This year kicked most of us right in the teeth and never looked back. Despite plenty of unpleasantness, I still learned plenty of interesting things.
First, it is really hard to keep up more than one blog at a time. Yes, I’m still trying to keep this blog alive and I’m still writing. Just not here most of the time. I’ve been doing a lot of technical writing this year and it left little energy left to write the blog here at AFoolsFool.com. Yet one more sign that I need to balance my life a bit better to get everything done.
Fortunately, I was able to write a lot for others and earn some income. I wrote many of the technical blogs for Ideal Integrations (an MSP in Pittsburgh), endpoint and other cybersecurity policies, penetration test reports, and even the instruction manuals for medical equipment. I was also able to do business and financial consulting for a couple of companies specializing in internet referral income. With each job I learned new facts and new challenges, but it took me away from writing this blog.
A couple of key takeaways for folks to consider:
- Worry about Passwords
- Don’t click on those email attachments
- Attackers don’t care who you are, just if you are weak.
Regarding passwords – so many sites have been breached that millions of passwords already have fallen into attacker’s hands and they try brute force attacks all the time. And it works way too often. We can’t reuse passwords – especially on sites that matter (banking, brokerage, email, etc.).
If you want to see if your password has been leaked, a good place to check is haveibeenpwned.com which can also let you know if your email address has been breached as well. This is a free site and it is crazy to see how often our email addresses have been leaked.
Regarding email attachments, the number one attack vector for ransomware and other malware continues to be malicious email attachments. Some attackers have even started breaking into our friends’ email accounts just to send SPAM out to the local mailing lists so the malware can be delivered from trusted associates!
When we receive a strange attachment from a friend, we shouldn’t confirm via email. If possible, text, IM, or call the person to make sure they actually meant to send you something.
Lastly, so many people think ‘I am a nobody, so why would anyone try to attack me?’ While this is true, attackers actually can’t tell if you are worth attacking until after they have breached your defenses!
Attackers no longer have to specifically target a victim because they now have computers that can simply attack everything on the internet and see what breaks. Any vulnerability becomes a crack for them to widen.
Did you forget to update the operating system? Are you reusing username and password combinations? Are you tempted to click on that PDF file that claims to contain shipping information on that iPhone you definitely did not order?
We don’t have to have anything of value. Our email addresses can be used to send SPAM or our computer can be hijacked to mine bitcoin or as a botnet broadcaster. Attackers will use any resource we allow them to have.
There are plenty of resources on the internet that offer ways to avoid these pitfalls, but be sure to check more than one and who is publishing the data. Look for reputable sites and not ones that try to sell you something. One Chinese attacking group famously sold malware laden software as Antivirus! Buyer beware.
I’ll try to recap a few other items to close out the year’s thoughts on investing and perspectives before 2021 rears up and exposes the flaws in my time management again! We’ll keep the blogs short and sweet so we don’t waste your time and I have a prayer of finishing.
You need to keep writing! Time to produce! It’s 2023!!