Cyber Scams | Smeester & Associates

Category Archives for Cyber Scams

Can You Trust Someone to “Vouch” for Your Company?

Can you really have faith in everything that’s on the internet? Of course, not. But, that being said, company leaders need to put an awful lot of trust in their employees, the people they’ve hired to manage their network, and the infrastructure and reliability of the network itself. But, if you’re expected to trust so many different factors revolving around your business, while also being told not to be too careful to trust everything else — like WiFi connections or suspicious emails — then how can you navigate your way around all this?

These days, having someone to vouch for you, or having someone vouch for the people you’ll be working with, is one of the oldest, yet most reliable ways to secure your network and your company. Going off of that, it’s equally important to have extra eyes helping to look out for your company at all times.

If the Dark Web does it, so can you?

If you’re familiar with the Dark Web, “trustworthy” wouldn’t necessarily be the first term you would use to describe it. But, believe it or not, sellers on Tor need to be verified for the authenticity of their products as well as themselves as users before being able to complete a transaction. This is done by having current members introduce new members through a system of vouching. Without this, you can’t get onto the site.

So, if the Dark Web relies on some form of vouching in order to be able to trust their users, then surely large companies should be doing something similar. It’s not enough to just have certain cybersecurity protocols in place — although, those are important as well. If you can incorporate a system of vouching along with placing outside eyes wherever you can, then you’ll be protected in ways that machines can’t protect you.

Apply this system to vendors and employees

Of course, companies find ways to vouch for people, too, similar to how it’s done on the Dark Web. When we hire someone, HR usually asks for references, recommendations, and will maybe even do some snooping around on social media to get to know more about this person. The same goes if you’re working with third-party vendors or onboarding and offboarding part-time employees. You need to know who you’re going to be working with. You can go this route, but you can also ask around to see who else has worked with the people you’re planning to work with. These days, it’s very easy to check a person’s or a company’s reputation online, so you can take advantage of this.

Hire someone to look out for you

If your Facebook account gets hacked and your friends find out because they are getting spam messages from you, it’s likely that one of those friends will notify you of this so that you are aware. In a sense, this is a form of informal (and free) cybersecurity. You’re too busy running things at the company to be concerned with staying on top of security, employees, networks, risks, etc. Therefore, hiring managed services to help you keep an eye on things internally and externally can help ensure that nothing fishy comes up.

Down to checks and balances

This idea of vouching further enforces the notion of checks and balances in a company who cares about its cybersecurity. A managed service provider checks the IT team, the IT team checks HR, the company checks the employees, and vigilant, trustworthy employees can keep their eyes out for the company. While a professional certainly helps handle this process at the expert level, it never hurts to rely on people you trust to keep things in balance.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Are You Confident Enough in Your Organization’s Ability to Mitigate Risks?

Cybersecurity is a huge concern for all businesses. Companies understand that they need to prioritize their security methods in order to ensure they don’t experience major losses due to a potential data breach. Despite major headlines that have repeatedly demonstrated the impact these hacks have on companies, recent studies have found that people are still not as prepared as they need to be in order to mitigate such risks. While these companies may be confident saying that they believe in their organization’s ability to manage cybersecurity internally, according to the data, that doesn’t seem to be working (or entirely true).

Even companies who have the best IT teams and equipment understand the need for an outsourced CIO to handle cybersecurity, as well as other managed services.

Here’s why:

Many Risks are Internal

One reason that companies are unable to mitigate all the risks is because they are simply looking in all the wrong places. Every time we learn of another major breach, it doesn’t take long to discover that it happened due to something internal. Perhaps a firewall wasn’t updated, an employee used their personal unsecured device to access work, or the network infrastructure the company is using isn’t being maintained properly, leaving gaps all over. Companies don’t want to admit that they are a risk to themselves. And, even if a breach came from elsewhere, the fact that a hacker could get in is usually the company’s fault.

To fix this, an outsourced CIO can come in, take a look at your systems from an outsider’s point of view, and do what they need to do to patch it up.

Everybody Needs to be Vetted Before Being Onboarded

If your company hires contractors, partners, or interns to work with you, they will likely be given access to the company’s network. And, the more often you’re onboarding “strangers,” the easier it is for one of these people to let in a breach. Typically, it’s unintentional, but there are times where perhaps an employee who was recently let go seeks to take some kind of revenge on the business.

However, with the right network infrastructure (these days, it’s the cloud), security is placed on identities themselves, provided for new or temporary employees. When this is set-up by a managed service provider, HR and IT follows the process and works together with the outsourced CIO to prevent any leaks from occurring. Of course, proper vetting of the individual is necessary before providing them with company access as well.

Because Your Day to Day Job Doesn’t Involve Monitoring Security Risks

In general, 70% of respondents off the Marsh-Microsoft Worldwide Cyber Perception Survey reported that their IT departments are in charge of making important decisions about the company’s network. A lot of these decisions naturally have to do with the network’s security overall. As a business leader, this definitely isn’t your department, so you’re counting on the individuals over in IT to make the right choices. But, believe it or not, IT shouldn’t really have that kind of say, either. Their job isn’t just calling the shots on security measures.

While cybersecurity is certainly a task that involves a little work from everyone in the company, it takes a little more expertise than that. An outsourced CIO can help assign appropriate roles to each employee to make sure everyone is doing their part. Additionally, companies who have moved over to a cloud infrastructure are likely to face fewer risks, too, as cloud technology manages many risks on its own.

The Costs Alone Aren’t Worth the Risk

According to Business Insurance’s breakdown of the survey, 40% of respondents who reported a data breach in the last 12 months said that the worst-case scenario lost them $50 million or more. Out of that number, only 19% revealed “they are highly confident in their organizations’ ability to mitigate and respond to a cyber attack.” 

With that much money at stake, it doesn’t really seem worth it to take your chances. As a C-level leader, if you’re not totally comfortable in your company’s ability to mitigate such risks, then it’s time to find someone you can trust who can.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Are You Keeping Your Information Secure this Holiday Season?

With Black Friday and Cyber Monday around the corner, as well as a whole month of holiday shopping, people are using their debit cards, credit cards, and other accounts — like Paypal — to make purchases. But, because of all the transactions being made via the Internet, companies need to work hard to make sure they’re keeping themselves and their customers secure. Hackers will be looking for every opportunity possible to get their hands on some valuable information. Remember, a data breach of any kind can cause you or your company long-term problems.

Do your best to prepare yourself and your company against these threats this holiday season.

Here’s how:

Make Sure Compliance Practices are Up to Date

The best way to make sure you protect yourself this season is by making sure your compliance practices are up to date. If you’re keeping up with compliance laws, then you’re significantly lowering your risk of experiencing a data breach. Speak with your managed service provider to ask them if you’re doing everything you’re supposed to be doing, and if there are any new threats you need to be aware of.

Stay Away from Public WiFi Networks

It’s a no-brainer that shopping online while you’re in a public place, connected to a public Wi-Fi network, can seriously put you at risk. This holiday, whether your company is buying from suppliers online, or you’re shopping online for friends and family, don’t make the mistake of shopping at a new place. Shop from the safety of your secured home or office network, so you don’t risk prying eyes stealing sensitive data.

Add Additional Security

Whenever there is the increased risk of threat, it doesn’t hurt to add additional security to combat that. This might be a good time to change some passwords, avoid logging in from other devices, and checking on who has access to what. Keep a sharp eye and make sure there’s no funny or phishy” business going on.

Don’t Trust Strange Links or URLs

If you’re browsing online and add things to your various online shopping carts, you can anticipate a lot of e-mails reminding you to complete your purchase. Hackers will use this as a way of getting into your network. What might seem like an obvious link leading back to your shopping cart, could be Malware waiting to be easily installed on your device.

Stay Up to Date on Your Bank Statement

Last but not least, this time a year is a good time to constantly check on your banking activity. With all the purchases being made, a hacker can use your credit card information to make small purchases without you even noticing. It goes without saying that you should pay attention to what you buy, and if you work at a company, what purchases are being made. This way, if you notice any inconsistencies, you’ll be able to address them quickly

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Phishing Scam: What to Ask Yourself Before Trusting That URL

These days, most people would say that they can tell the difference between a good URL and a bad one. In fact, most people may not even consider the fact that a URL could be ‘bad’ in the first place. The only time anyone might second-guess a URL is because it would have a lot of strange numbers or characters. However, hackers know that most people are aware of this, which is precisely why they’ve gotten more sophisticated on creating URLs that will trick people.

Whether you’re a personal user or you’re the CEO of a company, here’s why you should think twice before trusting a URL, and how to recognize the signs of a hack.

It All Starts with Language

The first step in being able to identify a bad URL is by understanding what a URL is. A URL is, of course, letters that are put together to make words (or made up words) to lead you to a place on the Web. Maybe you’ve never realized it before, but, almost all URLs on the web are made of English characters. That’s because the Internet was designed initially for an English-speaking audience.

The problem is (or, rather, the benefit for hackers) is that there are many letters in the English language that look exactly the same as letters in other languages. Although these letters don’t hold any of the same phonemic significance, they can be manipulated to make fake URLS that are a mix of letters in other alphabets and English letters. This is known as an “IDN Homograph Attack.”

How to Prevent a Homograph Attack

The reason these fake URLs are able to be created is because the phisher on the other side of the screen has found a website that has let he or she create a domain in which they can take characters from different languages. While a lot of these sites are cracking down on this behavior, it’s pretty much possible to find anything on the Internet. So, one of the easiest ways to stop an IDN Homograph Attack is by restricting IDNs under your browser settings. If this isn’t an option for your company, (maybe because you work with many international businesses) new technology is coming out in various browsers that when updated, will help protect you against such attacks.

Other Ways to Detect Danger

Homograph attacks aren’t the only ways in which people are tricked into opening bad URLs. As long as you know what to look for, you can detect danger and put a halt to it before being affected.

  • Is the Site You’re Going to Secured?: Most browsers will let you know if a website is “unsafe” before continuing. If you see a warning but you’re fairly confident that it is safe, check if the site has security seals. Something as simple as seeing that green address bar can help you be sure.
  • Are the Letter Cases Different?: Typically, letter cases don’t make much of a difference when you’re trying to visit a website. But, checking the letter case on a URL, especially if it was sent to you via email, can help prevent an attack. If something looks out of place, exercise caution, and instead, type in the URL on the address bar as you know it.
  • Is the SSL Certificate Up to Date?: If the website’s SSL Certificate is expired, this could be a red flag. It may not be that the website is being run by a hacker, but it could make the site itself more vulnerable to hackers who want to use it as a bridge to get to you.

Cyber scams can be hard to detect. If you want to protect your company, knowing the signs of such attacks like these are important. Next time you click a new URL, stop and follow these steps.

In the meantime, try our RiskAware™ Cyber Security Scan & Report to see where your security currently stands.

Will You Be Able to Recognize Executive Impersonation Fraud?

There are all different kinds of ways for a hacker to breach a system, and it seems like once we figure out how to prevent one of them, another one arises. Whether it’s Malware or Phishing scams, it’s hard to predict what the next one will hit and when it will be.

But, right now, there’s a new scam on the rise, and it’s just as concerning as it is clever. Executive impersonation fraud is becoming more and more prevalent and harder to catch. Will you be prepared if it’s used against you?

What is Executive Impersonation?

An Executive Impersonation is yet another type of Business Email Compromise scam. While it may seem like the type of hack anyone could attempt, it’s in fact, very sophisticated. Hackers who do this go to great lengths to pretend to be an executive of a company and seek the information they are looking for. Therefore, it’s one of the hardest scams to recognize.

In an Executive Impersonation hack, hackers target businesses that frequently do wire transfers. These hackers, or impersonators, “take the place” of a CEO, attorney, or trusted vendor with a leadership position; someone who has the power to initiate a bank transfer. Needless to say, these hackers can get their hands on all kinds of sensitive information and use it to their benefit.

Who are the Scammers?

Though many of us tend to fear the biggest threat actors when it comes to data breaches, an Executive Impersonation attack doesn’t need to be carried out by a whole country. Like many other scammers out there, it could just be a random individual. That being said, it does take a lot of research to impersonate a high-powered executive, and we can assure you that these hackers read up.

Which brings us to our next point…

Why Do People Fall For It So Easily?

These days, when you can hide behind a computer screen, you never really know who you’re dealing with. You may wonder how someone could so easily fall for one of these Executive Impersonation scams, but what you really should be asking is, “How can you not?”

First of all, when a CEO gives any type of order, it’s usually respected. Most people, when given a request by someone in power, will automatically say “yes.” The scammers make sure to use that factor to their advantage while replicating business practices unique to the company they’re hacking. To carry out this type of hack, they will ultimately conduct wire transfers on unauthorized funds by compromising email accounts.

Preventing Attacks

The first step to preventing attacks like these is simply being aware. The more your company is up to date with what’s out there, the higher chance you’ll have for keeping yourself safe.

Who is a Target?

If you think just because you’re a small business you won’t be a target for an Executive Impersonation hack, think again. Smaller businesses tend to be the most vulnerable since often times they’ll put their cyber security on the back burner. Therefore, making sure you take as many precautions as possible, like practicing two-step verification and strong passwords, will help you stay safe.

Know The Different Ways Hackers Carry Out the Attack

In Executive Impersonation attacks, there are three main ways in which the hack is carried out:

  • Executive/Attorney Impersonation: When the hacker pretends to be an attorney asking for money for a time-sensitive transaction for whatever reason. Usually, the “attorney,” or the account that’s hacked, is a person in which the company already knows and trusts, and would have no reason to question the request.
  • Data Theft via Human Resources: This is when the hacker impersonates the CEO by compromising his or her email, then contacting someone in HR, Finance, or any other department that deals with the payroll. That employee will then send the “CEO” the payroll or sensitive information requested without second-guessing it. Then, the hacker will use this info to get what they want.
  • Executive Money Transfer Request: This is when an Executive Money Transfer Request is put through when the hacker compromises the executive’s email. They will contact the person who handles money at the office (again, HR or Finance) to submit a direct transfer to a “vendor” or “customer” account.

No cyber attack can be a 100% prevented. However, if you know the signs of an Executive Impersonation attack while making sure your systems are secure, you should be in good shape.

Smeester & Associates can help CEOs like yourself make the right decisions for your company, whether those involve cyber threats or other concerns in your IT department. To see if you’re at risk of a security breach, take our RiskAware™ Cyber Security Scan & Report today.

Watch Out for These Common Social Media Cyber Scams

Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.

If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:

When a Hacker Uses a Fake Social Media Account

Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.

Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.

In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.

Hitting “Like” Buttons That Aren’t Really “Like” Buttons

It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.

This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.

Sneaky Subscriptions

Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.

Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.

A Believable Facebook Post by Shared By a Friend

When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.

So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.

Fake Affiliate Program Promotions

You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.

We use social media every day of our lives. Whether you’re using it for business, our own personal use, or both, it’s important to stay aware of potential social media cyber scams.

Here at Smeester & Associates, we can help you find tools and recommendations necessary to keep you or your company safe on social media. And, if you want to know if you’re at risk or not for a cyber scam already, check out our RiskAware™ Cyber Security Scan & Report.

These Nation-States Are The Top 3 Threat Actors in the Cyber Security Game

Threat actors can be responsible for seriously impacting another organization’s security. Experienced threat actors with the right resources can hack an organization either externally, internally, or as a partner. Theoretically, a threat actor can really come in any kind of form, but in this case, the biggest actors usually act has whole governments or nation-states.

It’s very important for people to read the news once in a while and be aware who the biggest threat actors are. Whether you’re just an individual who surfs the web on occasion or you’re a huge company that does business globally, you can still be at an equal risk. These groups only need to possess the ability to potentially cause impact in order for them to be considered a major threat actor.

So, who are the biggest threat actors in the cyber security game that you need to look out for? Read on.

1. China

China is neither an ally or an enemy of the U.S. But, when it comes to cyber security, the United States can’t be too careful. That’s because according to comments made by FBI director James Comey, prior to 2015, the Chinese had been the most industrious nation responsible for cyber attacks. One of the biggest threat actors, China has been reported to conduct complex intrusion campaigns to obtain sensitive information that would have supported their state-owned enterprises.

This type of data theft is one of the driving factors that led to the U.S./China agreement over the theft of intellectual property. It’s believed to this day that China was involved in two major breaches, the Anthem Breach, and the OPM Breach. In addition to that, the FBI released a study of 165 companies that experienced data breaches, and 95% of those breaches had come from China. Though it’s believed that the prevalence of attacks from China have somewhat decreased, U.S. companies still need to be aware of how this threat actor could affect them.

2. Russia

Coming in second place is the sanctuary for asylum-seeker Edward Snowden, Russia. It seems as though the Kremlin is always making headlines for cyber security hacks, most recently for their involvement with the DNC and the White House. But, even before then, it’s no question that Russia has consistently played a huge role as one of the biggest threat actors in the world.

And, when it comes to Russia’s involvement, they’ve proved that there is really nothing too big or too outlandish for them to hack. As if the U.S. government isn’t enough, they’re also known to have hacked the medical records of U.S. athletes- Olympic athletes- who had participated in last year’s games in Rio.

3. ISIS

Number three may be a tie between several countries or groups, but because of its uniqueness, ISIS is at number three on this list. ISIS is named a huge threat actor because of its attacks in 2015 and 2016 on the European Union. They also made news for their attack in 2016 that targeted close to 3,000 New Yorkers. Though these New Yorkers possessed nothing in particular that would have made them targets, it’s yet another reminder that you don’t need to be a large company or organization to have your private information hacked.

What These Threat Actors Mean for You

Of course, no one can forget the hack North Korea pulled last year on SONY, which caused the movie to be pulled out from theaters entirely. That was a sophisticated hack the likes of we’ve never seen before. We’ve also seen hacks from Iran and Syria. And, there’s no telling who we may be able to add to this list in the future.

You might be thinking, “How would these nation-state threat actors even get to me?” Well, the thing with these hacks is that they usually occur on such a large scale and are often very complex. It can be months before a company even knows they’ve been hacked. Most of the time, they won’t even notice the breach themselves. It’s not until the government or a third-party, like a cyber security blogger, reveals the hack occurred, that the company would be able to do anything about it.

An attack from one of these major nation-state threat actors could happen to you. Does your company have the tools to detect one of these attacks if it occurs? The more time goes by without you knowing about the breach, the more damage can be done.

Here at Smeester & Associates, we can answer your questions about threat actors and let you know if you’re at risk. Make sure you take our RiskAware™ Cyber Security Scan & Report to see where your cyber security efforts currently stand.

How to Stay Safe on Cyber Monday (Or Any Other Day)

Nowadays, people find it a lot easier to do their shopping, especially their holiday shopping, online. But, when customers from all over the world are using their sensitive information to make purchases, there is always the risk that a security breach could occur. And, that that security breach could put you at a serious risk.

Black Friday is over, and so far, there haven’t been any major incidences. (At least compared to previous years.) While that’s all great to hear, that doesn’t mean it’s time to let our guard down just yet. The cyber threat is still prevalent and we need to be on guard.

If you plan on participating in Cyber Monday or any other kind of online shopping this holiday season, here are a few tips on keeping yourself safe behind the screen.

cyber-monday-theftAvoid Using Your Mobile Devices

Though using your mobile device to make a purchase is definitely time-efficient, it’s not always safe. There are a lot of companies that use mobile apps to cater to their users. While this is a nice thing for both the company and the user, it can also be a nice thing for any hacker who won’t even need to lift a finger to take your information. Stick to a computer that you’re familiar with.

Consider Alternative Payments

If your browser asks you if you want it to remember your card information, don’t check off that box. Even if it’s your own personal computer, this kind of thing makes it easier for anyone to take your information. And, even if you opt out of having your credit card memorized, you should consider leaving the credit card or debit card behind altogether. If you have gift cards, Paypal, or a prepaid card, it’ll keep you a little safer.

Go With Companies You Know

Maybe a lot of those third-party, out-of-country eCommerce sites have some really good-looking deals. And, while some of those sites may be very well legitimate, you should never buy from a company that you haven’t heard of. Stick to the places and the names you know and love. There’s a better chance their online shopping platform is just safer, and if a breach were to happen, that they would at least do their best to make sure you’re protected.

Trust Your Gut

Cyber Monday and the holiday season, in general, are pretty overwhelming days to be on the Internet. There are a lot of good deals out there that are really convincing. But, not all deals are what you think they are. Some are really deceiving. It may not be that there is a hacker running a fake website with fake deals directly behind the screen. But, it may mean that the website you see one of these “deals” on may not be one that’s safe to use, for one reason or another. Therefore, just remember the old advice, “If it looks too good to be true…” Trust your gut before trusting these people with your bank information.

And, if you’re a company…

If you’re a company who is selling products online on Cyber Monday, or any other day for that matter, make sure you’re taking every possible cyber security precaution there is to protect you and your users. You should also consider taking out cyber insurance or consulting with your provider about additional measures. Remember, your customers are trusting of you, and they wouldn’t want a little purchase on your website to lead to a complete loss of their identity.

Cyber Monday is just a few days away. Are you prepared? No worries! Smeester & Associates is here to help. 


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Are Outdated Browsers Leaving Your Business Vulnerable?

Users must regularly maintain, patch and update software, applications, plug-ins and more, but just how many businesses are overlooking this important security concern? In our latest chart, we reveal the percentage of users running outdated browsers. As you know, cybercriminals continually look for vulnerabilities to exploit in frequently used programs. Proper patch management, however, helps prevent devices from becoming compromised. So how do you have this conversation with potential clients, and which questions should you expect to answer?

outdate-browsers-vulnerable-statistics

WHY ARE EXPLOITS POPULAR AMONG CYBERCRIMINALS?

As software becomes more advanced, it becomes virtually impossible to eliminate all potential vulnerabilities. Consider all the lines of code on a single operating system, and then note every single program and application installed on top of that. You need to protect all of it, but a lot can go wrong. Attackers only have to find one flaw to manipulate in order to gain access – hence why these attacks are so popular. Typically, cybercriminals are looking to pick the lowest-hanging fruit, and software vulnerabilities are easy targets. Hackers also favor attacks that can do the most damage. To exploit a vulnerability, they seek applications with a high volume and frequency of usage. That way, they can maximize their attack surface. This is why Adobe Flash, Microsoft Office and other similar applications are attractive targets for attacks.

WHY DO I NEED PROACTIVE PATCH MANAGEMENT TO PROTECT AGAINST EXPLOITS?

A recent HPE cyber risk report shows that 2015 was a record year for the number of security vulnerabilities reported and patches issued. However, what good are security patches if they’re never installed? Businesses today are faced with an ever-changing security risk landscape, which means that threats are becoming stealthier and more sophisticated. If your applications aren’t updated with the latest security patches, you run the risk of being successfully exploited by attackers – which can lead to unplanned downtime, sensitive data being compromised or even a data breach. Proactive patch management is essential to an effective security and business continuity strategy, because it only takes one device to compromise an entire network.

WHY SHOULD I WORK WITH AN MSP FOR THIS?

Most small- and medium-sized businesses (SMBs) don’t have the time and bandwidth to stay completely up-to-date on the latest security flaws and updates. That’s where Smeester & Associates comes in. We can help mitigate these risks with a proactive monitoring and management platform that deploys patches remotely and at a time most convenient for you. You don’t have to worry about the health of your IT system. It’s our job to manage the patching process and make sure that policies are continually revisited and improved. When you work with us, you can rest easy knowing your data is protected and your network, secure. And rather than burden your staff with this responsibility, our 24x7x365 expert support team is trained to take care of this for you.

Also, it’s important to remember that just because a new patch is released doesn’t mean that it should immediately be deployed. Often, patches will contain unseen vulnerabilities, have installation issues, or even prevent machines from successfully rebooting once the installation is complete. We can provide you with additional security, peace of mind and uptime by testing and researching patches before pushing them to your machines.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!

Don’t Be the Low Hanging Fruit for Cyber Criminals

While cyber attacks can happen to anyone regardless of the size of your company or what sector you’re in, there are some exceptions. Though hackers are good at what they do, you can make it harder for them to target your company. Even if everyone is a potential victim, you can make sure you’re not at the bottom of the totem pole. Don’t be the low hanging fruit for cyber criminals.

Follow these tips to make you less desirable or less obvious to hackers on the prowl.

Don’t keep your passwords simple

While you might want an easy way to remember all your passwords, keeping them all the same is essentially asking hackers to come knocking at your door. And, they probably won’t be so polite that they’ll knock first. Your passwords should not only be unique and very difficult to figure out, but they should be different for each one of your accounts associated with your website or business.

It’s also a good idea to use fake answers for security questions and two-step verifications, as any cyber criminal with a little but of time can figure out your personal answers. If you’re worried about remembering all these passwords, you can use a password manager to help. Additionally, think twice before saving your password on websites (and credit card information) when your browser asks you.

Use a VPN

Using a VPN is a great way to protect your connection, especially if you’re hooking up to a public WiFi network. That’s because a VPN hides your IP address and encrypts all traffic coming in or out over a certain internet connection. This is one of the easiest ways to avoid being the low hanging fruit for cyber criminals.

Encrypt your hard drive

Don’t make your hard drive an open door. Encrypt it. There are thousands of ways hackers can get into your hard drive, sometimes even physically. Block it off and make sure you’re the only one that can access it.

Spread your data out

In addition to encrypting your hard drive, you also shouldn’t keep everything in one place. Sensitive information should be spread out among different places to make it harder for a cyber criminal to really cause damage.

Don’t open anything “phishy”

We shouldn’t have to say this, but if you need a reminder, please, oh please, don’t open anything in your email that looks suspicious. A lot of the times, hackers use phishing as an easy way to hack your system. Anything that looks out of the norm probably is. DELETE and notify the company that someone is using their name and logo to try infect you.

Take advice from the experts

An easy way to be the low hanging fruit for cyber criminals is by simply ignoring the issue of cyber security. Even if you’re a small business (actually, especially because you’re a small business), you should really take advice from someone who knows best. Using a managed security service is one way to go about it. Another way is to talk to us at Smeester & Associates, because we can steer you in the right direction.


How low is your fruit hanging? Is that bear about to eat you or the other guy?

Discover how much risk you’re exposed to and get a complimentary RiskAware™ Cyber Security Scan & Report today!