17 Jul 2020

Would Yoda Have Clicked on This Email? Maintaining E-Security Vigilance During a Pandemic

Vigilance is the operative term these days, and we can’t stop hearing about having to wear masks, maintain social distance and keep ourselves muted on Zoom calls when not speaking. With so much of our energy put into maintaining new norms of behavior, some things are bound to slip. Changes as fast and dramatic as the ones we’ve experienced this year haven’t given us enough time to build the necessary habits so that we can be as vigilant as we need to be.

This applies to our electronic security as much as our physical health. The convenience of being able to buy something with one-click or send a text via voice command has created an expectation of being able to send anything to anyone with as little friction as possible and with few (if any) security consequences. You may think, “Apple/Microsoft/Facebook/Xerox has me covered when I send this photo/text/document to a friend or coworker. They are massive companies that cannot afford NOT to have state-of-the-art security baked into everything I send with them.” Unfortunately, convenience breeds complacency.

The bad news (not that we need any more of it now) is that the hacker-verse has taken note in a big way, as they are always the experts in exploiting risky behavior in others. Take this example that happened to me: Xerox has features on its machines that allow for easy scan and send functionality. The document receiver benefits from this frictionless document transfer environment too. I received this phishing email that looks a lot like a typical Xerox message asking me to open the “familiar” looking PDF attachment – familiarly named as a “Scan from a Xerox WorkCentre.pdf” sent from a seemingly benign lawyer’s email address:

Without thinking too hard about it, I could have clicked on this and entered some sensitive info that could have later been exploited. Because phishing is a simple numbers game, for every 10 people like me who didn’t take the bait, at least 2-3 did because they have subconsciously trained themselves that sending/receiving things is mostly safe and hassle free.

Some sage advice from Yoda: we “must unlearn what we have learned”. We have to train ourselves to see that convenience does not always mean safety too, and this requires continuous vigilance or use of security enhancements that companies like Xerox provide to protect senders/scanners and their recipients.

One hyper-vigilant feature that Xerox has now built into its print-scan multi-function printers is the ability to scan-and-send RMail encrypted plus, all in the same few clicks, rename the scan file so it does not have the generic hacker-exploited Xerox file name — two simple extra layers of security. In addition, more use of this feature will gradually make your recipients accustomed to receiving contextual file attachments (and become suspicious if they receive generically named attachments). RMail for Xerox is available here free and installs with a few clicks into your printer.

The good news is that there are ways to be vigilant about security without too much effort, and such efforts could help you avoid a security breach and, by their use, train recipients to be accustomed to your professionalism and vigilance.

Stay safe, Everyone.