November 2021 Cybersecurity News & Tips | FBI Email Hack & Ransomware How-To’s

View this email in your browser
Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.

If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
In this issue:
Month's News in Review
Upcoming Speaking Events
Must Read Articles This Month
Cybersecurity Tip of the Month
Enjoy this month's newsletter? You can use this link to post on social media or send to friends! Thanks for sharing!
This Month's News in Review

Cyber Security Basics: Do our nation’s most vital agencies employ cybersecurity best practices?

The breaking story this month came to us just days ago with the news that the Federal Bureau of Investigation faced a hacked email server due to a vulnerability in one of the Bureau’s software infrastructures. The threat actor sent a fake email to thousands of email addresses that the Bureau had on file in connection with the Law Enforcement Enterprise Portal (LEEP) that serves to aid individual government agencies. So what happened here? It seems something as basic as a misconfiguration allowed the hacker access, with relative ease, to the FBI’s external email infrastructure. While the Bureau was quick to convey that no internal systems were breached, it still begs the important question of how cybersecurity basics and best practices can be followed. Ironically, the bug appears to be that the website leaked one-time passwords that are supposed to be used to validate that a new account “owns” the email address it claims to be coming from. In an amazing twist of irony, TCE Strategy has found this same vulnerability in two recent website vulnerability assessments we have run for our clients. It’s always preferable to have vulnerabilities pointed out by a proactive penetration test rather than by a hacker.

Next, we discovered this article on 5 Ways to Approach Ransomware Negotiations by James Coker from Infosecurity Magazine. If you’ve ever wondered how you or your business might negotiate in the (hopefully) rare chance of a ransomware attack, these steps are incredibly insightful to follow. We’ll break them down for you here:

1. "Be respectful." It may seem counterintuitive, but Coker emphasizes the importance of being kind, even to those not being so kind to you. It's already bad enough that you're dealing with a ransomware attack. Best not to make matters worse by cursing your hackers out and making them even more hostile towards you.

2. "Ask for more time." Though you may be bullied into paying the ransom by a certain day, if you ask for more time "this can give victims more opportunity to assess their options, for example, if they are waiting to see if they can get backups for the stolen data," says Coker.

3. "Promise to pay a small amount now or a large amount later." Collectors are out to do one thing: collect. Waiting is not in their skillset or mindset. "Adversaries are likely to want to conclude the negotiation as quickly as possible. Therefore, victims should try and take advantage of this mentality during negotiations."

4. "Convince them you cannot reach the ransom amount." Offering to pay a much smaller amount of their demand may seem risky but if you're able to convince them that what they're asking for is too astronomical, you may very well get away with it. 

5. "Don't tell them you have cyber-insurance." Hack advised: “keep the fact you have cyber-insurance secret, keep the files off your network. You might even want to go as far as making an agreement with your insurance company that they also keep it a secret on their end.”

Robinhood Data Breach: On (cyber) Wall Street, Robinhood, one of the world's leading apps for trading disclosed on Monday, November 3rd that it discovered a data breach in its system that affected nearly seven million of its customers. Personal information including email addresses, names, and for a small amount, even DOB’s and Zip codes were revealed. How do we secure our credit and trading privacy? We need to have financial penalties in place that make it in Robinhood’s best interest to prevent data breaches. In the absence of laws with stiff fines, I’d recommend taking your trading business elsewhere. Here are 10 alternatives to Robinhood.

Until next month, stay safe!
Upcoming Speaking Events
If I am coming to your town, state or country and you are interested in a speaking event for your company or organization, please let me know! There are a number of terrific cities on my 2021-2022 schedule already.

November 18th, private webinars, UK, Italy, France, Germany, China, Japan and the USA

December 1st-2nd, 2021, Vistage presentation and workshop, Omaha, NE

December 15th, 2021, Vistage presentation and workshop, San Diego, CA

January 17th, 2022, Society for Information Management conference, virtual

January 27th, SIM North Central Region CISO panel facilitator, virtual

February 1st-3rd, 2022, Vistage presentation and workshop, Orlando, FL

March 9th, 2022, Vistage presentation and workshop, Minneapolis, MN

March 22nd, 2022, Vistage presentation and workshop, Minneapolis, MN

April 21st, 2022. Society for Information Management keynote speaker, Minneapolis, MN

May 10th-11th, 2022, Vistage presentation and workshop, Philadelphia, PA

May 17th-19th, 2022, Vistage presentation and workshop, Huntsville, AL

Interesting Articles

Fourteen of the world's leading computer security and cryptography experts have released a paper arguing against the use of client-side scanning because it creates security and privacy risks.
No legitimate company will EVER call you asking for your multi-factor-authentication credentials. Plenty of cybercriminals will, though.
It appears that the NRA's lack of cybersecurity best practices may have shot themselves in the foot.
Are you considering a VPN to encrypt your data when on unknown networks? Here is a good article on some winners.
Cybersecurity Tip of the Month

                            “Why Cybersecurity Matters” 

It’s safe to assume that if you’re reading this newsletter, it’s because you care a great deal about cybersecurity. Both for yourself and for your business, you understand why cybersecurity matters. But what about your friends, family, and co-workers? Do they care as much as you do? And because it is really that important, do we know the things to say to make them believe it too? Here are some tips to help others understand the importance of cybersecurity:

  1. Read the news. Outside of politics and COVID, cybersecurity is easily the #3 most popular new theme of the past few years. This isn’t a coincidence.

  2. Talk to your friends and family. Cybersecurity attacks have become like car accidents -- we all know someone who has been seriously impacted by one, if we haven’t ourselves.

  3. Knowing about cybersecurity makes you cool. You will be the envy of your neighbors. Cybersecurity awareness makes you more attractive to your existing or prospective significant other. It will make you lose 10 pounds. It will regrow hair where you want it and will remove it from where you don’t. It will raise your gas mileage and lower your cholesterol.

OK, #3 may be a bit over the top, but cybersecurity awareness will help keep your money and your personal information safe. That’s a big deal.

Forward Forward
We want your feedback!
< On a scale of 10, how helpful was this newsletter?>

Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.

Our mailing address is:

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

You can reach Bryce at

Subscribe to Newsletter

Browse newsletter archives: