Trump and Kanye West Bring Emphasis to #CyberAware Cybersecurity Awareness Month With Password Example

October is National Cyber Security Awareness Month in the United States. There is excellent cyber awareness content available by going to #CyberAware and #CyberAvengers hashtags on Twitter and visiting The #CyberAvengers Website for free resources, including this free Good Cyber Hygiene Checklist.

President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.

Politicos will spin this a million ways. Security folks will go back and forth between laughing and crying — and maybe do both at the same time. But, the important thing is that we learn from this and use it as an example to help educate others. I thought there was no better way to do that than by putting “Trump”, “Kanye West”, “Password”, “Cybersecurity”, and “#CyberAware” in the title — how’s that for getting a wide range of attention? 🙂

All joking aside, what are the most important lessons you take away from this example and can you use this lightning rod example to help educate your team, family, and friends about good cyber hygiene?

“Hacked” Facebook Account — or Cloned?

Dear friends who keep talking about “hacked Facebook accounts”:

When there is an account that is pretending to be your account on Facebook (or other social media platforms) that is sending friend requests to others, in most cases, this does not mean that your account has been “hacked” (i.e., inappropriately accessed by someone other than you).

In most cases, nothing has happened to your account. Rather, someone is attempting to “clone” your account by making a new account that appears to be you by using your information and pictures. When this happens, your account has not been “hacked”!

If this happens to you, go to the profile pretending to be you and report it to Facebook. The pictures below show you how to do it.

Given all of the hysteria about this right now, just do not accept new request from people on Facebook immediately and let them sit for a while — give it a few days before accepting them because if the account is reported to Facebook and then taken down, the illegitimate friend request will disappear.

If you’re interested to learn more about the real “Facebook Hack”, you can listen to these radio segments where I discussed it:

5 Key Things In-House Counsel Can Do to Help Their Businesses’ Cybersecurity

internet screen security protection
Photo by Pixabay on Pexels.com

Cybersecurity is a team sport and many people within a business must work together to help effectively manage their businesses’ cyber risk. In-house counsel plays a critical role in this process. A recent Law360 article (subscription required) identified the following key things they can do:

  1. Develop, implement, and table-top test an incident response plan
  2. Advise executives on their ethical obligations (and make sure to mention insider trading on knowledge of cyber incidents)
  3. Have an awareness of applicable laws and regulatory standards
  4. Understand and help manage third-party risk from vendors and business partners

I am adding one more because it is critical: Ensure the business has appropriate cyber insurance to address its unique risks.

Beware: a new scam using key elements of phishing and shame hacking

Cybercriminals are using yet another new twist on the old email phishing attack: they email people claiming to have infected porn sites with malware that allowed them to take over the recipient’s webcam and record them sitting at their computer watching porn and if they don’t pay up, the video is going public. I discuss this new method of attack in the video above.

For people who know they have never watched porn on their computers, this probably isn’t too effective. For everyone else, this threat of public shaming can be a powerful motivation to comply with the extortion demand.

This is another example of what I have often described as shame hacking, the use, or threatened use, of purportedly hacked data for embarrassing or extorting people by threatening to expose such compromising data if they do not comply with the demands made of them.

Shame hacking is one more way that cyber criminals have learned to monetize the fruits of their criminal actions and represents an increasing trend for how hacked information can and will be used for many ways. I have blogged about other cases where hackers have relied on shame hacking for profit.

Dallas / Fort Worth CBS News station in Dallas / Fort Worth did a story about this latest attack and invited Shawn Tuma on to explain more about it. See story here

Why do you need a cyber attorney? Shawn Tuma explains in Ethical Boardroom

spring2018In my latest article in Ethical Boardroom article, I explain some of the not-so-obvious reasons why you need an experienced cyber attorney on your team: Why you need a cyber attorney (Spring 2018)

Here are other Ethical Boardroom (@EthicalBoard) articles that I have written or contributed to that are also available for free: