Letter from the President - August 2018
I’m taking a bit of a detour from my usual themes this month to talk about online security. With practically every website these days wanting you to create an account for access, it’s important to manage those accounts effectively—and to protect yourself against people trying to steal your credentials or information. (I’m not going to get into why these websites want your data and whether you should give it to them. Let’s just stipulate that there can be good reasons to create an account somewhere, and leave it at that for today.)
Until recently, I’ve always been pretty good with passwords. I might not have the best habits, but my passwords usually are strong and I can usually remember which one goes with which account. (Did you catch those qualifiers? “Usually” and “until recently” should tell you where this is going.) Last week, I was trying to log in to one of the (many) online accounts that I need for my work, and got the dreaded message: “We’re sorry. Your account has been temporarily locked due to too many incorrect attempts to log in. Please wait 30 minutes and try again.” And, sad to say, this wasn’t the first time it had happened.
I like to think I have a pretty good memory, but that latest lock-out was the last straw. With the increased complexity—and frequent changes—required by many service providers, I have to admit that I can’t keep up by myself anymore. So I finally caved, and set up a password manager.
Can I just say... what on earth was I waiting for? It was super-easy to set up, and now my vaults—one for my personal email, one for work—are ready to keep all my important data safe, secure, and available whenever I need them. If you haven’t made this leap yet, just do it! There are several reputable (and free!) solutions out there—pick one that will work for you and go get it.
Once you have an account somewhere, it’s almost a guarantee that someone will try to steal your credentials—and one of the most popular targeting methods is “phishing” via email. “Phishing” refers to the practice by scammers of sending emails that pretend to be from legitimate companies to try to get you to surrender personal data such as passwords or financial information. You may also have heard of “spear-phishing,” which means phishing email that include personalized fields, like a greeting line with your name in it.
My company is actually working on combating this right now by running email security training. I’m happy to say that it’s going well—there are only a couple of people that still click on links in suspicious emails (but we’re working on that!). I always thought I was pretty good at phish-spotting, but this training has made me more vigilant. Here are some “red flags” we’ve been taught to look for:
- Am I expecting this email? A lot of the phishing I see involves links to download or sign online documents. If you’re not expecting a document, don’t click the link.
- Is it in character for the sender to write an email like this? Phishing emails often include grammar and spelling errors, or content that’s just plain odd. If you want to verify the email, call the sender.
- Do the URLs look legitimate? Hover over a link before you click on it to see if the address matches the link text. And remember, most companies will never ask you to submit personal data or credentials via email.
There are more factors than I’ve listed here (search for “email red flags”), but these are the ones I have found most helpful in identifying phishing emails.
One last thing before I wrap up: Have you registered yet for Autodesk University Las Vegas? Passes are available now, and registration opens August 8. You’ll want to circle that on your calendar to get into the sessions you want... and don’t forget the AUGI Annual Meeting! If you’ve attended one of the global AU events, I’d love to hear what that experience is like (since I’ve never been to an AU outside the US). You can reach me at firstname.lastname@example.org.
Now, go get that password manager!