Enterprise Solutions [Go to GAT Labs for Education solutions here]

6 Cybersecurity Lessons from Netflix’s ‘YOU’

See GAT Labs
in action

Table of Contents

“Hello. Who are you? All your accounts are public, you want them to see you, to listen to you, to know you. And I thank you.” – Joe Goldberg, YOU.

With its recent release of season two, the internet has been buzzing and thrumming with posts about Netflix’s show YOU for months.

You see people watching it on their phones on trains. Putting it into social media memes. And now even your friends are discussing it over lunch.

Well, for me, the peer pressure was enough to send me nesting in ‘binge-watching mode’ with a fresh batch of popcorn ready to taste what all the hype is about.

And here’s the twist, as an InfoSec blogger, less than a single episode in my cybersecurity radars went into a beeping frenzy. I gradually shrank back into my chair, murmuring ‘’Oh Lord, this is so wrong!’’

As Joe Goldberg (Penn Badgley), the show’s protagonist, turns love into a hot mess, let’s see what he teaches us about cybersecurity and the importance of protecting ourselves online from whatever could be lurking on the other side. You literally never know.


Warning: Spoilers for “You” seasons I and II ahead.

Lesson 1: Monitor Devices Logged into your Cloud Apps. It’s NO JOKE.

You lose a device — you UnSync your accounts from it!?

I remember a time when losing your phone was just like losing your wallet. Almost any data you had in there was lost forever. 

Thanks to the Cloud, we no longer have to worry about that. However, we still need to be careful. It could be a double-edged cybersecurity sword, my friends.

In season one, when Beck loses her phone (or as we later know Joe steals it), she gets a new one and signs back into her accounts. No harm, no foul, right?

Nop. Joe is lurking on the other side tracking her every communication using her old device which is still synced to her new phone. Come on, Beck! 

Again, in season two, Joe steals Hendy’s Laptop, then later victoriously exclaims: ‘’And he hasn’t been diligent enough to unsync his IMs’’. — A little cybersecurity awareness please, people.


Lesson 2: Open Source Intelligence is Something to Fear

Stranger Danger can just track your online trails.

Yes, the obvious premise here is ‘Obsessive Love’ (pun intended). Joe meets a girl. Joe obsesses about the girl. Joe is BAD for the girl. How does Joe track down the girl in season one? Using OSINT (open-source intelligence). 

All he had was her name. With that, a pool of information was available to him to get active and figure out her most private details, including her address. 

Sounds scary, right? Not if you consider that Joe ISN’T even a professional IT guy. He’s just as nifty as most people are with internet searches. — Yup. Now it gets terrifying. 

YOU highlights the importance of adopting mindful InfoSec practices online:

  1. Keeping your social accounts public obviously isn’t always the safest thing to do. Why? Because you can’t filter out the dodgy from the harmless. Even when branding yourself, it’s better to just create two separate accounts for cybersecurity reasons.
  2. Posting ‘seemingly harmless’ private details. Check-ins, geotags and other private details could be easily misconstrued as invitations into your life by an opportunist. To quote Joe, ‘’I’ll bite’’.


Lesson 3: Passwords coupled with MFA are ESSENTIAL.

Multi-Factor Authentication (MFA) like facial recognition and fingerprint is a great cybersecurity invention. I honestly think everyone should be using it by now. (Except for poor Dr. Nicky, ouch!)

Joe kidnaps and kills people while making their entire world think they’re alive and kicking. How? By posting random stuff on their social accounts using their phones as if it were them.

Here’s where it gets tricky. It was easy for Joe to gain access to their phones through biometric identification since he physically ‘possesses’ their bodies now. 

But what about their passwords? That should’ve been a trickier one for the dead. Unless he extorted it from them beforehand, which wasn’t always the case.

That’s why it’s important to enforce and actually use at least two types of MFA. Of course, a constant verification solution, in this case, would be ideal.

Check out GAT’s  ActiveID which takes the verification process literally to users’ fingertips by monitoring their typing style for all web-based cloud Apps. — I wonder how Joe would’ve possibly cracked that.


Lesson 4: Worried about identity theft? Maybe it’s time for an Online Alias 

Aliases (or Pseudonyms) are fictitious names used when someone performs a particular social role. They provide a more clear-cut separation between one’s private and online life thereby enhancing cybersecurity.

According to Business Insider ‘’Creating an online persona can protect against the intrusions of a hyper-connected world.’’

Now, who is the REAL Will Bettelheim you may ask? Not the one played by Robin Lord Taylor. But the Will whose identity was originally stolen by that guy then re stolen by Joe in Season Two.


Lesson 5: Share Device Location Tracking with Trusted Ones.

Device geolocation tracking could literally be a lifesaver. Whether you share it with your loved ones to protect one another or enable it for company devices to protect your business and your staff from cybersecurity hazards.

Quick Tip: GAT Sheild offers a great feature that allows G Suite Admins to track and locate all devices using advanced filters.


Lesson 6: Per Device Storage Still isn’t the Safest Choice 

When Joe asks Will (a professional hacker) to hack Hendi’s computer, Will explains that no celeb keeps private stuff on the cloud since Celebgate 2014.

But did this prevent Will from cracking his device? Nop. Using the stolen device, WiFi, and an additional device, Will was able to scrub all his files, accounts, search history, etc. 


Luckily, Hendy stored his darkest secrets in the creepy basement of his home (Not so lucky though as we all know how that ends).

Finally, I’ll leave you with a final security note:
If you ever hear the words ‘’Hello, You’’, Run. As far and as fast as you possibly can!

Stay in the loop

Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.

Don´t miss any updates!

Enter your email address to be kept up to date with content that helps you manage, audit and secure your entire Google Domain.