October 12, 2021
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
About that Facebook outage
So that major Facebook outage last week was a hot topic, eh? FB, WhatsApp and Instagram were offline for several hours, causing personal angst as well as slashing the income of many businesses who depend on those sites to drive sales. But the more interesting story IMO was how many people were locked out of other Internet sites, like NetFlix, because they use their FB account to log into such third party sites on the Internet. Remember a few weeks ago, when I wrote about The dangers of using a single account to log into many accounts? Well, here’s another danger that I didn’t specifically mention, as it’s less of a security problem than a convenience problem – but it IS a problem! If you use a single account (like FB or Google) to sign in to many different online accounts, then when that site has a problem, it cascades to every account you have tied to that one. Think about that. You might want to make some changes in how you manage your online accounts.
Help! My email account has been hacked
Last week a friend contacted me because an old email account (that she doesn’t use anymore) is apparently still “alive” and was hacked. Someone was using it to send out phishing emails with infected attachments. She asked me what to do about this, and it occurred to me this would be a good newsletter topic!
The first step (immediately!!) should be to change the password on the account. Be sure to make it a good password! At least 12 characters, complex, and totally unique. Not the same or similar as a password used on any other online accounts. No publicly available, personal info included in the password (no kids or pets names, no phone numbers/DOB/addresses). Read more about good password management techniques in this previous newsletter.
Next, enable two-factor authentication. You know why. If you’ve forgotten, or you’re new here, read why I love 2FA .
Now, go to https://haveibeenpwned.com and sign up to be alerted when that email address shows up in a password dump on the dark web, so you know where you need to go make changes. (HINT: If you haven’t already signed up all your email accounts here, do that now.)
If this is an old email account that you don't want to use anymore, cancel it. Delete it. Deactivate it. Whatever, just kill it so it can’t be used for cyber crime ever again.
If you need to keep it active for some particular purpose but you don’t check it regularly, figure out how to automatically forward all incoming emails to your new email account. This way at least you can keep tabs on activity (and you'll get the notices from https://haveibeenpwned.com if it’s been compromsied). Otherwise you need to log in periodically and see what's going on. Look at the sent mail folder in particular to see if it's being used by someone else again.
I hope you found this helpful – or wait, actually, I hope you never need to know this!!! But if you do get hacked, at least you know where to look for help.
Talk to you again next week!
Talk to you again soon!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺
TNE. Cybersecurity. Possible.Speak with an Expert