• Security

    Who's That Knocking at Your Door?

    August 2021 by Brandon Lackey, Chief Information Security Officer, BVS Performance Solutions Reources Image

    I spend a lot of time talking to people about cybercrime and how they can ready themselves against cyberattacks. What I have observed in those conversations is that after years of breaches, ransomware, exploits, countless news stories/cycles and anecdotal tales, the hacker has taken on a near supernatural persona. It is as if these criminals are practitioners of some type of magic and that your only means of protection is to stand in a salt circle or hide in a hole.

    Fortunately, cybercriminals are not supernatural and their attacks do not involve any magic. To protect yourself and your interests from these scammers, you need to demystify what they are attempting to do and apply the same common-sense types of behaviors already in use in other aspects of your life.

    First, it is important to understand that most cybercriminal enterprises are not targeting any one of us specifically. They are opportunistic and like any business are looking to maximize financial gain while keeping costs low. Their business is generally a numbers game. Bait hundreds or thousands of people with an illicit link or malicious download and hope for a positive success rate. Even if 99% of those messages are blocked by mail/content filtering, deleted, or ignored, that 1% could prove profitable. Ten thousand phishing messages being sent out with a 1% success rate still nets one hundred victims, and as a result, one hundred paydays for the scammers.

    Second, you must shift your thinking about devices from just being things or gadgets to what they really are: storage repositories for secrets. Chances are pretty good that you have locks on your doors and windows at home, you avoid strange/unfamiliar places while alone at night, and you don't leave your valuables unattended. You probably do these things instinctively with little thought and see them as common sense. This is because physical harm or theft of material possessions is direct. You understand the need to protect yourself, your loved ones, and your home. Those things are visible, tangible and certainly feel more real than an obscure, poorly worded email or text message with a link in it. Yet attention to that obscurity is exactly what must drive our electronic behaviors and interactions. Those links should be thought of no differently than a stranger knocking on your door or a car casing your block. You aren't going to invite the stranger in for a tour of the house any more than you are flagging that car down to see if they need some coffee.

    Finally, and most importantly, become completely familiar with your digital environments. Understand what is normal and think through the unexpected. Cyberattacks are designed to illicit an emotional response, so be thoughtful. Be aware and be rational. It should then be obvious that you didn't actually win a $1000 Walmart gift card promotion, that your bank did not notify you via text message that your account was frozen, and that Apple isn't contacting you for a password update. Once you can spot the abnormal, you can then very easily categorize threats and dispatch them as automatically as you lock doors at night.

    When these behaviors become instinctive and digital interactions are treated with the same vigilance as your physical interactions, you will have hardened yourself as a target and become a better steward of your digital landscape.

  • Recent Articles

    More Articles