We are now in part 4 of Antidote to the wire fraud epidemic and we’re focusing on how you fight it with practical IT controls with:
- Upgrade your email account log on to two factor authentication
- Run an antivirus on your computer
- Use complex passwords everywhere and changing them often
- Encrypt your hard drive
- Be aware of sudden changes in business practices
I suggest you watch the video. It’s easier to understand if you are a visual/audio learner. The content below is the same as the video. It’s for those who learn by reading.
We talked about, “how do you fight it?” and prevention is the key. IT controls keep the scammers out of the system. As you will remember from the previous segments, we had a CEO (total techie too) whose e-mail account was hacked and because of this, he wanted to share the lessons that he learned. He suggests:
What does “two factor” authentication mean? Just a fancy way to say “2 things to verify”. The 1st factor is usually an e-mail account password which all of us have. The 2nd factor is usually a code that is sent to your phone or a call with the code and you have to enter that code to access your email account.If you enter the right code, you get access to your email account. So it requires two steps to enter your account and for any hacker, they would also need to steal your phone or have access to your phone and to your computer. If you lock your phone, this is also a deterrent.
I know for most PC users that this is very standard but if you use a Mac, sometimes people get complacent and say “Ah, there aren’t that many viruses. Hackers don’t really target Macs.” Well, that’s not the case. As I’ve explained in the story, the CEO used Mac extensively and exclusively. When he ran his antivirus program, he found that he had 17 viruses. He was expecting 1 or 2 but 17 would mean that the hackers downloaded other malware onto his computer after they got access to his email account. They exploited thatto get into his wider company system. So even if you’re a Mac user, you’re not safe unless you use an anti-virus program.
The easiest way to follow this discipline is maybe to use a computer-generated password. I can hear you guys groaning because I groaned when I heard this. I have a hard time remembering 2 passwords that keep changing, much less now having computer-generated passwords but if you take your security seriously, this is something that you also need to consider.
Remember, complex passwords means a combination of letters, numbers, special characters (!, @, #, $, %), and longer length. It is not just names like your cat, dog or your mother-in-law, your kids, your wife, or your husband. Use something a little more complex than that.
Apple has offered this option in OS 10 for the past few years. There’s a performance difference but it’s very negligible, particularly if you are using a solid state drive. For PCs, this is something that you can also do. Maybe you don’t encrypt all data on thehard drive but particular folders that you want to protect.
For example, if someone you currently do business with suddenly sends you an email from their personal account when all the previous correspondences for official business has been from a company email, you may want to question that. Verify also through other channels that you’re still communicating with your legitimate business partner because someone may have hijacked their account and now pretending to be them. It may be a case where the e-mail address looks fine but pick up the phone, call them and say “Hey, I got this email from you. Did you really send it?”
These are the IT controls that we suggest.