We all do it. We take it for granted. But it could be one of the biggest vulnerabilities, with potential impacts for decades, if not more. Is it some type of social engineering? A flaw with the passwords we are choosing? A new phishing scheme?
No, it is abbreviating the year 2020 when we sign documents such as xx/xx/20 or xx Mon 20.
How can that be a cyberthreat? This is both a type of social engineering and poor operational security (OPSEC). In past decades this was not an issue as the abbreviated year was not ambiguous, like 2019; it was obvious what year it was even written as xx/xx/19.
But the year 2020 is very different. Abbreviating the year becomes ambiguous since the century and the year are the same numbers. Which means anyone that has access to a signed document can forge a different year. For example, think about writing a cheque to make a payment. A cheque is normally valid up to a year from being signed. But if you date the cheque as xx/xx/20 and the recipient forgets to deposit it, they can modify the date to be xx/xx/2021 or any future year this decade and deposit or cash it, which might affect you cash flow.
A more insidious example might be a contract with a term, say 5 years. The other party might become unhappy with the contract before the term is up. But if the year the contract was signed was abbreviated, it would be possible for the other party to backdate the contract, say to 2017, to force the term to end early. Your copy of the contract may still show the abbreviated year but legally there is enough ambiguity to potentially invalidate the contract, which serves the same purpose.
Thus, to better protect you, good OPSEC is to fully write out the year when signing a contract or document, regardless of when it is. This ensures there is no ambiguity and reduces the potential to falsely modify the document in the future.
Sangfor Technologies looks for future OPSEC across a spectrum of areas. Your networking safety is our priority now, tomorrow and in 10 years. Sangfor is an APAC-based, global leading vendor of IT infrastructure solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com
to learn more about Sangfor’s network security options, and let Sangfor make your IT simpler, more secure and more valuable.