Who hasn’t heard about hackers ripping into a small-town water treatment system in Florida and altering the chemical supplies recently? It was an explosive news story laying bare the potential for hackers to poison a water supply. It caught our attention with the fear of unconsidered risk. A watchful staff member stops them. Good, we think.
First reaction for most of us is disbelief. How can computer hackers change the chemical treatment process of our drinking water? The second reaction: well, that would never happen where I live. The thinking goes one of three routes. First, my water system is too big to fail like that. Or the opposite argument that the water system is too small to be noticed by hackers. Or finally a wary gamble: of all the targets hackers could choose, they’d never pick my water system.
But the reality is that our water systems, the power grid, banking systems, traffic light control systems and yes, even the computer systems that play safety videos on airplanes are all vulnerable to hacks. The risks inherent in our ultra-connected lives has captivated my imagination as a fiction writer for years. If everything is connected to the internet, what is safe from hackers? I explore these ideas in my second novel God of the Internet, loosely based on the Stuxnet worm which was used to hack into an Iranian nuclear facility.
Before you dismiss the exploits, realize just how basic some hacking is. One might conjure up images from film or television of rapid typing on keyboards, blue light washing over faces on young, smart techies. With those images comes the thought that hackers possess the keys to world with their mad computer programming skills. What good can someone like me, who barely understands what Twitch or Discord are, do to defend myself?
The thing to realize is that hackers don’t necessarily need mad skills to gain entry. Often, they gain entry through people making mistakes. In other words, finding system entry points is more people-focused than tech-focused. These are human-to-human hacks count on employees to want to respond to bosses, to like to get free things, or to be too busy to look closely at emails. In reality, these hacks are less about targeting vulnerabilities in networks or security defenses and more about targeting us and our co-workers and clients and business partners as people who might make mistakes.
So I’ve found that there is quite a lot that I can do to prevent hacking of the systems I interact with daily. You can too! The weapons regular folk like me can deploy against hackers are crazy simple. Use unique and long, hard-to-guess passwords for every system you log into. (Can’t remember them? Put them in a password keeper program like 1Password.) Deploy security updates regularly. Don’t use free memory sticks you got at conferences or anywhere else (like say parking lots–yes, that happened). Be really wary of the types of emails you open. So many hacks gain footholds in organizations because someone thought they were opening an email from the CEO or someone inside the company when it was really a criminal masquerading as them. A very close look at the email address usually reveals the fraud of these so-called phishing emails. For example, instead of an “m” in an address they might use an “r” and “n.”
So those of us who want to keep our water safe, our money in our bank accounts, and our power flowing would do well to consider becoming that much more cautious about our own technology habits. Now, go update your operating system.