Cybersecurity without Insanity, through 3 articles, 2 numbers and 1 action.
This week: “It will never happen” is a bold claim. “It will _probably_ never happen” is a more realistic and achievable position. Plus: LinkedIn, the ICO, and comedy gold from Seinfeld.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1. BleepingComputer reports that LinkedIn is continuing its efforts to remove fake profiles from the site. Among other changes including the use of AI to spot fake profile images, it has introduced a new “About this profile” section “that gives information like when the user created their profile, if the holder has verified their number, and if they linked a work email”. This will make it increasingly costly for scammers to set up fake profiles, and more difficult for us to be fooled by them.
2. The ICO, the UK’s data protection regulator, has said that the biggest cyber risk is not cyber attackers. It’s complacency. It says that it continues to see organisations ignoring crucial measures like updating software and training staff.
3. To reiterate the ICO’s point, here’s a piece of comedy gold, courtesy of Seinfeld. In this episode, Jerry’s TV and VCR have been stolen because his friend Kramer left the door open. When Jerry tells Kramer that he does not have insurance, he explains why “I couldn’t afford it because I spent my money on the Klacto D29, the most impenetrable lock on the market today. It has only one design flaw. The door must be closed.” Top-class security always has one design flaw – The human. (PS Seinfeld is now on Netflix – Enjoy!)
4.4 – Interserve Group was fined GBP £4.4m by the ICO for failing to secure the personal information of its employees.
1 – The Interserve breach started when 1 employee was fooled by 1 phishing email. After the employee downloaded the content of the phishing email, the attacker then gained access to 16 accounts, 283 systems, and the personal data of 113,000 staff members.
Whenever you hear yourself saying ‘it will never happen’, ask yourself if you truly believe this or if you really mean ‘it will probably never happen’.
‘It will never happen’ is a bold claim. ‘It will probably never happen’ is probably a more accurate reflection of your opinion.
When you face any risk, you probably get through your day by telling yourself that ‘it will never happen’ to me. But, in reality, you are really thinking ‘it will probably never happen’ to me because you are taking some simple actions to increase that probability.
You look both ways before you cross a street, to increase the probability that you will never be knocked down.
You lock your front door when you leave your home, to increase the probability that your property is never broken into.
Hopefully, you are taking similar steps to stack the odds in your favour when it comes to cybersecurity.
Because, when it comes to most risks, including the risk of a cyber attack, no-one can truly believe ‘it will never happen to me’. But for most organisations, it is possible to put reasonable security in place so you can say ‘it will probably never happen’ to me.
So, this week’s action?
Focus on some simple steps that you can take within the next 4 weeks to increase the probability that you will not be a victim of a cyber attack.
If you don’t know where to start, or if you’re driven insane trying to talk to your IT provider about this, I can help. I work with you and your IT providers to get this nailed. To see if we’re a good fit, book a Cyber Sanity Call.