Blake Dowling
Do you need a break from Putnam, Donald, Kim and all the other headlines raging this week in the Sunshine State and our nation?
How ‘bout we talk cybersecurity, so you can make sure you have all the bases covered (baseball analogy for the upcoming College World Series).
Are you familiar with “social engineering?” The term gets thrown around a lot in cybersecurity circles, but according to Webroot:
“Social engineering is the art of manipulating people, so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software — that will give them access to your passwords and bank information as well as giving them control over your computer.”
In the political, lobbying and business world we live in, we have long, complex passwords, perimeter security devices, layered anti-spam and anti-virus tools, someone watching the network with a remote monitoring tool, real-time backups, etc.
Social engineering bypasses all that.
I am sure everyone remembers former Hillary Clinton campaign manager John Podesta. He got a bogus email from Google, saying he must change his password now, which he did. It was subsequently stolen (as it was not really from Google).
The ramifications were significant, as we all know.
Now think about how former CIA Director John Brennan’s personal email account was similarly hacked. That’s right. The CIA.
Hackers called Brennan’s internet provider, Verizon, and claimed to be from Verizon customer service trying to fix an issue with their client. They didn’t stop until they had his Social Security number.
The hackers took that info, did a password reset and — presto — complete access to all his email.
In Florida, I have personally seen phishing attempts to local, association and lobbying entities were hackers dig up info on key personnel in the organization, an attempt to impersonate them.
If your email address is posted on your website, the bad guys can find it. They then create a fake domain resembling yours and reference something in the news to make the email sound legit and ask for money.
As an example, Bob gets an email from his accounting person saying they need $4K to put on a rally in Miami, the individual needs the money wired because they “can’t use a credit card.”
You would think there’s no way this would work, but occasionally it does. I have seen it happen.
Last week, I took a call from a client who said Microsoft is calling them to do some maintenance and needs their password. As I have said before it is hard enough to get a call through to Microsoft, they certainly never call you for anything, ever. This is an attempt at a hack. What if you have an intern at your office or a campaign volunteer. Do they know about this? Or would they give their password to “Microsoft” putting all of your data in jeopardy?
Sometimes you can’t even trust the security companies as widely known security giant, Kaspersky was hijacked, or maybe even involved in some cyber shenanigans.
Here in Florida, we must protect ourselves every day, especially with some huge elections on the horizon.
Just like college football (and elections), Texas, California and Florida are the states you want to watch, and all eyes — including hackers — will be looking this way. Just like last time.
Make sure you and everyone on your team are ready.
___
Blake Dowling is CEO of Aegis Business Technologies. He can be reached at [email protected].
