Q. You cover cybersecurity and are extra careful about the security of your devices, apps and communications. What does your setup look like?
A. I go into this job every day assuming that I’ve already been hacked. Being on the defensive keeps me vigilant about where I’ve left myself vulnerable in my day-to-day use of my phone, laptop and other tech.
If an email would be super embarrassing to me if it leaked, maybe I would be better off not writing it? If a photo or video of my family would leave my loved ones feeling exposed if it was made public, maybe I shouldn’t keep it on my work laptop? I know that’s not an easy way for everyone to live, but I’ve covered enough breaches to know that nobody expects to be hacked, and when they are, the first thing they say is that they wish they hadn’t left themselves so vulnerable.
My setup is to basically have two systems: a work laptop, on which I try to keep everything professional so that if and when it is hacked the damage will be minimal, and then a second laptop, which I use for anything personal and never connect to my work system.
On both laptops, I use a password manager and multifactor authentication, which means that I have to verify who I am before I can get access to anything from Twitter to Gmail.
I think those precautions are the bare minimum of what we should all be doing. And even with all that, I just assume I’m going to be hacked any day.
What could be better about it?
My phone is probably the one place where I can’t keep to my own standards of separating work from personal life. I tried to have two phones for a while but found it impossible to keep them straight.
I also can’t help but keep a few photos of my daughter on my work laptop. And she’s currently my desktop photo. She’s just too darn cute not to stare at every day.
What are the worst information security practices that you see many people doing?
Passwords! One day tech companies will invent something better than passwords for security, but for now they are still the weakest link in the average person’s setup. If I could get people to stop two practices, they would be: Don’t use an obvious password like your name, your kid’s name or your birthday, and don’t use the same password for everything.
Most tech companies do a terrible job of educating people about their security, because they tend to just flood the zone with information and make it seem that if you aren’t doing everything, you are a failure. Most people I talk to say they are intimidated by what they think they need to do to stay safe online — and end up doing nothing at all.
I wish there were a five-step program for online safety. It would start with basic things, like how to come up with a strong password and use a password manager, and build from there.
What tech product are you and your family currently obsessed with at home?
We aren’t a big tech family! We try really hard to keep tech out of sight of our 1-year-old daughter. Kids are funny, though — even though we don’t watch TV around her, she loves to carry the remote around the house. My iPhone is her favorite teething toy, and she has learned how to get my laptop out of my backpack and slide it across the floor until she can hide it under the sofa.
So I would say the one piece of tech that has been really useful is the tracking function — Find My iPhone or Find My Mac — on both devices. I’ve had to put the Tile location devices, which are wireless trackers that help us keep tabs on items, on everything else.
Over the last year, I’ve also been given a lot of internet-connected toys designed for kids and their parents. All of them were either returned or left in their boxes when I saw how bad the security was.
I’m sure the day will come when we have wonderful fuzzy robots that nurse babies for us and act as perfect nannies. But for now, I’ve found that good friends and family who are willing to drop everything to come over and help are really the most important thing.