All Posts by Hana LaRock

About the Author

Hello! My name is Hana and I am the content writer for Smeester & Associates. I was born in raised in Long Island, New York, but I have lived abroad and traveled many places over the last four years. I currently reside in Mexico City. It's been an exciting challenge to write about topics associated with the importance of cyber security in small business. Every day, I myself am learning more about this industry and what it can do for small business owners around the country. I have years of content writing experience and I have been published on both print and web. Any topics you want to see discussed here? Shoot me an email at info@smeester.com.

URL
May 09

Phishing Scam: What to Ask Yourself Before Trusting That URL

By Hana LaRock | Cyber Scams , Security

These days, most people would say that they can tell the difference between a good URL and a bad one. In fact, most people may not even consider the fact that a URL could be ‘bad’ in the first place. The only time anyone might second-guess a URL is because it would have a lot of strange numbers or characters. However, hackers know that most people are aware of this, which is precisely why they’ve gotten more sophisticated on creating URLs that will trick people.

Whether you’re a personal user or you’re the CEO of a company, here’s why you should think twice before trusting a URL, and how to recognize the signs of a hack.

It All Starts with Language

The first step in being able to identify a bad URL is by understanding what a URL is. A URL is, of course, letters that are put together to make words (or made up words) to lead you to a place on the Web. Maybe you’ve never realized it before, but, almost all URLs on the web are made of English characters. That’s because the Internet was designed initially for an English-speaking audience.

The problem is (or, rather, the benefit for hackers) is that there are many letters in the English language that look exactly the same as letters in other languages. Although these letters don’t hold any of the same phonemic significance, they can be manipulated to make fake URLS that are a mix of letters in other alphabets and English letters. This is known as an “IDN Homograph Attack.”

How to Prevent a Homograph Attack

The reason these fake URLs are able to be created is because the phisher on the other side of the screen has found a website that has let he or she create a domain in which they can take characters from different languages. While a lot of these sites are cracking down on this behavior, it’s pretty much possible to find anything on the Internet. So, one of the easiest ways to stop an IDN Homograph Attack is by restricting IDNs under your browser settings. If this isn’t an option for your company, (maybe because you work with many international businesses) new technology is coming out in various browsers that when updated, will help protect you against such attacks.

Other Ways to Detect Danger

Homograph attacks aren’t the only ways in which people are tricked into opening bad URLs. As long as you know what to look for, you can detect danger and put a halt to it before being affected.

  • Is the Site You’re Going to Secured?: Most browsers will let you know if a website is “unsafe” before continuing. If you see a warning but you’re fairly confident that it is safe, check if the site has security seals. Something as simple as seeing that green address bar can help you be sure.
  • Are the Letter Cases Different?: Typically, letter cases don’t make much of a difference when you’re trying to visit a website. But, checking the letter case on a URL, especially if it was sent to you via email, can help prevent an attack. If something looks out of place, exercise caution, and instead, type in the URL on the address bar as you know it.
  • Is the SSL Certificate Up to Date?: If the website’s SSL Certificate is expired, this could be a red flag. It may not be that the website is being run by a hacker, but it could make the site itself more vulnerable to hackers who want to use it as a bridge to get to you.

Cyber scams can be hard to detect. If you want to protect your company, knowing the signs of such attacks like these are important. Next time you click a new URL, stop and follow these steps.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

May 02

Will You Be Able to Recognize Executive Impersonation Fraud?

By Hana LaRock | Cyber Scams

There are all different kinds of ways for a hacker to breach a system, and it seems like once we figure out how to prevent one of them, another one arises. Whether it’s Malware or Phishing scams, it’s hard to predict what the next one will hit and when it will be.

But, right now, there’s a new scam on the rise, and it’s just as concerning as it is clever. Executive impersonation fraud is becoming more and more prevalent and harder to catch. Will you be prepared if it’s used against you?

What is Executive Impersonation?

An Executive Impersonation is yet another type of Business Email Compromise scam. While it may seem like the type of hack anyone could attempt, it’s in fact, very sophisticated. Hackers who do this go to great lengths to pretend to be an executive of a company and seek the information they are looking for. Therefore, it’s one of the hardest scams to recognize.

In an Executive Impersonation hack, hackers target businesses that frequently do wire transfers. These hackers, or impersonators, “take the place” of a CEO, attorney, or trusted vendor with a leadership position; someone who has the power to initiate a bank transfer. Needless to say, these hackers can get their hands on all kinds of sensitive information and use it to their benefit.

Who are the Scammers?

Though many of us tend to fear the biggest threat actors when it comes to data breaches, an Executive Impersonation attack doesn’t need to be carried out by a whole country. Like many other scammers out there, it could just be a random individual. That being said, it does take a lot of research to impersonate a high-powered executive, and we can assure you that these hackers read up.

Which brings us to our next point…

Why Do People Fall For It So Easily?

These days, when you can hide behind a computer screen, you never really know who you’re dealing with. You may wonder how someone could so easily fall for one of these Executive Impersonation scams, but what you really should be asking is, “How can you not?”

First of all, when a CEO gives any type of order, it’s usually respected. Most people, when given a request by someone in power, will automatically say “yes.” The scammers make sure to use that factor to their advantage while replicating business practices unique to the company they’re hacking. To carry out this type of hack, they will ultimately conduct wire transfers on unauthorized funds by compromising email accounts.

Preventing Attacks

The first step to preventing attacks like these is simply being aware. The more your company is up to date with what’s out there, the higher chance you’ll have for keeping yourself safe.

Who is a Target?

If you think just because you’re a small business you won’t be a target for an Executive Impersonation hack, think again. Smaller businesses tend to be the most vulnerable since often times they’ll put their cyber security on the back burner. Therefore, making sure you take as many precautions as possible, like practicing two-step verification and strong passwords, will help you stay safe.

Know The Different Ways Hackers Carry Out the Attack

In Executive Impersonation attacks, there are three main ways in which the hack is carried out:

  • Executive/Attorney Impersonation: When the hacker pretends to be an attorney asking for money for a time-sensitive transaction for whatever reason. Usually, the “attorney,” or the account that’s hacked, is a person in which the company already knows and trusts, and would have no reason to question the request.
  • Data Theft via Human Resources: This is when the hacker impersonates the CEO by compromising his or her email, then contacting someone in HR, Finance, or any other department that deals with the payroll. That employee will then send the “CEO” the payroll or sensitive information requested without second-guessing it. Then, the hacker will use this info to get what they want.
  • Executive Money Transfer Request: This is when an Executive Money Transfer Request is put through when the hacker compromises the executive’s email. They will contact the person who handles money at the office (again, HR or Finance) to submit a direct transfer to a “vendor” or “customer” account.

No cyber attack can be a 100% prevented. However, if you know the signs of an Executive Impersonation attack while making sure your systems are secure, you should be in good shape.

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

Apr 25

Are You a Small Business with Big Clients? Your Cyber Security Better Measure Up

By Hana LaRock | CEO Best Practices , Security

If you work in the distribution/manufacturing industry, then it’s likely a lot of your clients are pretty big names. They need your services to help them run their businesses, which could very well be large, powerful companies. Therefore, these clients will have very high expectations of your company’s security and expect certain standards when you collect their sensitive information.

If you’re a small business with big clients, your cyber security better measure up. Here’s why:

You Should Provide Your Client With a Huge Sense of Security

If you work in manufacturing or distributions, then you need to have tight security on all levels. Even if you’re a small business, it’s likely you could be doing work with a lot of different clients.

From the time a new client walks in the door (or sends you an email inquiring about your services) their information needs to be 100% secure. They’re already well aware of the consequences if your systems are non-compliant.

Are you?

Don’t even give them a chance to wonder. Pride yourself on letting your clients and future clients know what steps you’ve taken to make sure their information is safe with you.

Word of Your Security Situation Can Spread Quickly

If you’re the business that big-name companies come to, you’re most likely a household name in those industries. Clients are quick to recommend their friends to a company like yours. If you’ve been around a while, a lot of people probably know you.

But, there’s also a chance that if you’ve been around a while, cyber security may not have been such a concern ten or fifteen years ago. People are going to want to know you’ve stepped up your game to accommodate them. If someone knows you’re not taking those measures seriously, people will know.

You don’t want people saying, “Be careful with that guy.” Instead, you want them saying, “You’ll never have any issues with him!” Most of all, it’s important to remember that if you’re the leader of your company,

Most of all, it’s important to remember that if you’re the leader of your company, you’re ultimately responsible if a data breach occurs. You definitely don’t want that to happen to you and your company’s overall reputation.

If Their Data isn’t Protected, You Could Face Legal Consequences

If you’re taking any payment card information or other sensitive information from your clients, then you must be held to certain standards. If those standards aren’t met, you don’t even need to have a data breach in order to be fined. But, if you do experience a breach and the information of your “VIP” clients gets leaked, you could easily face tough legal consequences. The price you’d have to pay could wipe out your business entirely…if you’re lucky.

Nowadays, Expectations are High for Everyone

While manufacturing and distribution companies should, for these reasons, take more precautions to keep their customers’ data safe, they aren’t the only ones. Small businesses like these need to take extra care in protecting their data from the get-go, as they can be easier targets with fewer resources to handle such a thing.

But, it’s not just about small businesses, big businesses, or the type of industry you’re in. These days, customers everywhere are well aware of what can happen to their information in a data breach, and how easily hackers can get their hands on it. Therefore, expectations are high for EVERYONE, no matter what kind of business you’re in.

Don’t be the company who loses business because you thought you could take the chance. Trust us, it’s not worth it.

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

Apr 18

Here’s a Secret: How To Save on Your Cyber Insurance Premium

By Hana LaRock | CEO Best Practices , IT Best Practices , Managed Services , Security

For company leaders that are already investing in cyber security, you don’t need a reminder of why it’s so important. You’re probably well aware of the seriousness and frequencies of data breaches these days, and you, therefore, want to make sure you’re protected at all costs. But, for those who still haven’t taken that budget leap, know that a cyber insurance plan can help offset major costs associated with any type of data breach.

Is that still not enough of a reason to allocate your budget to insurance? Then consider this. What if you could save money on your cyber insurance premium, just by being proactive? Would that be enough to push you to make the right decision for your company?

We’ll tell you more:

The Costs of Cyber Insurance

Cyber insurance isn’t cheap per se, but it can be affordable. And, when you consider how much it would cost to make “repairs” after a data breach, (often thousands upon thousands of dollars, depending on the size of your company and the extent of the damage) it’s definitely worth the price.

Like any other type of insurance, you pay a premium every month, and you can be covered for A LOT. This can be anything from privacy liability to lawyers, plaintiff lawsuits, forensic investigations, PR, penalties and fines, etc. Does that sound expensive already? We’re only scratching the surface. But, what if you could clear all the anxiety about the “what ifs” just by paying a premium every month?

Cyber insurance policies can be customized to your needs. You can go based on the size of your company, what industry you’re in, and ultimately what the stakes would be. No two policies are the same. Some premiums can be as low as $1,000 per year, while others can be as high as $50,000. But, don’t worry. It’s typical that the premium you pay is relative to what your company earns.

Still, that’s a lot of money, especially for a start-up. 

This is usually the biggest factor that deters people from taking out cyber insurance in the first place. They just don’t see that it makes sense to add something onto the budget that hasn’t even happened yet.

IT companies who specialize in cyber security understand this. So, we’ll let you in on a little secret. One that only professionals know about.

You can actually save a huge amount of money on your policy premium if you just take a few steps, first. We’re talking around 60%. Here’s how:

How to Save on Your Cyber Insurance Premium

For company leaders like you who understand the importance of cyber security, but still want to save, there’s a way to have the best of both worlds.

All you have to do is be proactive. How do you do that? It’s easy. Get yourself a network assessment from an unbiased third-party. These professionals will analyze and evaluate your system for any vulnerabilities. If they find something that makes your security weaker than it should be, they’ll let you know and fix it up for you. Then, they’ll issue you a document proving you’ve done the assessment. This document will say that you’ve taken all the precautions you can on your end to make sure your system is as secure as possible.

Of course, even if you take those steps, hackers can still find a way in. That’s why it’s important to have cyber insurance, so you’re covered no matter what. However, we can understand how frustrating it can be to spend money on an assessment that’s supposed to clear you, but then having to spend more money on insurance, anyway.

So, here’s how you save. Just bring that assessment to wherever you’re purchasing your cyber insurance plan from. Show them the measures you’ve taken (again, all explained in that assessment overview). More often than not, you can get a huge discount on your policy premium just with that paper. If they’re not eager to offer you that discount, then tell them what you now know!

After all, the law favors those who make an effort from the get go. Also, the more you do now will be less for the insurance provider to have to worry about when they cover you.

We want to help you save money on your cyber insurance premium. To get you started, take our RiskAware™ Cyber Security Scan & Report.

Apr 11

What You Should Learn From The Yahoo! Data Breach

By Hana LaRock | CEO Best Practices , Security

Last year, Yahoo! reported two major data breaches which were the largest data breaches the world had ever seen. The first breach occurred in 2014 and reportedly compromised more than 500 million accounts. The second breach Yahoo! reported, which happened back in 2013, compromised more than one billion user accounts. While data breaches can happen to anyone, the extent of damage in the Yahoo! case raised suspicions. How was it that so many user accounts easily got hacked, and why did it take so long before anyone knew what happened?

Now, it’s becoming more clear what actually led to such a disaster.

While many of us can sit and judge Yahoo! for its mistakes, there’s actually a lot your company should learn from the Yahoo! breach.

What Information was Leaked?

When a data breach happens, there’s no limit as to what the hackers can take. Whether you work in the PCI or in the healthcare industry, a customer’s information can be used to do all sorts of terrible things. In the case of the Yahoo! breach, although financial information was likely not taken, the hackers did get their hands on everything from names and email addresses, to birthdates and encrypted security passwords. Obviously, this information can be used to ultimately take financial information.

Who Was to Blame?

With a record number of accounts compromised, it was only a matter of time before the higher-ups at Yahoo! started pointing fingers. After all, no one wants to take the blame in such a newsworthy situation. Ultimately, Yahoo Inc. directed attention to the executives for not taking appropriate action to investigate the breach, let alone take steps to try and prevent it from happening in the first place.

A review by Yahoo!’s board revealed some concerning truths. Supposedly, there was a complete disconnect in internal reporting and management, which was probably what allowed the hackers to slip through so easily and do so much damage. The consequences for the people held responsible were life-changing. One of Yahoo!’s lawyers stepped down, CEO Marissa Mayer didn’t receive her bonus, and needless to say, their stock went down dramatically. The FBI is currently investigating the details.

So, do you think Yahoo! was right in blaming their executives, even though it could have been an IT or internal problem? Actually, yes.

The Leaders of the Company are ALWAYS Responsible

There are a lot of things that can cause a data breach. And, a report done by the Online Trust Alliance (OTA) showed that over 90% of hacks in the first half of 2014 were preventable. Whether it was an outside hacker or an error on the staff’s part, that’s a pretty shocking number. So, when it comes to Yahoo!, why couldn’t they see it sooner?

Though we don’t know all the answers yet, it’s likely that the breakup in communication allowed the hack to happen so easily, and more than once. No matter what the actual cause is, any time a data breach occurs, it’s always the responsibility of the company executive, much of the same way a captain needs to go down with his or her ship. This is why Yahoo!’s CEO had to take the blame and a pay cut as a consequence, which could have definitely been worse. At the end of the day, it’s the company executive’s responsibility to help prevent data breaches as best as possible.

Here’s How You Don’t End Up Like Yahoo!

You understand the responsibility you hold as an executive. That’s great. But, you might be feeling overwhelmed with this responsibility, as data breaches can still occur even after taking the property security measures. But, don’t be alarmed. As long as you’re taking the steps to be cyber-compliant, you have security protocol for staff, and you make sure your systems are secure as possible on a regular basis, you don’t have much to worry about!

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

Mar 21

How To Talk To IT About The Need For a Cyber Security Intervention

By Hana LaRock | CEO Best Practices , IT Best Practices , Security

You’re a small business who realizes the importance of cyber security. You want to do what you can to make sure you’re protected and prevent potential problems from happening later on. You already have an IT team, but you’re aware that IT and the need for cyber security are very different things.

But, does your IT team know that?

Perhaps yes, perhaps no. Either way, it’s about time you have that conversation with them, discussing the need for a separate cyber security approach. Maybe you’re afraid the conversation may be a bit awkward or uncomfortable. After all, you don’t want your IT team to feel as though they’re not doing enough, or their work is worthless. In fact, you want them to know just how important their role is when it comes to protecting your company from data breaches.

So, here are some tips on getting the conversation started.

Reveal the Facts

The IT department has a lot of responsibilities, there’s no doubt about that. They are in charge of the governance, infrastructure, and functionality of a company’s network and architecture of systems. There are a lot of jobs within those categories, but none of them really include “preventing a network from a data breach.”

Some information you want to include in this conversation are the facts and statistics of cyber risks. Talk about how small businesses are at the same risk of a data breach, if not more, than larger companies. This is because small businesses tend to be the most vulnerable, since they sometimes ignore the need for such protection.

Worried that won’t be enough?

Then tell them how more than 50% of small companies have been hacked in the last year. Or, how the costs to repair those hacks is close to a million dollars.

Always Start with Positive Feedback

While everyone in the office is an adult, it helps to always hear the good news first; no matter how old we are. When you start having the discussion with your IT team about the need for a cyber security intervention,  make sure you lay the positives on them. Let them know how much you appreciate the work they do and be specific about what they do well. This is your chance to let them shine.

Transition Into The Need for Cyber Security

Once you’ve got the basics covered, it’s time to talk to IT about bringing in cyber security experts. Explain that the professionals that you’ll bring in to help will work side by side with the IT department to make systems as secure as possible. These professionals will not be stepping on IT’s toes; rather, coming together to make sure your company is protected against hacks on all levels and is fulfilling the legal responsibility to its clients. IT will help implement the suggestions a cyber security expert makes on a long term basis.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

federal regulations of cyber security
Mar 14

How The Key Federal Regulations of Cyber Security Keep You Safe

By Hana LaRock | Security

Part of being safe on the Internet involves both consumers and companies to follow certain standards to ensure data protection. Of course, it’s not enough for people to be expected to do that on their own. This is why key federal regulations of cyber security exist; to implement processes and standards to make sure everyone’s information is protected as much as possible.

Are you familiar with these federal regulations? If you’re using the Internet for work or personal activities, then you should know these.

#1: U.S. Federal Trade Commission Act

The U.S. FTC Act may not get as much attention on the others on this list, but, it very well should. This act was put into play in 1914. Without it, America wouldn’t be the country it is today. Because of this act, consumers are protected as well as business owners.

The act states that there should be no unfair methods of competition. Additionally, it protects consumers from buying into services or products in cases where they are being misled by false advertisements. This act is the basis for all other acts in the last century and the new millennium. Nowadays, the act has been modernized to apply to the digital age, ensuring that businesses and consumers are protected online as much as they are offline.

#2: The Health Insurance Portability and Accountability Act

Also known as “HIPAA,” the Health Insurance Portability and Accountability Act helps protect patients who utilize official healthcare services. Tied into this is also the Health Information Technology for Economic and Clinical Heath Act (HITECH). Both of these acts, which have been around for more than twenty years, help keep you safe when you’re at the doctor. Anything your doctor knows about you is between you and the doctor, only. (Unless you state otherwise.)

#3: The Gramm-Leach-Bliley Act

The GLBA today applies to companies that provide financial services to their clients, such as banks, security companies, insurance companies, etc. To put in plainly, the Gramm-Leach-Bliley Act involves “Any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution.”

Basically, any company who collects sensitive information of their customers needs to be held accountable if a breach leaks that information. Therefore, this act mandates that these financial industries follow appropriate standards in order to ensure the protection and privacies of their customers.

#4: PSI DDS

Somewhat similar to the GLBA is the Payment Card Industry Data Security Standard. Though it’s not actually a law, any company that collects credit card information of their customers needs to follow certain standards in order to be cyber compliant and protect their consumers. It helps ensure that customers who make payments via a card won’t risk getting their information hacked. Though situations have happened in the past, the standards implemented by PSI DDS ultimately have kept thousands of businesses and their consumers safe.

#5: The Homeland Security Act and the Federal Information Security Management Act

If your organization is a government-backed, then last but not least, FISMA, which is a branch of The Homeland Security Act, applies to you. It requests that government organizations implement mandatory policies and principals to safeguard sensitive information. If government organizations don’t follow FISMA, they can be at a huge risk of being hacked by one of the biggest threat actors, or an independent hacker. It’s a matter of national security, and without this act, our country could essentially be in danger.

Is your company following federal regulations? And, are you sure that the companies you buy from are secure enough? Try RiskAware™ Cyber Security Scan & Report to see if you’re at risk.

social media cyber scams
Mar 07

Watch Out for These Common Social Media Cyber Scams

By Hana LaRock | Cyber Scams , Security

Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.

If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:

When a Hacker Uses a Fake Social Media Account

Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.

Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.

In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.

Hitting “Like” Buttons That Aren’t Really “Like” Buttons

It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.

This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.

Sneaky Subscriptions

Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.

Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.

A Believable Facebook Post by Shared By a Friend

When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.

So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.

Fake Affiliate Program Promotions

You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.

We use social media every day of our lives. Whether you’re using it for business, our own personal use, or both, it’s important to stay aware of potential social media cyber scams.

Here at Smeester & Associates, we can help you find tools and recommendations necessary to keep you or your company safe on social media. And, if you want to know if you’re at risk or not for a cyber scam already, check out our RiskAware™ Cyber Security Scan & Report.

threat actors
Feb 18

These Nation-States Are The Top 3 Threat Actors in the Cyber Security Game

By Hana LaRock | Cyber Scams , Security

Threat actors can be responsible for seriously impacting another organization’s security. Experienced threat actors with the right resources can hack an organization either externally, internally, or as a partner. Theoretically, a threat actor can really come in any kind of form, but in this case, the biggest actors usually act has whole governments or nation-states.

It’s very important for people to read the news once in a while and be aware who the biggest threat actors are. Whether you’re just an individual who surfs the web on occasion or you’re a huge company that does business globally, you can still be at an equal risk. These groups only need to possess the ability to potentially cause impact in order for them to be considered a major threat actor.

So, who are the biggest threat actors in the cyber security game that you need to look out for? Read on.

1. China

China is neither an ally or an enemy of the U.S. But, when it comes to cyber security, the United States can’t be too careful. That’s because according to comments made by FBI director James Comey, prior to 2015, the Chinese had been the most industrious nation responsible for cyber attacks. One of the biggest threat actors, China has been reported to conduct complex intrusion campaigns to obtain sensitive information that would have supported their state-owned enterprises.

This type of data theft is one of the driving factors that led to the U.S./China agreement over the theft of intellectual property. It’s believed to this day that China was involved in two major breaches, the Anthem Breach, and the OPM Breach. In addition to that, the FBI released a study of 165 companies that experienced data breaches, and 95% of those breaches had come from China. Though it’s believed that the prevalence of attacks from China have somewhat decreased, U.S. companies still need to be aware of how this threat actor could affect them.

2. Russia

Coming in second place is the sanctuary for asylum-seeker Edward Snowden, Russia. It seems as though the Kremlin is always making headlines for cyber security hacks, most recently for their involvement with the DNC and the White House. But, even before then, it’s no question that Russia has consistently played a huge role as one of the biggest threat actors in the world.

And, when it comes to Russia’s involvement, they’ve proved that there is really nothing too big or too outlandish for them to hack. As if the U.S. government isn’t enough, they’re also known to have hacked the medical records of U.S. athletes- Olympic athletes- who had participated in last year’s games in Rio.

3. ISIS

Number three may be a tie between several countries or groups, but because of its uniqueness, ISIS is at number three on this list. ISIS is named a huge threat actor because of its attacks in 2015 and 2016 on the European Union. They also made news for their attack in 2016 that targeted close to 3,000 New Yorkers. Though these New Yorkers possessed nothing in particular that would have made them targets, it’s yet another reminder that you don’t need to be a large company or organization to have your private information hacked.

What These Threat Actors Mean for You

Of course, no one can forget the hack North Korea pulled last year on SONY, which caused the movie to be pulled out from theaters entirely. That was a sophisticated hack the likes of we’ve never seen before. We’ve also seen hacks from Iran and Syria. And, there’s no telling who we may be able to add to this list in the future.

You might be thinking, “How would these nation-state threat actors even get to me?” Well, the thing with these hacks is that they usually occur on such a large scale and are often very complex. It can be months before a company even knows they’ve been hacked. Most of the time, they won’t even notice the breach themselves. It’s not until the government or a third-party, like a cyber security blogger, reveals the hack occurred, that the company would be able to do anything about it.

An attack from one of these major nation-state threat actors could happen to you. Does your company have the tools to detect one of these attacks if it occurs? The more time goes by without you knowing about the breach, the more damage can be done.

Here at Smeester & Associates, we can answer your questions about threat actors and let you know if you’re at risk. Make sure you take our RiskAware™ Cyber Security Scan & Report to see where your cyber security efforts currently stand.

cyber compliance
Feb 09

Unbiased Assessments: The Evidence You Need for Cyber Compliance Audits

By Hana LaRock | CEO Best Practices , Security

Cyber security is important for everyone, whether you run a multi-million dollar company or you’re just a regular individual who occasionally buys things online. That being said, there are some companies that need to take cyber security more seriously than others, because they are required to deal with cyber compliance. If these companies don’t comply, they can have serious problems down the road that can cause chaos and even irreversible damage for themselves and their customers.

If you work in one of these industries and you require cyber compliance, it’s imperative that you have the evidence you need for when a cyber compliance audit comes knocking at your door.

Does Your Industry Need To Be Cyber Compliant?

If you fall into this category, you probably already know you do. But, just to be sure, companies that need to deal with cyber compliance on a regular basis include medical and dental practices with HIPAA laws, retail companies or other companies that need to follow PCI (Payment Card Industry) compliance, as well as legal offices, etc.

If you ever collect private or sensitive data from your customers, whether it be social security numbers or your client’s intellectual propery, then guess what? You need to make sure you’re cyber compliant.

Start Taking the Necessary Steps

So, you know who you are. Great. Now it’s time to learn more about yourself and whether or not your company is at risk of a cyber breach. But, where to start? You could be an expert at running your business, but cyber security may not be something you’re exactly familiar with. You need a professional that can help.

Hiring an unbiased third party that can teach you about your company’s exposure and whether or not you have any holes in your network is the first step. Why do we say “unbiased?” Because you don’t want someone who is personally invested in the company to create a conflict of interest. Whether that conflict of interest is due to work related reasons or financial reasons, you wouldn’t want that to play a factor in having your compliance check done correctly.

Furthermore, learning about your exposure is the first step in taking serious cyber security precautions, to try and prevent a dangerous hack from impacting you and your customers. Because, as we all know, any cyber breach can cause huge costs for a company.

If a hack ever does happen, at least you’ll have proof that you took the steps necessary to make sure your company was cyber compliant. Believe it or not, that can help you a lot in the long run. Now, you’ll be prepared when those cyber compliance audits start rolling in.

You Decide To Hire a Professional. Here’s What To Expect

After you’ve made the decision to hire a professional for your cyber compliance, here’s what you can expect to happen next. First, they will see where there are some inconsistencies or problems in your network. They’ll patch up any current IT problems, then they’ll do another assessment to make sure the work we did was effective.

First, they will see whether or not there are inconsistencies or problems in your network. If there are problems, they’ll patch them up, and then do another assessment to make sure the work done was effective.

Afterwards, you’ll be issued a very important document. This is your solid piece of evidence proving your company has taken all the necessary steps for cyber compliance. It shows you’ve gone through professionals and everything checks out. As far as everyone is concerned, (including the auditor) there are no present risks.

This document is something that’s so important to have in your industry, not only for peace of mind for you and the customers that trust you, but to keep your back covered at all times.

The team that issued you this document should then continue to stay in touch and conduct a semi-annual or quarterly assessment to make sure you’re still compliant. Their job is to regulate that compliance. Therefore, if something comes up, they can fix it again and make sure you’re still following standards.

You’ve Got Nothing to Lose!

Why wouldn’t you want to protect yourself?

At the end of the day, there’s no arguing when it comes to your company being cyber compliant. If you fail to be compliant and a breach occurs, guess who will be at fault? Do yourself a favor. Do what you need to to look out for the best interest of your company and your customers.

Also, you never know when an auditor might come and ask for that necessary document!

Not sure where to get that unbiased assessment you need? Smeester & Associates can help. Just get in touch and we’ll take it from there. We’ll also issue you a cyber compliance document when we’re finished. In the meantime, to see if you have any potential risks in your network, take our RiskAware™ Cyber Security Scan & Report.