Tag Archives: cybersecurity

Three Words for 2018? We Got This!

IMG_2843

Over the last week, I have been thinking about 2018. I don’t know about you, but 2018 snuck up on me. One moment I was caught up in the day-to-day of 2017 and the next moment 2018 was just a couple of weeks away! After my initial panic, I thought – well, it’s great because I get to think of my three words. Three words? Well, if you haven’t been on this journey with me before, I shall explain. In 2012, I met and was inspired by Tom Hood and he introduced me to the Three Words approach, which came from Chris Brogan. At the start of every year, now, I sit and think about what three words I would like to guide me through that year. During the year, I come back to those words, to help center, direct and motivate me. Over the last few days, I have thought about how to make this work better for me, and I determined that I must display these words to remind me, even when I am not thinking about being reminded, to move me when I feel stuck and to hold me accountable. I say this in part because, 2017 was a challenging year for me and I found that I often lost track of my guiding lights. Involved in, and sometimes overwhelmed by, the moment, I often forgot to even look for my words. Putting the words everywhere, will go a long way to keeping me mindful of that.

Last year, I started looking back over my year and I have found this to be a great way to assess how things went and to help me set my intentions for 2018. My three words:

Imagine. This is the first word that came to me. During 2017, in part through work and volunteering with the New York State Society of CPAs and the AICPA, I have had some truly new experiences. I have learnt how to play poker and how poker skills can benefit me in the workplace; I have worked with a team to consciously inch towards better health – physically, emotionally, and spiritually – and that has included laughing more and skating in Byrant Park; I have collaborated with incredible people and presented in various spaces, from a national conferences to a college campus. During the year, I have been involved in conversations that have opened my eyes, that have ventured into spaces that are often afraid to even tiptoe into, that have renewed my hope when things have seemed bleak. I have often reminded myself to listen and to hear because that is when I find the moments that hit me hard and that get me to imagine and those moments are incredible. When we imagine, and step outside of what we know, we can find brilliance, we can find understanding and, just as important, we can also see and revise the not so great. In 2018, I want to imagine without fear of where my imagination will lead me. I want to imagine and be okay with when what I imagine doesn’t always work out. I also want to make sure that I make the time and space for my imagination. Back in 2015, I tried to create space for me to be bored, which is a big part of creating the space for imagination and, as the exercise stated, brilliance. It did free my mind in great ways and, looking back and looking at now, I know I need a lot more boredom in my life. And I still haven’t finished my Starry Night jigsaw puzzle!

Innovate. During 2017, I listened and took part in conversations about change. The conversations were about artificial intelligence (AI) about blockchain (and cryptocurrencies, like Bitcoin) and about cybersecurity. Other conversations were about what diversity, inclusion, and belonging mean and if and why it is important. We had conversations about what to do about all the change happening in our professions, in our world and in our lives. We talked about how we react to it and how we can embrace, be ahead of and even create greatness out of all the change. Beyond the conversations, we brainstormed and tried new things. We looked at the new approaches other took and ran with them. I spend a lot of time looking at challenges and how, sometimes, people take the same approach to resolving them and see minuscule results. As much as we tout how “change is good”, it is a human thing to resist changing the status quo. During this year, I want to innovate. I want to collaborate and brainstorm and determine to try something new. I want to embrace the difficult conversations, appreciate and improve upon feedback and, on my part, provide truly constructive feedback. I want to remember the power of synergy and never forget that the best innovations come through a community of people sharing, listening and taking risks.

Act. My third word came to me after I wrote and thought about my 2017 look back. When it comes to training, I have established and go with what gets me to success. If I have a race, I print up a daily timetable that includes rest days, cross training days and exactly what I shall do on each day (distance, goals, tempos if needed). The night before every training, I put out exactly what I am going to wear on the day and I determine my route. I think about and take away all my excuses so that, when I wake up, I just do exactly as planned and that gets me a step closer to where I need to go. I keep my schedule on the wall and tick off each day as I go along. During 2017, I often did not apply this approach. As a result, especially where I felt the stakes were high, I became adept at getting cold feet, at second-guessing myself and at putting things off until I decided it was too late to do them. There are many reasons why this happened but knowing the reasons and doing nothing about them is not helpful. I am going to do more acting in 2018. To help me do this, I am going to find the ways to take away my excuses, and I am also going to be more realistic about what I can get done, so that I don’t end up doing many things in a mediocre manner that only serves to disappoint me and others. I also must remember to be kinder to myself when I act and to see the power in action. I must remember that it is through action that I can bring value and have impact.

Before diving into 2018, I want to take a moment and meditate upon my previous three words:

2013 – Change, Discover & Motivate
2014 – Transform, Pursue & Collaborate
2015 – Receptive, Synergy & Service
2016 – Learn Fear & Community
2017 – Embrace, Persevere & Monchu

Several years ago, I went to Hawaii with friends and decided to take surfing lessons. I was a couple of months out of surgery and hesitated before I went out – I wasn’t at full strength, everyone else was going on a fun outing and I would be doing this solo, as no one else was interested. But, I had been thinking about taking a surfing lesson and I had told my surfing neighbor (who ultimately became my husband) that I was going to take a lesson and that made me feel accountable. During the lesson, I fell countless times, I scraped my knee and sometimes even got to the point where I was able to ride a wave while kneeling on the board. Then, I stood, and rode, and didn’t fall off. It was glorious and totally worth every fall, and the skin missing from my leg. When I finally fell off the board, I rose out of the water with a victorious yell! It is this that I must remember – it is a journey but it can only happen if I Imagine, Innovate AND Act.

Happy and wordy 2018 to you! Please share with me – what are your words for 2018?

Advertisements
Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Makes You WannaCry

ransomware

A couple of years ago a lawyer friend told me about clients who were coming to her office, panicked because their computers had been locked by parties claiming to be the FBI. In order to get their machines unlocked, these fake FBI agents demanded to be paid a ransom. On Friday, over 200,000 machines were locked by people (I assume it was more than one person) who did not even pretend to be good. They encrypted the information on these machines and demanded $300 to $600 per machine or, they threatened, all the data on those machines would be destroyed. This type of attack is called a ransomware attack. A program is introduced into the machine, and it locks and encrypts all the data on the machine. A message pops up on the infected machine demanding that money be paid, almost always via bitcoin. Once the ransom has been paid, the message says, a method to unlock the machine will be sent. If the ransom is not paid within the time demanded, all the data on the machine will be erased. So much of our lives, both personal and business, is stored on computers; can you imagine what would happen if your computer was locked? The mere thought makes my heart speed up.

Earlier this year, a hacker crew called Shadow Brokers released several tools used by the National Security Agency (NSA). Among these tools was one called EternalBlue and this tool exploited a flaw in Microsoft Windows. Armed with the information that was leaked, Microsoft created a patch to fix this flaw and released this patch in March. Perhaps you have now read this far and you are wondering, if the patch was released in March, how did this massive attack happen in May? How many times has a message popped up on your machine while you are in the middle of something. The message tells you that an update is available for your machine. You see it, but you are in the middle of something important. You close the window and delay the update. This can happen over and over again. Some people, irritated by the notices, turn off the alerts altogether. Now, these automatic alerts are only available on versions of Windows that Microsoft is still actively supporting. So, if you have an older version of Windows, such as XP, Windows 8 or Windows Server 2003, you no longer receive alerts for updates. Either way, there are millions of machines that were vulnerable to attack on Friday. And on Friday, ransomware aptly called WannaCry, wreaked havoc all over the world.

It is believed that the attackers gained access to computers and systems using infected zip files attached to emails. People opened emails and clicked on attachments. These emails did not come from friends and the people clicked on attachments, not knowing what they were opening. Taking advantage of the fact that many organizations store their computer information on servers, making all users interconnected. The WannaCry ransomware, once released by one user, made its way through the interconnected systems and attacked other machines, even those belonging to people who did not click on the infected attachments.

This attack has made many things apparent:

  • Keeping secrets can sometimes go very wrong. The NSA knew that there was a vulnerability in Microsoft Windows. If it was not for the Shadow Brokers leak, Microsoft may not have discovered this vulnerability and they would not have developed a patch to fix it. One can also argue that, if Shadow Brokers had not leaked this information, the hackers may not have known to create WannaCry and none of this would have happened in the first place. I have found, though, that generally speaking, secrets are not kept that way forever.
  • When I wrote about the fake FBI attacks, I stated the importance of keeping your computers up to date. I cannot stress this enough. When the reminders pop up on your machine to update your software, update your software. Install the security fixes. If you don’t want to be disturbed, set up a timetable so that your machine will automatically check for and install updates on a regular basis. Remember, also, to restart your machine on a regular basis. Many installations are not complete without a restart and some updates are triggered by a restart.
  • We live in a time where everyone receives more email than they want to deal with. We run the risk of making careless mistakes, opening up emails and clicking on attachments when we have no idea who sent the email and what is in the attachment. Nowadays, you are almost lucky if the only thing that the attachment does is send out a lot of spam to your friends. More often, click on that attachment can lead to hackers stealing information from you or holding your machine hostage. Sometimes, even when I receive an email, with an attachment, that appears to be from a friend, I will double-check with the friend to make sure that they have sent the email and their account has not been hacked. The extra step may seem tedious but, enough times I have found out that my friend was hacked, so I keep asking when I am suspicious.
  • If your operating system is no longer supported, you should consider getting new software that is. I say this with mixed feelings. Like most people, I hate being forced to buy something when what I already have has been working well for me and when I don’t like the new version. I feel scammed being made to spend that extra money and if the world only contained righteous people I would tell you to keep your software and change it when you are ready. But, we live in a world where people are ready to take advantage of an opportunity to get money out of you. Microsoft stopped providing support for Windows XP in 2014. This ransomware is specifically taking advantage of this fact. It’s a shame, but it is the way it is.
  • Back up, Back up and back up some more. If you are regularly backing up your machine and keeping the backup either in the cloud or on an external drive, you know what you can do when your machine is held for ransom? You can ignore the ransom demand because you have your data saved some place safe. The clock can tick down, the files on your machine can all be delete and, even though it will suck to restore everything, you can do so.

On Monday morning, people are going to go to work and turn on their machines and many machines running Windows XP or that have not been updated in months will be open to attack. Many of those that are attacked will want to pay the ransom because their data has not been backed. Just weeks ago, articles were written about how British hospitals spent nothing on cyber-defense.  On Friday, they could barely function. Maybe they had started having meetings and started discussing taking steps to protect their systems. But, like we all do when that warning popped up, they put it off. I am sure right now they are wishing they had done something to protect themselves because they had to scramble to fix a disaster.

Tagged , , , , , , , ,
Advertisements