The Text Conversation with My Cybersecurity Savvy Wife
A while back, I helped my son get set up with a bank account. I was traveling and had a few minutes between meetings, so I hopped online to fill out the necessary forms. After completing the standard name and address type of information, I got stuck when the form required me to provide my routing and account number information.
My wife’s organizational skills put mine to shame. I knew she would be able to send this information to me quickly. Since I was in a hurry, I texted her a short message: “Hi – can you send me our checking account number along with the routing number?” Almost immediately, I saw dancing dots in the messaging window, so I knew she was already on top of it. After a moment, three words popped up on my screen (in all caps): “PLEASE AUTHENTICATE YOURSELF”.
I chuckled and replied with a teary-eyed LOL emoji, which was greeted instantly by more dancing dots… Her reply: “Seriously, if it’s you give me a call right now.” As I called her, it struck me that after 20 plus years of marriage and hearing me tell countless stories about how breaches and identity theft start with a simple request, she probably wasn’t messing with me for a laugh—she was legitimately challenging my oddball request.
After chatting with her and confirming that everything was OK on my end, she gave me the information I needed to complete the online forms. But first, she explained that since I was traveling, when she received my request for banking info, her first thought was my phone could have fallen out of my pocket in the backseat of a car, or that somebody may have swiped it off a table in a restaurant. From there, recent SMS messages would give an attacker a short list of people to text/phish for account information and viewing installed apps would provide the names of my banks.
Any one of us can be a target. This week, I received an email from our HR department letting me know that my 2018 W2 was available for download and that the link would be available for only 72 hours. Spoiler alert: it was part of our company’s anti-phishing training.
Since so many more people are now working from their home offices and the lines between personal and business hours are blurred, there exists even more opportunities for attackers to exploit this virtual situation. In a recent e-Book that I co-authored called “What Are the Primary Drivers for Cybersecurity Investments in 2021?”, I stated IT leaders need to address and secure their new hybrid workforce environments and devote time and resources to:
- Ensure seamless and secure access no matter where users, applications or devices are located
- Assess the cybersecurity health of their organization and vendors
- Identify gaps in protection and opportunities for consolidation across security controls
- Streamline security operations with automation
- Guard against accidental and malicious insider threats
- Strengthen their overall cybersecurity and risk management posture
Communication/awareness and phishing training are also important aspects of securing sensitive data; empowering employees to confidently challenge oddball requests and providing supporting technologies and tools reduces the risk of comprise. These challenges are just part of the problem that needs to be solved.
Attackers are taking advantage of the new environment and technology and cybersecurity leaders are being challenged to provide solutions to ensure that risk is minimized for remote and on-premises workers. Please join us for future articles in our hybrid workforce series that is being conducted with our parent company SHI, and where our team will provide insights and strategies for enhancing the digital experience, addressing public cloud and application modernization, and ensuring that cybersecurity is incorporated into the design.