Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
In this issue:
Month's News in Review
Upcoming Speaking Events
TCE Strategy in the News
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review
Happy December! It’s hard to believe another holiday season is here. The joys of holiday festivities are coming up and the anticipation of a New (and hopefully much better) Year are upon us. Regrettably, the holidays normally cause a sharp increase in cybercrime. It will probably run rampant this time of year as it has in years past. Not to worry, however. We’ve broken down some recent cyber news, a good data protection strategy, and tips for staying ahead of the bad guys during the Holidays. Here we go!
Apache Log4j2: Shields up, red alert!
Last week, an attack on a previously-unknown vulnerability was discovered and made public. Two huge issues here:
1) The exploit code to take advantage of this vulnerability is available on the Internet for anyone to download, including cybercriminals.
2) The system that it attacks (Apache Log4j2) is in a huge number of things: from Minecraft (yes, that Minecraft) to VMWare of parts of Okta, this is being called the biggest cybersecurity issue in a decade, and it may well turn out to be.
For home users, stop playing Minecraft until further notice. For technology professionals, we have a long road ahead as patches come in from here, there and everywhere. You need to scan your environments for this vulnerability. You need to consider taking impacted systems offline for the time being. If your impacted systems are Internet-facing, TAKE THEM OFFLINE RIGHT NOW. Do not pass GO! Do not collect $200. For developers, start working to update to Apache log4j 2.15.0.
Some antivirus companies are claiming to already be monitoring for attempts to exploit this vulnerability, which is a positive. This is a developing story so please do your own research. Here are some good areas to start:
One-time use emails. Good idea? We may be onto something here.
Ever thought of ways to scam the scammers? Well, okay, they’re not scammers (depending on how you look at it), but they are companies that are trying to track your every move on the Internet. Not sure how to slow them down? Here’s an idea: use fake email addresses.
You might have used “anonymous” email addresses before. Have you ever bought or sold something on Craigslist? As a way to protect both buyers and sellers not just from data collecting companies but from scam artists and even potentially dangerous people, Craigslist set up an email system where in order to communicate with someone, you have to go through an email address that is generated by Craigslist. The email address is relayed to/from Craigslist, without either side knowing the real email address being used by either party. Without a real email address, no personal information is exchanged. No possibility of selling your email address to others. No chance of unwanted spam from this transaction.
There are several ways Big Tech keeps tabs on you, but one of the most prominent ways is by linking and tracking your page visits and shopping habits through your email address.
Consumer Reports columnist Thomas Germain outlined this in an article. He says when you use fake email addresses across several different companies, “That means companies won’t collect quite as much data on details such as your political views, shopping habits, work life, hobbies, and finances. And, as a bonus, using a fake email address can also cut down on spam.” Sounds like a Christmas miracle!
Turns out it would be quite a bit of work to create several different email accounts for all the things you would need them for. But, in a stroke of pure genius, a number of companies have done the work for you. “Sign In with Apple” and “Firefox Relay” are two such services that will help you create faux emails for all your consumer needs.
Until next month, stay safe!
Upcoming Speaking Events
If I am coming to your town, state or country and you are interested in a speaking event for your company or organization, please let me know! There are a number of terrific cities on my 2022 schedule already.
December 15th, 2021, Vistage presentation and workshop, San Diego, CA
I disagree with some but not all parts of this article. That being said, I vehemently disagree with this: “It’s almost impossible these days to not have a fully patched Windows or Mac system, because they pretty much force updates."
I wonder if this was targeted specifically at Planned Parenthood or if it was coincidental. Despicable either way.
Cybersecurity Tip of the Month
How To Stay on Top of Cybersecurity Ahead of the Holidays
It may seem like these are common sense, but you’d be surprised how a simple reminder of cybersecurity best practices can make a big difference and go a long way this Holiday season.
Ditch the gift cards. They’re just too easy to hack and scam. Stick to cold hard cash if your creative juices have run out (or if that’s all they really want).
Make sure you have Multi-Factor Authentication (MFA) on all accounts you care about, especially any financial institutions you use. Any fraud involving your bank accounts, emails, and social media accounts this time of year could really put a damper on your holiday plans and add undue stress.
Consider a gift for your family and friends of a premium plan on a password protector. There are a lot of good choices out there (Dashlane, Lastpass, 1Password, etc.). $60 a year for a family to stay password protected? Now that’s a great gift.
The start of a new year is a wonderful time to re-evaluate all passwords, practices, security measures and patches. Both for yourself personally and for your business, determine that you won’t go into 2022 vulnerable to cyber attacks.