28 May 2019

Your Friends Siri and Alexa Have Changed IT Security

Your close friends Siri and Alexa may have done more to change how IT staff are re-inventing how they think about Internet security than years of tech tips and training sessions.

In a Siri and Alexa world, we normal humans are trained to believe that what you need is a click or voice prompt away. Anything. And, it should just work.

Never mind the thousands of Amazon human workers all over the world that are the ones actually listening to your Alexa chatter to decipher your slang or unique New Orleans accent (yes, its shockingly true, learn more).

What Siri and Alexa have done is they have trained us to believe that technology just works, and works in a secure and private manner, all the time. This omni-trusting state of mind is causing IT staff to re-think how they try to train staff – or forget about training, automate more.

At a recent meeting with IT staff at a large law firm, the IT staff expressed concern that their use of TLS for email transmissions make it secure and easy, but only 80% of the time (based on their actual message traffic research). And, their dilemma was, as they expressed, the lawyers were not all that interested in doing something more to secure those two in ten emails sent with client sensitive information in plain text (click to read more, Tech Essentials article, “Not All TLS is Created Equal”).

For us humans, it’s easy to push “send” on a reply email, text or instant message, especially when the note appears to be from a trusted source. It is easy for someone to spoof (fake) the sender address to trick you into believing the message was from a trusted source…and even have your reply routed to the imposter so that they can engage in a back-and-forth message string all the while posing as your friend.

And, we humans love clicking bad links in “phishing” attacks. Now these don’t just happen via email… Criminals use text messages to trick consumers into providing personal information. These so called “smishing” scams typically appear as urgent requests for information from your bank or credit card company, or someone you know and trust. Smishing uses simple texts as well as popular messaging apps to request confidential data. These work because it’s easy to quickly text a response or open a link, and hard to identify the actual source.

We humans tend to trust simple text emails. It is easy for someone to alter text in an email or an Outlook Read Receipt to make it appear an email sent to someone was read by them at a point in time; or change what was said/sent/received. (Watch this video to see how easy it is to alter an email or Outlook Read Receipt).

For those who have not placed all trust in Siri and Alexa and do make human mistakes, Tech Essentials recommends you continue to become more aware of tech reality beyond the sound bites. Tech Essentials recommends you view the Wealth Counsel recorded webinar, where RPost CEO Zafar Khan presented a CLE credit session for Wealth Counsel members. In this session Khan uncovers the common myths and misconceptions related to email security. Wealth Counsel is a national trade organization of estate planning lawyers.

Click here to listen to the Wealth Counsel Email Security Myths and Misconceptions webinar recording on-demand.

For those who unconditionally trust Siri and Alexa, well, good luck.


To learn more about RPost products, visit www.rmail.com or www.rsign.com