Cybersecurity leaks can be blamed on HR departments


Today’s cybersecurity is different than 5 years ago. We could build up firewalls and protect routers with more and more diligence and improved software. Even AI plays a part in helping us secure networks.

There will always be hackers and they will always be learning. They are very smart and have a lot of time to spend getting into networks.

With the growth of 5G, people seem to think that the network is the weakness.

Oh no superheroes, the weakness is you!

I have bad news for you, it’s not going to be 5G that is the weak spot, just like 4G was not the weak spot.

It’s really the user. That’s right, it’s not the smartphone but when the user falls for some hacker’s quick trick that allows them to gain access to information on their phone. That is if Google doesn’t sell that information, just kidding, they would never give your name, just the data that you give them. 

Oh, and they take all the same classes and training that network engineers take. They never stop learning and looking for workarounds. That’s just it, they know that the networks are harder and harder to hack. Not impossible for someone who has the time, but then they have to figure out what they are going to do once they get in. 

Once they’re in, what good is that? They have to figure out what to get into next.

That’s where you come in.

This is where we can blame HR for security leaks. They need better training that is focused on the individual, not mass training that covers all types of personalities.

Where is the cybersecurity risk? The biggest and easiest one to hit? 

It is you! At least the workforce. Including me. We are all at risk. There are so many ways for them to target the workforce or even the individual. These guys know what they’re doing. 

It’s called social engineering. While that sounds like you may be studying Facebook and Twitter, it goes much deeper than that. 

Keep in mind that they have so many tools to learn about us, me and you. They have Facebook, LinkedIn, Twitter, and tons of other social media sites we all love and rely on. To them, these are all tools to learn everything they can to know something familiar about you and me. All of us.

It’s the main tool of today’s hackers. I learned more about this through an online class put together by Kevin Mitnick. I don’t represent Mitnick Security in any way, but I loved the class. It was awesome. That guy was a hacker and now he prevents people like us from getting hacked. Thank you, Kevin. (No, he didn’t pay me nor do I get anything by recommending him, I just really appreciated his course.)

He talked about what hackers go after today. Let me make it short and sweet, it’s you. Not just you, but for me, and anyone who works for anyone where a hacker may want access. 

Not just your business, but your bank accounts and your personal information. Even to log onto your social accounts to pretend to be you. It’s all happening today.

Let’s look at the ways they do it, this is just a high level and I am only pointing them out to you so that you can be prepared. 

Also, I want to point out that while these fall under network security in most businesses, they should fall under training and HR. This should be the primary concern of HR to prevent any of this if possible. 

Larger companies should have HR and training resources dedicated to the prevention of social engineering leaks. I just happen to know someone who has an app for that. 

Here are a few examples. Do you think of how you may have fallen for one of them?

Spear Phishing and Phishing

OK, the thing is that you probably were already a victim of this. After all, it’s just a simple email that you get from someone you think you know. Like Amazon, Wells Fargo, Visa, or anyone. 

It looks harmless enough, and yet, when you click on the link it does not work. Naturally, you blame the internet, your windows laptop, or your crappy connection. 

Who would think that a large company would ask you to update your information in the first place? 

Oh, that’s right, they use to ask for that all the time, jerks.

So today we get hit with these requests so often that when they really do need something, we delete it. At least I do. 

These always look harmless, unless you really pay attention. You will notice that there is always some sign that doesn’t make sense. The email may be goofy or the link looks strange. You really need to stop and think. 

Unfortunately, we don’t want to slow down. I mean I have things to do and Google will put up my name and password for me, right? Not if it’s a scam, they shouldn’t. 

We need to slow down, smell the coffee, and pay attention to the bogus email in front of us.

Vishing

This is just like the email, but even more personal. The hacker will call you. They will ask you to log onto a website or send them information. While this sounds crazy, it works more often than not.

IT may be calling and asking for your help. They may want to get into your laptop to take your information or hold your laptop hostage. 

It could be your bank or some other trusted business that you may not suspect. Unfortunately, this works because they come across as someone trustworthy.

Not only that, but these people generally know something about you and where you work. How creepy is that? 

So, when they speak like an old friend, what can you do? You immediately have some level of trust even though you never met this person before. 

Once you hear them and they seem to know a lot about you, they would never ask you for your name or password, you’re too smart to fall for that. What they would do is ask you to log onto a website so that they can have you update your password or let them take a “look” at your laptop.

There you go, they now have access to either your laptop or your password. 

Fake Profiles on Social Media Sites

I would bet you didn’t remember this, but chances are good you are aware of it. On Facebook or LinkedIn, maybe even a headhunter site, someone starts talking to you about something you’re interested in. 

Like dating, a new job, or a hobby. You email each other then they send you a link that looks like what you want. Only it doesn’t work, but meanwhile, they may have gained access to your laptop. 

You trusted this stranger and they totally used you!

Sometimes, you need to be very careful. Change your password if you have to. 

I see this on LinkedIn all the time. Mysteriously someone appears and they have to profile but they reach out to hundreds of people on the same day. Who has that kind of time?

On Facebook, this happens all the time. I don’t know about any of the others but I am sure it happens all the time. 

Be careful when you’re on these sites. 

Rogue Wi-Fi

This is the most dangerous thing in my opinion. This is something that every company fears. Why? Because it’s so unobtrusive. 

The hacker just needs to be close to you. They can do the rest and your device may not know any better. 

All they do is have their own Wi-Fi hotspot, a strong signal. What does your device do, it thinks that stronger signals are sexy. So, if you’re not cautious, that bitch will connect to the stronger signal. 

If someone is smart enough to make their hotspot look like Starbucks or Xfinity, why wouldn’t you join? 

If you think it never happens, just look at all the articles on it. Many even tell you how to do it.

Stop it at the device. 

  1. The best thing you can do is pay attention to what network you’re on. Also, delete old networks on your device. 
  2. Do not auto-connect, ask it to ask you first unless your network is absolutely trusted. Maybe your home network.
  3. Never use hidden networks, they may be hidden for a reason. 
  4. Don’t reuse Wi-Fi passwords and don’t leave them at the default.
  5. Only get on public Wi-Fi if you have to. 

On your router, make sure you have WPS disabled. It appears that allows hackers to gain access. 

Once again, you have to pay attention to what you’re doing.

You don’t have to be an expert

I’m no expert and I probably will get hacked. There are so many ways but the above methods seem to be on the rise today. However, the old tried and true methods are still out there,

Remember not to fall for these:

  • Fake files in your email, especially if they want your password to open them. This is a way for them to steal your user name and password, possibly to gain access to your laptop.
  • Shared documents that you are not expecting, again, they just want to steal your username and password. 
  • If you find a USB drive on the ground, do not plug it in, just smash it. It is an old trick that relies on your curiosity to see what it is. 
  • Pay attention to what you’re doing all the time!

Why would they do this?

They want something. Usually money.

  • Information about your company is valuable and is worth something to someone.
  • Your banking information is a way for them to steal money directly from you. 
  • They can get your information and pose as you to gain access to anything you have access to.
  • They can hack your email, change your passwords, hack your accounts, then hold it all for ransom until you pay.
  • Believe it or not, they sell a lot of information to email lists, like spammers. Apparently, they get a lot of money for that information, even if it’s your name and email, maybe where in the world you’re located.
  • Most hackers don’t use it themselves unless they see an easy opportunity. Most of them sell it to someone who wants to hack that company or steal from that bank.
  • Sometimes they sit on the information for a few months until the scare is over, then they sell it to someone trying to hack credit card accounts or something like that.

Where is this happening?

Again, it could be coming from anywhere, but it depends on which scam.

Most of you know the IRS scam where they called and asked for bank cards. These were actually called centers set up in India and Pakistan. It was easy for them since they do most of the support for the big banks from there. They already had a call center model and so many numbers given to them by American businesses. They may have supported some companies that dealt with IRS laws and practices.

So, it was simple to set up a robocall and have every number in the USA. Then, unsuspecting people would call back and because the IRS fills Americans with fear, people did what they asked. 

In the USA, the IRS has a reputation that they can take everything you have by saying you didn’t pay your taxes, although, that has not been my experience.

Taxes are hard, and when I make mistakes, they send me a letter, snail-mail, and ask me to correct it and they give me a timeline to do so. They were really nice to work with. 

Again, they sent a letter through the good old USPS, United States Post Office. 

Anyway, thousands, if not millions of Americans fell for that, mostly the older retired Americans.

The call center in Pakistan got rich, not the people that called, they worked on commissions. But the owner, probably the same guy that set up call centers for other American businesses.

You know what the Pakistani and Indian Governments did to them? They didn’t care, especially about Americans who probably put too much money into their economies. 

Nothing. They didn’t do one thing. 

 

If someone knows you or is trying to get access to your company, then they are very close to you and where you work. Creepy right?

If they break into your Wi-Fi, then they are very close to you. They could be a neighbor that wants free Wi-Fi or to do cybercrime or steal from your hotspot so they are not detected. It happens quite often.

If you are in a Starbucks, on a plane, or someplace public, a Wi-Fi scammer could be sitting right next to you.

Again, how creepy is that?

If someone is looking at corporate espionage, then China and Russia are known for this. 

The thing is, people from all over the world are doing this. We can’t look at one group and find them. They are everywhere. 

It all starts with you protecting yourself and your data. 

Protect yourself!

You may work out and take self-defense classes to defend yourself from a physical attack. 

You may add alarms and cameras to protect your home.

For data, even the latest virus scan software can’t protect you from everything.

It’s up to you to defend yourself.

What can your company do?

Get HR to start screening employees and potential employees. They have to have the first line of defense. They have to screen people before they are hired or at least look at their workers and know-how to train them.

Like I said earlier, there is a way for an app to help you identify the people that work for you and how they may be vulnerable. It is being released by CyberConIQ, cyberconIQ.com – Save Yourself From Yourself – Save Yourself From Yourself. Official website for cyberconIQ Ltd. and should be available to the public today. It is currently in development and the lead is John Dolmetsch, jdolmetsch@businessinformationgroup.com, so reach out to john and ask him about how his app is changing companies from the inside out. 

Just for fun:

If you want to see the scammers get scanned, watch the brilliant James Veatch at https://youtu.be/_QdPW8JrYzQ to see how he deals with it. 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s