The Most Important Lesson You Are Not Hearing About Apple’s iOS FaceTime Glitch

 The most important lesson about Apple’s iOS group FaceTime debacle that you are not hearing about should be a wake up call for everyone (Tuma explains this glitch on WFLA in Tampa, FL):

  • If Apple, through a programming glitch, has the ability to allow someone to use your iOS device as a microphone to listen to your conversations without you even touching the device or knowing it was in use, then Apple can do the same thing through purposeful programming.
  • If Apple can use programming to access your microphone, then it can also access your camera the same way.
  • If Apple can do this, so too could nation states with sufficient access to the programming (If you doubt this, read this story of UAE hackers).
  • If Apple and nation states can do this, so too can criminal hackers, with sufficient access. (Tuma explains more about this on WIOD in Miami, FL)

For decades our whole society has enjoyed the benefits of technology without accepting the responsibility of guarding against the privacy and security risks that go along with it. We have taken those things for granted and now it is time to pay the piper and become more responsible by being more cyber aware and using good cyber hygiene.

This is not just for the companies that provide this technology and collect and use our data. This is for all of us — we the people must learn to protect ourselves against these risks. (Tuma explains more about this on WJIM in Lansing, MI)

Here are a few points to consider to think about how we can do this:

  • There is no such thing as 100% security when it comes to technology or data. There is always some measure of risk involved in the cyber realm.
  • As you go through your day, imagine someone is listening and watching you through your telephone and think about what aspects of your private and business life you are unecessarily exposing through the technology and data we use.
  • This isn’t intended to be alarmist and suggest that you purge all technology from your life, however, there are ways to minimize unnecessary risk:
    • Do you really need your telephone in the private places you go, like your bedroom or restroom?
    • Do you really need to share your company’s deepest, darkest secrets in an email when it could have been done in person?
    • Do you need to have your telephone sitting on the table when you are discussing extremely sensitive private personal or business information, or, would that conversation go just as well (or even better) without the telephones?

 

Protect Your Company Against W-2 Business Email Compromise Attacks During Tax Season

The most likely “cyber attack” that your company will face will come in the form of an email. One of the most common forms of email attack is the business email compromise (BEC) and the most popular time of the year for the W-2 version of BEC is right now — tax season.

Read the full blog post to make sure you and your company are equipped with answers to:

• What is a W-2 BEC Attack?
• How Do Attackers Use the W-2 Information?
• Why Do So Many of These Attacks Happen During Tax Season?
• What Can You Do Now to Protect Your Company?
• What To Do if Your Company is Hit by this Attack?

READ MORE

Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case

The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record $16 million — an amount that is almost three times the next-largest OCR data breach settlement of $5.55 million.

While these numbers are interesting, what is the takeaway for business leaders?

It all started with an employee opening and responding to a phishing email:

phishing-3390518_1920

Anthem discovered cyber-attackers had infiltrated their system through spear phishing emails sent to an Anthem subsidiary after at least one employee responded to the malicious email and opened the door to further attacks. (HHS Press Release)

While this may be shocking, it is neither new nor unexpected. Most cyber incidents are a result of failures of basic cyber hygiene, not super sophisticated James Bond-like attacks. Read more about this in 1 Step to Improve Your Company’s Cybersecurity Today.

Trump and Kanye West Bring Emphasis to #CyberAware Cybersecurity Awareness Month With Password Example

October is National Cyber Security Awareness Month in the United States. There is excellent cyber awareness content available by going to #CyberAware and #CyberAvengers hashtags on Twitter and visiting The #CyberAvengers Website for free resources, including this free Good Cyber Hygiene Checklist.

President Trump and Kanye West put a big ‘ole Texas-sized exclamation point on the [need for?] #CyberAware campaign with Kanye’s password demonstration while on national tv in the Oval Office.

Politicos will spin this a million ways. Security folks will go back and forth between laughing and crying — and maybe do both at the same time. But, the important thing is that we learn from this and use it as an example to help educate others. I thought there was no better way to do that than by putting “Trump”, “Kanye West”, “Password”, “Cybersecurity”, and “#CyberAware” in the title — how’s that for getting a wide range of attention? 🙂

All joking aside, what are the most important lessons you take away from this example and can you use this lightning rod example to help educate your team, family, and friends about good cyber hygiene?

“Hacked” Facebook Account — or Cloned?

Dear friends who keep talking about “hacked Facebook accounts”:

When there is an account that is pretending to be your account on Facebook (or other social media platforms) that is sending friend requests to others, in most cases, this does not mean that your account has been “hacked” (i.e., inappropriately accessed by someone other than you).

In most cases, nothing has happened to your account. Rather, someone is attempting to “clone” your account by making a new account that appears to be you by using your information and pictures. When this happens, your account has not been “hacked”!

If this happens to you, go to the profile pretending to be you and report it to Facebook. The pictures below show you how to do it.

Given all of the hysteria about this right now, just do not accept new request from people on Facebook immediately and let them sit for a while — give it a few days before accepting them because if the account is reported to Facebook and then taken down, the illegitimate friend request will disappear.

If you’re interested to learn more about the real “Facebook Hack”, you can listen to these radio segments where I discussed it: