Whatever cliché you want to use—“the cobbler’s children has no shoes,” “do as I say, not as I do,” or one of the myriad others that might apply—you need to face the facts: the AV integration has a much deeper problem with AV network security than you or I ever realized.
In the past week, I’ve gotten emails from two of my favorite people in the industry–except that neither of them were actually from those people. Their names will be omitted to protect these innocent victims, but most of you will probably be able to figure out their identities. [related]
It started off innocently enough a week or so ago when an email hit my inbox, with the sender asking me to “kindly review” a proposal he was making to me.
I was a little suspicious since the only thing this person had ever asked me to “kindly” do in the past—in his New Jersey style and with his trademark sly smirk on his face—was anatomically impossible.
But I did the exact thing the sender wanted me to do: I tried to access the document he had sent from the email address of the person I knew. The good news from my perspective is the security on the Emerald Expositions network is notoriously tough to crack (no, that’s not a challenge to hackers).
I’m not even allowed to download programs like the InCopy editing platform without permission and help from our corporate IT department. So, I wasn’t able to open the document from this sender. But that didn’t end our interaction.
I told him about the Emerald security and he said he’d send a link.
Good thing whoever it was never sent that link because who knows how much damage I could have done to my own laptop and the Emerald Expositions network as a whole? I haven’t heard yet of anyone triggering widespread problems as a result of this solicitation, but now that I think about it …
The second of these fraudulent emails was a little more obvious, maybe in part because I’m now on a little higher alert for this type of scam and maybe in part because the sender who offered me a business proposal capitalized a letter in the middle of the company’s name where one doesn’t exist.
And I know this because I’ve written about this company from the Great White North many times and even wrote a company profile on the cover of CI a few years ago. Plus, I knew the man who I thought was sending this email would know sending me a business proposal would be a dead end.
After all, I’m a veteran journalist so it’s not like I’m rolling in private equity money—despite how it might look based on the fancy shoes I wear to trade shows (inspired, coincidentally, by this second sender and his always-progressive sense of fashion combined with some level of practicality).
Protect Your AV Network—Or You Will Be Hacked
I can’t count how many times at however many AV industry trade shows—and in social media chats (one of which is hosted by one of these victims)—I’ve heard about the importance of protecting the AV gear that now lives on an IT network.
Yet, in the span of a week or so, I got two fraudulent emails from two well-known folks in the AV industry—and who knows how many other attempts have circulated that I didn’t get?
If you’re not going to protect your own network—or at the very least help your clients figure out how to do it, you better encourage them to invest in cyber-insurance. In fact, it’s probably a good idea even if you do teach your clients—and your bosses—about being vigilant on the IT network.
Cyber-insurance is “an insurance product used to protect businesses and individual users from Internet-based risks, and more generally from risks relating to information technology infrastructure and activities,” according to Wikipedia.
I won’t pretend to know whose cyber-insurance product is best, but do it now—or you could be next. Even worse, perhaps: your clients could be next–and you could be on the hook for the damage you caused by your negligence. Is that a risk you’re willing to take?
