Low Hanging Fruit

There is a business saying “Low hanging fruit”, usually describes something that has big rewards for little or no work. That also applies to cybersecurity and cybercrime.

When it comes to cybersecurity, I work both sides of the street. (Yes, say it now and get the cheap laughs out, “I’m a street walker…”). Now back to the point at hand.

If I am lucky I get called in to help lockdown security before something happens, if I am unlucky, i get called into the lockdown security after people have gotten religion, and are looking for hackers in every ping request.

Do the simple things first,

Assume for a fact, “YOU ARE A TARGET!”, and you are, if not for what you have, what you have access to, or the resources you control. (BE VERY HAPPY, you only got blacklisted for a spambot trojan)

Scammers are coming in from all directions, with all kinds of novel and stupid approaches. Email, phone calls, and texts, you must think very clearly about what you are presented, and ask yourself, “Is it too good to be true?, “Does this sound right?”, “Am I too excited?”.. Stop and think before you click. (YOU DID NOT WIN THE <FOREIGN NATION NAME> NATIONAL LOTTERY.)

And as for phone calls, if it is not a robo caller, its’ an aggressive fool. I have had the “Head of CyberSecurity” for the firm I work for call me and threaten to fire me if I did not give him access to my computer. Because I had a virus and was placing the company at risk.. One can imagine how long I kept THAT fool on the phone. So do beware.

Get a password manager, and stop using “Pa55W0rd12345” every place you go. (Yes, have a different password for your bank account and your porn hub account.)

Enable Multi-Factor authentication every place you can.

Patch, Patch, Patch. Modern operating systems make that task much easier. Just pay the tax and wait whilst your workstation updates after a reboot. (You are running a modern OS, aren’t you? Windows XP is NOT modern)

And whilst discussing patching, make sure your applications get updated as well. (Yes toss that copy of Office 2010, and get current, it will save you much grief)

And whilst composing this missive, comes the tweet, that the US Treasury Department has been hacked .. Yep, it’s real, and yep it’s ugly out there, so take care, and use common sense.