Why cybersecurity is an LGBTQ issue
As with all marginalized communities and the constant prejudices they face, LGBTQ people experience harassment at a significantly higher rate than their heterosexual counterparts. Numerous studies have shown how these matters affect our psychological and physical well-being and increase the rate of mortality.
Until recently, being queer was listed as a mental illness by The American Psychiatric Association. Stigmatism continues to plague our community today, despite removing this classification in 1973. We continue to struggle against some communities, organizations and politicians who support discriminatory policies, especially targeting transgender individuals. This is why LGBTQ individuals must protect their sensitive information and cybersecurity because leaving it up to others is a costly mistake.
Photo by Brooke Cagle on Unsplash
As Internet connectivity continues to rise, the digital world crosses boundaries into the physical world, and for LGBTQ individuals, there are many more concerns. Many issues that occur online stem from information oversharing, imposters (when someone deceives others by pretending to be someone else), stalking, extortion schemes, phishing, social engineering, and privacy matters from risky online applications and data breaches.
Though we made great strides and the public’s sentiment toward LGBTQ people has improved, the laws to protect our community, especially online, are shaky at best. Erring out of caution, many within the LGBTQ community remain skeptical with whom they share their sexual identity and gender. However, there is a disconnect. Many are not aware of how to safely share their information online, properly secure it, or the implications of not caring.
Prevalence and history
LGBTQ people are far more active online than their straight counterparts. The Internet offers a community for information and connection, especially where queer-friendly communities do not exist. LGBTQ individuals are more likely to use dating apps, engage on social media, and search for health information, while mobile technology makes it incredibly easy to access.
The Internet creates a lifeline for the disenfranchised, reaching communities beyond the physical boundaries that exist. It also presents a unique set of dangers.
There has been a long history of cyber incidents affecting LGBTQ people. As recently as October 2021, an Israeli dating app Atraf was hacked and released tens of thousands of private records. In April 2021, an adversary gained access to account credentials to Manhunt users, a gay male dating site with 6 million members. In 2020, Rela, a Chinese-based dating app for lesbians, exposed millions of members' private information. What about the countless times dating app Grindr experienced incidents, even warned of its security and privacy risks by researchers?
Why cyber security is an LGBTQ issue Photo by FLY:D on Unsplash
What can go wrong? Why you should be concerned.
A lot can go wrong with sharing your personal information with others or relying on an app to store it safely. Risky applications that lack data security and privacy are among the leading concerns that put members' data at risk of compromise.
Mobile devices are another concern. Over 80% of the world’s population have smartphones, and mobile devices are the leading security risk (due to their ability to quickly share and obtain information and the lack of security software enabled. Yet very few secure their mobile devices with the basics such as passwords and locks, let alone have security software to protect them adequately. That leaves an enormous surface area for cybercriminals to attack and obtain information.
Once obtained through ill-gotten measures, data is then sold on the Dark Web and used to plot an identity theft, exposed to embarrass someone, used to extort something, even the age-old game of cat phish (fake identity).
Since the Internet is one of the first places for LGBTQ to research important information and connect with others in the community, the consequences of this information landing in the wrong hands are far-reaching. The impact ranges from embarrassment, financial harm, judgment from family, friends, and colleagues to long-term mental health problems, even physical harm or death.
As hate crimes surged to the highest level in twelve years, according to the FBI’s annual hate crime statistics report, data exposures can have devastating consequences especially if someone is outed in small or remote communities where there is a lack of LGBTQ presence, or countries where being queer is stigmatized or illegal.
Photo by Victoria Heath on Unsplash
Staying Safe Online
There are plenty of ways to remain safe online. The easiest way to exercise caution is to break down cybersecurity into three distinct areas: people, process, and technology. These three main elements will help connect the dots and prevent many adverse events.
Remain aware. Do your due diligence before engaging with an unsafe application, suspicious individual, or meeting someone in-person.
Information oversharing. Guard your personal information when sharing with strangers and do not relay too much information, even on dating applications.
Cautiously connect. Remain cautious whom you connect with and allow into your environment. Often the same tricks and scams in the real-world stem from an initial online encounter. Use your best judgment and if something seems off, trust your instincts.
Safeguard physical access to your device. Never leave your device unattended and unlocked, especially in public. Be sure you lock the screen using a passcode and adjust the screen timeout. Disable notifications on the lock screen, as this is a good way for someone to gain information on you.
Photo by Privecstasy on Unsplash
Understand your privacy settings. Each application is different, so familiarize yourself with the privacy and sharing settings and adjust them accordingly to your risk.
Search yourself online. Is there information you do not want out there? You can contact websites and remove the information that should not be public. Search people finding sites and remove your data.
Backup your data. Backup the data from your devices, even from the applications you use. Be sure that it is stored in a secure and encrypted digital storage service to the cloud. Avoid external hard drives or thumb drives to spare your data the event of theft or act of nature. Enable recovery options in each application in case you are locked out.
Good password hygiene. Passwords serve as keys to your digital kingdom, so keeping them secure is paramount. A good password consists of 10-15 upper, lowercase letters, numbers, and characters. Turn on multi-factor authentication (MFA) which will bolster your security if someone obtains your password. Think of MFA as a double door to your home that is locked and requires another key to gain access.
Apps with weak security. Think before you download. Even though they’re from trusted sources such as the app store, many applications are risky due to the lack of privacy and safety. Applications with weak security will compromise any device that has strong security. Be cautious granting permissions to your contacts and other data on your device. Also, read the privacy policies before downloading. These policies are typically confusing, so look for four main components: what data the company collects, what they do with that data, how they protect your data, and how you can control their use of your data. If you are not comfortable with how the company handles your information, do not download it.
Secure WiFi. Most people have connected to a public WiFi at one point, but doing so can allow others to obtain your data easily. Furthermore, criminals sometimes set up fake WiFI networks, and when users connect, they are connecting directly to the adversary who is filtering the traffic from the device to the Internet, obtaining all information transmitted. Using a VPN (a virtual private network) will help encrypt your data on public WiFi, but using a hotspot is the safest way to prevent data leakage.
Photo by Lagos Techie on Unsplash
Identity theft and reputational monitoring. Consider identity theft monitoring that includes social media. Some cost-effective solutions on the market will alert you of any identity theft issues, reputational threats and even help remove your personal information from the web to reduce incidences.
Security software. Many individuals have antivirus on their PCs and think they are safe, but antivirus is only part of the solution and will not protect you from today’s sophisticated attacks. Often forgotten is security software for mobile phones, yet mobile phones are the most significant risk of attack. Advanced endpoint security solutions that include antivirus, and malicious web link scanning, some of the crucial components of good security and that protect all devices, even HVAC thermostats.
Password manager. Everyone should have a password manager to store their digital keys safely. Keeping passwords in a notepad or your digital notes is asking for trouble. Many browsers have password managers, but those are not a good idea either. Cybercriminals can target browsers. The safest method is an encrypted, vaulted password manager that syncs to all devices.
Bringing it all together
Cybersecurity is everyone’s responsibility, and we must learn that all data is valuable. As our dependence on technology steadily increases, end users must take their safety into their own hands. Until our laws are modernized (and remain that way), it is up to individuals to protect themselves online. It is a critical mistake to leave your security and privacy in the hands of others. The best method is to be smart about your safety and protect yourself from the evolving online incidents that continue to increase in number and magnitude.
It is vital to partner with a cybersecurity consultant who supports marginalized communities, especially LGBTQ. Most technology companies lack diversity and cannot provide the proper guidance and trusted advice to LGBTQ individuals. It is best to have someone by your side whom you can trust to help protect against the evolving threats that we face online.
Do your part, be cyber smart.
Cyber security expert Tom Kowalski
About the Author
Tom Kowalski is the founder and CEO of REP, a cybersecurity risk and reputation advisory firm. Tom’s differentiated background in cybersecurity, crisis communications, and reputational risk allows him to effectively manage clients' digital risks and mitigate online threats that affect their assets, reputation, and well-being.
Several years before founding REP, Tom was the target of online harassment. The lack of laws governing social media and tech companies, combined with difficulty finding justice, led him to create his company.
Today, Tom eases the burden of worry for other LGBTQ victims and helps individuals achieve safety and peace of mind. He also helps organizations manage their cybersecurity risks, specializing in cybersecurity policies. Part of Tom’s work involves analyzing corporate security procedures, focusing on how their current strategies affect all individuals. Tom designs and improves policies that better govern an organization's security program and lower the risk of adverse incidents.
REP is a certified business of NGLCC (National LGBTQ Chamber of Commerce) where Tom is an active member of the New York City chapter. Tom is also an active member of cyber security and risk organizations ISACA and the FAIR Institute.