Roberto Popolizio
Cybersecurity is full of myths, misunderstandings, and outright dangerous advice.
But what if we could clear up the confusion once and for all?
In this new interview series by SafetyDetectives, I invite cybersecurity experts to expose the biggest yet overlooked misconceptions affecting our online security, and give us practical tips to avoid them.
My guest today is Black Girls Hack Founder, Tennisha Martin, who explains how a simple wrong mindset contributed to real-world cyber disasters, and the simple steps anyone can take today to lock down your digital security.
If you could erase one cybersecurity myth from people’s minds forever, what would it be, and why?
If I could erase one cybersecurity myth forever, it would be the idea that “my information has already been leaked before, so it doesn’t matter.”
This kind of thinking is super dangerous because it leads to apathy, which makes you an even bigger target. Just because your data has been leaked once doesn’t mean hackers are done with you, in fact, it actually makes you more valuable to them.
Stolen data gets bought and sold on the dark web constantly, meaning your old info could still be floating around and used in new attacks. If your email and password were leaked before, attackers will try them on other sites to break into your accounts. And if you’ve reused passwords anywhere, which, let’s be honest, most people have, that’s an easy win for hackers.
It gets worse because once your info is out there, cybercriminals can craft super convincing phishing emails, texts, or even phone calls using details from past leaks. That makes it way easier for them to trick you into clicking a bad link or handing over more sensitive info. Plus, identity theft isn’t just an immediate risk, it can haunt you years later.
Hackers mix old leaks with new data to commit fraud, open accounts in your name, or even take out loans. And let’s not forget the privacy risks because if personal messages, emails, or sensitive details were exposed, they could be used for blackmail, doxxing, or just general chaos.
But just because your data has been leaked before doesn’t mean you should give up on security. You can still do a lot to protect yourself:
- First, check if your info is in a breach, websites like Have I Been Pwned can help with that.
- Change your passwords, especially on any breached accounts, and make sure you’re not reusing old ones. Turn on multi-factor authentication, MFA, wherever possible so even if someone has your password they still can’t get in.
- Keep an eye on your accounts for suspicious activity, and if sensitive info like your Social Security number was leaked, consider freezing your credit.
- Most importantly, stay cautious with emails and links, even if they look legit.
At the end of the day, malicious actors want you to believe that you’ve already lost the security battle, but that’s just not true. The best thing you can do is stay proactive and make it as hard as possible for them to exploit you. Don’t make it easy for them
Why do you think this myth is still so widespread?
This myth is still so widespread because of a mix of resignation, misunderstanding, and sheer exhaustion from hearing about endless data breaches. People feel like they have no control over their personal information once it’s out there, so they fall into the “why bother?” mindset
Can you share a real-world example of what happens when people believe this myth?
One particularly bad case was the 2021 Colonial Pipeline attack. The hackers gained access because an old, leaked password from a previous data breach was still valid on a company VPN account that didn’t have multi-factor authentication enabled. If you were in the DMV you’ll probably remember this because Northern Virginia and other parts of the DMB were out of gas for days.
Is anyone profiting from keeping this myth alive, and how exactly?
Malicious actors and hackers are still profiting because they can sell stolen data and run credential stuffing attacks. Data brokers and Ad companies also benefit from this misconception.
What does reality look like, and what’s the best way for people to accept and act on it?
Let’s say you’re playing basketball and you take your time getting back on defense and the other team beats you back and scores. You can say to yourself, well they scored once so there is no need for me to play defense and they’ll score a lot more. Alternatively you can play good defense and limit the amount points the other team can score.
The reality is that, yeah, your info has probably been leaked before, but that doesn’t mean you’re doomed or that security doesn’t matter anymore. Malicious actors count on people thinking that way so they can keep using old passwords, phishing scams, and recycled data to break into accounts.
The good news? Even small steps make a huge difference:
- Check Have I Been Pwned to see if your email or passwords have been leaked, and if they have, change them immediately.
- Use a password manager so you’re not reusing passwords
- turn on multi-factor authentication (MFA) for important accounts
- stay skeptical of weird emails or messages asking for personal info.
- If your Social Security number or financial details were leaked, consider freezing your credit to prevent identity theft.
- On top of that, cut back on how much personal info you share online and tweak your app settings to reduce tracking.
The goal isn’t to be unhackable—it’s to be way harder to hack than the average person, which is often enough to make attackers move on. In basketball terms we’re not preventing the other team from scoring, we’re just making it harder on them.
What role does the media, governments, and other organizations play in fixing this issue?
The media, government and organizations all play a huge role in fixing this. I myself check 8k filings on a regular basis.
The media tends to only report on massive data breaches with click-baity headlines. Normally steps that need to be taken tend to be fine print on the larger news article.
The government has the ability to implement stricter fines and data protection laws but the US tends to fall behind places like the EU with GDPR.
Additionally, companies tend to notify end-users with paragraphs and paragraphs of information which don’t always get read by the end users if they are seen at all. Companies should enforce strong security by design.
To wrap up, If there’s one takeaway you wish people to bring home from this conversation, what would it be?
What do you get the person who has everything but horrible internet security hygiene? A password manager for their phone and devices. Buy them for your families. You’re only as strong as the weakest link and if anyone on your home network has bad cyber hygiene, your whole network is at risk.
How can our readers connect with you?
LinkedIn: linkedin.com/in/tennisha
X:
- www.twitter.com/misstennisha
- www.twitter.com/blackgirlshack
