12 Oct Password1234
On a Monday some years ago, I came into work and started my normal routine. Like most people, I checked my email and verified system operations before plotting out the rest of my day. Unexpectedly, the email that nobody wants pops up. We were being crypto-locked.
Our response team was already working on isolating the PC involved and accessing the speed and extent of the bot that was eating up our data. In short order, it was halted, and the recovery phase started. Our system had snapshot backups of our data and they could roll it back to the last known good point – about 7 minutes before the attack started.
The “attack,” as our investigation revealed, was started by the simple act of one of our employees checking a financial web page before starting their normal routine. A nefarious ad on the page had embedded code and it launched. It was hardly noticed until an IT Technician going about their morning routine noticed the activity.
I share this with you as the world we live in is a digital one. You can leave your home with just a smartphone in your pocket, and you’ve still got your house keys, car key, credit card, ID, camera, GPS, laptop, etc., all in the palm of your hand. For some people, it’s quite overwhelming and even unsettling, but you cannot help but be impressed with what technology can do. Heck, you don’t even have to drive or park your own car anymore- the car will do it for you. However, I can’t say that I am personally ready for that kind of tech takeover quite yet. I took driver’s ed for a reason.
All that is to say: the more digital we get, the more we must be aware of cybersecurity. Simple mistakes can have major impacts. This year marks the 20th annual Cybersecurity Awareness Month and according to the Cybersecurity and Infrastructure Security Agency and the National Cybersecurity Alliance, there are four simple steps you should follow when it comes to cybersecurity awareness and you can dive deeper into each one of these steps, here.
- Use strong passwords and a password manager
- Turn on multifactor authentication (MFA).
- Recognize & report phishing.
- Update software.
These are very effortless ways you can stay safe in today’s digital world. They are not end-all fixes, but they will put up a decent barrier to slow down attackers and scammers. As I mentioned in last month’s blog, it’s important to be prepared and have a plan for that worst-case scenario. Having a recovery plan sure helped us out.
Just as technology is advancing and getting creative, so are those scammers. Most recently, I have noticed that the amount of spam calls has escalated. I remember when Caller ID was first introduced and how groundbreaking it was, to see who was calling and decide to answer or not answer, based on that information. Now, your phone can detect if the call is a potential scam and show the caller ID as “Scam Likely.” With artificial intelligence (AI) becoming so advanced, half the time you don’t know if you’re talking to a robot or a human being when you answer the phone. I will admit that these calls can sound convincing at times- but there is always a “tell” that should immediately set off alarms. Here is an article from the Federal Trade Commission, that may help you identify and hopefully avoid these fraudulent calls.
True to form, the better we get at detecting fraud, the more the fraudsters advance their game. A variant of the ChatGPT AI that is generating much of the spam (calls), there is now WormGPT and it generates pretty convincing phishing emails. With the holiday shopping season upon us, we will all have to be cautious of emails or text messages that claim, “Your order is ready to ship” or “Your cart has unshipped items” before following the link. As our IT staff used to say, “Hope is not a recovery plan.” As we commemorate Cybersecurity Awareness Month, we can all learn a little more about what that phone can and cannot do.
Now – where did I park my car?