Time For Annual Security Training

As a Sony employee I am required to run through an annual 30-minute training course on computer security. In the past the training has seemed to be the same as previous years. Today I ran through the training again discovering it has been updated and it seemed like a whole new course, which I appreciated.

The course had the usual warnings against clicking on links in e-mails and verifying URL's before going to the sites. This year, they provided some more details that helped understand how different character sets can be different than the regular Latin letters we are used to in English. The example they provided is that a Cyrillic V looks like the letter B. Someone could then create a mischievous website using the Cyrillic V for something like the Better Business Bureau and you wouldn't know you are going to the wrong site. Having a concrete example like that really helped underscore how subtle character substitutions can cause havoc.

A new entry in this year's training highlighted mobile device security. I prefer a full-sized keyboard and so if I can keep my phone in my pocket and use a computer instead, I do. I am not normal though as the average person uses their smartphone 6 hours a day. My usage is down around an hour per day. The training pointed out a number of helpful tips to keep from clicking on malicious links that could open your device to malware and other bad actors. I decided that by doing as much as I can on my computer, I reduce my risk for security issues. Should I get a nefarious text, I now know what to look for.

Finally the training had a section on how artificial intelligence (AI) can be used to create more realistic e-mails. Bad spelling and grammar used to be dead-giveaways of scam e-mails. Now those e-mails can be created to sound exactly like your supervisor or manager. They also warned against voicemails that can sound like the people you work with. That is a sobering thought.

The point of this post is that there are some persistent thieves and crooks trying to get access to your computer, online accounts, and smartphone. It is a good practice to review security best practices to remind you to remain vigilant against those bad actors. If you are not required to run through a 30-minute training session, you might want to find a trusted resource on the Web and do your own training.

Digital Privacy

This afternoon I checked my personal e-mail and received a message claiming to be from my company. While I work for Sony, my personal e-mail is through a domain that I own and it looks like another company. The message claimed to be from the admin account and said that I had 3 undelivered e-mails because they were SPAM. My e-mail account has a different filtering mechanism and I would never get an e-mail from the "admin". I had a link I could have clicked but I'm sure the results would have been nefarious. This is what is known as a Phishing attack. Paying attention helps ensure I don't inadvertently install a virus or malware on my computer. This has the potential of releasing all sorts of personal information to bad actors that can steal my identity, drain my bank account, and ruin my credit.

Your digital privacy is very important and you should do everything you can to protect it. Being aware of potential phishing attacks is only one step of many. I also limit the information I share with various websites where I have login accounts. I never provide my social security number nor do I provide my birthday. There are many websites that require a birthday simply to verify age. I use the same fictitious date for such occasions and avoid providing my real birthday if I can help it.

Another trick to maintaining your digital privacy is to limit your payment information. There are a lot of websites that want to make purchases as simple as possible and so they offer to store your credit card information. Then you just have to hit the "purchase" button and it automatically bills your credit card. I actually have my primary credit card memorized and re-enter the information every time I make a purchase from infrequent accounts. It only slows me down a few seconds but gives me piece of mind every time I receive an e-mail about websites being hacked and payment information stolen.

One final word of caution is to severely limit who has access to your bank account information. This includes debit cards. Once someone gets into your bank account, it is very difficult to get your money back once it is gone. By using credit cards for all payments, you have a level of protection that ensures you don't lose any money. You just need to notify your credit card company about fraudulent transactions and they will credit your account while they investigate. You may have to provide additional documentation but most credit card companies will catch the invalid purchases before you do.

Unfortunately there are some thieves out there and the ubiquity of the Internet makes it easy for a small number of bad guys to inflict harm on a large number of good ones. Taking your digital privacy seriously will help reduce damages. I just wish there was a sure-fire way to keep yourself 100% secure.  

Another Apple Mistake

I think Steve Jobs would die he wasn't already dead and if he knew what his successors were doing to his company. I used to be a big fan of Apple and their products. That is changing at an alarming rate. This last week was the crowning moment that has me avoiding everything and anything to do with Apple. I even had a pear for breakfast this morning instead of the usual red fruit.

Last week I was in a meeting when a coworker walked in and asked me to try and log into our company's virtual private network or VPN. While other coworkers could accomplish the task on their Window's-based laptops, I couldn't on my Mac. I logged a support ticket with our IT's help desk. They got back to me and said that Apple turned off Java. Our IT department had a workaround that solved the problem but it left me with a few questions.

I did a quick search on the Internet and discovered that the Department of Homeland Security sent out a warning that running Java in your browser could open you up to potential security threats. Apple then decided to turn off Java running in browsers on every Mac computer connected to the Internet. My first question is: How did they do that? A good second question is: If Apple could screw up my computer, doesn't that mean someone else could? If I was an unscrupulous hacker and found out about Apple's little trick, I would be looking for a way to exploit it.

Frankly it scares me knowing that a company can reach into my computer and make modifications without my consent. While I have been happy with Apple in the past, I'm not any more. It is time to start looking for another laptop, tablet, and phone supplier. At least it gives me something to write about.