Kanye’s Cautionary Tale
It was a surreal summit closely watched from around the world. On October 11, hip-hop megastar Kanye West went to the White House to meet with President Donald Trump. Their Oval Office sit-down was filled with remarkable moments, not least of which was West’s 10-minute rambling rant on topics ranging from hydrogen planes to alternative universes.
But even for an event full of memorable episodes, one in particular stood out to the cybersecurity community. During the meeting, camera crews captured Kanye unlocking his iPhone. His password: “000000.”
The incident resulted in the rapper being bombarded with ridicule. And for good reason: West’s passcode is inexcusably insecure. Still, this is not the only part of his cyber hygiene that’s in need of improvement. Indeed, West is a walking cautionary tale, modeling many cybersecurity worst practices. If you’re ever unsure about how to handle a security issue, you can always just ask yourself: “WWYD–What Would Yeezus Do?” Then do the opposite.
Fortunately, you don’t have to be a fan of hip-hop to learn from the man’s mistakes. And your security habits might have more in common with Kanye than you think. Here are three things Kanye West can teach senior executives about cybersecurity.
1. Strong passwords are critical.
Yes, you’ve probably been lectured about this before. But we’ll stress it again: The use of strong passwords is arguably the single most critical component of a successful cybersecurity strategy.
Needless to say, Kanye West’s choice of passcode is particularly problematic. If a hacker started from the lowest possible number and systematically and sequentially attempted to guess Kanye’s password, “000000” would literally be the first one they would try. That being said, it’s somewhat unfair to single him out for poor password hygiene. Sadly, Kanye’s password is all too typical. In 2018, the two most commonly used passwords are still “123456” and “Password.” And to be fair, there are even weaker security measures Kanye could have put in place. The only thing worse than having a weak passcode is not having one at all.
So what makes for a strong password? They should be long (eight characters or more), complex (alphanumeric, special characters, mix of upper and lowercase, etc.), and changed regularly (every 30 or 60 days). Alternatively, you can use a passphrase–a string of several random words–to secure your accounts and devices.
If you’re ever unsure about how to handle a security issue... ask yourself: “WWYD–What Would Yeezus Do?” Then do the opposite.
Despite the flood of warnings, there is a simple reason that people continue to use poor passwords: convenience. We live in an age where seemingly everything requires a passcode. Remembering all of these passwords practically requires Rain Man-esque memory abilities. It can also be a hassle to constantly have to create new passcodes. Many employees treat password change reminder emails from the IT department like a voicemail from their crazy uncle Carl–something to put off dealing with for as long as possible.
Fortunately, there is a better way. Password managers, such as LastPass or Dashlane, can automatically generate strong passwords, and then store all of them in one safe location. With today’s technology, there’s now no need to sacrifice security for the sake of convenience.
2. Beware of shoulder surfers.
Using a weak password is bad enough. What’s even worse? Having it revealed to the entire world. But that’s exactly what happened when camera crews caught Kanye inputting his iPhone passcode. These photographers were doing what’s known as “shoulder surfing”–surreptitiously sneaking a peek at someone else’s device to obtain information. Shoulder surfers may be acting out of innocent curiosity. These cameramen, for example, made their presence well-known and their intentions clear. Others, however, may have a more malicious intent. Regardless of the motive, these prying eyes pose a genuine security threat.
You’re probably not a world-famous celebrity like Kanye West, who has hordes of paparazzi following him around, photographing his every move. That doesn’t mean that you’re safe from snoopers. You never know whose eyes and ears are open, ready to snatch any snippets of your sensitive information. When you’re out in public, always be aware of your surroundings. Even former CIA Directors have gotten in trouble for failing to follow this fundamental rule.
Unfortunately, the risk from shoulder surfing has risen significantly in recent years. Over the past decade, portable devices have become ubiquitous, with more employees using them to do work outside the office. In 2010, 27 percent of all Americans carried portable screens; by 2016, that number had jumped to 80 percent. At the same time, smartphone screens have become bigger, brighter, and clearer–making it ever easier for someone to glance at your gadgets.
So how can you keep yourself safe from shoulder surfers? One effective solution is to use privacy screens. Privacy screens come in many shapes and sizes, and all work slightly differently. But basically they’re designed to reduce your screen’s visibility at an angled view, making it more difficult for other people to see your device. Privacy screens can be used on practically any digital device, whether they be smartphones, tablets, laptops, or desktops.
3. Resist the temptation of oversharing on social media.
Kanye West is infamous for his shocking and provocative social media posts. Whether he’s advocating for abolishing the 13th amendment or picking fights with fellow rappers, West has never been shy about sharing his thoughts with the rest of the world.
Kanye’s social media outbursts have sparked a tsunami of criticism. Some people believe in the old adage that “any publicity is good publicity.” Try telling that to the ever growing list of individuals who have been fired from their jobs for posting something incendiary on social media.
Making outlandish comments, however, is not the only thing that can get you into trouble on social media. Threat actors can gather all sorts of sensitive personal information from your online profiles–such as contact info and location records–that can be leveraged to conduct a cyber attack. As such, you need to be very conscious about the information you are putting out publicly on the internet. If you’re ever unsure of whether to post something on social media, remember this simple rule: When in doubt, leave it out.