November 1, 2022
Good morning, everyone!
This week’s critical vulnerabilities:
Patch All the Things!
Video Camera Savvy and Selfie Awareness
Famed security researcher Bruce Schneier recently wrote an intriguing post "Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses." He starts out with "Okay, it’s an obscure threat. But people are researching it" and goes on to talk about how this will be even easier in the future, as camera images continue to become more detailed.
I'm writing about this only to tell you that I actually saw this happen a few weeks ago! I was watching a very large, public meeting online while simultaneously chatting online with colleagues who were also in the same webinar. One of the speakers was wearing large-framed eyeglasses, and kept his camera live even when he was no longer speaking. We could see him looking at something, and one of my colleagues suddenly typed "Look! He's reading [this same forum we are on now]!" Sure enough, the reflection on his eyeglasses exactly mirrored what I was seeing on my computer monitor. Someone else typed "Hey, Mr. Speaker, if you are reading this, please smile" and he did! I'm not kidding.
So, it's important to be mindful of ways you may be inadvertently sharing data during a video conference call. Are you wearing a shirt with a logo or saying? Does it accurately represent who you want to be during that call? What about the titles in the bookcase behind you? Are those books you want to be known for reading?
In my security awareness training I often ask people "What's hiding in your selfie?" Every time that camera comes out, look around you. What is going to show in this photo? Your car tag? The street numbers on your house? The keypad by the back door, with four dirty keys showing which four numbers make up your alarm code?
Practice Video Camera Savvy and Selfie Awareness this week!
Upcoming Virtual Workshop
Eight years after its release, many organizations still find themselves struggling with how to
implement the NIST CSF. In this virtual workshop, we will break it down into a simple, 7-step process that
anyone can follow.
Have a great week!
Security Awareness Training Available Here, There, Everywhere!
Thanks to COVID-19, lots of things went virtual, including my employee Security Awareness Training. Live training made a comeback a few months ago, but many organizations are retreating. No worries. Wherever you and your employees may be, I can deliver an interesting and informative training session in whatever format you prefer.
Contact me to schedule your employee training sessions. They're fun! ☺