Singletary: Educate self about cybersecurity




Michelle Singletary welcomes comments and column ideas. Reach her in care of The Washington Post, 1150 15th St. N.W., Washington, DC 20071; or

You know the screams you hear when watching a horror movie in a theater? That’s what I want to let out every time there’s another data breach. And I’m not alone.

“We’re really scared,” wrote readers Ellen and David, who are still scrambling for a feeling of security after the massive Equifax breach that left 145.5 million consumer files compromised. Last week, Yahoo announced that its own breach in 2013 affected all 3 billion of its users.

These terrifying tales sent me looking for a book I had been meaning to read for quite some time. My former Washington Post colleague Brian Krebs left the newspaper in 2009 to dedicate himself to a blog on cybersecurity: Out of his work and research came “Spam Nation: The Inside Story of Organized Cybercrime — From Global Epidemic to Your Front Door.”

The book is this month’s Color of Money Book Club selection.

But can I be honest?

I read the first few chapters and set the book down. I could sense it making me so paranoid and furious that I didn’t want to read any further.

Did I really want to dive deep into the underworld of cybercriminals who have become masterful in identity theft?

Why do I need to know how my personal information is stolen? I just want the hacks and heists to stop. I want the companies that collect my information to do their job and protect my data.

But Krebs has made a background believer out of me.

Our passivity and procrastination in doing what we need to do to prevent identity theft help the crooks.

“The internet of today is truly a transformative communications and learning tool that radically enriches the lives of billions each day,” Krebs writes. “Yet, never before in the history of the internet has this medium been more fraught with snares and ne’er-do-wells looking to fleece the unwary. You may not understand the value of your computer, your internet connection, your inbox, or your digital files, but I guarantee you the bad guys do, and they’ve become quite adept at extracting full value from these digital assets.”

What we don’t know can cost us money and, just as importantly, can leave us feeling vulnerable and scared.

One thing I didn’t know: Spam is still the main villain. It’s the doorway many cybercriminals use to get your information and gain access into company systems.

With our spam filters and the constant drilling to not open suspicious emails, we’ve been lulled into a false sense of security, Krebs says.

A lot of people still fall victim to malicious emails on which dangerous software rides piggyback. And do you feel safe about your anti-virus and anti-spam defenses?

Foolish you.

Here is a scary statistic from cybersecurity giant McAfee’s most recent threat report: In the first quarter of this year, there were 244 new cyberthreats every minute, or more than four every second.

Another chilling finding from the report: Ransomware, which is mostly spread through spam, grew by 59 percent in the last four quarters. This is when a hacker locks you out of your computer by encrypting your files and demands payment to give you access to your own data.

Waiting for you at the end of the book is a very resourceful chapter on how to protect yourself. You’ll be safer following Krebs’ three rules for online security:

  • Rule No. 1: “If you didn’t go looking for it, don’t install it.”
  • Rule No. 2: “If you installed it, update it.”
  • Rule No. 3: “If you no longer need it, remove it.”

Even if you don’t buy “Spam Nation,” make Krebs’ blog regular reading.

I’m hosting an online discussion about “Spam Nation” at noon Eastern time on Nov. 2 at Krebs will join me to answer your cybersecurity questions.