Published on: December 9, 2024
From free VPNs to popular messaging platforms, some of the most popular tools and habits you trust might actually be putting your data at risk.
In this interview series by Safety Detectives, I invite cybersecurity experts to reveal the most dangerous mistakes millions of people still make, and their top tips to avoid them.
My guest today is Tom Kirkham, founder and CEO of Kirkham IronTech, a cybersecurity firm specialized in cybersecurity solutions and training programs, recognized as one of the top 250 Managed Service Providers (MSPs) globally in 2022, 2023, and 2024.
Throughout his 30 years career, Kirkham has received multiple awards for software design and has founded several successful technology companies. He is also a two-time Amazon bestselling author, with his new book “Hack the Rich – A Cybersecurity Parable” now available on Amazon. He’s also an active member of the FBI’s Arkansas InfraGard Chapter, where he engages with other professionals on current security threats and best practices.
Are there any cybersecurity habits or apps that most people consider safe but should avoid at all costs, and why?
A lot of people still think regularly changing passwords is a great security habit, but it can actually backfire. What happens is people fall into predictable patterns —adding a number at the end or slightly tweaking their old password—which makes it easier for hackers to crack.
Instead of constantly changing passwords, focus on creating strong, unique ones from the start and use a password manager to keep them safe. Many password managers can also generate unique passwords (so you don’t have to memorize them all), but you prefer to create your own passwords, here are some tips to make them unique, secure, and memorable:
- Combine four or more random, unrelated words (aka ‘passphrases’). For example, ‘ElephantSkateboardJellyfish’
- Longer passwords generally take longer to crack. Aim for a minimum of 12 characters.
- Make your passwords even more complex by mixing upper and lower case letters, shortened words (e.g. DancingPolarBears becomes “DancPolBrsnumbers) and special characters (e.g., symbols). Our example passphrase could become something like ‘Elephant!Skateboard^Jellyfish2024’
- Avoid using easily guessable information such as personal details (birthdays, names, etc.), common words and phrases, sequential numbers (1234), dictionary words, or keyboard patterns (qwerty etc. ) because hackers have tools able to guess these common patterns.
Can you share an example of how these mistakes caused significant damage, and what could have prevented it?
Never ever reuse passwords across multiple accounts. If one account gets breached, hackers will try to reuse the same password on others (this is called ‘credential stuffing’).
Remember what happened in 2021––a massive Facebook data breach exposed personal information, including email addresses and passwords, of over 500 million users. Many people affected had reused passwords across various platforms, which allowed hackers to exploit the leaked data in credential-stuffing attacks.
If those users had been using a password manager to create and store unique passwords for each account, they could have limited the damage. It’s a clear reminder that relying on the same password for multiple accounts is a major vulnerability.
Why do people keep falling for these mistakes, and how can they spot the red flags?
Convenience often wins over security. People don’t want to deal with the hassle of remembering strong passwords or managing a password manager, so they cut corners. Hackers know this, which is why they rely on techniques like credential stuffing and phishing to exploit those weaknesses.
Look for unexpected emails asking you to reset your password or verify your account. Always check the sender’s address and hover over links to see where they lead. If it feels rushed or urgent, take a step back and verify through a trusted source.
On the flip side, do you have any lesser-known or counterintuitive tips that everyone can implement today? How do they help where traditional solutions fail?
Don’t make passwords memorable—make them random. Password managers handle the complexity, so you don’t have to.
Regularly audit your accounts and delete old ones you no longer use. Those forgotten accounts are goldmines for hackers if they’re tied to outdated, weak passwords.
Enable multi-factor authentication (MFA) on critical accounts—it’s not foolproof, but it adds a strong second line of defense.
If someone wants to strengthen their online security and privacy, what are five steps they should take today?
1. Use a password manager: It simplifies your life and keeps your accounts secure with unique, strong passwords.
2. Enable multi-factor authentication (MFA): Especially on financial, email, and social media accounts.
3. Check for breaches: Use tools like “Have I Been Pwned” to know if your credentials have been leaked.
4. Log out of unused devices: Staying logged in everywhere increases your exposure.
5. Educate yourself: Stay informed about the latest scams and threats so you can spot them before they get to you.
Looking ahead, what opportunities and challenges should people prepare to face in 2025? What should they start doing today to get ready?
The challenge ahead is that cyberattacks are getting more targeted and harder to detect. Hackers will use AI to automate attacks and make phishing attempts more convincing. But there’s an opportunity here too—AI-powered security tools are evolving just as quickly.
To get ready, adopt tools that leverage AI for threat detection and response, and start training your team to recognize subtle scams like spear-phishing emails. The earlier you adapt, the better prepared you’ll be to handle what’s coming.
Connect with Tom Kirkham
Website:
- www.kirkhamirontech.com
- www.tomkirkham.com
LinkedIn: https://www.linkedin.com/in/tomkirkham/
X: https://x.com/kirkhamirontech