Winter 2016 Midnight Musings –
Summary: In recent months, more than a few friends who, because of my tenure in the IT industry, assume I am their personal tech support, have gotten nailed by what is colloquially knows as Ramsomware. In most cases, these situations could have likely been avoided, but for the casual trust we place in our devices, networks and browsers. Here’s my view:
Every Christmas season including this last one, when my friends, neighbors, and/or/mostly family get new electronic “toys”, primarily these days tablets, smartphones and laptops, I get a phone call. 50% of the time, the new device has a new interface and of course, rather than doing a few minutes of research in the difference between Windows 7 and Windows 8, 8.1 or 10, they call “Uncle Ed”. Usually I can calm them down, and walk them via phone through the darkness, occasionally I do a remote login, and even more rarely, as they’ve moved away from my home-base, I have to make an on-site visit.
Part of this, I’ll admit is of my own doing. I really enjoy helping friends and family, and nothing beats that hero feeling you get when you reconfigure a new wireless printer so it connects to the family network router. Like a magician, I almost want to say “…and VOILA! – it’s working”.
Of course this is a double edged sword, since now my adult children offer my help to their neighbors, complicating things a bit, especially when I have to log-in remotely to a complete stranger’s personal PC. But it still feels good to know that I can help – (In my imagination I see my son’s buddy high-fiving my son with a “Damn, your dad is smart!”). More likely, they thank my son, and I get no tribute for my intellectual fortitude. No sweat. Part of being a dad.
Lately though, a rash of hostage negotiations things that I thought only happened to corporations and businesses with massive amounts of valuable data are happening to people and their small businesses. It’s called Ransomware.
As one of my colleagues defined it, Ransomware is the marriage of a computer/device virus with theft by fraudulent means. It doesn’t matter if you have NO business associated with the machine or device you are reading this post from. You likely have photos, notes, videos, personal contacts, tax and personal financial information, that if stolen would put you in a world of hurt.
Case in point: A close friend for more than 30 years owns a couple of shops servicing visitors to the NJ Shore beaches during the summer, and then offers other “shore goodies” during the year online – think Salt Water Taffy. He has PCs in his stores, tied to inventory and billing software. Out of nowhere he gets a notice that his files have all been encrypted (by the FBI no less), and for the small sum of $500, he can buy a “key” that will allow him to get back his data, and restore his business to full functionality. Of course, he pays the ransom, gets his key, and promises on a holy book he will backup his data daily, train his staff not to click on emails, and (with a little guidance from yours truly) learn to hover over a link that pretends to be from UPS only to fool the user into downloading a virus which gets into the system and generates the worm that creates the problem. Then calls me to tell me how proudly he got out of this mess without me.
I could use a more polite way of saying this, but I was really PISSED OFF at:
- Mark (not his real name) a Cum-Laude graduate of Princeton University didn’t have a single back up of any of his data – period.
- His assistants who handle all his company transactions without even BASIC training on bogus website (phishing) scams. Like, if its in the SPAM folder, just delete it.
- Some sub-human, probably sitting 12 time zones away, in his PJs enjoying Fruit Loops swimming in Mountain Dew, had the ability to generate an income by simply fooling people to press a mouse button.
- The software publishers who, given the newsworthy stories on the hacking of businesses in the Fortune 500, have us rely on Anti-Virus, Anti-Spyware, and Built-in Firewalls, cannot simply better ferret out a bogus site impersonation.
The above inspired me to write this New Year reminder, for all of the sophisticated LinkedIn readers who use a computer (which should be at least 50%) or other device (the other 50%). You see, not just PCs are at risk for Ramsomware as evidenced from the image below from an Android device.
Don’t depend exclusively on email filters to find spam and/or other bogus solicitations from email servers. As I mentioned previously, if you have the slightest doubt (start by hovering your mouse over the link and see if the alleged email from UPS.com really goes to UPS.com) don’t do it.
Though the focus of this post is for personal use, let me add that if you have responsibility or concerns at a business for the security of your company data, considering hiring a professional, certified IT security professional for an audit. In addition, ensure that security protocols including browser and email training are a written part of your onboarding process for new employees. Mandate password changes at least twice a year, and treat audit compliance as seriously as if you caught someone stealing from petty cash. One particular pet peeve of mine is peer-to-peer sharing software on company machines. Seriously, if you are going to allow downloading of music from the Pirate Bay in your office, you don’t need to worry about locking the doors at night.
In 2014, the Wall Street Journal published a report that the #1 target of hacking attacks were not banks, securities firms, utility companies, or mass transit – it was the largest law firms in the United States – the AmLaw 100. Is there any other place where the most important business contracts, M&A plans, medical litigation, and more potentially volatile data resides than those databases?
Last but not least, while using TOR servers (look it up) may make tracking these evildoers difficult, I believe it should be considered a serious crime, with serious punishment. As an American, I am concerned with the hacking of our government and military assets by foreign countries as anyone else. But as a business person, I am even more concerned about the process by which these heinous activities are treated seriously by our lawmakers.
To summarize, it’s now 2016. Basic housekeeping for individuals must include backing up your devices at least daily, treating your personally identifiable information (PII = social security numbers) and similar data like it was cash, and realize that the digital age comes with lots of benefits, and an equal number of risks. PLEASE take the time to get your most important information in the Cloud, and/or on a backup drive, and/or on another device completely.
Final thought. Back in the 80s there was a popular TV cop show called “Hill St. Blues”. Just before the police officers would head out for their shifts, the sergeant would always announce (differently each week) “And hey, hey, hey. Let’s be careful out there.”
Please do likewise, my friends and colleagues, and have a healthy and safe (and prosperous) 2016!
As always, feedback on my post is welcome, and if you found my musing of any value, please like, share and re-tweet my Twitter link to it. And of course Thank You for reading what I think.
Please press the Follow button above before you go.