Genesis of 'How not to be hacked'

The story behind the story
Home / Genesis of this project

Who are you? How are you known? What have you already experienced and what are your plans for the future? The answers to these questions depend on your personal identity and the degree to which that identity is secure.

There’s a saying – “On the Internet nobody knows you are a dog.” There lies the challenge… nobody knows that you are you, and that someone else is not you. Now more than ever the case of a stolen personal identity affects our life in many lasting ways.

If you don’t properly secure your devices, criminals and online hackers can hijack them to attack national governments, deceive banks, setup sex and drug markets, or simply steal your identity – Social Security number and all. Through damage to your credit scores, an emptied savings account, or computer devices being used for criminal activities, a case of stolen identity brings undue financial struggles, legal battles, and disturbs your sense of safety in the world.

Given the importance of safeguarding identity and establishing an appropriate level of security, businesses and governments around the world are spending billions of dollars to support security measures. Big corporations with a lot to lose are protecting their enterprises by implementing training conferences, posting warnings and billboards, tightening security processes, practicing screenings and assessments, adopting strict regulation policies, upholding penalties, etc.

I should know. I have been designing and implementing these security programs for over 20 years at Ernst & Young – a multinational professional services firm with over 178,000 employees. I currently lead a large practice group focused on the concept of personal online security throughout the Americas.

Unfortunately today, despite extreme efforts to stop identity theft, online attacks are prevalent and actually increasing in certain areas. While the concept of online safety is known to the general population, the goal to stop identity theft has not been accomplished.

Something is missing here. But what? It was only after a heartfelt discussion with my family that I truly understood…

My story (and the genesis of this project):

One afternoon in March at Sweetwater Creek Park in Atlanta Georgia, my daughter, grandparents, sister, brother-in-law, and cousins were all celebrating my birthday with a picnic and hike. A beautiful day with blue skies and food on the grill. A seemingly perfect day but there was one problem; a certain family member was absent. No big deal, we gave her a call that’s when we heard the news – her credit card was declined due to fraud, again, for the third time.

After helping her with the identity recovery process, we got straight to the point; “how exactly could this happen three times?” she wondered. I should know. I spend every day working on this problem at work, trying to prevent just this from occurring.

The discussion quickly got heated and I started off bluntly giving advice on the use of a debit card versus a credit card. I paused and took a deep breath. It was time to jump into my speech about legislation and fraud limits set on the industry, providing context and references as I went. As I predicted, my family asked several clarifying questions and at the end they understood.

But had I EFFECTIVELY changed their behavior, such that they would not fall victim to identity threats? To put it simply, yes. I’m confident that my lecture cemented the best practice and security habits in their minds. I was elated! But then I had to ask: how did they not know these security practices to begin with? I certainly knew, doesn’t everyone know?

That’s when family dropped this bomb shell:

“Nobody ever told us how.”

Can you imagine my disbelief that after 20 years of working to improve security measures, my closest family members were never “told” that there are essential security practices to protect identity? After a bit more back and forth, I realized that the world at large (businesses, governments, and society) is “saying” a lot of things about identity security. These statements are not easily understood, especially by the people that need to change their risky habits. The key to teaching the public how to implement beneficial security habits is comprehension. The public needs to know why it is important to protect yourself. Only then will new habits be formed.

Following my family’s struggle, I began to investigate this topic even more passionately than I had before. Currently I have conducted over 50 interviews on the topic with the target audience and held dozens of interviews with specialists in the field. In addition to openly collaborating on the book and sharing information through regular emails, I am beginning to develop a product that can actually be comprehended by people. I hope to help change the security habits of the reader, not merely “say” things to them.

The genesis of this project is very personal to me. However, publishing materials that address the challenge of identity protection are paramount to the continuation of a functioning society as a whole. For instance, good security habits benefit a rapidly expanding world market and allow a lower cost of security operations within a business (that is, if the end user is armed with knowledge of safe technology practices, the business itself does not need to do these actions for the user). The benefits of good security habits are unlimited and widespread.

Join me in this journey – it is an ongoing adventure with no definite finish line. The point of the project is to continually better ourselves, our friends and families, and our businesses by identifying and publishing key activities that can be adopted by everyone (minus the complex technical jargon and type 9 font). This project will present easy to understand information on security and identity protection habits, ultimately sustaining a lifelong safe use of technology and commerce.

This project will lean on financial experts and practitioners across the field to provide balance to the whole equation (personal finance experts, data consultants, online business owners, etc.), but will not dive into the dependencies and complex technical explanations as these almost always create confusion.

Thank you for your interest in my passion. I welcome you to join the subscription list to receive the latest materials, to collaborate with me and other users, and to be as active as possible in the development of this project. Please share and help make this difference!

Kind regards – James DeLuccia

How can you help yourself, your family, and the community at large?

As in any grand adventure, this work requires many contributors – not just myself. Below is a short list of ways to help. If you can assist in any capacity, please comment/edit/message me!!!

1. Provide constructive criticism based on your own knowledge. Sounds simple, but each person has a particular strength – infosec, communication, grammar, art. In order for the book to resonate, we need to address all viewpoints.
2. Connect me and the project with businesses, groups, and leaders across the globe that can really cooperate and benefit from the process.
3. Recruit – share the mission. Encourage family, friends, and collages to read the blog, join the mailing list, and contribute helpful material or personal experiences regarding identity security.

Second – Share these tips with friends and family

I am always seeking feedback to improve, focus on areas of concern (such as what to do when you travel?), so please – Contact me with any questions and thoughts you have and we can help prevent others from being hacked.

Thank you!