Cybersecurity for HR Pros

Christina A. Danforth interviews our most recent instructor Michael Wilson about current cybersecurity threats. To learn more sign up for Cybersecurity for HR Professionals: http://www.hrjetpack.com/courses/cybersecurity-17

Posted by HR Jetpack on Wednesday, May 17, 2017

Christina Danforth of HR Jetpack invited me to join her this morning for a Facebook Live Chat about the WannaCry Ransomware. During our 15 minute conversation, I offered a bit of the history to explain where this malware came from. We also talked about what business leaders need to do to keep themselves safe and secure in these crazy times we live.

I apologize for the poor quality of the video. It seems that the audio and video weren’t got out of sync on their way through Facebook Live. Having said that, I do hope you will listen because I’m really happy with the amount of information we were able to share during the chat.

If you find this useful or informative then please check out my course on HR Jetpack: Cybersecurity 101 for HR Pros. It was developed with HR in mind, but the material is applicable to anyone who would like to be safer and more secure in their use of modern technology.

Facebook Mobile

Photo Credit: geralt via Pixabay

Beware of Fake Facebook Accounts

Not As They Seem

Recently I have helped several friends and colleagues deal with a scary Facebook scheme. The first email from them always starts with concern because their friends are getting friend requests from them on Facebook. It is a huge red flag because they are already connected as friends, and they sent no such requests. Many people assume, incorrectly, that their account has been hacked.

The real cause is often that someone (or an automated bot) has made a new account in that person’s name. They even copy the profile picture and banner photo. After closer inspection, the imposter’s account is clearly fake. It doesn’t display the history of posts, pictures, and other personal information. It is just a shell. The goal is simply to become friends with as many of your real friends as possible, presumably for data mining. Most people see a name and face in the friend request and accept it without questioning or investigating first.
Read More

The Scam

On May 3rd, news started to break that there was a new kind of phishing attack aimed at Google users via Gmail and Google Drive/Docs. I first saw a report on the Google Docs phishing attack in a post on r/Google. The author detailed (with screenshots) how attackers attempted to get control of his Google account.

The scary part of this is that it abused existing Google systems to gain access to the accounts of anyone who clicked their way through the “Allow” screens thinking they were about to get to a document sent by a friend or colleague. It even bypassed login verification and 2-Factor Authentication mechanisms that may have been in place to protect the account. It is a reminder that many attacks aren’t really “hacks” so much as social engineering where the attacker tricks the victim into giving them exactly what they want.
Read More

Overview

95 percent of assessments revealed employees were actively researching, installing or executing security or vulnerability testing tools in attempts to bypass corporate security.
Dtex Systems Insider Threat Intelligence Report

The data shows what we all know anecdotally; people get frustrated by web-browsing restrictions in the workplace. To avoid tracking and blocking software, employees are turning to VPNs, TOR, and other anonymity tools.
Read More