Why "best practices" are really a good idea, now more than ever.
Laurel A. Kashinn
Thought Bridge Builder | Uplifter | Professional Résumé Writer | Certified Ghostwriter | Publisher | Editor | Communications Strategist | Strengths Coach | I help write stories of success
The term "best practices" has become a buzzword we hear all the time and consequently tend to ignore. I know I have. But recently something hit close to home to alert met to why "best practices" REALLY are important.
I have a dear relative who owns a private engineering firm. Just before Thanksgiving, his business was seriously and deeply hacked. Scary careful espionage. The hacker(s) took time to study his personal as well as business operations. Emails carefully worded to sound just like him. Sent from his personal computer to staff and vendors. And strategically timed to happen when typical checks and balances were disabled: in the middle of a physical move of the business. Plus while the firm's accounts payable person was working from home while on maternity leave. His small family firm wound up defrauded of $100K, over the course of several transactions sent by wire to a location in China. Almost lost $40K more; thank God, a note from their bank alerted them in time. The FBI and other authorities are investigating.
Only an emergency liquidation of personal assets saved them. Due to the nature of the hack, it was not covered by insurance.
Not a very nice Christmas present. But an instructive one.
Really got me thinking about "best practices." Here's four I have come up with so far.
1) Establish quality standards for all connections on social media networks
There's no evidence yet that LinkedIn or other social media played a role specifically in this hack. However, trolls are real. They are there, collecting data everywhere, 24/7, and for nefarious reasons. And they are definitely targeting small businesses. Americans who fear the government are just plain foolish. The US government is lightyears behind in its knowledge and use of technology--at a huge cost to the economy. The real concern: criminal elements.
It’s very easy to imagine skilled cybercriminals monitoring social media channels with a Hootsuite-like tool such as Alec Sadler in the eerily-premonitory sci fi time-travel saga, Continuum. Cybercriminals trolling for intel and victims like my relative's small firm.
Here's a plausible strategy. Target moving companies and hack them for lists of customers. ID owners. ID employees and functions. Hack the company. Monitor all activity across all social channels.What's going on in their lives and businesses? Flag key activities that signal hack opportunities. Moves. Maternity leaves. Crises. Bam. Firms like my relative's are hit.
I can imagine this is happening more and more often, all the time. And I found that is definitely true.
And to expect a rescue from a government entity, given the vacuum in intelligent leadership we've currently got in place, it foolish.
We're pretty much on our own, friends.
So here's my ideas for best practices. I'm sure there are many more.
Establish a standard of quality rather than quantity of connections. I think many of us are guilty of treating social media like mass media. We need to stop looking at people as numbers. It's wiser to have 100 people we are close to in our networks, who we personally know, instead of 1,000 or 10,000 that we don't.
I'm all for learning from geniuses and one of my favorites was Steve Jobs. That's the number he focused on in building Apple Computer. Steve kept a close circle of 100 in his network of advisors--never any more than that. I think that would be a great rule.
Speaking for myself, I am totally guilty of sloppy and unfocused networking habits. I have said "yes" to connection requests and now just surpassed 1,000. I figured this was a way to "build my network." Truth be told: I've never really been comfortable being connected and communicating with strangers. It feels better to aim for quality of connections instead of volume.
Know who and who not to connect with
Remember the hundreds of men named John in the cult classic film Buckaroo Bonzai, who all shared the same birthdate of 10/31 in the same town in New Jersey with sequential SSI #s? Odd patterns can be a sign of alien invasion. Or hackers.
If strangers asks to connect, check their profiles. A good rule would be to deny anyone you have no direct connections to (first, second, or third level.) Deny and report to authorities any with clear red flags: a weird photo, no history, very few connections, all connections very recent, many same-day entries, or anything else “odd” or out of the ordinary. Real people new on LinkedIn connect to real people they know; real connections happen in an organic, staggered way — not all on one date—because people are busy.
Frankly, those who are new to LinkedIn should not be solicited by strangers, ever. Historically, security was good, and this kind of solicitation did not used to happen. But lately, according to my clients new on LinkedIn, it does happen. Could that be thanks to Microsoft, LinkedIn’s new parent, perhaps? It seems to happen even to us Mac folk now too. Most likely its because the cybercriminals are just plain smart.
Bottom line: Be cautious. Deny all suspicious stranger connection requests. And report those that are blatantly off the mark.
Vet connections that are first-level connections that you’re not sure of. Send a note like:
“Hey there! I just got a connection request from (__.) Do you actually know and can recommend this person? To up-level my quality and security, I’m now cleaning up and vetting members of my network. Thanks for your help!”
What if you've been sloppy? At any time we can “clean up” our networks by disconnecting from people we don't know, and reach out to verify questionable people in our network, as above.
2) Keep sensitive information close to the chest, by assuming that communications like emails are being monitored.
If we just assume that all email communications are NOT secure, that they can and are being monitored, this would curb our tendencies to blabber away about things that someone could use against us.
Again, I'm totally guilty of this.
3) Utilize the services of security experts to analyze your operations.
Lots of firms specialize in security. Know some good ones you can recommend? Post your referrals below.
4) Check your insurance policy for fraud coverage.
I have no idea what kind of coverage I have, both business and personal. My insurance agent friends, is there coverage for identity theft and fraud? Let us know what's available these days.
Again these are just some ideas I've come up with for "best practices" that would make sense. Got any others? Thanks for sharing below!