Please think before you click. This afternoon, I received a message from a person I know well, but the message was out of character. Since she is a partner in a well-known and respected architectural firm in Seattle, I responded to her message indicating to her that I thought she had sent this to me by mistake.
I got back, almost instantly a message indicating it was a document she wanted me to review.
The response message was also a bit suspicious because once again, there was no personalization. So I called her. She was out for the afternoon, but the receptionist asked me if I got an email from her and then let me know that her email had been hacked and their IT guy was working on it.
The entire message thread is shown below:
Many business people recognize DocuSign as a respected way to legally sign documents and is a 100% legitimate and security conscious company. The combination of the well-respected firm, a known relationship, and DocuSign, nearly caused me to click the link
I checked the header of the messages sent, and these messages were not spoofed but sent from her actual Office365 email account. The fact that her IT department was working on it, while the perpetrator was still responding to messages was my biggest concern. Cyber security is a job for all of us.
If you have not already done so, please review the steps you should take WHEN you find out your email has been hacked. And share this with all of your employees and customers. In this case, the first and most important step was not taken.
Many website owners take the Ron Popeil approach with “set it and forget it” and while that may work for roasting chickens, it is a terrible web strategy. If it has been awhile since you reviewed your own website, now is an ideal time to do it. Here are 8 things to look for when you are doing a website audit.
These are just a few critical items that you can review your website for to make sure your site is an asset to your company.
If you’d like us to run a comprehensive website analysis on your site, let us know! An annual website review can be a great way to start your marketing and sales planning for the new year. Request your website evaluation today!
Notice, we did not say if, but when. The number and sophistication of attacks is increasing all the time. For most companies, you fall into one of three camps,Been hacked will be hacked
or have been hacked but do not know it. We felt it would be a good time to remind folks of first steps when a hack has been discovered.
First, disconnect your network or infected systems from the Internet. Your priority is to stop further harm.
Second, clean the infected devices and restore from the last known clean backup. Restoring from a time before the hacker attacked is the fastest way to undo what has been done.
Third, determine how the hack was perpetrated and what information may have been compromised or what files were infected. Examining log files can be tedious work, but will provide logins and activity that can show you how the attack was initiated.
Fourth, make sure you notify affected users. This can be an uncomfortable step, but must be done to protect users and help prevent the problem from spreading.
Fifth, take corrective action. Hackers gain access most frequently by exploiting known vulnerabilities and secondly by careless users. Remind all users of security policies, and the need for strong, unique passwords that are not shared between users. Ensure that your system software is kept current and all patches and updates are applied. Separate functions like accounting and payroll to different servers or systems not connected to the Internet so that access to one does not provide access to all.