What is an ethical hacker?

How the "good guys" can help you improve cyber safety, expert tells COS how he hacks companies to ensure they become more secure

What is an ethical hacker?
Ethical hacker Terry Cutler on how to improve cybersecurity.

Phishing, scamming and hacking may seem worlds away for many workers, but the reality is that cyber criminality is essentially everywhere.

“Most people think that they’re not a target because they’re too small to be hacked. They think that they’re off the radar. But cyber criminals know that, especially if you’re a small business owner, you don’t have the time, money or resources to deal with a cybersecurity issue,” says Terry Cutler, an ethical hacker and cybersecurity expert.

The good guys

Looking to a hacker for cybersecurity advice may seem a bit counterintuitive, but ethical hackers are basically the “good guys.”

“An ethical hacker is essentially a cybersecurity professional that has similar skills to the bad guys, except we're using these skills for good to help protect a company or individual from cyber attacks,” says Cutler.

“The biggest difference between us and the bad guys is that we're going to provide our client a report of how we attack them, what we found and how to remediate these problems so that they can avoid a cyber attack or a scam from happening.”

Businesses and organizations can essentially hire ethical hackers like Cutler to hack them, and find all the holes before the, well, unethical hackers do.

“Cyber criminals are not going to ask for your permission,” says Cutler. “They're just going to attack you and extort you, and there's no report into how they got in.”

Telework

And cyber criminality is a threat now more than ever. With so many people working from home, companies have had to adapt very quickly to remote workers – and many haven’t been prepared.

“One of the problems that has occurred is that [employers] don't have a great strategy on how to protect home users against ransomware threats and these other types of phishing attacks from occurring,” says Cutler.

Employers are relying on employees to protect their companies, and oftentimes it’s just not enough.

Basic steps

One thing that companies can start doing is implementing security awareness training.

“This is where we're going to purposely send phishing emails to their employees and see who failed these tests,” says Cutler. “And once [employees] click on something that they weren't supposed to, it's going to redirect them to a training of one to three minutes long to show them where they went wrong.”

Another thing that employees can do is create stronger passwords.

You want to have between 16 and 25 characters in your password, says Cutler, and you want to have a combination of uppercase, lowercase and symbols in it.

Cutler recommends using song lyrics or phrases and integrating capital letters, numbers and symbols into the password (using a zero instead of an ‘o’ for example), as well as using different passwords.

“What's happening now is a lot of [employees] are reusing the same password everywhere. So they'll register an account, let's say on a on a real estate site, but they'll use their company email address. And it just so happened that they're using the same password there as they use at their company. A cyber criminal can get this password and sign in to the employee’s account and take it over,” says Cutler.

The last basic, yet important, step is two-factor authentication. This is where you attach your phone number to the account, so that when you want to use it you have to type in your username and your password and then a text message will come to your phone with a random code that you have to enter.

Terry Cutler is the CEO of Cyology Labs, the creator of the family-based Internet Safety University training program, and a federal government cleared cybersecurity expert (a Certified Ethical Hacker).

He is also the author of Amazon bestseller: “Insider Secrets to Internet Safety: Advice from a Professional Hacker.” Cutler was named to IFSEC Global’s Top 20 Most Influential People in Cybersecurity in 2018, 2019 and again in 2020. In the same year, he was named to the CISO Platform Global TOP 100 List.

You can contact him at [email protected] or 1-844-CYOLOGY.

RELATED STORIES