Criminal_Grinch.PNG

During our morning exercises in the dojo, a young student asked me “Sensei, how did you defeat a Cyber Grinch and become the Information Security Master?” As I’m sure many of you have considered asking me the same question, I shall tell you my story. As a young man, my e-mail was hacked. Spam was sent from my account to the entire village – the ultimate shame. I was cast out; ostracized by everyone. For 3 years I disappeared into the wilderness. During that time, the universe revealed to me 3 Essential Truths which I compiled into the sacred Information Security Scrolls. My inward journey completed, I returned to my village to restore my family’s honor, share what I learned and, in the process, defeated a Cyber Grinch. For those of you who are beset with Cyber Grinchs and ready to begin your path to Information Protection enlightenment, I present a condensed version of the Scrolls.

Truth #1: A true Information Security Master knows her vulnerabilities.

Acknowledging that, yes, we have weaknesses, allows us to take evasive action and avoid risky situations. Armed with that knowledge, let’s review some particularly common vulnerable areas that would-be Cyber Grinchs frequently target.

1.  Your Computer: This one is pretty obvious. The majority of information security breaches occur via a computer – whether it’s theft of the machine itself or an intrusion by way of malicious Grinch – your computer is the biggest chink in your armor. Protect it as such. Locking your computer when you’re away, anti-virus software, back-up storage (and actually USING IT), firewalls – these are all essential tools on the path to information protection enlightenment.

2.  Mobile Devices: Your mobile devices should be PIN-protected and locked when not in use. The PIN should be a minimum of 4 digits. Also, keep your phone or tablet close to you - leaving it unattended where it can be easily picked up or viewed is an open invitation for Cyber Grinch.

3.  Cabinets and Drawers: Grinchs are after more than just digital information, so lock your drawers and cabinets that contain sensitive information when you’re away from them. If they fall into the wrong hands, paper-based documents can be just as damaging. Speaking of …

4.  Printed Documents: Make every effort to reduce the number of printed documents that contain confidential or private information. However, when dealing with paper-based sensitive data, never leave it exposed on your desk. Designate a secured area to store printed documents and limit access to the area.

5.  Garbage Cans: Garbage cans are a prime target for Grinchs. Specifically, they’re searching for documents such as mail and memos that contain sensitive information. Remember, when a confidential document is no longer required for retention, shred it.

Truth #2: A true Information Security Master exercises a healthy skepticism.

Is that mushroom safe to eat? Is that water safe to drink? Does that panda really want to befriend me? These are the types of questions I faced out in the wild – questions which helped to sharpen my survival instincts. I learned to be skeptical of everything. Thusly should the Information Security Master behave when reviewing his e-mail. For example:

1.  Display Name: Do you know the sender? Is the “From” e-mail address the actual address of the sender?

2.  Links: Hover your mouse over any link. Is it appropriate? Anything out of the ordinary?

3.  Spelling: Are there misspellings or eccentric names? Cyber Grinchs are terrible spellers..

4.  Greeting: Is the greeting vague, such as “Dear Consumer”? This can be a sign pf phishing.

5.  Information Requests: Does the e-mail ask you for personal information or for a username and password? This is a sign pf phishing.

6.  Urgency: Does the e-mail require immediate action or employ a scare tactic?

7.  Signature: Is there a signature block? Can you see the name of the sender’s company?

8.  Attachments: Does the e-mail contain an attachment? If you do not know who it is from, do not open it.

9.  Trust Your Gut: If something does not seem right, it probably is not.

Truth #3: A true Information Security Master miiiight not post that.

You might be wondering “what could a weird, crusty Ninja who lived off the grid for 3 years possibly know about social media?” Well, I’ve soaked in a hot spring with a troop of macaques and it doesn’t get any more social than that. If you share something with a macaque, you can be sure the entire forest will know about it in mere seconds. This experience taught me how quickly information spreads – particularly sensitive information that can be used in negative way (CURSE YOU, MACAQUES!) With that in mind, here’s a quick list of things you should NEVER post online.

  1. Your birth date and place. Hackers can reconstruct social security numbers based on your date and place of birth. They can also use it to answer challenge questions when calling a bank or to set up new credit accounts.
  2. Your mother’s maiden name. It’s the most often used answer to security questions on many sites.
  3. Your home address. It tells everyone, including thieves, stalkers, and macaques, where you live.
  4. Messages about an upcoming trip away from home or photos while on vacation. Letting people know you’re away from home invites thieves into your home. If you want to post those vacation photos, wait until you get home.
  5. Complaints about anyone. Your written words can be liable. Avoid complaints about your coworkers or your employer. Be cautious about friending people you work with, especially those you supervise. Everything can (and will) be held against you.
  6. Your phone number. This makes it easy for stalkers, identity thieves, and anyone else looking for you to find you.
  7. Your child’s name. Identity thieves can also target them.
  8. Photos of any type of risky behavior. Insurance companies often turn to the web to obtain information about customers or applicants.
  9. Photos of the inside of your home. Thieves can see your valuable possessions and figure out the layout of your house.
  10. Open social media profiles. Lock down any profiles on social media and restrict to friends. Also, only friend those people that you trust to see your personal information. If you don’t know them, then perhaps you should not friend them.

While these tips will help you defeat most of your run-of-the-mill Cyber Grinchs, they are constantly adapting and so must we. If you want to compare notes or talk about how I can help with the Cyber Grinchs you battle, just tell a macaque or contact me directly.  

Leave us a message and a best time to contact you.

* Fields are required