As a Sony employee I am required to run through an annual 30-minute training course on computer security. In the past the training has seemed to be the same as previous years. Today I ran through the training again discovering it has been updated and it seemed like a whole new course, which I appreciated.
The course had the usual warnings against clicking on links in e-mails and verifying URL's before going to the sites. This year, they provided some more details that helped understand how different character sets can be different than the regular Latin letters we are used to in English. The example they provided is that a Cyrillic V looks like the letter B. Someone could then create a mischievous website using the Cyrillic V for something like the Better Business Bureau and you wouldn't know you are going to the wrong site. Having a concrete example like that really helped underscore how subtle character substitutions can cause havoc.
A new entry in this year's training highlighted mobile device security. I prefer a full-sized keyboard and so if I can keep my phone in my pocket and use a computer instead, I do. I am not normal though as the average person uses their smartphone 6 hours a day. My usage is down around an hour per day. The training pointed out a number of helpful tips to keep from clicking on malicious links that could open your device to malware and other bad actors. I decided that by doing as much as I can on my computer, I reduce my risk for security issues. Should I get a nefarious text, I now know what to look for.
Finally the training had a section on how artificial intelligence (AI) can be used to create more realistic e-mails. Bad spelling and grammar used to be dead-giveaways of scam e-mails. Now those e-mails can be created to sound exactly like your supervisor or manager. They also warned against voicemails that can sound like the people you work with. That is a sobering thought.
The point of this post is that there are some persistent thieves and crooks trying to get access to your computer, online accounts, and smartphone. It is a good practice to review security best practices to remind you to remain vigilant against those bad actors. If you are not required to run through a 30-minute training session, you might want to find a trusted resource on the Web and do your own training.