A CyberSafe and Happy Festive Season

We’ve reached the end of 2022 - or close to it - and while many of us a desperately trying to cross off the final few items on our to-do lists so that we can take a well-earned break, there are some for whom the next few weeks will be amongst their most busy and productive. No, I’m not talking about the hard-working folk who are having to deal with desperate and exasperated last-minute shoppers (so be nice to everyone in retail and hospo’ !), but rather the cybercriminals who’ll be looking to exploit anyone and everyone. Not only will there be a flurry of online activity over these weeks, but I’m guessing there’s also a danger that people will be relaxed, or distracted, and their guards will be down, making them more susceptible to scams and fraud.

However today I’m not really wanting to talk to you all about this - this newsletter goes to IT and Security professionals who really should know how to look after themselves online. So rather than giving you a pile of statistics and facts  about cybercrime, none of which is personal, I thought I’d tell you two cautionary tales, and ask you to think about the people in your own families and circles who maybe aren’t as tech-savvy as you are, and check up on them to make sure that they are a little more educated.

In the last 2 months I’ve watched two elderly relatives nearly lose substantial amounts of savings to scammers.

One clicked on the now-infamous ‘Linkt’  or ‘eToll’ text message, had the credit card number auto-fill, and then drained the credit card to its limit (fortunately the bank was able to stop the transaction and refund it).

The second had a ‘nice man from Microsoft ’ on the phone for nearly two hours ‘working to remove malware from her computer’, when in the (hidden) background he was setting up an online banking account for her (she didn’t have online banking) so that he could extract all her savings. It was only a fluke phonemail from her son in the middle of this fraud attempt that stopped it before the transactions could be completed.

What I’d like to do is to ask you to take the time over the holidays to talk to parents/uncles/aunts/others about not clicking on links, not believing ‘you have malware so please ring Microsoft’ pop-ups, not handing over passwords if asked, but instead to ignore these scam attempts and if in any doubt to call you. Tell them about the techniques that are being used, share some of the scam messages and spam emails so they know what to look for and how to spot them. In short, educate and encourage a healthy sense of paranoia!

If you have kids, make sure they understand some of the dangers of oversharing.

Our devices and accounts are becoming more secure - the advent of Passkey  technology (now rolled out by Apple  and Google ) might finally see passwords start to disappear as a primary authentication mechanism for example. Unfortunately, though, passwords and password management are still one of the most significant risk areas.

So your next assignment is to help by showing your family how to set up a password manager , or alternatively to use functions built in to the device (eg, iCloud Keychain for the Apple ecosystem). Then can you evangelise, explain, and help set up multi-factor authentication? That can go a long way to protect people’s accounts. Focus on the email account they use (because it is also the account normally used for password recovery for other platforms, so if you lose control of your email account you can lose the lot!).

Then, make sure that PCs and devices are updated, anti-malware is installed and running, and wifi is secure. All the basic hygiene stuff that you and your teams do every day in the office.

 All of these things seem trivial, I know. And for those of us in the industry they are kind of ‘no brainers’ - why wouldn’t everyone think like this, act like this? Well, because not everyone has the weird interests that we do, that’s why! So here’s where you can really help out, by using your expertise to just make everyone in your family/friends a little more secure, a little less of a target or victim. It won’t take you long, and while you’ll probably have to put up with some eye-rolling (‘here they go again talking about long passwords!’), stick with it. Investing a small amount of your time will be well worth while, and it’s a lot better than having relatives ring up with a panicked note in their voice because something’s gone wrong, believe me.

It’s been a big year in cyber, and a big year for Cube Networks too. Like you I’m looking forward to some down-time over summer, and then coming back hard to continue to build and strengthen cyber-resilience for all of our clients and community. Have a great break, and we’ll speak again in 2023!!