Episode 26

full
Published on:

14th Mar 2024

Ep26: Cybersecurity Influencers Need to Do Better

The Responsibility of Cybersecurity Influencers: A Call for Integrity

This podcast addresses the issue of misinformation in the cybersecurity community, especially among influencers on platforms such as TikTok. The narrator emphasizes the importance of influencers conducting thorough research and providing accurate, evidence-based information rather than spreading myths or fear-mongering. They argue that cybersecurity influencers have an obligation to their audience to be reliable sources of information, citing examples such as unfounded fears about iOS updates and privacy. The podcast critiques the current state of cybersecurity discourse, where ease of content creation has led to an abundance of unverified information, comparing it unfavorably to the medical field where expertise is rigorously vetted. The narrator calls on influencers to improve their practices by doing proper research, citing sources, and understanding the real-world impact of their advice on data protection and security. Lastly, the importance of being discerning about the motives behind the information provided by influencers, including financial incentives, is highlighted as crucial for the audience's ability to trust the content they consume.

00:00 The Call for Cybersecurity Influencers to Step Up

00:45 The Dangers of Misinformation in Cybersecurity

02:09 The Responsibility of Influencers: Research and Truth

03:52 The Importance of Credibility and Trust in Cybersecurity Advice

05:57 The Role of Influencers in Educating the Public Responsibly

09:59 The Obligation of Cybersecurity Influencers to Provide Accurate Information

12:46 Final Thoughts: The Impact of Responsible Influence

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity

Transcript
Marc:

Cyber security influencers.

2

:

Need to do better.

3

:

I've noticed this over the years.

4

:

As I read blogs, listen to podcasts.

5

:

And watch videos on different platforms.

6

:

It became really apparent.

7

:

When I started my journey into TikTok.

8

:

And watching people who had

hundreds of thousands of followers.

9

:

Basically being TMZ.

10

:

And by that, I mean, A story will break.

11

:

And the next thing you know, there's

just simply putting it out there.

12

:

Right.

13

:

They're just taking a myth

or something that isn't true.

14

:

And continuing to spread it.

15

:

If you're an influencer and I don't

want to put numbers to this, but.

16

:

People who have obviously influenced.

17

:

You need to do better.

18

:

Cyber security is not getting

better as time goes on.

19

:

There's more qualified people.

20

:

There's better tools.

21

:

AI is helping.

22

:

But it's also helping the other side.

23

:

And I believe as people

who do have the knowledge.

24

:

To research.

25

:

And figure out what's going on

and then report that to people who

26

:

don't understand how things work.

27

:

You have an obligation to do that?

28

:

You're not just a blogger.

29

:

You're not just a podcaster.

30

:

Or somebody.

31

:

Who makes videos randomly and

gets likes and clicks and shares.

32

:

And you've taken on the obligation.

33

:

To be somewhat.

34

:

Have a role model in the industry.

35

:

And I think the straw that

broke the camel's back.

36

:

Or my case was seeing.

37

:

Way too many.

38

:

Things that would come out

specific to iOS or iPhone updates.

39

:

And then it was about privacy

and you need to turn this off.

40

:

And of course, oh, I've researched

this, but you need to turn

41

:

it off because it's there.

42

:

It's sharing your name, information,

contact details, location.

43

:

It's terrible for you.

44

:

And every time apple

would update something.

45

:

There'd be a flurry of videos.

46

:

Telling you to turn something off.

47

:

And that to me.

48

:

Is just disrespectful to the community.

49

:

And it doesn't show.

50

:

That you're giving your talents.

51

:

To a.

52

:

Industry that you know,

that you could do better.

53

:

So for influencers out there, Do better.

54

:

Then that people don't understand

what these things mean.

55

:

All right.

56

:

I'm always, I'm always going to go

back and use the example of my mom.

57

:

My mom.

58

:

I would read what the update was.

59

:

I would go to apple and look for the

actual official article and figure out

60

:

what did, what is this new feature doing

and how is apple securing the data?

61

:

You know, what protocol

are they using to share?

62

:

Something.

63

:

So in this example, journaling.

64

:

It's using Bluetooth.

65

:

Okay.

66

:

If Bluetooth is on someone across the

United States or across the world is not

67

:

going to connect and see what I'm doing.

68

:

Furthermore, if you research

any of this stuff, it is not

69

:

giving away your location.

70

:

And all this kind of stuff,

depending on what app you're using.

71

:

But.

72

:

And the main point is.

73

:

You have to be able to

look at what is coming out.

74

:

For updates.

75

:

And being cognizant of that and

then researching it and giving that

76

:

information out to people as they

need it in a responsible manner.

77

:

I understand.

78

:

That there's a freedom of speech.

79

:

I do.

80

:

I'm doing it right now.

81

:

And I understand that everybody has, is

entitled to doing a podcast, doing videos.

82

:

I guess.

83

:

It was a lot harder to do videos

and a lot harder to do podcasts.

84

:

And so the experts that you had

somewhat did research what they had

85

:

somewhat, I'm just saying somewhat.

86

:

And they had the information and then

they would put it out and people listen.

87

:

But now with the tools that are

out there, it is so easy to do

88

:

videos, literally off my phone.

89

:

Podcasting is a breeze.

90

:

And so anybody.

91

:

Anybody can say anything.

92

:

And become on the same level as an expert.

93

:

And I just don't.

94

:

I agree with that.

95

:

I would not want someone

giving me medical advice.

96

:

On the same level as a doctor,

who'd gone to medical school

97

:

for years and can research and

cite sources and have casework.

98

:

And have done internships.

99

:

Because this is my health.

100

:

And when it comes to cybersecurity,

tips and tricks and things I need

101

:

to do to protect myself, my data.

102

:

I want to know that the person

that's giving that to me.

103

:

Has done a legitimate amount of research.

104

:

That they are competent in their field.

105

:

That they understand the information

that they're disseminating.

106

:

And giving out to the audience.

107

:

Because they're an expert

they're supposed to be.

108

:

Different than the rest of us.

109

:

They're not just throwing out opinions

or what they think is going to happen

110

:

in let's let's say, say that upfront.

111

:

But just putting things out there

and not giving any context and

112

:

information and guiding people.

113

:

To make better decisions.

114

:

Just makes absolutely no sense.

115

:

And I couldn't even begin to give

you the examples that I have.

116

:

Of terrible advice and

terrible information, or I

117

:

should say half information.

118

:

Incorrect information, bad information.

119

:

And then it just spreads and spreads

and spreads, which is why their sites.

120

:

Like snopes.com and other sites that go

and do research things that have come out,

121

:

find the sources, dig into it, and then

give you the information of what's true.

122

:

Or what's not based upon the

information that they have.

123

:

And I don't want to go

into any thing beyond that.

124

:

But when it comes to

cybersecurity and your.

125

:

Family's wellbeing and

your data protection.

126

:

You should know.

127

:

Who is giving you the information?

128

:

Not only who is giving information.

129

:

What are their qualifications

for giving you the information?

130

:

Do they cite sources when they're giving

you the information and do they have

131

:

any financial incentive to give you the

information that they are giving you?

132

:

All those things add up.

133

:

To someone that you can trust

or that you can't trust.

134

:

And in the end you could always say

trust and verify, and that's fine.

135

:

And sometimes you don't want to

verify if you're paying somebody or

136

:

listening to someone who is an expert,

that's why you're listening to them.

137

:

Right.

138

:

Because you assume, Hey.

139

:

Cyber security is not my job.

140

:

It's your job.

141

:

And so I'm listening to you

because I assume and expect

142

:

you've done the research.

143

:

To then tell me what I need

to do and save me time.

144

:

Thank you very much.

145

:

That's why I listened to you.

146

:

That's why I consider

you someone who I trust.

147

:

You know, with these, with these things.

148

:

And I am not, I'm not seeing.

149

:

I'm not seeing that as much as I'd

like to, and that's not new, right.

150

:

That is not new.

151

:

It was prevalent in the

fitness industry for ever.

152

:

It still is.

153

:

And it's, you know, it's the same

thing in the cybersecurity world.

154

:

Except for.

155

:

Except for.

156

:

Fitness was somewhat science slash art.

157

:

Cyber security is.

158

:

Facts versus fiction.

159

:

And a story.

160

:

Something's either doing

this or it's not doing this.

161

:

And the person that you're listening

to, if they're giving you information

162

:

on what you should do, Should be

able to back up with sources of why

163

:

that's true or why that's not true.

164

:

Uh, or you need to do this because

here are the facts of the situation.

165

:

Don't give away all your data.

166

:

To a genetic testing site without

reading the privacy policy, because.

167

:

If you haven't read that policy,

you don't know what they're

168

:

going to do with that data.

169

:

How are they securing that data?

170

:

This is big stuff for you.

171

:

Right?

172

:

So my last podcast was 23 and me.

173

:

The pain of having to go through two

factor authentication or doing anything.

174

:

You know, was.

175

:

Would not have been that great as

oppo as compared to getting the

176

:

information that you wanted, which was

figuring out your genetic, whatever.

177

:

So when it comes to cybersecurity

things, phone updates.

178

:

Or windows updates or I O S

updates or how do you delete

179

:

your data or anything like that?

180

:

You need to ask yourself.

181

:

Who are you?

182

:

That's giving me this information.

183

:

Do I know anything about you?

184

:

Do I know where you work?

185

:

Do I know you went to school?

186

:

Do I know what qualifications you have?

187

:

Or have you just been reading a

bunch of blogs and I'd give me.

188

:

Me information.

189

:

Cause I could do that myself.

190

:

Okay.

191

:

And then are you citing sources?

192

:

Are you giving references?

193

:

Are you giving out information

where I can research on my own?

194

:

If I tell you that there is a

iOS update that is going to do.

195

:

X Y and Z.

196

:

Am I at least giving you a source

that you can go verify that

197

:

or research that on your own.

198

:

If, if you're that curious.

199

:

I should give you the

source where I found that.

200

:

And if you want to trust me great.

201

:

And if you don't, you've got a source

that you can go dig into and re yourself.

202

:

Like, if I tell you, Hey, this

particular bill that just went

203

:

through the house, HR two.

204

:

whatever.

205

:

Is going to do this,

this, and this and this.

206

:

And you're like, Hey, this guy knows

what he's talking about, but he's given

207

:

me the bill name and information and a

source, and I'm going to go read it for

208

:

myself and verify that I agree with that.

209

:

Now you don't have to, but

you could because I've given

210

:

you a pathway to do that.

211

:

Same goes for cybersecurity, who

is telling you this information?

212

:

Are they citing sources that

you can go research on your own?

213

:

Or are they just fear-mongering

and spreading diff disinformation.

214

:

And rumors.

215

:

And unfortunately.

216

:

In my journey again,

into the online world.

217

:

There are some really great

smart people out there.

218

:

But they're awesome.

219

:

Some not so smart people.

220

:

They're very good marketers.

221

:

They know how to film and they certainly

know how to do hooks and viral hooks

222

:

and all that kind of stuff, but their

information, isn't all that good.

223

:

And it's incomplete and

they never give sources.

224

:

And that's just unfortunate.

225

:

Because it just continues

to spread disinformation.

226

:

Backs that don't line up.

227

:

Things that you don't need

to be concerned about.

228

:

Skipping over things that you

should be concerned about.

229

:

So.

230

:

The main point of this

particular podcast is.

231

:

Cyber security influencers

need to do better.

232

:

They have an obligation in my

mind, in my opinion, here's the

233

:

opinion part, in my opinion.

234

:

You have an obligation.

235

:

If you're putting yourself out there as

an authority in a particular space, you

236

:

have an obligation to do the minimum

amount of research to make sure that what

237

:

you're saying is relatively trustworthy.

238

:

And give out sources the best that

you can so that the people listening

239

:

can go find that out on their own.

240

:

If they are interested in doing that.

241

:

That that really is it.

242

:

I think influencers in this

particular, in all spaces, but in this

243

:

particular space, Need to do better

because cyber security breaches.

244

:

And your data being lost.

245

:

And your identity theft.

246

:

And, you know, credit

cards being compromised.

247

:

And scammed and losing

money is on the rise.

248

:

More so than ever before, because

the playing field is now more

249

:

level than it has been in the past.

250

:

And I think we're obligated to give the

people that are listening to us the best.

251

:

Uh, information, resources

and things that they can do in

252

:

order to protect themselves.

253

:

Now, whether they choose

to do that or not.

254

:

That's up to them.

255

:

So if you're talking about two factor

authentication, And what's the best way

256

:

to do that and how, and that you should

basically turn it on for every single

257

:

site and service possibly offers it.

258

:

And here's a site that you can go to,

to figure out how to do it because

259

:

unfortunately, every site is going to

have a different way of turning that

260

:

on, but the concept is there, right?

261

:

Like strong, complex, long

passwords, password managers,

262

:

two factor authentication.

263

:

Whether people take

advantage of that or not.

264

:

That's up to them, but you've

given them information.

265

:

You're the expert in that field.

266

:

And you've given him sources

that can help them turn that on

267

:

for these different resources.

268

:

And you've told them why

it's important to do so.

269

:

So they're not the low-hanging fruit.

270

:

At the end of the day, if a

company gets breached, And your

271

:

information just goes out there.

272

:

Like I just got my, I don't

know how many umpteenth breach

273

:

notification letter this year.

274

:

There's nothing I can do about that.

275

:

I had EV I had everything turned on in

that side that I possibly could, and

276

:

they got breached and they lost data.

277

:

Nothing I can do about it.

278

:

Nothing you can do about it.

279

:

Right.

280

:

We get some free credit

monitoring will be.

281

:

But you're giving out the information

to the people that are listening,

282

:

the best that you can with the

sources and the reasons that

283

:

your why, why you're doing that.

284

:

That is our obligation.

285

:

As cybersecurity influencers.

286

:

Our obligation is to do that.

287

:

And I don't think a lot

of people, frankly, care.

288

:

They don't really care they're in

this game for a different reason.

289

:

And I'm not going to change them one bit.

290

:

However.

291

:

I might be able to change one person.

292

:

That's listening on this podcast

to understand the concepts of who

293

:

is giving you the information.

294

:

Why are they qualified to do it?

295

:

How did they come to that conclusion?

296

:

And do they have any financial

incentive to give you that information?

297

:

If you could keep that in mind.

298

:

While watching hundreds and hundreds

of videos or reading hundreds of

299

:

blogs or newsletters or whatever,

if you can just keep that in mind

300

:

is before I completely trust what

you're saying, what anyone is saying.

301

:

How can I find out for myself?

302

:

This is true.

303

:

Did you offer me those sources that

I can go do some independent research

304

:

on my own, if I don't want to, then

I don't want to, but did you do that?

305

:

And why are you giving

me this information?

306

:

Are you trying to sell me something?

307

:

Is there an incentive for you to say

that product a is better than product B?

308

:

I mean, are you getting paid?

309

:

All these things matter.

310

:

And frankly, I'm concerned.

311

:

For the welfare of just

the general population.

312

:

Because it's happening more and more.

313

:

That.

314

:

We have the information.

315

:

And it's not getting disseminated in a

responsible and reasonable fashion by the

316

:

people that would have that influence.

317

:

So I'm just doing my

teeny teeny itty-bitty.

318

:

Cog in a big wheel part

of trying to do that.

319

:

That's all I can do.

320

:

Is just do the best that

I can and try to help you.

321

:

And maybe you can help somebody else,

I guess, in a way, pay it forward.

322

:

I guess.

323

:

So keep that in mind.

324

:

Cyber security influences

need to do better.

325

:

And again, some are doing.

326

:

Fantastic jobs.

327

:

No, no rips on anybody out there.

328

:

I'm not naming names.

329

:

I'm just saying some people are doing

a fantastic job of doing that, but

330

:

we all need to come together and make

sure that we're on the same page.

331

:

You've taken on, you've

taken on an obligation to be

332

:

an influencer in the space.

333

:

And I think.

334

:

Different than retail selling someone,

a product or a handbag, or what

335

:

have you blankets or sheets, right.

336

:

I think you have an obligation.

337

:

If you're in this space to do good

for people and to protect them.

338

:

That's that's the best I can tell you.

339

:

So keep those things in mind.

340

:

And stay safe.

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.