You are not to blame

But you should be aware of what yesterday’s Panorama talked about.

cyber security guy or hackerAmong other things, Panorama told the story of a woman who received an e-mail from her solicitor, informing her that the solicitor’s firm had changed bank.

Could she please pay the £47,000 into the new account instead of to the old account? She did.

The e-mail was spoofed, a genuine-looking but completely fake e-mail, headers (source) and all. She had willingly paid £47,000 into the bank account of a hacker.

Remember my earlier posts about law firms getting hacked? In some cases, hackers don’t even need to hack into a law firm to pull off a scam like this.

It is a myth that keeping your operating and anti-virus software up to date is enough to protect you, although it helps.

The digital world moves so fast that even people who call themselves experts have a hard time keeping up. Some still tell you that all that you need to protect you is keep your software up to date, never go to shady sites, and never click on links in odd e-mails.

That’s an out-of-date view, but these experts want to have the illusion that they themselves will always be safe from cyber crime. The outdated view enables them to have that illusion.

Most people are simply unable to wrap their head around hacking. That’s because hacking has very few physical components, and is almost entirely digital. Virtual. Not tangible. Not limited by physical boundaries such as doors and brick walls or perceived virtual “brick walls” around each web site.

Don’t blame yourself when you fall victim to cyber crime.

The only ones who really understand how “digital” works are hackers.

In the case of this e-mail that appeared to come from a solicitor, the hacker could have very easily have attached custom-written code (malware) that no cyber security software would have stopped. The woman in question had no reason to suspect the e-mail from her solicitor and you don’t even always need to open an e-mail before it installs malware on your equipment.

  • Keep the number of digital steps you take to a minimum.
  • If you receive an e-mail that asks you to do something, always follow it up with a phone call or stop by the office.
  • Do not trust phone calls from strangers claiming to be from your bank or other companies where you have accounts. Hang up and call the company the caller said he or she was calling from.
  • Use different user names and passwords for everything.
  • Use a separate device and separate e-mail address for Facebook.
  • Be aware that all forms of chat make you vulnerable to hackers (because chat provides a direct conduit into your equipment, particularly if it has video and sound capability). This includes the kind of messaging some people call e-mail, but isn’t, such as Facebook messaging.
  • There is no such thing as a safe web site. Any site can install malware onto your equipment because any site can get hacked, which often goes undetected. WordPress-based sites – very common – are vulnerable, for example. (This one is too.)
  • Employees at your internet provider can do almost anything they want with almost anything that goes into or comes out of your equipment. They have a direct conduit into your equipment. It is your internet connection.
  • Never leave your computer on when you have one or more visitors you don’t know or if you do, never leave the computer from your sight. How else will you be able to prevent that a visitor quickly plugs in a USB stick and installs some malware? (As you undoubtedly know, electricity lines also have computer networking capacity, but your computer must have been accessed physically – or hacked otherwise – for a hacker to be able to address it through powerline networking. This means that even when your computer is offline, a persistent and motivated hacker can still access it if he or she wants to. This is a possibility law firms should be aware of. Electricians can help with this. They can isolate circuits and make sure they cannot be accessed by hackers.)
  • You may want to stick to wired networking. It is still a lot harder to hack into wires than it is to hack into wireless. Plus it’s usually faster.

Feel free to share your opinion below, please.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.