September 21, 2021

Good morning, everyone!

This week’s critical vulnerabilities: It’s time to update everything – critical fixes released by Apple, Google Chrome, Microsoft and Adobe. WooCommerce WordPress plugin released an update to fix a vulnerability that allowed buyers to change prices WordPress 5.8.1 has been released, including fixes for three security issues Google Chrome has released a new version with fixes for multiple vulnerabilities, including some being actively exploited The Zoho password manager is being actively attacked. Be sure you have the latest update installed. Patch All the Things!

”Companies that don’t take cyber security seriously will suffer the consequences. It’s just a matter of time.”

That quote is from an article on cloud strategy, but it’s applicable to all organizations and all individuals.

Be cyber aware

Awareness is something you can train in yourself. Remember the first Jason Bourne movie? The scene in the diner, where Matt Damon says:

I can tell you the license plate numbers of all six cars outside. I can tell you that our waitress is left-handed and the guy sitting up at the counter weighs two hundred fifteen pounds and knows how to handle himself. I know the best place to look for a gun is the cab of the gray truck outside

He had all those things in his head because he had trained himself to be constantly aware of his surroundings. It’s something you probably do when you travel, without even realizing it. Think. When you are in a strange city, especially in a strange country, don’t you pay a bit more attention to your surroundings? You look people in the eye as they pass you. You glance into doorways and shadowy places as you walk by. You hold your bag a little closer to your body, with a little extra tension in your arm. You are aware of your surroundings.

What does this have to do with cyber security? I want you to take that same level of awareness with you as you travel the world wide web. Every time you click on a link, or open an email, think of yourself taking a bus, train or plane to another city, state or country. There are cyber criminals out there just waiting for easy prey. Don’t be that easy prey.

Pay attention to small details. A few years ago, I read an article about how a missing smiley face in an email saved a $70,000 email fraud. The email in question appeared to be from a vendor asking for a change in bank account for the next payment. Funny thing, this vendor was a very jolly person who always used smiley faces in her emails. This one email didn’t have any smileys, though, and it sounded too formal. The recipient of the email called up the vendor, and learned that the vendor’s email account had been compromised. Lucky save! Simply because of a small detail like a missing smiley face.

Develop your natural skepticism. Stop and think before clicking on links or opening email attachments. Do I know this person? Why is she sending me her resume when I don’t work in HR? Why would my boss be sending me a document to my personal email account? Why would I get a tracking email to my work account when I didn’t use that email to make the purchase?

Think before you click. Get in the habit of holding up your finger for a count of 1-2-3 before clicking on links. Ask yourself: Do I really need to watch that video? Do I really want to read that article? Am I really going to buy something from this store? If the answer isn’t a resounding yes, maybe you can just skip this click. If you do this every day, I promise that after a week or two, you’ll be clicking on 1/3 fewer links than you were before.

Consult original sources of information. I’ve talked about this recently in detail. So much cyber crime is based on “the art of the con” – taking advantage of human nature in simple ways. Developing awareness is your best protection!

Stay safe online! Talk to you again next week.

Remember, you can read past editions of this newsletter on our website, along with tons more information under the Resources tab.

Talk to you again soon!

Glenda R. Snodgrass
grs@theneteffect.com
(251) 433-0196 x107
https://www.theneteffect.com
For information security news & tips, follow me!

Security Awareness Training Available Here, There, Everywhere!

Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.

Contact me to schedule your employee training sessions. They're fun! ☺