The End User: Tales from the Cyber-Adjacent
Welcome to the first edition of our inaugural column “The End User.” This is an informal post, featuring discussions from cyber-adjacent community members and their interactions with cybersecurity. Want to add your story? Contact [email protected].
Let’s start with this: I do not claim to be an expert in cybersecurity… not by any stretch. Similarly to how those of us married to doctors may sometimes feel like doctors as well, helping your partner memorize cranial nerves and coagulation cascades does not a doctor make. In the same vein (no pun intended), just because I talk to some of the smartest people in the cyber industry – just because I have watched well over 100 Data Connectors events – I’m still a novice, at best.
And it’s only fair; those of you who earned the moniker of “cybersecurity analyst” or similar have clocked endless hours in classes, seminars and tests to earn your expertise. Prior to this, maybe you majored in something useful like computer science or information systems (as I cry into my political science and journalism degrees). You’ve interned and taken the unicorn entry-level jobs in cyber while I covered city council meetings for my local paper, wrote ad copy and managed marketing teams.
My point? I’m the end-user that you all seek to protect.
If I’m being generous toward myself, I’m probably at the far-end of average on the security bell curve. Thanks to my time in cyber, I’ve opted into two-factor authentication – often even on the first time I’m prompted to do so. I have also tossed a few symbols, numerals and capital letters into my passwords. Bonus: I’m on Brave and use a VPN. And I understand why I do those things.
Dissimilar to my demographical peers, I have deleted my Facebook, Twitter and Instagram, and I’ve never downloaded TikTok onto my phone. I’ve chided my parents and in-laws for posting pictures of our kids into their sites. I’m a social media ghost, with LinkedIn as my exception – namely, so I can be in touch with many of the lovely people in the Data Connectors Cybersecurity Community.
I brag about the fact that my (new) email address only generates two results on HaveIBeenPwned.com – thanks for nothing, Robinhood and Adobe. We won’t talk about my old email address that I’d signed up for as a college freshman – when did I sign up for Neopets?
Thus, my goal for this column is to discuss my personal cybersecurity “journey.”
Today’s question: I got an email from a Bitcoin casino today, asking me to verify my email address and continue opening my account. Now, no shame in your game if online gambling is your thing – but it’s truly not mine. And before anyone makes any assumptions – I double-checked with my husband, and it’s not his either. (That conversation: Me – “Hey, are you online gambling?” Him – “Do you mean Robinhood?”)
So, who is using my mostly pristine address to open an account?
I checked out the website (without clicking any links in the email, of course), and saw that it is, indeed, legitimate. And then I did something I normally wouldn’t: I replied to the email and ask them to delete my address from their marketing contacts and their account system. Maybe it was against my better judgement – maybe they’re scammers out in Kolkata who now have their mark. But they were sure to let me know that I can log in, reset my password, set up 2FA – and they appreciate my understanding. My reply reiterated that I did not want an account, and they replied shortly with the fact that I “don’t have an account.”
Okay… So is this a bad marketing email? A phishing attempt? Or did my address end up in a scrape? When this happens, what are the best practices?
I’ll be spending the next week researching these questions (and likely coming up with another brush with weird infosec stuff). Until then, let me know your thoughts in the comments.
Recent news posts
Laid-Off Tech Workers Could Consider Any of the Nearly 800,000 Open Cybersecurity Jobs
The Rise of ChatGPT: How AI Plays a Vital Role In Cybersecurity
Round Up: Partner Blogs Look Toward 2023
Hackers Don’t Take This Week Off: Weekly News Roundup
Lawmakers Prioritized Cybersecurity in 2022
Attend an Event!
Connect and collaborate with fellow security innovators at our Virtual Cybersecurity Summits.