4 Cybersecurity lessons from the World’s Most Famous Hacker

On October 19th in McLean, VA, Envision Consulting hosted its 1st edition of Top Security Show, featuring the World’s Most Famous Hacker, Kevin Mitnick and financial technology expert, Bill Winterberg, CFP®. Envision’s Top Security Show is a speaker series that brings together leading cybersecurity experts to educate businesses executives and professionals across industries in the Washington, DC-area.

For 2 hours, attendees to Top Security Show had the exclusive opportunity to witness Kevin Mitnick showcase real-life techniques used by hackers to manipulate you into handing over the keys to the kingdom, breach systems and steal sensitive information.

He demonstrated why people are the weakest cybersecurity link and how ‘one foot in the door’ is all it takes to become victim of the next high-profile cybersecurity attack.

What techniques did Kevin Mitnick demonstrate live? We can’t spoil the whole show, but 3 of the most jaw-dropping included:

  • The free Wi-Fi lover: If you’re doing business or accessing personal information (think bank accounts) using free, unprotected Wi-Fi connections at coffee shops, airports or even those attwifi or xfinitywifi hotspots, think again! These Wi-Fi connections can be easily spoofed by someone around you and when a user connects to it, the criminal will register every page you visit and keystroke you make… Did we mention this device costs $99 and fits in a small backpack?
  • What’s in this USB flash-drive? It’s not news that USB flash-drives can carry deadly viruses that once plugged into a computer, they will spread to every corner of your network and compromise your most precious information. What we didn’t know is that a seemingly empty USB that passes the latest anti-virus scans could still have invisible codes that immediately after plugging into your computer will start transmitting information to criminals. Ever picked up a USB drive at a trade show or borrowed from a friend?
  • 2-minutes to find my Social Security Number? A very brave volunteer (with prior consent, of course) witnessed Kevin Mitnick go into dark web databases and with just his First and Last name and middle initial was able to find the volunteer’s Social Security Number and his last 6 addresses and phone numbers. This means that all a criminal with the right tool needs is some due diligence to be able to call your bank posing as you!

While all hacks had a technical component, they had a key thing in common- They all started with unsuspecting victims who, in one way or another, gave the hacker access to the information by not taking adequate precautions and using common sense.

4 Takeaways from the World’s Most Famous Hacker

Free and unprotected Wi-Fi is hacker’s paradise: As a general rule, you can assume that free and unprotected Wi-Fi connections at coffee shops, airports or hotels does not encrypt Internet traffic. This means that all pages you visit, passwords, credit card and personal information can easily be captured by any snoops passively ‘listening’ to Internet traffic, and you will never know until it’s too late. We should never conduct sensitive private and business-related affairs (like accessing bank accounts) through unprotected Wi-Fi connections. If you’re often on the road, it would be wise to consider a VPN service that encrypts your Internet connections.

Train and inoculate employees: Users need to be your first line of defense when it comes to cybersecurity because unfortunately, no anti-virus/malware software is 100% secure. Old school and boring training that happens one a year just to check a box is a waste of everyone’s time. To be effective, all personnel needs to be trained interactively to understand and be on the lookout for common tramps, and reinforced with regular and unexpected simulations of fake emails used by criminals to test the employee’s reaction to real-life scenarios.

Saying No is an acceptable answer: We are socially trained that saying No makes us look uncooperative or like plain jerks. Criminals often take advantage of this to gather intelligence by pretending to be a seemingly trustworthy source like suppliers, prospects or even coworkers and ask for key personal or business information to plan an attack. Train employees in your business that it’s OK to say NO to odd incoming requests.

Keep all devices up-to-date: All software, applications and operating systems (like Windows or OSx) have vulnerabilities that over timer hackers discover and exploit to gain access and control of your computers, tablets and mobile devices. In response, manufacturers regularly release updates that more than new flashy features, are often intended to patch these vulnerabilities. As a layer of protection and to reduce risk, it’s key to keep all devices up-to-date with the latest versions of software, apps and operating systems, so don’t ignore those update prompts for too long!

Watch Kevin Mitnick’s 6 Key Cybersecurity Lessons at Top Security Show 2016