Welcome back to the TCE Strategy monthly technology and cybersecurity newsletter! The mission of this publication is to cut through the clutter of cybersecurity news stories and provide you with the most important, relevant and actionable cybersecurity information.
If this newsletter adds value, fantastic! That is the goal. Please forward it on to friends/colleagues. If not, no hard feelings. Please look to the bottom for an easy to click "unsubscribe" button.
This has been a month full of twists and turns in the world of cybersecurity. Let’s get down to it:
T-Mobile had a huge breach of confidential data, much of it from existing customers and potential customers that never had any sort of business relationship with T-Mobile. Why is our data so easily passed from one company to another without our knowledge or consent? Because our “consent” is hidden on some obscure page of a ridiculously long contract or agreement that no one in their right mind would ever take the time to read, but somehow it still holds up in court. Legislation requiring simple, easy-to-understand contract language along with legislation that places the fundamental ownership of our data squarely in our hands as human beings would be ideal. Shame on you T-Mobile for your lax security and your marketing practices where you buy up confidential data on people in the hopes of marketing to them.
What constitutes disclosing a breach? Does saying that it would be bad if a breach occurred WITHOUT EVER SAYING THAT ONE HAD ALREADY OCCURRED count? A $1 million “enforcement action” against a company called Pearson plc claimed that it does not count. As much as a million dollars sounds like a lot of money, Pearson’s revenue is over $4 billion annually. Heck, their CEO makes over $10 million a year. Regrettably, a $1 million fine likely incents companies like Pearson plc to put out similar misinformation in the future, as the benefit to doing so outweighs the penalty. Matt Levine’s newsletter on the topic is a stellar read and I recommend you consider subscribing to it. I have no financial or personal relationship with Matt Levine. I’m just a big fan of his newsletter (and his writing style).
Microsoft zero-day vulnerability is being exploited in the wild, and the fix came out last Tuesday. DO NOT OPEN EMAIL ATTACHMENTS OF MICROSOFT OFFICE DOCUMENTS THAT YOU WERE NOT EXPECTING. Patch all Windows computers ASAP.
Apple is trying to roll out a new feature to identify and block child pornography. Sounds great in theory, but the ability to discern child porn from innocent pics of one’s family is extremely difficult for a computer to do. There is also the issue of using this technology for all sorts of nefarious purposes (think: What could hate groups do with technology like this? Just remove the “child pornography” search criteria and insert any other sort of group of people you want to benefit / persecute / discriminate against / give special favors to / etc…) This technology is coming and there is no way to stop it. Much like nuclear weapons, the devil will be in how we allow it to be used as a society.
Until next month, stay safe!
Upcoming Speaking Events
Live events are becoming a reality! Virtual seminars are also being done in high numbers. Please feel free to reach out if you have an event in mind.
September 14th, 2021 Viewpoint Collaborate User Conference
September 21st-22nd, 2021, Vistage presentation and workshop, San Diego, CA
September 23rd, 2021, private webinars, UK, Italy, France, Germany, China, Japan and the USA
October 5th, 2021 Viewpoint ProContractor Summit
October 12th-14th, 2021, Vistage presentation and workshop, Minneapolis, MN
November 2nd-5th, 2021, Vistage presentation and workshop, Louisville, KY
March 22nd, 2022, Vistage presentation and workshop, Minneapolis, MN
May 17th-19th, 2022, Vistage presentation and workshop, Huntsville, AL
I'm not buying it. These commitments are easy to make, but harder to keep unless there is an economic incentive to do so. I'd rather see the gov't pass laws that make larger corporations NOT spending billions on cybersecurity too expensive to not do it.
If someone calls you claiming to be from Microsoft, hang up. It's much more likely to be a scam than from Microsoft. Why would someone from Microsoft be calling you out of the blue?
I wholeheartedly agree with this article. Essentially every ransomware case my company has worked was launched late at night or on an evening. The bad guys want their ransomware to have time to spread and encrypt everything before it's discovered.
Putting weapons systems on the Internet is a BAD idea. Heck, I'm against putting home door keys on the Internet, but literal missiles? Seriously?
Cybersecurity Tip of the Month
With the recent list of data breaches potentially exposing your personal data, now might be the time for a refresher on freezing your credit. Concerned about someone taking out a credit card or loan in your name? It’s a very reasonable concern, and since the Equifax breach in 2017, it’s one that you can largely avoid by placing a credit freeze on your information with the companies that handle this data. The three largest are Experian, TransUnion and Equifax. It is now free to freeze and unfreeze your credit (they used to charge for this “privilege” of keeping yourself safe, similar to how phone companies used to charge for not publishing your name in the phone book. Pure robbery.)
There are a few reasons to not freeze your credit. It’s inconvenient to unfreeze it when you really do need a new loan or credit card. Credit checks also occur in unusual places, such as changing cell phone providers or moving utilities (water, power, natural gas, etc.) into your name. That being said, I think it’s the right thing to do for most people, especially now that it’s free to freeze and unfreeze it.
To freeze your credit, you must contact each of the three major consumer credit bureaus (Equifax, Experian and TransUnion) and request a credit freeze. You will need to provide your name, address, birth date, and Social Security number. After answering a few identity verification questions, you will receive a PIN that can be used to unfreeze and refreeze your credit report. Credit freezes are required by federal law to be offered for free by all three credit bureaus.