Updated: Mar 2, 2021
Author: Teressa Gehrke
Over the last few weeks, I was gathering intel from the SANS Cyber Threat Intelligence Summit; attended the blockchain gathering, EthDenver; and then the SANS Open-Source Intelligence Summit. I have learned so much and met amazing, brilliant people in the past month. I used that time to gather topics of interest for my blog and to further my self-development.
What would you do?
Some of you may know me from webinars or conferences, school, a previous employer, or perhaps from this blog. How would you react if someone reached out to you asking for money on my behalf, saying that I was in trouble? If you’re family, you might oblige, but need more details. What if we had just met at work or at a conference? What would you do? Honestly, I hope you would see through the scam, but that’s not always the case.
Who is Dan?
Let me introduce you to Dan Shields. He’s a real person. He leads a Colorado-based community organization called Cryptorado. It has over 3000 members who have an interest in blockchain. I met him at EthDenver in 2019. EthDenver is an annual event held in Denver centered around blockchain technology and education. He recently shared with me that some of his friends were targeted and successfully scammed by impersonators that stole money pretending to be him.
I think we can all agree that 2020 and 2021 have been difficult. The thing I miss most is hugging people, like my friends and extended family. What do you miss? Grab a pen or pencil and write down three ways you connect with people. Now, read them aloud. Did it put a smile on your face? I hope so. We’ll revisit your list throughout the blog.
Dan shared his experience with me last week and it was such a compelling story that I asked him to share more details with me. Dan wrote, “Have I been successfully scammed? Not me personally, but my identity and my reputation have been used to steal from my friends… No less than $100,000 total has been stolen from people I care about, that cared about me enough to try and "help" by doing “me” a favor - it was an imposter. Under time pressure and out of kindness, they ignored the warning signs.”
Our human connection and our connection with technology is so intertwined. That is essentially what I’m trying to illustrate with the Dark Shiny Unicorn blog. These two things cannot be separated.
“I can't really express how deeply this pains me.” When Dan wrote those words, I could feel the pain in his soul and watching him tell the story last week, I could tell it still really pains him.
Remember the three things you wrote? Go back and look at them again. What would it take you to have that experience with those people, but also to sprinkle some love or caring in the form of cybersecurity awareness? Here are a few light-hearted examples you could use as a security professional:
I heard recently that people were getting sent scam emails about COVID-19 vaccines. Have you received any suspicious emails like that? I really care about you and I’m here to help you if you have questions about what you should or shouldn’t click on if you don’t know the person.
With so many people out of work, there are some get rich quick schemes. Have you checked your bank account lately just to make sure all your charges are ones that you really made?
Offer to check someone’s network settings or help them understand how to update and patch their system if they are unfamiliar or have never done so before.
Can you begin to see the connection between compassion and caring and your role as a security professional? You really can make a difference in someone’s life by the mere fact that you are showing that you care. You begin to speak someone else’s Love Language of Gifts, Acts of Service, or Quality Time. In all these examples, you can then gently open the line of communication about cybersecurity awareness. Share with someone what they should be looking for in a phishing email. You can begin providing a bit more detail.
Dan stated that his friends knew the warning signs, but perhaps overlooked them or ignored them completely because they wanted to help him. Now, he says, “The most insidious part: those relationships where people got duped now are mostly broken.” The impersonation ruined friendships and tarnished the local blockchain community. He adds, “My community has struggled to reintegrate from these attacks that we needed to shelter from. It's hurt the brand and reputation a lot.”
The security awareness, training, and education campaigns I’ve created as a consultant have been for corporate training purposes. However, I think when we start close to home and focus on a smaller community, like our friends and family we can also achieve greater awareness because it comes from a place of caring and compassion. Our friends and family know we do this for a living and that we want to help them. I still think there’s hope for Dan to repair friendships if the time is spent to inform them with a heart of patience and kindness.
Dan’s story doesn’t end here. “These scammers don't just steal money. They steal relationships and create lasting harm that they don't realize.” He makes a good point, but I believe they know they are causing harm. This is a pre-meditated act exploiting vulnerable people for financial gain, something I speak directly about in Vlog 9.
One way to remedy this is to share our knowledge and expertise in a kind, caring, and compassionate way. That’s how we begin to change behaviors that can be detrimental to home networks or at the office. The takeaway is to look over the list you created. What will it take for you to connect with people in a way that serves to protect their cybersecurity interests and create a cyber hygienic environment? What we don’t want to experience is a sense of loss, a loss of security and trust. That is what makes us cybersecurity professionals.
I’d like to thank Dan for letting me share his story and to let this be a lesson in security awareness. I hope that you found this blog helpful. Please connect with me on LinkedIn, follow me on Instagram, or Twitter. And, of course, STAY SHINY!
About the Author: Teressa Gehrke aka Dark Shiny Unicorn is a Colorado-based cybersecurity professional who incorporates her anthropology background into cybersecurity.