This week:

3 – A video that you need to watch if you’ve got any youngsters in your life.
2 – The contract does not matter. Until it’s the only thing that matters.
1 – Be suspicious of callers claiming to work for any tech company. The real ones don’t care enough to call.

 


 

3 – Got any young people in your life? Watch this.

This is one of the greatest risks that kids and teenagers face online. But most of us don’t understand how it happens.

That’s according to a short interactive video recently published by the US National Center for Missing & Exploited Children (and recently shared by Stephen Burke on LinkedIn).

There is a surge in the number of teenagers self-harming and killing themselves after being targeted and trapped by cyber criminals online. Victims are targeted on many online platforms. Apparently, Instagram is very popular because of (Meta’s focus on profit over people and) Instagram’s lack of basic privacy controls to prevent an attacker identifying and contacting all of the victim’s friends and family.

So what? Watch the short video at https://noescaperoom.org/ and click on the prompts as they appear. It shows how something so simple can escalate so quickly. Then think back to when you were young (my memory doesn’t go back that far). Imagine how you would have felt if this was you, at a time in your life when EVERYTHING was a big deal. Now, spread the word to reduce the risk that one of our youngsters is the next victim.

 


 

2 – The contract doesn’t matter. Until it’s the only thing that matters.

“There’s a big difference between the delivery of technology and the delivery of cybersecurity.”

This is according to Donald Geiter, an attorney specialising in cybersecurity law and policy, who is quoted in a recent report on ChannelE2E (and shared by https://securethevillage.org/news) about a lawsuit by the victim of a ransomware attack against their IT Managed Service Provider (MSP).

The victim was a law firm. The law firm has 42 attorneys. The law firm had 0 written contracts with the IT provider.

Moving swiftly on from those fun facts, the law firm is claiming $1 million damages because it claims the IT MSP “failed to protect it from a ransomware attack”. Apparently, while a written contract did not exist, an oral contract did. And upon mature recollection, it apparently stated that the MSP was to “provide monitoring service, advice, installation, selling cloud backup and picking and selling software and hardware”.

So what? If your contract (written or oral) does not mention ‘security’ and does not clearly state who is responsible for ‘doing’ security, then you’re fooling yourself if you think your counterparty is ‘doing’ it. The contract doesn’t matter. Until it’s the only thing that matters.

 


 

1 – Be suspicious of callers claiming to work for any tech company. The real ones don’t call.

Cybercriminals pretending to work for LastPass have been phoning LastPass users to try to gain access to the victims’ password vaults.

According to a recent report on Bleeping Computer, “the attacker combines multiple social engineering techniques that involve contacting the potential victim (voice phishing) and pretending to be a LastPass employee trying to help with securing the account following unauthorized access.”

So what? This report is about LastPass, but it could be about any online service. If you have ever tried to get in touch with the support team in any of these firms, you will realise they do not want to talk to you. Humans are expensive, and your $2.99 per month isn’t worth the hassle. So, if you get a call from someone claiming to work for such a firm and offering to help you deal with “unusual activity on your account”, you should assume they are the ones that are going to cause the unusual activity on your account!