Pulse Check on Cyber Security
The morning before I spoke on a webinar to an audience of 1,100 people in December, I double checked my website to make sure everything looked ship-shape. So imagine my horror a few hours later when, after the webinar ended, I got a flood of emails from attendees telling me they couldn't access it. One kind person sent me a screenshot of what came up when he typed in www.thegrayrhino.com: a Secret Santa Shopping Site! I went from mortified to furious when I found dozens of fake subscribers from Russia -addresses that didn't match the names on corresponding emails, all of which ended in .ru- had signed up for my email list despite the double opt-in set up to prevent such things. They had both blocked email access and waylaid the website.
My web guru recommended a set of additional cyber-security measures, which should hold me for a while, knock on wood...
My decidedly not-fun experience was hardly isolated. It was part of a bigger trend of cyber security incidents that affect all of us. Right after the U.S election in November, a Russian Trump fan named Vitaly hacked into Google Analytics so that his notes appeared in search results (see the graphic below). A new, sophisticated gmail phishing hack fools even experienced users into handing over their passwords. Increasingly, companies are reporting ransomware attacks that cost companies an estimated $1 billion in 2016. And then there was the whole U.S. presidential election hack hullaballoo.
Yet concern over cyber security appears to have fallen between 2014 and 2016. Could that be not despite, but because the issue is so ubiquitous?
I've lost how count of how many executives I've heard quote the maxim that there are firms that have been hacked, and the ones that don't know (yet) that they've been hacked.
In November, I keynoted the Business Continuity Institute World Summit, a group of professionals whose job it is to anticipate and deflect possible threats to their organizations. The event took place in London, where everyone was abuzz over a hack of Tesco Bank in which criminals stole £2.5 million from 9,000 customers. Nevertheless, a murmur went up when I asked the audience, "When was the last time you changed your password?" The reaction from this highly sophisticated crowd confirmed that even the best of us can fall short when it comes to tasks that are key to our safety but tedious.
In fact, those of us who are so focused on a topic may overlook the basics even as we focus on the big picture -again, not despite but because the threat is so obvious.
That's why we need to create habits to help us check in with ourselves regularly to keep ourselves safe.
Please, please: go change your passwords now. Put in a recurring reminder on your calendar to do it regularly. And make a point of reviewing cyber security practices in your workplace and making sure everyone is forewarned and educated about how to deflect the new Google phishing scam and ransomware threat.