The big news of the week was a social engineering hack of Twitter. The hackers were able to send out fake tweets from famous accounts in order to scam hapless victims.

While it’s not clear yet exactly what happened, from the little we know the hackers conned Twitter employees into giving access to some internal tools. These tools allowed the hackers to post tweets directly from any account they wanted. Most likely they posed as co-workers at Twitter.

This type of security breach underscores a sometimes overlooked problem in securing your data and networks. We’re used to changing our passwords, Multi-factor authentication, security questions, etc. However, everyone should be aware of direct personal contact from someone asking for sensitive information. We’re used to screening these “phishing” attempts out of our email, phone, and text messages, but would you (or your employees) be able to catch a seemingly benign request from a “co-worker”?

In an era where workers are increasingly virtual and do not meet most of their co-workers, it’s easy to see how someone could craft a careful attack to gain unauthorized access or sensitive information. Remind your employees to be careful about company data, even when requested from someone that seems legit.

This was a relatively slow week, being a holiday week and having finished a sizable cutover described in last week’s post.

That said, I am reminded how much I love using Amazon Workspaces. For those who don’t know, this is a virtual desktop, sort of like “Remote Desktop” for those who’ve used that. In my case, the client for which I use Workspace has it set up so that the workspace is inside their network. This means I don’t have to connect via VPN anymore, use proxies, etc. I just login using the app, and have my desktop there, with all running applications from the last time I used it. It’s very nice, and accessible from multiple devices, even a web browser.