of this working are slim to none. Cutting corners is one thing, but this is like telling someone to get a perfect score on the Bar Exam without any education from law school. I don’t think that person is going to become a lawyer.
10. The more money you’re wiring, the less you need to worry about security. Rich people don’t need to double-check account details.
I don’t care if you’re Elon Musk—no amount of money is worth risking due to a rushed bank transfer without double-checking its legitimacy.
I hope the absurdity of these tips helped you realize what you should not do when it comes to cybersecurity best practices and, more importantly, how to become a little bit safer online. All of these tips show the very real threat of a lack of security awareness education. As mentioned, some of these are based on true events, so even though we can have a laugh about it now, keep in mind that hackers can someday use manipulative tactics to make you commit Terrible Cyber practices, as well.
Nick Santora (CISA, CISSP) is CEO of Curricula. After spending nearly a decade working for the federal government in critical infrastructure protection, Nick founded Curricula with the mission of making security awareness training fun. You can follow him on LinkedIn here.