The holiday season is filled with opportunities for the Bad Guys to take advantage of people who are filled with the holiday spirit, out and about having a good time and letting their guard down.  Since I work at a university, I sometimes get asked to pass along tips to increase the awareness of how easy it is to be taken advantage of. Here are some of my “Seasons Greetings:”

  • Beware of the phish
    • This is the time of year when all of the holiday phishing schemes go into high gear.  You will start to see the IRS messages about how your refund is ready – just give us your credit card number and we will put the money in your account.  Your credit card has been hacked and you need to log into your bank immediately – just use this convenient link provided that goes to some server in .ru (where ever that is) and many more.  The list of these is endless – the important point is that you will get them and need to know how to recognize them.  I am expecting the Ebola spam to start showing up any minute – making wild claims with links to “videos” of the problem.
  • Your computer has been hacked – call right away
    • This is a very effective version of the “Your computer is hacked, please click here.”  The variations on this include telling you to call Microsoft or Apple to get tech support right away – please give us your credit card number, or better yet, get a pre-paid credit card and give us that number and we will remotely log in and “fix” your computer.  Make sure that everyone knows that no legitimate company will be calling to say your computer is hacked and asking for money to fix it – nor will they be getting a pop-up asking for money.
  • CryptoLocker, and other ransomware
    • A particularly nasty version of the pop up malware is known as Ransomware – it starts out like all of the others, claiming that there is a really good reason to click here and follow the instructions.  The payload in this case is a program that encrypts the data on your machine and any drives that you are connected to.  The software then requires you to pay for the keys to decrypt your data – usually in Bitcoins (not something that everyone has lying around).  This brings me to the next tip – everyone should have backups of anything that they really want to keep, and not on a share drive connected to your machine all of the time.
  • Apple picking
    • This is not the usual IT tip, but in NYC, there are some personal safety habits that you need to develop in order to keep your electronics, especially your Apple devices.  You need to be aware of your surroundings at all time – this means that walking and texting, tuning out, or any other form of removing yourself from the here and now can cost you your phone and possibly your personal safety. The devices are replaceable, the data on the devices may not be, or worse, may be sensitive.
  • Updates, updates, updates
    • One of the more annoying realities of owning electronic devices is the constant need to update the software. This is not an optional requirement, but an essential need in order to keep the bad guys out.  Unfortunately, the typical device owners view this downtime as unacceptable and will often choose to postpone this indefinitely.

Even if you don’t work at a university, it wouldn’t be a bad idea to send out some Holiday security tips in your company newsletters – you may just avoid having your corporate drives encrypted by CryptoLocker.

Category: CISO Insights

Leave a Reply