Ep26: Cybersecurity Influencers Need to Do Better
The Responsibility of Cybersecurity Influencers: A Call for Integrity
This podcast addresses the issue of misinformation in the cybersecurity community, especially among influencers on platforms such as TikTok. The narrator emphasizes the importance of influencers conducting thorough research and providing accurate, evidence-based information rather than spreading myths or fear-mongering. They argue that cybersecurity influencers have an obligation to their audience to be reliable sources of information, citing examples such as unfounded fears about iOS updates and privacy. The podcast critiques the current state of cybersecurity discourse, where ease of content creation has led to an abundance of unverified information, comparing it unfavorably to the medical field where expertise is rigorously vetted. The narrator calls on influencers to improve their practices by doing proper research, citing sources, and understanding the real-world impact of their advice on data protection and security. Lastly, the importance of being discerning about the motives behind the information provided by influencers, including financial incentives, is highlighted as crucial for the audience's ability to trust the content they consume.
00:00 The Call for Cybersecurity Influencers to Step Up
00:45 The Dangers of Misinformation in Cybersecurity
02:09 The Responsibility of Influencers: Research and Truth
03:52 The Importance of Credibility and Trust in Cybersecurity Advice
05:57 The Role of Influencers in Educating the Public Responsibly
09:59 The Obligation of Cybersecurity Influencers to Provide Accurate Information
12:46 Final Thoughts: The Impact of Responsible Influence
---
I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.
--
--
Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:
--
Support this Podcast with a Tip:
--
If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity
Transcript
Cyber security influencers.
2
:Need to do better.
3
:I've noticed this over the years.
4
:As I read blogs, listen to podcasts.
5
:And watch videos on different platforms.
6
:It became really apparent.
7
:When I started my journey into TikTok.
8
:And watching people who had
hundreds of thousands of followers.
9
:Basically being TMZ.
10
:And by that, I mean, A story will break.
11
:And the next thing you know, there's
just simply putting it out there.
12
:Right.
13
:They're just taking a myth
or something that isn't true.
14
:And continuing to spread it.
15
:If you're an influencer and I don't
want to put numbers to this, but.
16
:People who have obviously influenced.
17
:You need to do better.
18
:Cyber security is not getting
better as time goes on.
19
:There's more qualified people.
20
:There's better tools.
21
:AI is helping.
22
:But it's also helping the other side.
23
:And I believe as people
who do have the knowledge.
24
:To research.
25
:And figure out what's going on
and then report that to people who
26
:don't understand how things work.
27
:You have an obligation to do that?
28
:You're not just a blogger.
29
:You're not just a podcaster.
30
:Or somebody.
31
:Who makes videos randomly and
gets likes and clicks and shares.
32
:And you've taken on the obligation.
33
:To be somewhat.
34
:Have a role model in the industry.
35
:And I think the straw that
broke the camel's back.
36
:Or my case was seeing.
37
:Way too many.
38
:Things that would come out
specific to iOS or iPhone updates.
39
:And then it was about privacy
and you need to turn this off.
40
:And of course, oh, I've researched
this, but you need to turn
41
:it off because it's there.
42
:It's sharing your name, information,
contact details, location.
43
:It's terrible for you.
44
:And every time apple
would update something.
45
:There'd be a flurry of videos.
46
:Telling you to turn something off.
47
:And that to me.
48
:Is just disrespectful to the community.
49
:And it doesn't show.
50
:That you're giving your talents.
51
:To a.
52
:Industry that you know,
that you could do better.
53
:So for influencers out there, Do better.
54
:Then that people don't understand
what these things mean.
55
:All right.
56
:I'm always, I'm always going to go
back and use the example of my mom.
57
:My mom.
58
:I would read what the update was.
59
:I would go to apple and look for the
actual official article and figure out
60
:what did, what is this new feature doing
and how is apple securing the data?
61
:You know, what protocol
are they using to share?
62
:Something.
63
:So in this example, journaling.
64
:It's using Bluetooth.
65
:Okay.
66
:If Bluetooth is on someone across the
United States or across the world is not
67
:going to connect and see what I'm doing.
68
:Furthermore, if you research
any of this stuff, it is not
69
:giving away your location.
70
:And all this kind of stuff,
depending on what app you're using.
71
:But.
72
:And the main point is.
73
:You have to be able to
look at what is coming out.
74
:For updates.
75
:And being cognizant of that and
then researching it and giving that
76
:information out to people as they
need it in a responsible manner.
77
:I understand.
78
:That there's a freedom of speech.
79
:I do.
80
:I'm doing it right now.
81
:And I understand that everybody has, is
entitled to doing a podcast, doing videos.
82
:I guess.
83
:It was a lot harder to do videos
and a lot harder to do podcasts.
84
:And so the experts that you had
somewhat did research what they had
85
:somewhat, I'm just saying somewhat.
86
:And they had the information and then
they would put it out and people listen.
87
:But now with the tools that are
out there, it is so easy to do
88
:videos, literally off my phone.
89
:Podcasting is a breeze.
90
:And so anybody.
91
:Anybody can say anything.
92
:And become on the same level as an expert.
93
:And I just don't.
94
:I agree with that.
95
:I would not want someone
giving me medical advice.
96
:On the same level as a doctor,
who'd gone to medical school
97
:for years and can research and
cite sources and have casework.
98
:And have done internships.
99
:Because this is my health.
100
:And when it comes to cybersecurity,
tips and tricks and things I need
101
:to do to protect myself, my data.
102
:I want to know that the person
that's giving that to me.
103
:Has done a legitimate amount of research.
104
:That they are competent in their field.
105
:That they understand the information
that they're disseminating.
106
:And giving out to the audience.
107
:Because they're an expert
they're supposed to be.
108
:Different than the rest of us.
109
:They're not just throwing out opinions
or what they think is going to happen
110
:in let's let's say, say that upfront.
111
:But just putting things out there
and not giving any context and
112
:information and guiding people.
113
:To make better decisions.
114
:Just makes absolutely no sense.
115
:And I couldn't even begin to give
you the examples that I have.
116
:Of terrible advice and
terrible information, or I
117
:should say half information.
118
:Incorrect information, bad information.
119
:And then it just spreads and spreads
and spreads, which is why their sites.
120
:Like snopes.com and other sites that go
and do research things that have come out,
121
:find the sources, dig into it, and then
give you the information of what's true.
122
:Or what's not based upon the
information that they have.
123
:And I don't want to go
into any thing beyond that.
124
:But when it comes to
cybersecurity and your.
125
:Family's wellbeing and
your data protection.
126
:You should know.
127
:Who is giving you the information?
128
:Not only who is giving information.
129
:What are their qualifications
for giving you the information?
130
:Do they cite sources when they're giving
you the information and do they have
131
:any financial incentive to give you the
information that they are giving you?
132
:All those things add up.
133
:To someone that you can trust
or that you can't trust.
134
:And in the end you could always say
trust and verify, and that's fine.
135
:And sometimes you don't want to
verify if you're paying somebody or
136
:listening to someone who is an expert,
that's why you're listening to them.
137
:Right.
138
:Because you assume, Hey.
139
:Cyber security is not my job.
140
:It's your job.
141
:And so I'm listening to you
because I assume and expect
142
:you've done the research.
143
:To then tell me what I need
to do and save me time.
144
:Thank you very much.
145
:That's why I listened to you.
146
:That's why I consider
you someone who I trust.
147
:You know, with these, with these things.
148
:And I am not, I'm not seeing.
149
:I'm not seeing that as much as I'd
like to, and that's not new, right.
150
:That is not new.
151
:It was prevalent in the
fitness industry for ever.
152
:It still is.
153
:And it's, you know, it's the same
thing in the cybersecurity world.
154
:Except for.
155
:Except for.
156
:Fitness was somewhat science slash art.
157
:Cyber security is.
158
:Facts versus fiction.
159
:And a story.
160
:Something's either doing
this or it's not doing this.
161
:And the person that you're listening
to, if they're giving you information
162
:on what you should do, Should be
able to back up with sources of why
163
:that's true or why that's not true.
164
:Uh, or you need to do this because
here are the facts of the situation.
165
:Don't give away all your data.
166
:To a genetic testing site without
reading the privacy policy, because.
167
:If you haven't read that policy,
you don't know what they're
168
:going to do with that data.
169
:How are they securing that data?
170
:This is big stuff for you.
171
:Right?
172
:So my last podcast was 23 and me.
173
:The pain of having to go through two
factor authentication or doing anything.
174
:You know, was.
175
:Would not have been that great as
oppo as compared to getting the
176
:information that you wanted, which was
figuring out your genetic, whatever.
177
:So when it comes to cybersecurity
things, phone updates.
178
:Or windows updates or I O S
updates or how do you delete
179
:your data or anything like that?
180
:You need to ask yourself.
181
:Who are you?
182
:That's giving me this information.
183
:Do I know anything about you?
184
:Do I know where you work?
185
:Do I know you went to school?
186
:Do I know what qualifications you have?
187
:Or have you just been reading a
bunch of blogs and I'd give me.
188
:Me information.
189
:Cause I could do that myself.
190
:Okay.
191
:And then are you citing sources?
192
:Are you giving references?
193
:Are you giving out information
where I can research on my own?
194
:If I tell you that there is a
iOS update that is going to do.
195
:X Y and Z.
196
:Am I at least giving you a source
that you can go verify that
197
:or research that on your own.
198
:If, if you're that curious.
199
:I should give you the
source where I found that.
200
:And if you want to trust me great.
201
:And if you don't, you've got a source
that you can go dig into and re yourself.
202
:Like, if I tell you, Hey, this
particular bill that just went
203
:through the house, HR two.
204
:whatever.
205
:Is going to do this,
this, and this and this.
206
:And you're like, Hey, this guy knows
what he's talking about, but he's given
207
:me the bill name and information and a
source, and I'm going to go read it for
208
:myself and verify that I agree with that.
209
:Now you don't have to, but
you could because I've given
210
:you a pathway to do that.
211
:Same goes for cybersecurity, who
is telling you this information?
212
:Are they citing sources that
you can go research on your own?
213
:Or are they just fear-mongering
and spreading diff disinformation.
214
:And rumors.
215
:And unfortunately.
216
:In my journey again,
into the online world.
217
:There are some really great
smart people out there.
218
:But they're awesome.
219
:Some not so smart people.
220
:They're very good marketers.
221
:They know how to film and they certainly
know how to do hooks and viral hooks
222
:and all that kind of stuff, but their
information, isn't all that good.
223
:And it's incomplete and
they never give sources.
224
:And that's just unfortunate.
225
:Because it just continues
to spread disinformation.
226
:Backs that don't line up.
227
:Things that you don't need
to be concerned about.
228
:Skipping over things that you
should be concerned about.
229
:So.
230
:The main point of this
particular podcast is.
231
:Cyber security influencers
need to do better.
232
:They have an obligation in my
mind, in my opinion, here's the
233
:opinion part, in my opinion.
234
:You have an obligation.
235
:If you're putting yourself out there as
an authority in a particular space, you
236
:have an obligation to do the minimum
amount of research to make sure that what
237
:you're saying is relatively trustworthy.
238
:And give out sources the best that
you can so that the people listening
239
:can go find that out on their own.
240
:If they are interested in doing that.
241
:That that really is it.
242
:I think influencers in this
particular, in all spaces, but in this
243
:particular space, Need to do better
because cyber security breaches.
244
:And your data being lost.
245
:And your identity theft.
246
:And, you know, credit
cards being compromised.
247
:And scammed and losing
money is on the rise.
248
:More so than ever before, because
the playing field is now more
249
:level than it has been in the past.
250
:And I think we're obligated to give the
people that are listening to us the best.
251
:Uh, information, resources
and things that they can do in
252
:order to protect themselves.
253
:Now, whether they choose
to do that or not.
254
:That's up to them.
255
:So if you're talking about two factor
authentication, And what's the best way
256
:to do that and how, and that you should
basically turn it on for every single
257
:site and service possibly offers it.
258
:And here's a site that you can go to,
to figure out how to do it because
259
:unfortunately, every site is going to
have a different way of turning that
260
:on, but the concept is there, right?
261
:Like strong, complex, long
passwords, password managers,
262
:two factor authentication.
263
:Whether people take
advantage of that or not.
264
:That's up to them, but you've
given them information.
265
:You're the expert in that field.
266
:And you've given him sources
that can help them turn that on
267
:for these different resources.
268
:And you've told them why
it's important to do so.
269
:So they're not the low-hanging fruit.
270
:At the end of the day, if a
company gets breached, And your
271
:information just goes out there.
272
:Like I just got my, I don't
know how many umpteenth breach
273
:notification letter this year.
274
:There's nothing I can do about that.
275
:I had EV I had everything turned on in
that side that I possibly could, and
276
:they got breached and they lost data.
277
:Nothing I can do about it.
278
:Nothing you can do about it.
279
:Right.
280
:We get some free credit
monitoring will be.
281
:But you're giving out the information
to the people that are listening,
282
:the best that you can with the
sources and the reasons that
283
:your why, why you're doing that.
284
:That is our obligation.
285
:As cybersecurity influencers.
286
:Our obligation is to do that.
287
:And I don't think a lot
of people, frankly, care.
288
:They don't really care they're in
this game for a different reason.
289
:And I'm not going to change them one bit.
290
:However.
291
:I might be able to change one person.
292
:That's listening on this podcast
to understand the concepts of who
293
:is giving you the information.
294
:Why are they qualified to do it?
295
:How did they come to that conclusion?
296
:And do they have any financial
incentive to give you that information?
297
:If you could keep that in mind.
298
:While watching hundreds and hundreds
of videos or reading hundreds of
299
:blogs or newsletters or whatever,
if you can just keep that in mind
300
:is before I completely trust what
you're saying, what anyone is saying.
301
:How can I find out for myself?
302
:This is true.
303
:Did you offer me those sources that
I can go do some independent research
304
:on my own, if I don't want to, then
I don't want to, but did you do that?
305
:And why are you giving
me this information?
306
:Are you trying to sell me something?
307
:Is there an incentive for you to say
that product a is better than product B?
308
:I mean, are you getting paid?
309
:All these things matter.
310
:And frankly, I'm concerned.
311
:For the welfare of just
the general population.
312
:Because it's happening more and more.
313
:That.
314
:We have the information.
315
:And it's not getting disseminated in a
responsible and reasonable fashion by the
316
:people that would have that influence.
317
:So I'm just doing my
teeny teeny itty-bitty.
318
:Cog in a big wheel part
of trying to do that.
319
:That's all I can do.
320
:Is just do the best that
I can and try to help you.
321
:And maybe you can help somebody else,
I guess, in a way, pay it forward.
322
:I guess.
323
:So keep that in mind.
324
:Cyber security influences
need to do better.
325
:And again, some are doing.
326
:Fantastic jobs.
327
:No, no rips on anybody out there.
328
:I'm not naming names.
329
:I'm just saying some people are doing
a fantastic job of doing that, but
330
:we all need to come together and make
sure that we're on the same page.
331
:You've taken on, you've
taken on an obligation to be
332
:an influencer in the space.
333
:And I think.
334
:Different than retail selling someone,
a product or a handbag, or what
335
:have you blankets or sheets, right.
336
:I think you have an obligation.
337
:If you're in this space to do good
for people and to protect them.
338
:That's that's the best I can tell you.
339
:So keep those things in mind.
340
:And stay safe.