In 2013, the Federal Bureau of Investigations (FBI) stated that cybercrime had become the number one threat to the nation, and that social engineering was rampant in 2013.[1] In fact, as of today, 95% of cybercrime incidents start with a “spear phishing” email sent to a member of the targeted organization. Cybercriminals are targeting CEOs and other strategic planners of the organization who are often exempt from security rules within the organization, and are too busy to take a few easy steps to verify the provenance of an email with a link or an attachment, or to wait until they get to their computers to click on a link sent to them via text (SMS).

So far, the solution has been a reactive approach of adding layers of technology. As the hacking attacks increase, the IT departments are acquiring more technology to guard the network perimeter, which in turn depletes government agencies and private industry of funds that should be more profitable invested in educating all members of the organization on the A-Z of using technology in private mode.
​
Total reliance in technology has proven to be ineffective against today’s modus operandi of hackers, spies and cybercriminals alike. Whenever an IT department deploys a new piece of technology to secure the network perimeter, the cybercriminals will find the way to circumvent it, as we have seen during the hacking events of the past 10 years, and on 21 OCT 2016, on the DDoS done to Dyn using the malware Mirai.
 
Moreover, cybercriminals and spies are masking their intrusions under the pretense of normal Internet traffic and they know they can count on the “click-happy” Internet user that will, without thinking, click on a URL link sent to him/her by email or text. The goal is to compromise the individual’s cybertechnology device (phone, tablets, laptops, etc.) with the malware. Then, the infected device becomes under the control and command of the hacker and it is used to penetrate the holy grail of the organization – assets, intellectual property, and username/password/credit card information, or to control the computer to execute a denial of service attack, and other cybercrimes.
 
Our nation does not have a technological problem when it comes to cyber security. It has a behavioral problem – the operator is the weakest link in the security chain. It is the manner in which the operator (CEO, grandma, a child playing computer games, stay-home mom, receptionist, and anyone touching a device that connects to the Internet) opens an email with an embedded URL (regardless whether the sender is a known or unknown subject), uses portable devices, and applies privacy measures what it is causing this wave of cyber-attacks.  
 
Therefore, every organization must have a program to educate all employees and executives, including board of directors, on risk management in the cyberspace domain. It is not enough to tell a person to be cautious while opening an email. A good educational program, like the program Meta provides, will show the step-by-step procedure to safely open an email with an attachment or a URL link regardless whether a known or unknown individual has sent it; how to properly configure an iPhone and Droid phone so it provides privacy as a precursor of security; how to secure the devices that constitute the Internet of things.  Although 100% security is not achievable in any domain, this action will considerably reduce the probability of falling into the list of cybercrime victims.
 
There is a great movie out called IT starring Pierce Brosnan. It shows the perils of having a smarthome… where all the devices are connected to one single point of entry: your WiFi router. The movie is creepy, accurate, and a great thriller. J
 
This movie also makes you ponder on the official definition of Operational Security (OpSec) that I often see written in corporate guidelines and also in the government sector guidelines to users. The definition goes “OPSEC is a process to deny potential adversaries information about capabilities and/or intentions by identifying, controlling, and protecting unclassified information that gives evidence of the planning and execution of sensitive activities.” I have used bold typeface and underline the text that makes people believe that only computers with proprietary or critical information ought to be configured in private mode. This, in part, is causing the problems we see today with 95% of cyber intrusions being done through an unsecure and compromised device.
 
You have to imagine that any device that connects to the Internet is like a hammer. You can use a hammer to build a home, which is a noble deed, or you can use a hammer to crack a skull, which is a crime. If your computer is compromised, unbeknown to you, it can be used to conduct a cyber-attack against our nation, and it can also be used as a stepping-stone device on a drive-by-download to move child porn files across the Internet.
 
How many of you read my blog about passwords and two-factor authentication and immediately applied what you have learned? It is not enough to call yourself a patriot. You MUST take cyber security seriously, and put privacy ahead of convenience because privacy is the precursor of security. Your security and the security of the country at large.
 
That is all for now. Thank you for reading!
 
Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization. 
 

One of my readers posed a question about backing up Gmail emails, keeping them offline, and accessing them for research as needed. Thus, this post came into being and it talks about backing up Gmail and Yahoo, using their own tools, third party tools and Mail App.

You might wonder how this relates to privacy.  If you are planning on backing up your email with the purpose of deleting your account permanently, you need to know that these free email providers will keep your data live for at least 60 days. Moreover, if you have been using a platform such as Outlook, Mail or Thunderbird to read your emails, then you have them archived in your hard drive as well. 
 
How to back up Gmail?
I like to use Google’s Takeout which you can access here Make sure you are logged into the Gmail account you want to back up.
Select all the products you would like to back and click Next. Under the Customize Archive Format, I recommend selecting .zip Under delivery method, if you have a Dropbox account, you can have it sent it there. Otherwise, select via email. I prefer the email method because I do not want to give Google access to my Dropbox.
The last window you see it is Google telling you that it is preparing your archive and it will arrive via email. It could take a very long time (hours and even days to create) depending on how much data you have.
Thus, you can create individual archives rather than compiling all (Gmail, contact, YouTube, Hangouts, etc.) in one.
 
For Windows computers, you can use the Gmail Backup. Follow the instructions on the screen.
 
For Apple computers, you can use Mail to bring all your Gmail emails. Once all of your emails are in, right click on the Mailbox and select Export Mailbox. As destination, you can use Dropbox here or an external hard drive. The point of this back is to have them separately than the computer you use to read them.
Your Mac also stores the emails on the hard drive. To find the folder, go to Finder and on the top menu bar, select Go. Then, press the Option key and you will see the Library folder. Click on it and go to Mail. You will see all the archives there.
 
If you are very computer savvy and have a Mac, you can download the Gmail Backup software here . Then, open the Terminal. Go to the directory of the program. Run the program and replace “dir” with the directory name you want to use and your email address with your own password. These two articles have detailed explanations: 1) Gmail BackUp; and 2) Makeuseof.
 
How to back up Yahoo emails?
There is a third party software called Yahoo Back.  Once you install the software and launch it, you will need to complete the information for your Yahoo user account. Then, select an email format. Click on Browser button to select the location where you want to store the backup (external hard drive or Dropbox).

What is in the backup?
The backup does not contain Spam or Trash emails. In Google, using the Takeout tool, you can also backup your Gplus circles and hangout, and many more. 
 
Can I delete the accounts?
Yes, once you have created a backup and you are confident that it is stored in a safe location, you can go ahead and get rid of the Gmail or Yahoo email accounts if you no longer desire to keep them active.
 
How do I restore my back up?
You can restore the back up by importing the file back into any application able to read email: Mail, Outlook, Thunderbird. Your computer does not need to be connected to the Internet for you to be able to read all these emails offline.
 
Does Google keep your data live after deleting the account?
As far as I was able to interpret from the small print in the Google’s Term of Use, your data is live for 60 days after deleting your email and your account. Ellery Davies, and I second his view, believes that Google is a protector of privacy and it deletes accounts as requested; however, Google might keep a hash for marketing purposes without being able to identify the user. Remember my saying that when we use free tools, we are the product. Regardless, of all free email service provides, Google is the only one I trust.
 
That is all for now. Thank you for reading!
 
Meta brings the courses Risk Management When Online and Open Source Intelligence (OSINT) Collection and Analysis to your organization regardless of where you are located. Watch this short clip: https://www.youtube.com/watch?v=aRXazQuPzFs Then call us to schedule training for your team or organization.