Ep. 085 - Stewarding Your Digital Life: Biblical Wisdom for Cybersecurity

Episode Transcript

Spencer
Being proactive to protect the assets that God has placed in your hands is wide stewardship. We do this not out of fear of losing, but out of honoring God with the gifts that he gives us. Today, we want to consider how we can be good stewards of the digital lives and digital assets that the Lord has placed in our lives.
Today we get to talk about an interesting topic. Stewardship of digital resources. Our digital lives really of cybersecurity in some ways. And of course, I'm such an expert in this that I'm going to speak very little on this and just turn to my friend Austin, who will unpack most of this. But as you think about this as a topic, what do we where do we start here?
Austin?

Austin
Well I think there's a couple key things that we need to remember. One is that there are one of us in the room that is a digital native that has been around computers for my entire life. The other grew into his affection for the beautiful machine of the computer. I think the reality, though, Spencer, is there are no scriptures that we can look at that say what to do with your digital life.
The reality is, Jesus, as he was talking on the sermon on the Mount, didn't say, when you have a password that is compromised and your financial data was leaked onto the dark web, this is what you need to do. So really we come back to this and we say, okay, how do we take biblical principles and really overlay them on our lives as stewards of the digital assets that God has put in our hands?
And so we come back and say we are stewards. God owns it all. These computers, our email accounts, our phones, all of the digital life that we have surrounded ourselves with. Then in a lot of ways, we can't live without. We have to be stewards of that. Both of the intellectual property, but also of the actual physical devices.
And so that's what we want to come back to today, is reminding ourselves again and again and again. God owns it all. He is the owner. He is the one that we are stewarding these things on his behalf. And we think about that, well, that's kind of silly as we think about like my cell phone or my laptop, but these are really, as we think about it even more, they're they're the gateway,
they're the keys to our modern life. And so when we think about this we're thinking about how do we put guardrails up on these things that are really the keys to our life. So we don't want to just open the door. We think about cyber security. We've talked about this in other channels where we say it's kind of like the front door to your house.
Sometimes I leave my front door unlocked when I'm home. Sometimes I accidentally forget to when I'm leaving my house. Doesn't happen very often, but sometimes it does. The reality is, we don't want to leave our house with our front door both unlocked and wide open. Because then we are setting ourselves up for some vulnerabilities here.

Spencer
It's interesting because everyone is going to have a different set of concerns and constraints. Like for your house, your physical house, you don't have a German Shepherd dog that is patrolling the outside. So you need to make sure that you keep your door locked more than maybe Emily and I do, because we know we have a crazy dog that no one even really wants to come into our yard
with. But it does illustrate the point that each one of us, we have certain vulnerabilities, we have certain things that we need to pay a little bit more attention to than others. And so as we think about that, what are those areas that we need to pay the most attention to kind of in our digital, our modern lives?

Austin
Absolutely. So I think there's kind of two ways that we think about this. The hardware and the software side of things, when we think about the hardware, you're thinking about your computer, your cell phones, your smart microwave. Those are things that are hard wired into your home or into your home internet system. So that's kind of key
door one. Door two is the cloud based softwares that we all have grown accustomed to using. I don't know when the last time you went to your bank and said, hey, where are my thousands of dollars that I can take out? Sometimes we do go to the bank, but a lot of times it's just a swipe of the debit card, a swipe of the credit card.
Our lives, our bank accounts, our credit card accounts, our retirement savings, they, in most cases, are numbers, ones and zeros in a computer somewhere. They're not all stored as physical money at the bank, depending on how much you have. If you have $300 to your name, then I think you can pull that out of the bank. But in some of those larger accounts, you're not going to be able to pull out that substantial amount of sum of money.
And so we have to think about what are those physical hardware devices that we need to protect? And then what are those software protections? Thinking about things like even email accounts, cell phone numbers that we really want to guard and try to put those, those fences around to be able to stay protected. And so we'll talk about a couple key things that we can really do.
But again, the Lord has placed these things in our hands. If we were to leave that front door open, leave the wallet in our car, leave the keys in the car overnight, it's just kind of leaving us vulnerable and open to a potential attack.

Spencer
Well, I like the idea of us looking into this as stewards, because it takes away the ultimate responsibility that has to be the Lord's. We can do everything right, literally, and still lose all of it to some kind of really adept hacker. We all have to acknowledge that we don't have ultimate control there, but there are things that we can do that can really limit the likelihood that that happens,
and that's the role of the steward. The steward says, okay, what are the things that I need to focus on? I need to have my attention. And this even as I reflect on it, this even gives me a little bit of space because, you know, when I'm on the phone with Verizon, you know, for six hours over the last couple of weeks, it's like, okay, well, yeah, I need to be a steward here.
I need to make sure that, you know, my family has the phone access that it needs and that as my kids go out and they're out with friends that they've got, a contact point that they can use to talk to my wife and I. And this is a gift. It's a blessing. I can have gratitude for it.
But I also don't have to go to the place where if something doesn't work, I get furious because it's not completely in my control. All I'm being asked to do is to be faithful in this moment, and there's only 24 hours in a day.

Austin
And faithful in the moment, and faithful to recognize that you can, again, like you said, you can take every single precaution in the book, and still have a vulnerability. Because there are people that are far smarter than you and I that are located all around the world that are trying to get into our bank accounts right now.
I mean, that's just the reality of it. When you work with large national institutions that hold resources, there are going to be places, people in places like North Korea, that are going to be trying to get to your bank account because they want your money. And so you can do everything right, and you can put every precaution in place and live in a tremendous amount of fear,
or you can say, Lord, I've done what I can. You've put these things in my hands. I am trying my best to be a good steward, but some of it's out of my control. So what are some of those key cybersecurity steps that we can take? And we're just going to fly through some of these because we we can dive into it,
it’s a granular detail, but really we want to start thinking what are those really critical points.? And I think one of the first ones is just our passwords. If you do not know that your password should not be password or even an iteration of password, if it's P A dollar sign, dollar sign, W zero R D, that's also not safe. If you know that that if you have a password that is that, please pause this.
Go change it right now. Go change every one of your passwords right now. The reality is you need a strong password and ideally a different password for every website that you log into. So this can seem daunting, but fear not, fret not. If you have an iPhone, if you have an Android, if you have access to any device, there is a password manager that you can either utilize that is encrypted on your device, or that you can use a service such as LastPass,
Bitwarden, One Password, and you can utilize these services to both help you remember, and generate incredibly secure, incredibly complex passwords that it will automatically put into the website for you. The reality here is this is kind of like you're carrying a key. You need to have a key to your doors. And if you use the same key for every single door that you ever have used in every item, well if you lose that key then there's a big problem.
So you want to have different keys for different things.

Spencer
Or if you have the keys stolen now your whole life is open to this and you have a similar thing because none of us would really like for the key to our bank and our investments and our home and our car really to be the same. There might be a little convenience there, but, we would be, you know, left very much liable.
And I think there's a balance here. Really, when we think about it, we could make things incredibly complex, and we could have the greatest level of security on on all kinds of particular areas, but it would be unusable. We have to we have to have that balance of usability where we can actually continue to function in this way in life and still enjoy life, but also have security precautions in place.
I think back to, you know, you telling me that I'm not a digital native, and the first time that I was, using a computer consistently was in seventh grade in Maryville Middle School. We had to have a login for each of us to do this typing program. Why? We needed a login to be able to do a typing program, I don't know.
But I still remember the guy to my right was Brian, and he had this incredibly complex password. He did not want anyone else to use his password. And he finally told us at the end of the time what his password was. It was “don't fake the funk on a fancy dunk”. And it was from this Shaquille O'Neal computer, commercial.
But he would type that thing in, and it would take him so long compared to everyone else, and we all probably had this password that was like “password” or something crazy like that. But he looked over it and he was like, no, I'm willing to have this inconvenience, to get in because I'm concerned that someone else might hack it, whereas the rest of us were like, it's not that important to us.
I mean, whether, you know, you win this, you know, typing contest via somebody else's typing in for you, well, it's still not that big of a deal. So all of us, I think, have to come back to how important is this particular, you know, password? How much am I going to put into it?

Austin
Well, and I think to that point, it's like if I think about master passwords, the key to the entirety of your password ecosystem, “don't fake the funk on a fancy dunk” or whatever it was, that's a great master password because it's really long and you rarely have to type it in. And so think about that. If you have essentially one key that is your gateway to all the other keys.
If you're using a LastPass, a Bitwarden, a One Password, create an incredibly complex master password that's really easy for you to remember. That then, is really hard to crack. Okay, so we got passwords down. We could beat that drum as much as we want, but we're going to move on. Turn on multi-factor authentication wherever possible.
I know it's a pain. I know it's a pain to either receive the text message, receive the phone call, get it onto your authenticator app. But it is so much more secure. And you just need to do it. Wherever it's possible. Especially especially if it is your bank, your anything financial. Make sure or if it has any access to tax information, social security numbers like your really critical data, health records.
Turn on multi-factor authentication. And I would strongly recommend here using an app versus an SMS text message or phone call. Some institutions will only allow you to do SMS, phone call, email. Those can be hacked really easily. Whereas if it is a second code that is on your device, it allows you to have something physical that is not tied to a digital cert source.
So multifactor authentication when possible. Next, we're going to say freeze your credit. I'm going to tag you on this one because you actually know what you're talking about here.

Spencer
Well, and thank goodness here, I know something about this. But freezing your credit basically is going to shut down hackers being able to set up accounts on your behalf, or being able to, impersonate you. So this is really helpful. Typically you want to do this with the three main credit bureaus. You've got Experian, TransUnion, and Equifax that you certainly want to address.
There are some others, that, that you may consider, I think check systems is the one that a lot of banks use. So you could, could freeze that one as well. But if you do that, it's going to stop anyone, again, from opening a credit card in your name, bank account in your name, taking out a loan in your name.
Because any of these financial institutions, they're going to ping one of these, bureaus to look at your credit, and if it's shut down, they're not going to open an account on this hacker's behalf. So this is one of the easiest ways. Now, there is a little bit of legwork here, but for most of our clients that we walk through it, even those of us who are not digital natives oftentimes can get this done in an hour or two.
Now, the thing that you need to recognize as well is that when you have a legitimate need for someone to ping those bureaus, you're going to have to thaw that freeze. And but that's not all that difficult. You can do this, and you know, usually it's somewhere between three days and seven days that you thought for, and then it's refrozen and then you're on your merry way

Austin
Right. Absolutely. Okay, so the next one we want to cover is don't click suspicious links. I know your favorite prince in Nigeria really wants to send you that money via that via some Bitcoin. Don't do it. Don't do it. The toll tag scam, the IRS is, you're delinquent on your IRS payments. If you know you've paid the IRS,
don't click the link. All they're trying to do is access. Don't click those links.

Spencer
Even if you haven't paid the IRS, don't click the link.

Austin
Don’t click the link

Spencer
Because they're not going to be texting you about this. They're, you know, they're going to be sending you a formal letter, an angry formal letter, but they're not going to be texting you to say, hey, click this link and, you know, pay us the $561.34 that you owe us. Not happening.

Austin
Right, right. So the easiest way there is go directly to the website. If you have a suspicious email from Microsoft or from the IRS or from some other institution, close the link. Close the text message, the email, delete it, do whatever you need to do, and then log on to your irs.gov, log in and see. Oh, this is what I owe and it's not due until this date.
I don't need to pay it, or oh, that was a total scam. Just don't click random links. It's bad news. The next one is one of my favorites. Wait, should I post this photo online? We may think that posting photos of our trips and vacations is really innocuous. I am just, I'm at the Eiffel Tower, and I want to show my friends that I'm at the Eiffel Tower.
If you've also shown the rest of the world that you're at the Eiffel Tower, then maybe they know you're a little bit more vulnerable because you're away from your normal safety net. Now, obviously if you live in Paris, then that's something different. But if you're in Paris, you're probably not taking a photo by the Eiffel Tower. So the reality here is if you want to send photos to your friends and family, send it directly.
Hey, I got to see this great thing today. Let me take, let me show you. When we are traveling, whether it's stateside or anywhere, we like to let our family know that we are safe, that we have arrived, that these are the cool things that we are seeing. We don't want the rest of the world to know. When you return home,
it’s a great time to share it on Facebook. It's a great time to share it on Instagram. However, when you are in that place, it actually creates a vulnerability because then somebody could see if they're a bad actor. Hey, I see not only are they outside of the country, but they're outside of the country and they have a means to make it to the outside of the country.
And so you just really have to be cautious of how much do you share, and I think this is kind of a biblical principle in general, if we think about like guarding our hearts. We don't want to share too much information with too many people. We want to really protect what God has allowed us to be able to do.
We want to be good stewards of that.

Spencer
Well and we've seen this actually play out with clients. There are clients who post to Facebook, and we've had calls, from folks who are bad actors trying to impersonate those clients. or I shouldn't say, calls. We've had actually client email accounts get hacked. And we've had those people know that these people are out of the country. Try to impersonate them, and get money wired, you know, in one spot or another.
So that's, that's a really significant risk. You can reduce your risk like you said, if you don't post those until you get back into the country. Because it's just much much more difficult if you have, boots on the ground here in the States, and now you can respond to it immediately rather than trying to respond to that when, you know, you're in some other part of the world.
Right.

Austin
So the last one we want to touch on that kind of dives, dovetails off of that piece of, okay, what happens if I'm compromised? And I think sadly, if we look at the world today, social engineering is a huge problem. This is this idea that someone on the internet could take these videos that we're creating, download our voices, and try to trick a loved one, that they are us, and then they're in dire need, and that we are in dire need.
And so social engineering is really, it's something that you need to be aware of. Again, don't fear it, because we don't want to live in fear. We don't want to live in fear of anybody. We want to live in fear of the Lord. But he is still our provider. He's still the one that cares for us.
So, as we think about this, social engineering is essentially this concept where a hacker or a scammer impersonates you to try to get money sent to them instead. So it's similar to what happens when mom and dad are overseas in Europe, and they email you saying, “Hey, I need money.” So one of the ways that you can kind of get around this, is maybe have a family safe word or a family safe phrase.
So if you're traveling and mom emails you, or mom calls you and says, “Hey, I need $50,000, or I need $5,000, my passport was lost when I was on the train.” You know that she's there. You can say, “I'm so sorry mom. Hey, what did you have for dinner last night?” And if she has, she says, “Oh, I had eggplant parmesan with a red wine”,
and you know that she's supposed to say “I had, tacos with hot sauce.” Then you know that something is wrong, that it is not your mother. So having some sort of a catch phrase or word that you can ask that is distinct for your family, allows you to in some ways reverse engineer that social engineering. This can be a little bit convoluted, but it really does help protect.

Spencer
Or just, you know, some kind of family event that happened that you've never told anybody about, you've never posted on, so no one would know it. And that might be from 20 years ago. You know, what you ate that night or, you know, what place you went to. You know, at that point that, again, is going to be only within the family known that you can immediately surface and it will trigger a memory that is, that has that balance of complexity and protection,
without it being too much over the top that somebody has to remember.

Austin
Right. Absolutely. So, Spencer, I think as we come back and we say cyber security is like any other type of security. And as stewards, what we're really trying to do is just set up those guardrails, and say, God, you have given these resources to me and I want to steward them well. They are yours at the end of the day, father, you have placed them in my hands for this temporary time, and so I want to steward them well.
And so how do I find those guardrails? How do I find the ones that are appropriate? If my house is worth $10,000, I'm not going to put up a 70ft steel fence around my house. The reality is the fence at that point cost more than the house. It's not worth it. And so this is where we have to start saying as stewards, what do we do,
what's right, in the right time to honor the Lord but not live in fear of the world around us? So, clients, if you have questions about cyber security, your personal cyber security posture, how to trust the Lord with your cyber security, we would love to have that conversation with you. As always, feel free to ask any questions and we would love to talk with you soon.
Take care. If you found this episode valuable. Share it with a friend and subscribe on your favorite podcast platform so that you don't miss the next episode.

Disclosure
This content was provided by Second Half Stewardship. We are in Knoxville, Tennessee, and you can visit our website at www.secondhalfstewardship.com. The information in this recording is intended for general, educational and informational purposes only, and should not be construed as investment advisory, financial planning, legal, tax, or other professional advice based on your specific situation. Please consult your professional advisor before taking any action based on its contents.