All Posts by Hana LaRock

About the Author

Hello! My name is Hana and I am the content writer for Smeester & Associates. I was born in raised in Long Island, New York, but I have lived abroad and traveled many places over the last four years. I currently reside in Mexico City.

It’s been an exciting challenge to write about topics associated with the importance of cyber security in small business. Every day, I myself am learning more about this industry and what it can do for small business owners around the country.

I have years of content writing experience and I have been published on both print and web. Any topics you want to see discussed here? Shoot me an email at info@smeester.com.

Mar 21

How To Talk To IT About The Need For a Cyber Security Intervention

By Hana LaRock | CEO Best Practices , IT Best Practices , Security

You’re a small business who realizes the importance of cyber security. You want to do what you can to make sure you’re protected and prevent potential problems from happening later on. You already have an IT team, but you’re aware that IT and the need for cyber security are very different things.

But, does your IT team know that?

Perhaps yes, perhaps no. Either way, it’s about time you have that conversation with them, discussing the need for a separate cyber security approach. Maybe you’re afraid the conversation may be a bit awkward or uncomfortable. After all, you don’t want your IT team to feel as though they’re not doing enough, or their work is worthless. In fact, you want them to know just how important their role is when it comes to protecting your company from data breaches.

So, here are some tips on getting the conversation started.

Reveal the Facts

The IT department has a lot of responsibilities, there’s no doubt about that. They are in charge of the governance, infrastructure, and functionality of a company’s network and architecture of systems. There are a lot of jobs within those categories, but none of them really include “preventing a network from a data breach.”

Some information you want to include in this conversation are the facts and statistics of cyber risks. Talk about how small businesses are at the same risk of a data breach, if not more, than larger companies. This is because small businesses tend to be the most vulnerable, since they sometimes ignore the need for such protection.

Worried that won’t be enough?

Then tell them how more than 50% of small companies have been hacked in the last year. Or, how the costs to repair those hacks is close to a million dollars.

Always Start with Positive Feedback

While everyone in the office is an adult, it helps to always hear the good news first; no matter how old we are. When you start having the discussion with your IT team about the need for a cyber security intervention,  make sure you lay the positives on them. Let them know how much you appreciate the work they do and be specific about what they do well. This is your chance to let them shine.

Transition Into The Need for Cyber Security

Once you’ve got the basics covered, it’s time to talk to IT about bringing in cyber security experts. Explain that the professionals that you’ll bring in to help will work side by side with the IT department to make systems as secure as possible. These professionals will not be stepping on IT’s toes; rather, coming together to make sure your company is protected against hacks on all levels and is fulfilling the legal responsibility to its clients. IT will help implement the suggestions a cyber security expert makes on a long term basis.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

federal regulations of cyber security
Mar 14

How The Key Federal Regulations of Cyber Security Keep You Safe

By Hana LaRock | Security

Part of being safe on the Internet involves both consumers and companies to follow certain standards to ensure data protection. Of course, it’s not enough for people to be expected to do that on their own. This is why key federal regulations of cyber security exist; to implement processes and standards to make sure everyone’s information is protected as much as possible.

Are you familiar with these federal regulations? If you’re using the Internet for work or personal activities, then you should know these.

#1: U.S. Federal Trade Commission Act

The U.S. FTC Act may not get as much attention on the others on this list, but, it very well should. This act was put into play in 1914. Without it, America wouldn’t be the country it is today. Because of this act, consumers are protected as well as business owners.

The act states that there should be no unfair methods of competition. Additionally, it protects consumers from buying into services or products in cases where they are being misled by false advertisements. This act is the basis for all other acts in the last century and the new millennium. Nowadays, the act has been modernized to apply to the digital age, ensuring that businesses and consumers are protected online as much as they are offline.

#2: The Health Insurance Portability and Accountability Act

Also known as “HIPAA,” the Health Insurance Portability and Accountability Act helps protect patients who utilize official healthcare services. Tied into this is also the Health Information Technology for Economic and Clinical Heath Act (HITECH). Both of these acts, which have been around for more than twenty years, help keep you safe when you’re at the doctor. Anything your doctor knows about you is between you and the doctor, only. (Unless you state otherwise.)

#3: The Gramm-Leach-Bliley Act

The GLBA today applies to companies that provide financial services to their clients, such as banks, security companies, insurance companies, etc. To put in plainly, the Gramm-Leach-Bliley Act involves “Any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution.”

Basically, any company who collects sensitive information of their customers needs to be held accountable if a breach leaks that information. Therefore, this act mandates that these financial industries follow appropriate standards in order to ensure the protection and privacies of their customers.

#4: PSI DDS

Somewhat similar to the GLBA is the Payment Card Industry Data Security Standard. Though it’s not actually a law, any company that collects credit card information of their customers needs to follow certain standards in order to be cyber compliant and protect their consumers. It helps ensure that customers who make payments via a card won’t risk getting their information hacked. Though situations have happened in the past, the standards implemented by PSI DDS ultimately have kept thousands of businesses and their consumers safe.

#5: The Homeland Security Act and the Federal Information Security Management Act

If your organization is a government-backed, then last but not least, FISMA, which is a branch of The Homeland Security Act, applies to you. It requests that government organizations implement mandatory policies and principals to safeguard sensitive information. If government organizations don’t follow FISMA, they can be at a huge risk of being hacked by one of the biggest threat actors, or an independent hacker. It’s a matter of national security, and without this act, our country could essentially be in danger.

Is your company following federal regulations? And, are you sure that the companies you buy from are secure enough? Try RiskAware™ Cyber Security Scan & Report to see if you’re at risk.

social media cyber scams
Mar 07

Watch Out for These Common Social Media Cyber Scams

By Hana LaRock | Cyber Scams , Security

Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.

If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:

When a Hacker Uses a Fake Social Media Account

Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.

Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.

In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.

Hitting “Like” Buttons That Aren’t Really “Like” Buttons

It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.

This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.

Sneaky Subscriptions

Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.

Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.

A Believable Facebook Post by Shared By a Friend

When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.

So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.

Fake Affiliate Program Promotions

You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.

We use social media every day of our lives. Whether you’re using it for business, our own personal use, or both, it’s important to stay aware of potential social media cyber scams.

Here at Smeester & Associates, we can help you find tools and recommendations necessary to keep you or your company safe on social media. And, if you want to know if you’re at risk or not for a cyber scam already, check out our RiskAware™ Cyber Security Scan & Report.

threat actors
Feb 18

These Nation-States Are The Top 3 Threat Actors in the Cyber Security Game

By Hana LaRock | Cyber Scams , Security

Threat actors can be responsible for seriously impacting another organization’s security. Experienced threat actors with the right resources can hack an organization either externally, internally, or as a partner. Theoretically, a threat actor can really come in any kind of form, but in this case, the biggest actors usually act has whole governments or nation-states.

It’s very important for people to read the news once in a while and be aware who the biggest threat actors are. Whether you’re just an individual who surfs the web on occasion or you’re a huge company that does business globally, you can still be at an equal risk. These groups only need to possess the ability to potentially cause impact in order for them to be considered a major threat actor.

So, who are the biggest threat actors in the cyber security game that you need to look out for? Read on.

1. China

China is neither an ally or an enemy of the U.S. But, when it comes to cyber security, the United States can’t be too careful. That’s because according to comments made by FBI director James Comey, prior to 2015, the Chinese had been the most industrious nation responsible for cyber attacks. One of the biggest threat actors, China has been reported to conduct complex intrusion campaigns to obtain sensitive information that would have supported their state-owned enterprises.

This type of data theft is one of the driving factors that led to the U.S./China agreement over the theft of intellectual property. It’s believed to this day that China was involved in two major breaches, the Anthem Breach, and the OPM Breach. In addition to that, the FBI released a study of 165 companies that experienced data breaches, and 95% of those breaches had come from China. Though it’s believed that the prevalence of attacks from China have somewhat decreased, U.S. companies still need to be aware of how this threat actor could affect them.

2. Russia

Coming in second place is the sanctuary for asylum-seeker Edward Snowden, Russia. It seems as though the Kremlin is always making headlines for cyber security hacks, most recently for their involvement with the DNC and the White House. But, even before then, it’s no question that Russia has consistently played a huge role as one of the biggest threat actors in the world.

And, when it comes to Russia’s involvement, they’ve proved that there is really nothing too big or too outlandish for them to hack. As if the U.S. government isn’t enough, they’re also known to have hacked the medical records of U.S. athletes- Olympic athletes- who had participated in last year’s games in Rio.

3. ISIS

Number three may be a tie between several countries or groups, but because of its uniqueness, ISIS is at number three on this list. ISIS is named a huge threat actor because of its attacks in 2015 and 2016 on the European Union. They also made news for their attack in 2016 that targeted close to 3,000 New Yorkers. Though these New Yorkers possessed nothing in particular that would have made them targets, it’s yet another reminder that you don’t need to be a large company or organization to have your private information hacked.

What These Threat Actors Mean for You

Of course, no one can forget the hack North Korea pulled last year on SONY, which caused the movie to be pulled out from theaters entirely. That was a sophisticated hack the likes of we’ve never seen before. We’ve also seen hacks from Iran and Syria. And, there’s no telling who we may be able to add to this list in the future.

You might be thinking, “How would these nation-state threat actors even get to me?” Well, the thing with these hacks is that they usually occur on such a large scale and are often very complex. It can be months before a company even knows they’ve been hacked. Most of the time, they won’t even notice the breach themselves. It’s not until the government or a third-party, like a cyber security blogger, reveals the hack occurred, that the company would be able to do anything about it.

An attack from one of these major nation-state threat actors could happen to you. Does your company have the tools to detect one of these attacks if it occurs? The more time goes by without you knowing about the breach, the more damage can be done.

Here at Smeester & Associates, we can answer your questions about threat actors and let you know if you’re at risk. Make sure you take our RiskAware™ Cyber Security Scan & Report to see where your cyber security efforts currently stand.

cyber compliance
Feb 09

Unbiased Assessments: The Evidence You Need for Cyber Compliance Audits

By Hana LaRock | CEO Best Practices , Security

Cyber security is important for everyone, whether you run a multi-million dollar company or you’re just a regular individual who occasionally buys things online. That being said, there are some companies that need to take cyber security more seriously than others, because they are required to deal with cyber compliance. If these companies don’t comply, they can have serious problems down the road that can cause chaos and even irreversible damage for themselves and their customers.

If you work in one of these industries and you require cyber compliance, it’s imperative that you have the evidence you need for when a cyber compliance audit comes knocking at your door.

Does Your Industry Need To Be Cyber Compliant?

If you fall into this category, you probably already know you do. But, just to be sure, companies that need to deal with cyber compliance on a regular basis include medical and dental practices with HIPAA laws, retail companies or other companies that need to follow PCI (Payment Card Industry) compliance, as well as legal offices, etc.

If you ever collect private or sensitive data from your customers, whether it be social security numbers or your client’s intellectual propery, then guess what? You need to make sure you’re cyber compliant.

Start Taking the Necessary Steps

So, you know who you are. Great. Now it’s time to learn more about yourself and whether or not your company is at risk of a cyber breach. But, where to start? You could be an expert at running your business, but cyber security may not be something you’re exactly familiar with. You need a professional that can help.

Hiring an unbiased third party that can teach you about your company’s exposure and whether or not you have any holes in your network is the first step. Why do we say “unbiased?” Because you don’t want someone who is personally invested in the company to create a conflict of interest. Whether that conflict of interest is due to work related reasons or financial reasons, you wouldn’t want that to play a factor in having your compliance check done correctly.

Furthermore, learning about your exposure is the first step in taking serious cyber security precautions, to try and prevent a dangerous hack from impacting you and your customers. Because, as we all know, any cyber breach can cause huge costs for a company.

If a hack ever does happen, at least you’ll have proof that you took the steps necessary to make sure your company was cyber compliant. Believe it or not, that can help you a lot in the long run. Now, you’ll be prepared when those cyber compliance audits start rolling in.

You Decide To Hire a Professional. Here’s What To Expect

After you’ve made the decision to hire a professional for your cyber compliance, here’s what you can expect to happen next. First, they will see where there are some inconsistencies or problems in your network. They’ll patch up any current IT problems, then they’ll do another assessment to make sure the work we did was effective.

First, they will see whether or not there are inconsistencies or problems in your network. If there are problems, they’ll patch them up, and then do another assessment to make sure the work done was effective.

Afterwards, you’ll be issued a very important document. This is your solid piece of evidence proving your company has taken all the necessary steps for cyber compliance. It shows you’ve gone through professionals and everything checks out. As far as everyone is concerned, (including the auditor) there are no present risks.

This document is something that’s so important to have in your industry, not only for peace of mind for you and the customers that trust you, but to keep your back covered at all times.

The team that issued you this document should then continue to stay in touch and conduct a semi-annual or quarterly assessment to make sure you’re still compliant. Their job is to regulate that compliance. Therefore, if something comes up, they can fix it again and make sure you’re still following standards.

You’ve Got Nothing to Lose!

Why wouldn’t you want to protect yourself?

At the end of the day, there’s no arguing when it comes to your company being cyber compliant. If you fail to be compliant and a breach occurs, guess who will be at fault? Do yourself a favor. Do what you need to to look out for the best interest of your company and your customers.

Also, you never know when an auditor might come and ask for that necessary document!

Not sure where to get that unbiased assessment you need? Smeester & Associates can help. Just get in touch and we’ll take it from there. We’ll also issue you a cyber compliance document when we’re finished. In the meantime, to see if you have any potential risks in your network, take our RiskAware™ Cyber Security Scan & Report.

CEO, technology stakeholder, IT
Jan 28

So, Who Is The Cyber Risk Stakeholder at the Executive Level?

By Hana LaRock | CEO Best Practices , IT Best Practices

“With great power lies great responsibility.”

Even in the smallest of businesses, there is a certain hierarchy of power. And, despite what could potentially go wrong at each level, either by a team or an individual, the question is, who should take the blame?

Ultimately, there can be a lot of things a CEO already has to take responsibility for, even if something which occurred wasn’t technically their “fault.” While it may feel good for a CEO to point fingers at his or her employees, that would be doing him or herself a huge disservice. And, at the end of the day, it doesn’t fix the problem.

The only thing you need to be responsible for when it comes to your network’s security?

Finding someone else to take the responsibility.

If you utilize the services of a CIO or another outsourced cyber security professional, he or she will become the cyber risk stakeholder at the executive level. This way, you can do what you do best for your business, while this person takes care of the rest.

Wouldn’t it be nice to put such a serious responsibility into the hands of an expert?

When Common, Not-So-Serious Cyber Threats Come Through

Cyber threats nowadays can happen at any moment. We’re talking everything from entire system shutdowns to unexpected data breaches. While certain problems are more likely to happen at a small business than opposed to a larger business, if you’re business is onto something good, then hackers may be onto you, too.

And, if you’re a small business, you most likely have an IT guy or an IT team helping you to avoid these cyber threats. Though sometimes, the occasional virus will get in or someone may accidentally delete important files.

Like any employee, IT people put in a lot of time and effort into making things go right. However, their role is a little bit different than that of an outsourced CIO. While IT may be around to fix things up in the office, they aren’t the ones that should be taking care of your network’s entire security and compliance plan. It’s essential that situations in terms of security are unbiased and thus taken outside of the office.

This is why you call an outsourced CIO, who is an expert in risk management and cyber security. This way, if a serious problem does occur, they will be in charge and held fully accountable; not the IT guy, not you, and most importantly, not your company.

When a Serious Cyber Threat Succeeds in Breaching Your System

Hackers work in all different ways, as do hacks and the way they affect your business. Sometimes, a hack can really set a small business back. It can cost you a lot of time and money when it comes to making repairs.

These are bigger, more serious cyber threats which lead to complete data breaches and ransomware. Sometimes, they can’t be solved, and the damage has been embedded way too deep to even try. In these cases, it’s less likely a CEO is going to be empathetic to their IT team, or design team, or content team, or whatever team it was that was ultimately the one to “click the big red button.” It may cause a lot of frustration. But, it happens.

Thankfully, when and if these problems do occur, if you’ve made the right choice about utilizing the services of an outsourced CIO, they, as the cyber risk stakeholder, must take the blame. That’s their job. They’ll handle the audits, the lawyers, the victims, the repair plan, while you go about business as usual.

CIOs Take a Lot of Stress Away from CEOs

With start-ups or small businesses, there is a lot of “figuring out” that a company needs to do together. Problems will come along that no one could have predicted. But, when a CIO is responsible for anything serious that may happen, it takes away a lot of potential stress and finger pointing that could happen if you were the one meant to take the responsibility.

Why worry about something else when you already have enough to worry about? An outsourced CIO is an expert in what they do. Leave it to them.

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

free public WiFi, Travel, cyber security
Jan 11

The Risks of Free Public WiFi and How To Stay Protected During Travel

By Hana LaRock | Security

So, you’re traveling for business and you’re going to have to do work whenever you get the chance. You’re thinking you’ll find tons of trendy cafes, airport waiting rooms, hotel lobbies, and who knows what else…maybe even food courts and mall restaurants, to do your work at.

As you already probably know, connecting to public WiFi networks is a risk for anyone. It doesn’t matter if you work for a big or small company, or if you’re just surfing online for your own personal business. Someone who wants to get in will do it, and it won’t be hard for them to do so. But, when we see that there is a free network for us to connect to, we get excited. Free?! How great.

Well, not exactly.

Why would you make it easier for hackers to get to you?

Putting a little money into making sure your network is safe and secure while you travel is certainly worth it. But, we also understand that you want to save where you can.

So, here are some alternatives to that public WiFi.

To Avoid Sensitive Info Getting Stolen, Get a VPN

Connecting to a free public WiFi network makes it easier for someone to take your sensitive info without you even knowing it. You could be going to make a transaction or be collecting information from a customer when someone can just slip right in there.

However, this can be solved by getting a VPN, which makes it safe to do transactions over a public network. So, if there is no way to avoid using the free network at the airport or a hotel, then this is the route you want to take.

A solid VPN shouldn’t set you back too much. You can find some VPN services as low as $4 a month. Take a look at TheBestVPN.com for more information on the best VPN choices out there.

To Stay Safe, Stick to One Device

One way to be more susceptible to hackers is by using a mobile device. While it’s tempting during travel to use tablets, phones, and anything else that’s essentially “mobile,” this can put you at risk. For one, setting up security systems on a phone is definitely more of a puzzle than doing so on a computer. Second, it’s a lot harder to tell with a mobile device if you’ve been hacked or not.

To stay safe while you’re traveling, do yourself a favor and stick to just one device. Sure, you might bring your phone and tablet along for the trip. But, if you’re going to be doing any work or personal stuff, then keep it all to your computer or another device that’s already secured for these kinds of connections.

Watch Where You Plug in Your Devices, and Carry Your Own “Outlets”

Have you ever noticed at airports or malls that there are charging stations? What about USB outlets in a rental car? While this may not be quite the same as a free public WiFi network, it’s similar in that it’s something convenient that can present huge consequences. Of course, not everything is a risk, but it’s nice to be aware of these things.

If you really need to charge your device, consider getting your own power bank, or charge up in safer places.

Substitute Free Public WiFi Networks for Your Own Hotspot

Nothing is ever 100% safe, especially when it comes to protecting your sensitive information. Even when you have to “pay” to use a public network (like buying a cookie at a cafe to get the password) there are still no guarantees. There are also no guarantees that the WiFi you connect to will be strong enough to allow you to conduct business.

So, to fix all of those potential problems, consider bringing your own secure connection. Nowadays, it’s easy to find personal hotspots at mobile carrier stores that cater to your needs. You can also use your own phone as a hotspot, but like always, make sure it’s secure.

Do you need some cyber security tips for upcoming work travel? Smeester & Associates can help you get all the information you need.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Dec 29

10 Ways Ransomware Can Affect You if You Don’t Take Charge

By Hana LaRock | Ransomware

Ransomware is a nasty type of virus that extorts people for money by essentially blackmailing them. When it comes to major companies and even small businesses, ransomware can seriously take advantage of you and anyone else involved. And, as we all know, ransomware can affect our personal lives as well.

Unlike other types of hacks, ransomware is not easy to get rid of. Often, people need to either pay the money or risk losing all their data instead.

Don’t let ransomware take over your business or your life. Here are the ways ransomware can affect you if you don’t take charge. (And, by take charge, we mean taking all the cyber security precautions there are, including backing up your data!)

1. It can take away everything you’ve worked towards

Ransomware essentially takes your data hostage. If you’re a small company who has put in a lot of work to get your business off the ground, this is a huge disappointment. If you’re a major company, you’re going to have a lot of backtracking to do, and a lot of “‘splainin'” to do, too. No one wants to have to start back at square one again.

2. It can force you to pay up

If you didn’t back up your data and you’re not in a place to lose everything you’ve worked for, then ransomware can force you to pay up. Though the FBI discourages paying these cyber terrorists, it may be the only way to get back your important data.

3. It can ruin your reputation

If people are familiar with your company, a ransomware attack can seriously ruin the reputation you have with your customers. Sure, if you can overcome the ransomware no problem, then it may be that no one will find out and you can move on with your life. But, if your company goes down the drain or sensitive customers’ information gets leaked, you’re really in trouble.

4. It can make you vulnerable to attacks in the future

If we let ourselves get affected by ransomware one time, we’re probably going to do our best to make sure it doesn’t happen again. But, if a ransomware attack happens in the first place, it may mean you don’t have a good cyber security plan in place. Therefore, you may be vulnerable to more attacks in the future. 

5. It can take away your precious memories

When ransomware affects your work life, that’s one thing. But, when it affects your personal life, it’s another. Ransomware can get into your own personal computer and take away your precious memories, including photos, videos, writings, or even conversations you’ve saved.

6. It can take away your “evidence”

Some of us keep very important information on our computers. This can be everything from our tax documents to bank information or photocopies of a passport. In some cases, this type of information is your “evidence.” It’s proof you paid your taxes or proof that you paid a bill. Ransomware can take that away, wreaking havoc on your personal finances.

7. It can access any IoT device

Believe it or not, ransomware has started to affect SmartTVs, video game systems, cars, and other IoT devices. Despite the fact that IoT makes our lives easier, remember, the Internet can be a very dangerous place. With convenience, there sometimes is a catch. You don’t want to be trying to relax and watch TV when a ransomware message appears on your screen.

8. It can take away privacy in ways you wouldn’t believe

Amazon Echo may be helping to solve a murder, as it may have recorded the mysterious events that took place. While this is bad news for the murderer and good news for the family, it makes a lot of us wonder how private our lives really are when we invest in all this smart technology. Ransomware and other type of hacks can lead to us being watched and heard without us even knowing it. There’s no telling what or how they will use what they gather against you.

9. It can play a risk to your health

As you can start to see, ransomware can pretty much affect any device, including health technology. This could be any device to help aid a person’s health. Think pacemakers, implants, and in the future, other health machines like digital contact lessons. If hackers can go to any means necessary to make you desperate enough to pay, would you really put it past them?

10. It can cause a ton of stress

The bottom line is that ransomware is a very scary thing. It can come at a surprise and put us in a situation where we really have no idea what to do. It can cost us time, money, and a lot of hard work. This can cause a heck of an amount of stress, that will certainly take a toll on our work and personal life as a whole.

Smeester & Associates can provide you with assistance for your cyber security practices. In the meantime, see if you are at a risk of being hit with ransomware. Take our RiskAware™ Cyber Security Scan & Report to find out.

Dec 21

Can the Internet Really Be That Dangerous?

By Hana LaRock | CEO Best Practices , Security

When we talk about the Internet, cyber security, and how all those things come together, we have to ask ourselves one main question:

Is the Internet really that dangerous?

At one time, maybe not so much. After all, when something so broad and capable is invented before the security aspect of it is created, there leaves a lot of room for not-so-safe possibilities. As more and more people are hooking up to the IoT, there’s a lot of potential for dangerous things to happen. And, we’re not talking about people losing a company’s sensitive data, or a customer’s identification being released. We’re talking about cyber security risks that can actually be physically dangerous to the people involved at a company.

The Risks of Smart Devices

We are already well aware of the dangers mobile devices present. The problem is, in the history of Internet technology, it has always been the product invented first, and the issue of security worried about afterwards. We’ve seen it in computers, laptops, and companies switching over to conduct business on mobile devices. But, what about when the IoT keeps growing and growing? As things constantly hit the market, we’re left wondering if security comes with the rest of the package. And, more often than not, it doesn’t.

So, when a hacker gets into a laptop or a phone, it’s one thing. But, what happens when we start having smart cars, smart light bulbs, smart planes, etc? We already have tablets, smart watches, and virtual reality. What happens when a hacker seriously wants to do harm to certain individuals at certain companies? There are some BAD hackers out there, that will go to any extreme to do what they need to do or get what they need to get.

These hackers could make your company’s self-driving car go off the road. They can make the electricity in your building start a fire. If you run a restaurant with smart appliances, a hacker could shut off everything, risking health and safety hazards for your customers. They could make security cameras go all haywire, making you a victim of something you didn’t do. Like Ransomware, they will extort you and blackmail you for all your worth, even taking it as far as putting your life, or the life of your co-workers and loved ones, at risk.

Things like this have already started happening, and for some reason, companies STILL are not seeing the need for cyber security. What more will it take?

RiskAware™ Cyber Security Scan & Report

When Incentives are Scary, They Work

Cyber security flaws are an absolute epidemic. We’ve seen large company after company be hit with terrible attacks that were very hard to come back from. We recently saw one happen with Yahoo!, and even our own presidential election. No matter how often companies are educated on the dangers of an attack, people in power still do not believe they are at risk. The United States, for example, doesn’t even have enough laws and regulations in place to protect ordinary users. Then, how can any of us be safe?

Is scaring people into spending money on cyber security the answer?

Maybe so. When we are asked whether or not the internet can be dangerous, the answer is yes. While it may sound rather drastic, it’s certainly not unreasonable to think that human life could be at risk as the future of the IoT grows. Is that what it will take for people to start taking their cyber security more seriously? It’s discouraging that seeing others get attacked is the only incentive companies have to rework cyber security into their protocol or budget. But, if that’s the only thing that works, then we’re doing the right thing by making everyone aware of the possibilities.

What do you think? 

It’ll likely be some time before you start worrying about real Internet dangers. But, it’s never too soon to start taking charge of your cyber security, and staying away from IoT until you can fully implement cyber security on those devices.

If this has somehow got you into taking your cyber security seriously, then Smeester & Associates is here to get you on the right track.

Dec 14

Will You Be Ready for 2017’s Cyber Security Threats?

By Hana LaRock | CEO Best Practices , Ransomware , Security

As this year comes to an end, we have yet to see any type of decrease in cyber security threats and attacks. In fact, cyber attacks continue to grow at an alarming rate.

However, as we hone in on the types of attacks there are, it becomes a little bit easier to know what you’re looking for, and potentially stop an attack before it hits. That being said, hackers and the methods they use to take down even the biggest websites, like Twitter, are constantly changing. This is because when people find ways to stop attackers, the attackers find more creative methods to do what they set out to do. Just like any other vicious, drug-resistant virus.

And, as 2017 rolls around, we can expect to see different and more powerful types of attacks. So, the question is, will you be ready to fight them when they come?

The Money Motive

Most hackers are motivated solely by money and will go to whatever means necessary to get a lot of it out of your company. This can be done through the use of ransomware, which is getting more advanced as time goes on. Hackers are going to find stronger types of ransomware attacks, and they will extort businesses for way more money than ever before. Thus, companies are going to have a hard time keeping up with proactive security measures enough to “deter” the ransomware. But, we’ll get to that later.

The Use of Mobile Devices will Lead to IoT Attacks

As people are using their mobile devices to conduct business more and more, we will be seeing more attacks via those devices. Along with this, however, we hope to see people taking their mobile security more seriously than they have in the past. But, despite the desire for protection, mobile device security just isn’t up to par with its stationary counterparts. We’re looking at all different kinds of threats in 2017, from theft of intellectual property to the potential destruction of critical infrastructure. Companies won’t be able to deal with these threats in real-time due to the minimal capabilities of mobile devices to do so. This, unfortunately, can mean bigger and broader attacks across the board than we’ve ever seen.

Increase in Internal Risks and Attacks

One thing we may be seeing more of in 2017 are internal attacks. Because companies are bumping up their cyber security, hackers are needing to find more “undercover” ways to do what they want to do. This could be anything from placing actual insiders in the company to hackers deceivingly targeting your email and every move you make on your various social media outlets. These attackers will try to manipulate employees from the inside into letting in a major breach, causing a lot of serious damage in the process.

But, there is some good news…

More Security Investments and Cyber Deterrence

Despite the fact that hackers will be more innovative in the coming year, so will security vendors and software overall. One trend we’ll start to see in 2017 is that companies will be spending more money on their cyber security than in the past; something that we’ve been certainly been hoping to see more of.

In addition to more spending on security, we’re also likely to see cyber security take a new route…a somewhat Israeli, Iron Dome, kind of route. IT professionals are looking for ways to deter attacks as they happen and stop one right in its tracks. This is a trend we may be seeing more of in the next year, and you’ll want to get on board as soon as this kind of security hits the market.

Cyber security should be a huge concern for any company. But, these companies need to keep up with the times. The data world is always changing and we need to be aware of the trends so that we’re not as vulnerable.

If you want to be sure you’re keeping up with these cyber security trends, then contact us at Smeester & Associates. We have all the tools necessary for you to make the right decision regarding your security methods. Try our RiskAware™ Cyber Security Scan & Report to see your current exposure level.