Each time I comment on someone’s operations security practices; short passwords, no two-factor authentication, no encryption etc., they would ask me the same question: “I’m not important, why would anyone be interested enough to target me?”

This is a common logical fallacy when it comes to information security. There are a lot of actions from which an attacker can benefit by hacking a “regular” person — even without knowing who the target is. They may want to attach your computer to their network of infiltrated computers to perform DDoS attacks, hold your files for ransom, log your keystrokes for credit card information to make purchases anonymously, or even route their malicious traffic through your computer, so that the police would come knocking on your door for their crimes.

Additionally, while many hackers are motivated by financial gain or a political ideology, some do it just because they can. Not every hacker is a professional who carefully develops exploits from the ground up to fit a specific target. It’s not uncommon for the so called “script kiddies” to utilize a publicly available exploit just because it exists, not because using it would serve a specific purpose.

You may get hacked for the sake of being a low-hanging fruit. For the hacker, attacking you may only be an evening’s frivolity. For you, it will be a year’s headache. So, stay woke, and consider yourself a target. Just in case. Basic operations security is not hard, it’s mostly common sense: don’t click on unknown links, use two-factor authentication and long passwords generated by a password manager, keep your software up-to-date, and back up your devices regularly.

As for not being a high-profile target, you can’t know what the future brings along. You might end up being a public figure one day, and at that point leaking of data from your past may cause irreparable damage.