As if there weren’t enough points piling up in the negative column for social media, the Federal Trade Commission has recently released a report revealing that scams run through social media platforms are netting big money for fraudsters. According to the FTC, social media con jobs cost Americans three-quarters of a billion dollars in 2021 ($770M) and accounted for over a quarter of the total fraud claims made that year. This is a 17-fold increase since 2017, and double what was reported in 2020. The top 2 money-makers? Investment scams and online romance swindles.
What this means for you.
For a very large percentage of our population, social media has become a staple of their daily lives, even more so during the pandemic and the various stages of lockdown that have washed over the country. It is well documented how platforms like Facebook are designed to create and reinforce echo chambers and information bias, which in effect creates an audience that is predisposed to unreasonably trust any content that appears in their “bubble”. While it may seem blasphemous to think of them as clever or learned, you can bet that scammers are reading these same papers to use this knowledge to their advantage
As a savvy business professional, you probably already know well enough to distrust investment knowledge received from someone in your Facebook feed who isn’t a known and licensed financial advisor (Right? RIGHT?!?), but in the day and age of social distancing and Zoom Cocktail Parties finding romance online doesn’t seem so farfetched, especially since online dating has been around for decades now. Both are huge moneymakers for scammers, and platforms like Facebook and Instagram are ripe hunting grounds with a never-ending supply of targets.
Unfortunately, given how easy it is to create a fake social media account, or to hijack a legitimate one, the truly savvy online traveler will have to wander the social media lands with eyes wide open, wallet in a zipped-up pocket, and a guarded heart. These are not apocryphal stories or urban legends. I have personally counseled at least half a dozen very intelligent and savvy adults through social media scams purely because the platforms are designed to lull people into a false sense of security, primarily so that they never consider leaving. As with anything consumed without moderation, this can lead to harm: financial, emotional and sometimes even physical.
The FTC has assembled guidelines for protecting yourself in social media (at the bottom of the short article). Perhaps some of these look familiar:
- Limit who can see your posts and information on social media. All platforms collect information about you from your activities on social media, but visit your privacy settings to set some restrictions.
- Check if you can opt out of targeted advertising. Some platforms let you do that.
- If you get a message from a friend about an opportunity or an urgent need for money, call them. Their account may have been hacked – especially if they ask you to pay by cryptocurrency, gift card, or wire transfer. That’s how scammers ask you to pay.
- If someone appears on your social media and rushes you to start a friendship or romance, slow down. Read about romance scams. And never send money to someone you haven’t met in person.
- Before you buy, check out the company. Search online for its name plus “scam” or “complaint.”
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
Last week we discussed what a properly equipped home office might look like, but another component that is just as important is the technology infrastructure of the company itself. Thanks to the unstoppable force that is the Internet, small and medium-sized businesses now have access to technology platforms and services that were previously the exclusive purview of larger companies with dedicated IT staff, without the associated enterprise-grade price tag. It’s 2022 – is your company still running on technology from the 90’s?
What we consider to be the standards for SMB infrastructure
If you are a decision maker or manager of organization that has survived and possibly thrived during the pandemic, you probably already understand the fundamentals of a successful business, and possibly grasped the core technology concepts that were a part of keeping your business a going concern while we struggle with Covid. Make no mistake, good people are at the root of your success, but so is making sure your technology is secure, readily accessible, and reliable. To make sure they are all these things, we make the following recommendations to all our clients:
- Hosted Email – For reliability, extensibility and widespread familiarity, your email should be hosted with either Microsoft on the 365 platform, or Google Workspaces. There are other providers out there, but from a support point of view, they are distant, distant thirds to the two giants in the industry. While the primary functionality of email will appear mostly the same to the typical end-user, hosting it on a fully modern and robust platform provides you with better expansion and management, and most importantly, security and the ability to implement multi-factor authentication, something that most simple POP/IMAP services don’t offer. And you should definitely not be running it on a free-mail service.
- Cloud File Sharing – Up until recently, we were staunch advocates of premised-based fileservers. They are fast, secure (if maintained properly) and relatively inexpensive to operate. Then Covid came along and rocked the modern office’s world and suddenly premise fileservers became an obstacle to working from home effectively. Just like Zoom swooping in to fill the meeting gap, platforms like DropBox, Google Drive and OneDrive stepped up to allow geographically dispersed teams to collaborate, just like they did in the office, if a little slower and, of course, much more dependent on the Internet not being down.
- Cloud Collaboration/Communication – Everyone’s fairly familar with Zoom, and while we may be heartily sick of it some days, it’s keeping us safe(r) and connected in the “new normal” working world. There are other tools that allow your scattered workforce to collaborate in robust ways, group chat apps like Slack and Teams are great for staying in touch with (and keeping a gentle hand on) everyone in your organization, as well as offering addons to manage projects or tie-ins to your ERP and CRM systems. Just because they are in isolation does not mean they have to be isolated from their co-workers or critical information. Cloud-based VOIP phone systems can also bring some old-school feel to a completely virtual office, while still providing modern, must-have features like SMS messaging, voicemail to email transcriptions, and fully-automated auto-attendants that can deliver office calls to cellphones, mobile apps and softphones on your home office computer. You can also have a desk phone in your home office that uses your internet to make and take calls, just like you were sitting at headquarters.
- Remote Access and VPNs – For those organizations that cannot (or do not want to) get away from premise-based fileservers, you need to put in better, faster internet (if it’s available, not always a guarantee still in 2022!) and provide centrally managed means for your remote workers to access the premise-bound services. While it’s possible for folks to get access to “free” remote access platforms, using one that is “blessed” by the company and their designated technology support will provide much better security and supportability.
- Malware and Network Protection – Regularly updated and centrally managed malware protection and network firewalls are crucial to keeping all of your technology and services secure. We don’t recommend self-managed solutions for any size organization primarily because your focus should be on your business, not staying abreast of the numerous changes and updates in the cybersecurity world. Not only do we recommend this for all workstations and servers, home and office networks, we also recommend additional filtering services for your cloud-based email, above and beyond the default offerings that are provided. Think of it as a firewall for your email.
- Cloud-based/Remote Backups – your data is the lifeblood of your organization, regardless of the industry. On premise backups are better than nothing, but for improved peace-of-mind and significantly improved continuity and recovery prospects in the event of a catastrophic event (either natural or digital), having your most important data stored somewhere else, encrypted and safe is a must-implement standard. Also consider email and cloud sharing platform backups. Yes they are in the cloud already, but that doesn’t prevent them from being deleted accidentally or even on purpose. Even services like Microsoft 365 only offer a limited roll-back period, whereas managed backups can literally go back to Day 1 (of the backups).
- Regular Security Trainings & Checks – This is something we don’t see very often, even in the most technically-savvy organizations. Your weakest link in technology security is always human. Sometimes its a software developer over whom you have no control, but most often it’s your own employees or vendors. Thankfully there are platforms that can assist with keeping your people current with the most important security fundamentals without taking a lot of their time, or forcing them to sit through boring PowerPoint presentations. Keeping your people vigilant and well-informed will reap huge, long-term security benefits that can’t be realized with hardware and software alone.
It’s 2022 and approaching the third(!) year of the pandemic. Your company is onboard with “telecommuting” and perhaps they’ve decided to lean into it for real, which means it’s time to take a hard look at that 8-year-old computer and rickety chair you bought at a local garage sale. Definitely replace the computer and that torture device you call an office chair, but if you’ve been granted any sort of budget or trying to determine what to ask approval for, here’s what we consider to be “must haves” for an effective, remote technology workstation.
- A solid, wired data connection. It’s 2022, and WIFI is good, but it’s still not nearly as reliable as a wired, gigabit Ethernet connection. I can hear you say, “But I never have problem streaming music and videos over my WIFI!” Yes, because those services are designed for the scattershot data delivery of WIFI, but if you are connecting to an office via the internet you have to eliminate as many variables as possible, and WIFI is still variable, no matter how much you spend or how close you sit to the router. If you are having connection troubles or frequent drops, WIFI is often a major factor. Figuring out how to get a wired connection to your workstation will be worth it.
- Broadband, high-speed internet. If you are still on DSL and you have access to faster options, you are doing yourself a disservice, even if the cost is higher. Everything is internet connected – you are limiting your capabilities and your usefulness to your company.
- A late-model computer, with a big screen. Treat yourself to at least a 24″ monitor if you spend more than a couple hours staring at a screen. And your computer should be at least a 9th generation Intel or AMD Ryzen generation CPU with a minimum of 8GB of RAM. If you can swing 16GB, you will be sitting pretty. Don’t even consider a computer without an SSD if you are shopping – the Windows 10 and 11 operating systems seem to be optimized for SSDs, and spinning drives (HDD) are now better suited for large data storage needs (file servers, video editing, photography, graphic design) and backups.
- A proper, ergonomic desk and chair. If you are sitting for 6+ hours a day, most importantly make sure you are taking regular breaks, but also make sure you are working at a desk and chair that is properly sized and aligned for typing and viewing. This means your keyboard and mouse should be placed so that your forearms and wrists are (at most) at a flat, 90-degree angle to your upper arms and body, your monitor directly in front of your body with the top of the screen no higher than a straight line to your eyes while sitting up straight. Feet should both be flat on the floor, with thighs flat and calves again at 90-degrees to your thighs. Get a footrest if you are short or your desk is a bit taller than usual, but don’t compromise on the angles. Trust me. I’ve been doing this for 30 years – you don’t want wrist, back or hip problems.
- A good headset and webcam. If you spend any time on the phone, whether it be a VOIP, soft or cell phone get something comfortable with a dedicated mic. Your callers will notice the difference. Your ears will thank you, and your housemates (if you are in a shared office) will appreciate it. If you prefer “speakerphone” mode and can do so without disturbing the peace, getting a webcam with a good mic will be a step-up, especially if you are using any sort of amplified speaker for audio. The $30 webcams we purchased in the early pandemic rarely had decent mics, and if videoconferences will be a regular part of your day-to-day, upgrading to a more expensive webcam will be noticeable to you and your fellow attendees.
- Proper, up-to-date software. Regardless of whether your workstation is just a means to remote into a workstation in an office, or your primary device, it should be protected by up-to-date malware protection, an active firewall, and if you store any important data (personal or work) some form of cloud backups. If data is processed on the computer in front of you, it should have the latest version of software being used, and that software should be kept up to date, or at least in line with your company’s expectations. It should be managed no differently than an office machine, regardless of who owns it.
If there is one thing that the holiday seasons are known for, it’s the broken-record playlists we are subjected to wherever fine background music is played, but rather than torturing your ears with “All I want for Christmas” for the 50th time today, I’ll sing another familiar tune that starts like this, “Protect yourself before you wreck yourself.” Not quite as catchy as Mariah, and definitely not as earwormy, but you probably already know the words, because I sing this song all year long. Digital crime is up, and more and more people are falling victim to scams and the scumbags who run them.
Here’s your list, you should check it twice
- Back up your data. Preferably to a cloud-based platform that you don’t even have to remember to run. Most self-managed services come as little as $7 a month. Some of us spend more than that on coffee in a single day. Don’t want the cloud? Grab a small, portable hard drive in the multi-terabyte range and set up backups to that device. Most come with a free, downloadable backup app that will handle rudimentary backups. Not as good as cloud-based automatic backups, but better than nothing.
- Turn on 2-factor authentication for your email. This probably won’t cost you anything – even most of the free email platforms offer some form of multi-factor authentication. Yes, having multi-factor is a pain, but you know what hurts even more? Having your email account hacked and used to con friends, family and clients. Don’t be that Grinch this season!
- Keep your work and personal stuff separate. Thanks to Covid, everything is all mixed together. Working from home is great if you are fortunate enough to have that “privilege”, but it also means that it’s harder to keep the two worlds from colliding constantly, especially from a security standpoint. If it looks like you are going to be working from home for the long run, perhaps it’s time to make sure the computer and devices you use for work are dedicated to just that, and not moonlighting as a homework/videogaming platform after hours. Working parents, you know what I’m talking about!
- Keep track of those pesky passwords. Let’s face it, Santa ain’t bringing us the gift of freedom from passwords this year, so treat yourself to a real password manager. Again, the good ones aren’t that expensive, as little as $3 a month! You can even get a family plan that allows you to share passwords – might be useful for multi-generational households and the multitude of streaming services they are guaranteed to be watching!
- Get a “mask” for your computer. Let’s face it, long before the pandemic darkened our doorways, the internet was polluted enough that the smart computer users were masking up with malware protection. The pollution has gotten worse, and shows no signs of abating. Having your computer go out in public without a mask is just asking for an infection and unfortunately monoclonal antibodies won’t save your data.
Image by Arek Socha from Pixabay
At this point it should come as no surprise to anyone that regardless of what Facebook says about security and privacy, you can almost guarantee they will be caught in a lie, or at the very least, avoiding the truth. The latest boondoggle comes courtesy of a Freedom of Information Act finding made by an organization called Property of the People, a non-profit transparency group who has shared a document from the Federal Bureau of Investigation that details “Lawful Access” to your supposedly private and secure messaging on Facebook’s WhatsApp and Apple’s iMessage platforms, as well as several others.
What this means to you
In a nutshell, the document does indicate that in all cases, Facebook and Apple are true to their word that your conversations – as they happen – are encrypted, and the FBI cannot read them. What’s telling is what Apple and Facebook omitted in all of their marketing and soapboxing about privacy and security. According to the FBI document, which appears to be designed more as an executive summary, WhatsApp seems to be designed to give near real-time access to everything but the content of the user’s messages if they are served with a search warrant. Though not nearly as transparent in real time as WhatsApp, Apple’s iMessage will provide metadata surrounding a targeted user’s messages for up to 25 days.
The real cherry-on-top of this privacy-nightmare sundae is actually Apple’s to own: If the targeted user happens to be backing up their messages (both iMessage and WhatsApp apparently) to iCloud, a search warrant can also return the encryption keys to that supposed secure backup, which will allow authorities to decrypt and reveal the actual contents of the messages.
Of course, if you aren’t doing anything wrong, you should have nothing to worry about if the Feds are reading your messages, right? Let me point you to an article written in 2013 and published by the ACLU:
On top of the privacy issues this latest surprise reveals, I also want to make sure you note my other point: regardless of how much Apple and Facebook preach from their bully pulpits about protecting your privacy, it should be painfully clear this is more marketing ploy than protection of your rights. If a company is for profit, they are not looking out for you, they are looking out for their shareholders whose top priority is staying in business and cooperating with the authorities to make sure those dollars don’t stop. In the end it’s your choice whether you use these platforms, but don’t fool yourself into thinking you are choosing a “secure” platform that “protects your privacy.” At best, Facebook and Apple are being disingenuous about their privacy stances while behind the scenes they are laying the foundations for an Orwellian Nightmare.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net
I’ve mentioned it before but it bears repeating – the chip shortage will not wrap up anytime soon, with all major players like Nvidia, Intel and Toshiba predicting shortages lasting well into 2022 if not into 2023. Seeing as semiconductors are in everything from autos to Zambonis and everything between, production has slowed if not halted in most major industries on manufacturing and delivering goods. Couple this with the major supply chain issues we are also facing world-wide and it’s a safe bet that your holiday shopping (or end-of-year budget spend-down) may be pinched by a Grinch that won’t be stopped by seasonal vibes.
What this means for you
All the more reason to get out there on Black Friday or Cyber Monday to do some shopping now, right? Don’t think it Scrooge-ish of me if I offer some words of caution when you brave the crowds (or virtual queues) in search of technology deals. I’m certain there will be good deals to be found on both fated days. Retailers are up against shortages, inflation and the pandemic – they will likely not pull any punches to wash the red out of their ledgers this year, but it’s not like the chip shortage or the pandemic is something new. The most sought-after holiday gifts are typically technology items, and things like the latest generation of video consoles have been notoriously hard to find since their launch, especially since the internet and online shopping has made scalping an extremely profitable side hustle. Retailers are barely able to keep stock on hand for the high-demand items, and even the less-popular stuff is selling because there is literally nothing else to buy. This goes for work technology items as well. Our wholesale sources are getting down into single-digit availability on the core workplace desktops, laptops and printers, and they are even selling out of the models we normally avoid recommending because of sub-par performance or quality issues.
This brings me to my warning: Beware of buying something – whether for entertainment or work – just because it’s available and “on sale”, especially If you haven’t done the research on it. We are in the most scarce technology market I’ve seen in my professional lifetime, but I don’t think we are at the point of choosing “any port in a storm” just yet. Do you really need a slightly bigger flat screen or slightly faster smartphone, or could you scrape a few more months out of a working device that is in your hands right now. If you need additional equipment because you are expanding or hiring, buying something on discount that you might not have normally purchased may not be optimal use of your resources. Definitely get into the spirit of the holidays, but don’t let FOMO of Black Friday impair your judgement! We’ve found that retailers know that people are in the buying mood, and the deals aren’t necessarily any better than what you might find throughout the year, and given that we know the good stuff is already in short supply, the deals might be more glitter than gold.
Image by Tumisu from Pixabay
In years leading up to the domination of the world by the Internet we used to make fun of organizations and industries that seemed to be dragging their feet on getting modernized – the Navy’s old DOS-based, air-gapped systems seemed so antiquated (even with the Wargames movie sounding very prescient, if simplistic alarms) or local mom-and-pops using mechanical registers, or hospitals and clipboard paper charts. Now that everything has a network connection and is sending and receiving data via the internet, it would seem the Monkey’s Paw curled up all fingers except one and that one is flipping us “the bird.” This latest facepalm comes in the form of devices built by or containing components built by Siemens that use an operating system known as Nucleus, an OS that was written for devices used in industries that require stringent safety and security controls, such as the medical, automotive and aviation controls. Clearly this would mean that the OS must be safer than the usual swiss cheese we see from OS’s like Windows, right? Researchers have found 13 vulnerabilities in the networks stack of Nucleus, an OS that is used in an estimated 3 billion devices.
What this means for you
I won’t go into the gory details of the vulnerabilities as that would only be entertaining for security geeks and I know they aren’t reading my blogs for that sort of fun. Suffice it to say, so far as the researchers know, these vulnerabilities haven’t been exploited in the wild yet and Siemens has supposedly addressed these holes with updates. So why am I spending precious minutes telling you about something that (a) you have no direct control over and (b) might already be taken care of? Precisely because of those things. It’s convenient and comfortable for us to go about our daily lives while ignoring just how much of our surroundings are managed, monitored and controlled by devices that we have zero understanding of how they work, let alone what master to which they report.
We can be sure of two things in this current crazy timeline: if a device can gather and report data, it will do so because data = profit, and if the device was built, programmed or configured by a human, you can be certain that it is less than perfect. Most of the time, we can deal with something that is less than perfect. In fact we are surrounded by imperfections that are suitable, usable and safe. Most of us understand that perfection is an ideal to strive for and not objectively obtainable. Unfortunately for internet security, small imperfections, even when rare or obscure, can lead to massive problems. At the moment, as with the parallel analogy of the ratio of air disasters to safe flights, it feels like security breaches and vulnerabilities are everywhere, when in fact they only make up a very small percentage of the amount of the vast amount of digital transactions that occur every single second. Unfortunately, like plane crashes, though their occurrences may be statistically rare (for the moment), they can be catastrophic when they happen. Engineers strive to reduce the chances that a plane will crash or that an operating system will be vulnerable to attack, but in the end, they are subject to human error. No technology is infallible.
It would be paralyzing to try to anticipate everything that could go wrong – this is the textbook definition of anxiety. However, I think it’s useful to carefully moderate your expectations when it comes to relying on technology to protect you or care for you perfectly. Don’t take your technology and security for granted, and you will be less surprised and better prepared for when it shows its human side.
Image by Bruno /Germany from Pixabay
Before you go checking the temperature down in Hell or watching the skies for flying pigs, you should take this small bit of good news with a healthy dose of skepticism. Facebook is facing a veritable crap-storm of scrutiny on multiple fronts, and while they have enough money and backing from shareholders to thumb their noses at just about everyone, at a certain point it just makes good marketing sense to throw the public a bone to demonstrate that they aren’t all bad. In this case, Facebook has decided it’s facial recognition features make a good sacrificial offering, and will be eliminating this feature from its social media platforms. They didn’t say exactly when this was happening, but as long as they go through with it, it will be a welcome change.
What this means for you
I bet you didn’t realize that Facebook’s facial recognition features have been around for over 10 years, but if you’ve used the platform at all, you’ve come across it numerous times, perhaps unwillingly. While Facebook has (supposedly) never used or offered its facial recognition software outside of its platforms, scrapping it is good optics, as the technology itself has also been coming under increased fire from privacy and rights watchdogs. While Hollywood would have you believe otherwise, the use of facial recognition by law enforcement has faced heavy criticism and has been used by less democratic governments to suppress minorities, protestors and dissidents.
Don’t let this gesture distract from Facebook’s other problems. The allegations leveled by the Facebook whistleblower are serious enough that Facebook is now facing Congressional scrutiny, as well as significant criticism from other countries as well. Changing their name is another thinly veiled attempt to deflect and divide the withering amount of fire they are receiving. If you value the platform at all, it’s important to make sure your voice is heard by your local representatives and senators so that it can be held answerable for the vast amount of disinformation and division it has wrought on the world in the name of profit. There is zero chance they will do anything to amend their ways if we all give them a pass. Unlike coaching an individual by praising progress and providing constructive criticism, the only message Facebook seems to understand is congressional scrutiny and potential damage to their bottom line.
I tried to think up an appropriate bon mot about a platform like Craigslist getting hacked based upon how old and basic the platform is in comparison to “modern” services, but frankly, their easy-to-use and barebones approach strikes me as a rare unicorn in a world full of apps that (try to) do everything, or ones that do one thing in an overly complicated/cutesy/outlandish fashion to stand out in the crowded field. If anything, you may take my soft spot for Craigslist as an oblique self-burn on my age and get-off-my-lawn attitude about modern apps, but given the amount of troubleshooting I do on its contemporaries, barebones and utilitarian gets it done without a whole lot of fanfare and confusion. Sadly, like all things internet, this has a double-edge: hackers have taken advantage of one of Craigslist’s signature features – anonymous emails – to trick users into installing malware.
What this means for you
If you use Craigslist to offer something up – goods, services, your heart, etc. – you will want to pay attention. Craigslist uses a form of anonymized emails that allow users to keep their identity confidential until they decide they want to interact with someone answering their ad. Unfortunately, this also means an email arriving from an anonymized Craigslist email address claiming to be an official warning about an “inappropriate” ad is probably going to be taken seriously, and links contained in said email will likely be clicked, leading to a malware infection instead of an actual, legitimate Craigslist URL.
Attackers are using camouflage provided by a trusted, familiar environment that they 100% know their target is engaged with, combined with a malware delivery through OneDrive to give them additional cover against the usual malware detection provided by mail services that can smell bad URLs. Even with good malware protection installed on your computer, clicking and opening a document and then following the familiar process to allow editing of the document – something that occurs everytime when opening Office documents delivered via email or the internet (aka OneDrive, Dropbox, Google Drive, etc.), will bypass the usual protections and deliver a malware payload essentially because you allowed it.
This is what you are up against. This is what we all are up against. There is no good protection against this type of chicanery other than being savvy and vigilant, having up to date malware protection installed, backing up your data, and using unique passwords and two-factor authentication wherever possible. There is rarely an instance where the holy trinity of malware protection, backups and strong authentication practices is not warranted. Don’t make excuses – these three things will be your safety net when your vigilance wavers. We are all human and we can and will be tricked. That is one thing I can guarantee.
Image Courtesy of Stuart Miles at FreeDigitalPhotos.net
Don’t let down your guard yet, but it would seem that hackers are focusing their efforts on targets with deeper pockets than you or I. Sinclair Broadcasting is the latest infrastructure victim to have their operations significantly disrupted by a ransomware attack that took dozens of televisions stations completely offline for hours in various markets across the country. As one of the largest media companies in the US, Sinclair owns and operates nearly 300 stations in the US, and according to unverified reports from inside sources at Sinclair, many of the stations are connected via a common Active Directory structure that allowed attackers to jump from station to station, encrypting servers and paralyzing the the affected station’s ability to broadcast any of its regularly scheduled programming.
What this means for you
Sinclair doesn’t own any stations local to Southern California as far as I can tell, so most of us probably went about our weekend blissfully unaware that a ransomware attack locked down an undisclosed number of stations. Though they as of yet have not released specifics, it’s possible they are the latest victims to run afoul of a new RaaS (Ransomware as a service) called BlackMatter which, perhaps not coincidentally, has also shown up in a new advisory from CISA, the FBI and the NSA that warns of threat actors using the new platform to target critical infrastructure, including two recent attacks on agricultural targets in the US. While these attacks may not impact you or I directly, infrastructure attacks are definitely worthy of our attention as they can and will cause widespread disruption to activities and services we take for granted, and in some cases like hospitals or law enforcement agencies could actually be life-threatening. And here’s something you may not have considered – each of these attacks most likely started with and individual getting tricked into giving up a password that gives the hackers a toehold, and that is all they need. Unfortunately, in this increasingly complicated technology landscape it is becoming ever more difficult to keep passwords safe, mainly because we are always being asked for them. How many times a day are you confronted with a password request that makes you question it’s legitimacy? It’s a challenge to keep up with technology on a good day, but when the hackers have you on guard 24/7, you really can’t afford to not pay close attention.
Unfortunately, there isn’t any silver bullet or magical tip I can provide to help you here. It’s most important to know where and when a service might ask for a password, and how to recognize legitimate requests based upon having more than just a passing familiarity with applications and services that require passwords that protect sensitive data or privileged access. If anything, err on the side of not entering a password if you aren’t 100% certain. Additional protection will come from using multi-factor wherever it is made available to you, and of course, using unique, hard to guess passwords for all your important services.