When it comes to securing your network, there is never really such a thing as “too much.” That being said, a lot of the time people who believe they have a stable security system will neglect it after a while, especially if they’ve hired someone to look after it.
But, security isn’t just something you install and leave. In order to get the most out of your security program, it must be constantly monitored. Whether you’re doing the monitoring or someone else is doing it, these add-ons will help ensure your security is at its absolute best.
Most of us know that a two-step verification process is a smart way to keep your systems secure. Unfortunately, as much as people know the importance of this, they still are not implementing it where they should. These days, hackers are still finding success by stealing passwords or just by guessing them.
Adding a little more authentication, such as MFA (multi-factor authentication) will help you put up more of a wall on your systems. MFA makes users present multiple forms of evidence in order to gain access to the network. This could be anything from answering personal security questions to providing two separate and unique passwords.
Companies and individuals alike should not rely only on a firewall to secure their system. Firewalls are easy to surpass and don’t have the capacity to block out the really serious stuff. That being said, firewalls are still good to use as long as they are combined with other forms of security.
A web application firewall is a type of firewall that can help filter out common web application attacks that are affecting security systems, like SQL Injection attacks. Of course, the best way to be sure this firewall is working properly is to change your settings to only allow apps you trust, and by checking frequently to see if blunt force against an attack would be a necessary added component thereafter.
When you have a lot of traffic coming into your site, that’s a good thing for business. But, it’s not really a great thing for security. Bad sites have a way of sneaking into your regular traffic stats, posing as an ordinary user. The problem is, this won’t be an ordinary web user that you think it is, but some form of Malware that can be easily overlooked.
To help prevent this, you can first add a filter to block off the URLS of these bad sites. You also need to look beyond the traffic and proceed with caution when you receive emails that include suspicious-looking links.
In this day in age, many companies have employees that work remotely. These employees need to have the ability to access your company’s network without any hassles. But, finding a solution that lets employees log on easily while maintaining the security of your network is a bit of a challenge. Fortunately, all you need to do, in addition to using a VPN, is make sure data is encrypted at every point of the network. And, make sure your employees are being careful if and when they ever use a public Wifi network.
When it comes to your network’s security, you can’t do it alone. Even after you implement all these add-ons, the most important thing is that your security is left in the right hands. Having an educated IT team is a start, but IT, especially one IT guy, isn’t always as prepared for such a situation as a third party provider would be. Whatever route you decide to go, it’s essential that you leave your security with the experts if you’re not already doing so.
These days, most people would say that they can tell the difference between a good URL and a bad one. In fact, most people may not even consider the fact that a URL could be ‘bad’ in the first place. The only time anyone might second-guess a URL is because it would have a lot of strange numbers or characters. However, hackers know that most people are aware of this, which is precisely why they’ve gotten more sophisticated on creating URLs that will trick people.
Whether you’re a personal user or you’re the CEO of a company, here’s why you should think twice before trusting a URL, and how to recognize the signs of a hack.
It All Starts with Language
The first step in being able to identify a bad URL is by understanding what a URL is. A URL is, of course, letters that are put together to make words (or made up words) to lead you to a place on the Web. Maybe you’ve never realized it before, but, almost all URLs on the web are made of English characters. That’s because the Internet was designed initially for an English-speaking audience.
The problem is (or, rather, the benefit for hackers) is that there are many letters in the English language that look exactly the same as letters in other languages. Although these letters don’t hold any of the same phonemic significance, they can be manipulated to make fake URLS that are a mix of letters in other alphabets and English letters. This is known as an “IDN Homograph Attack.”
How to Prevent a Homograph Attack
The reason these fake URLs are able to be created is because the phisher on the other side of the screen has found a website that has let he or she create a domain in which they can take characters from different languages. While a lot of these sites are cracking down on this behavior, it’s pretty much possible to find anything on the Internet. So, one of the easiest ways to stop an IDN Homograph Attack is by restricting IDNs under your browser settings. If this isn’t an option for your company, (maybe because you work with many international businesses) new technology is coming out in various browsers that when updated, will help protect you against such attacks.
Other Ways to Detect Danger
Homograph attacks aren’t the only ways in which people are tricked into opening bad URLs. As long as you know what to look for, you can detect danger and put a halt to it before being affected.
Cyber scams can be hard to detect. If you want to protect your company, knowing the signs of such attacks like these are important. Next time you click a new URL, stop and follow these steps.
There are all different kinds of ways for a hacker to breach a system, and it seems like once we figure out how to prevent one of them, another one arises. Whether it’s Malware or Phishing scams, it’s hard to predict what the next one will hit and when it will be.
But, right now, there’s a new scam on the rise, and it’s just as concerning as it is clever. Executive impersonation fraud is becoming more and more prevalent and harder to catch. Will you be prepared if it’s used against you?
What is Executive Impersonation?
An Executive Impersonation is yet another type of Business Email Compromise scam. While it may seem like the type of hack anyone could attempt, it’s in fact, very sophisticated. Hackers who do this go to great lengths to pretend to be an executive of a company and seek the information they are looking for. Therefore, it’s one of the hardest scams to recognize.
In an Executive Impersonation hack, hackers target businesses that frequently do wire transfers. These hackers, or impersonators, “take the place” of a CEO, attorney, or trusted vendor with a leadership position; someone who has the power to initiate a bank transfer. Needless to say, these hackers can get their hands on all kinds of sensitive information and use it to their benefit.
Who are the Scammers?
Though many of us tend to fear the biggest threat actors when it comes to data breaches, an Executive Impersonation attack doesn’t need to be carried out by a whole country. Like many other scammers out there, it could just be a random individual. That being said, it does take a lot of research to impersonate a high-powered executive, and we can assure you that these hackers read up.
Which brings us to our next point…
Why Do People Fall For It So Easily?
These days, when you can hide behind a computer screen, you never really know who you’re dealing with. You may wonder how someone could so easily fall for one of these Executive Impersonation scams, but what you really should be asking is, “How can you not?”
First of all, when a CEO gives any type of order, it’s usually respected. Most people, when given a request by someone in power, will automatically say “yes.” The scammers make sure to use that factor to their advantage while replicating business practices unique to the company they’re hacking. To carry out this type of hack, they will ultimately conduct wire transfers on unauthorized funds by compromising email accounts.
The first step to preventing attacks like these is simply being aware. The more your company is up to date with what’s out there, the higher chance you’ll have for keeping yourself safe.
Who is a Target?
If you think just because you’re a small business you won’t be a target for an Executive Impersonation hack, think again. Smaller businesses tend to be the most vulnerable since often times they’ll put their cyber security on the back burner. Therefore, making sure you take as many precautions as possible, like practicing two-step verification and strong passwords, will help you stay safe.
Know The Different Ways Hackers Carry Out the Attack
In Executive Impersonation attacks, there are three main ways in which the hack is carried out:
No cyber attack can be a 100% prevented. However, if you know the signs of an Executive Impersonation attack while making sure your systems are secure, you should be in good shape.
Part of being safe on the Internet involves both consumers and companies to follow certain standards to ensure data protection. Of course, it’s not enough for people to be expected to do that on their own. This is why key federal regulations of cyber security exist; to implement processes and standards to make sure everyone’s information is protected as much as possible.
Are you familiar with these federal regulations? If you’re using the Internet for work or personal activities, then you should know these.
The U.S. FTC Act may not get as much attention on the others on this list, but, it very well should. This act was put into play in 1914. Without it, America wouldn’t be the country it is today. Because of this act, consumers are protected as well as business owners.
The act states that there should be no unfair methods of competition. Additionally, it protects consumers from buying into services or products in cases where they are being misled by false advertisements. This act is the basis for all other acts in the last century and the new millennium. Nowadays, the act has been modernized to apply to the digital age, ensuring that businesses and consumers are protected online as much as they are offline.
Also known as “HIPAA,” the Health Insurance Portability and Accountability Act helps protect patients who utilize official healthcare services. Tied into this is also the Health Information Technology for Economic and Clinical Heath Act (HITECH). Both of these acts, which have been around for more than twenty years, help keep you safe when you’re at the doctor. Anything your doctor knows about you is between you and the doctor, only. (Unless you state otherwise.)
The GLBA today applies to companies that provide financial services to their clients, such as banks, security companies, insurance companies, etc. To put in plainly, the Gramm-Leach-Bliley Act involves “Any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution.”
Basically, any company who collects sensitive information of their customers needs to be held accountable if a breach leaks that information. Therefore, this act mandates that these financial industries follow appropriate standards in order to ensure the protection and privacies of their customers.
Somewhat similar to the GLBA is the Payment Card Industry Data Security Standard. Though it’s not actually a law, any company that collects credit card information of their customers needs to follow certain standards in order to be cyber compliant and protect their consumers. It helps ensure that customers who make payments via a card won’t risk getting their information hacked. Though situations have happened in the past, the standards implemented by PSI DDS ultimately have kept thousands of businesses and their consumers safe.
If your organization is a government-backed, then last but not least, FISMA, which is a branch of The Homeland Security Act, applies to you. It requests that government organizations implement mandatory policies and principals to safeguard sensitive information. If government organizations don’t follow FISMA, they can be at a huge risk of being hacked by one of the biggest threat actors, or an independent hacker. It’s a matter of national security, and without this act, our country could essentially be in danger.
Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.
If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:
Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.
Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.
In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.
It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.
This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.
Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.
Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.
When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.
So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.
You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.
So, you’re traveling for business and you’re going to have to do work whenever you get the chance. You’re thinking you’ll find tons of trendy cafes, airport waiting rooms, hotel lobbies, and who knows what else…maybe even food courts and mall restaurants, to do your work at.
As you already probably know, connecting to public WiFi networks is a risk for anyone. It doesn’t matter if you work for a big or small company, or if you’re just surfing online for your own personal business. Someone who wants to get in will do it, and it won’t be hard for them to do so. But, when we see that there is a free network for us to connect to, we get excited. Free?! How great.
Well, not exactly.
Why would you make it easier for hackers to get to you?
Putting a little money into making sure your network is safe and secure while you travel is certainly worth it. But, we also understand that you want to save where you can.
So, here are some alternatives to that public WiFi.
Connecting to a free public WiFi network makes it easier for someone to take your sensitive info without you even knowing it. You could be going to make a transaction or be collecting information from a customer when someone can just slip right in there.
However, this can be solved by getting a VPN, which makes it safe to do transactions over a public network. So, if there is no way to avoid using the free network at the airport or a hotel, then this is the route you want to take.
A solid VPN shouldn’t set you back too much. You can find some VPN services as low as $4 a month. Take a look at TheBestVPN.com for more information on the best VPN choices out there.
One way to be more susceptible to hackers is by using a mobile device. While it’s tempting during travel to use tablets, phones, and anything else that’s essentially “mobile,” this can put you at risk. For one, setting up security systems on a phone is definitely more of a puzzle than doing so on a computer. Second, it’s a lot harder to tell with a mobile device if you’ve been hacked or not.
To stay safe while you’re traveling, do yourself a favor and stick to just one device. Sure, you might bring your phone and tablet along for the trip. But, if you’re going to be doing any work or personal stuff, then keep it all to your computer or another device that’s already secured for these kinds of connections.
Have you ever noticed at airports or malls that there are charging stations? What about USB outlets in a rental car? While this may not be quite the same as a free public WiFi network, it’s similar in that it’s something convenient that can present huge consequences. Of course, not everything is a risk, but it’s nice to be aware of these things.
If you really need to charge your device, consider getting your own power bank, or charge up in safer places.
Nothing is ever 100% safe, especially when it comes to protecting your sensitive information. Even when you have to “pay” to use a public network (like buying a cookie at a cafe to get the password) there are still no guarantees. There are also no guarantees that the WiFi you connect to will be strong enough to allow you to conduct business.
So, to fix all of those potential problems, consider bringing your own secure connection. Nowadays, it’s easy to find personal hotspots at mobile carrier stores that cater to your needs. You can also use your own phone as a hotspot, but like always, make sure it’s secure.
Do you need some cyber security tips for upcoming work travel? Smeester & Associates can help you get all the information you need.
Ransomware is a nasty type of virus that extorts people for money by essentially blackmailing them. When it comes to major companies and even small businesses, ransomware can seriously take advantage of you and anyone else involved. And, as we all know, ransomware can affect our personal lives as well.
Unlike other types of hacks, ransomware is not easy to get rid of. Often, people need to either pay the money or risk losing all their data instead.
Don’t let ransomware take over your business or your life. Here are the ways ransomware can affect you if you don’t take charge. (And, by take charge, we mean taking all the cyber security precautions there are, including backing up your data!)
Ransomware essentially takes your data hostage. If you’re a small company who has put in a lot of work to get your business off the ground, this is a huge disappointment. If you’re a major company, you’re going to have a lot of backtracking to do, and a lot of “‘splainin'” to do, too. No one wants to have to start back at square one again.
If you didn’t back up your data and you’re not in a place to lose everything you’ve worked for, then ransomware can force you to pay up. Though the FBI discourages paying these cyber terrorists, it may be the only way to get back your important data.
If people are familiar with your company, a ransomware attack can seriously ruin the reputation you have with your customers. Sure, if you can overcome the ransomware no problem, then it may be that no one will find out and you can move on with your life. But, if your company goes down the drain or sensitive customers’ information gets leaked, you’re really in trouble.
If we let ourselves get affected by ransomware one time, we’re probably going to do our best to make sure it doesn’t happen again. But, if a ransomware attack happens in the first place, it may mean you don’t have a good cyber security plan in place. Therefore, you may be vulnerable to more attacks in the future.
When ransomware affects your work life, that’s one thing. But, when it affects your personal life, it’s another. Ransomware can get into your own personal computer and take away your precious memories, including photos, videos, writings, or even conversations you’ve saved.
Some of us keep very important information on our computers. This can be everything from our tax documents to bank information or photocopies of a passport. In some cases, this type of information is your “evidence.” It’s proof you paid your taxes or proof that you paid a bill. Ransomware can take that away, wreaking havoc on your personal finances.
Believe it or not, ransomware has started to affect SmartTVs, video game systems, cars, and other IoT devices. Despite the fact that IoT makes our lives easier, remember, the Internet can be a very dangerous place. With convenience, there sometimes is a catch. You don’t want to be trying to relax and watch TV when a ransomware message appears on your screen.
Amazon Echo may be helping to solve a murder, as it may have recorded the mysterious events that took place. While this is bad news for the murderer and good news for the family, it makes a lot of us wonder how private our lives really are when we invest in all this smart technology. Ransomware and other type of hacks can lead to us being watched and heard without us even knowing it. There’s no telling what or how they will use what they gather against you.
As you can start to see, ransomware can pretty much affect any device, including health technology. This could be any device to help aid a person’s health. Think pacemakers, implants, and in the future, other health machines like digital contact lessons. If hackers can go to any means necessary to make you desperate enough to pay, would you really put it past them?
The bottom line is that ransomware is a very scary thing. It can come at a surprise and put us in a situation where we really have no idea what to do. It can cost us time, money, and a lot of hard work. This can cause a heck of an amount of stress, that will certainly take a toll on our work and personal life as a whole.
Nowadays, people find it a lot easier to do their shopping, especially their holiday shopping, online. But, when customers from all over the world are using their sensitive information to make purchases, there is always the risk that a security breach could occur. And, that that security breach could put you at a serious risk.
Black Friday is over, and so far, there haven’t been any major incidences. (At least compared to previous years.) While that’s all great to hear, that doesn’t mean it’s time to let our guard down just yet. The cyber threat is still prevalent and we need to be on guard.
If you plan on participating in Cyber Monday or any other kind of online shopping this holiday season, here are a few tips on keeping yourself safe behind the screen.
Though using your mobile device to make a purchase is definitely time-efficient, it’s not always safe. There are a lot of companies that use mobile apps to cater to their users. While this is a nice thing for both the company and the user, it can also be a nice thing for any hacker who won’t even need to lift a finger to take your information. Stick to a computer that you’re familiar with.
Consider Alternative Payments
If your browser asks you if you want it to remember your card information, don’t check off that box. Even if it’s your own personal computer, this kind of thing makes it easier for anyone to take your information. And, even if you opt out of having your credit card memorized, you should consider leaving the credit card or debit card behind altogether. If you have gift cards, Paypal, or a prepaid card, it’ll keep you a little safer.
Go With Companies You Know
Maybe a lot of those third-party, out-of-country eCommerce sites have some really good-looking deals. And, while some of those sites may be very well legitimate, you should never buy from a company that you haven’t heard of. Stick to the places and the names you know and love. There’s a better chance their online shopping platform is just safer, and if a breach were to happen, that they would at least do their best to make sure you’re protected.
Trust Your Gut
Cyber Monday and the holiday season, in general, are pretty overwhelming days to be on the Internet. There are a lot of good deals out there that are really convincing. But, not all deals are what you think they are. Some are really deceiving. It may not be that there is a hacker running a fake website with fake deals directly behind the screen. But, it may mean that the website you see one of these “deals” on may not be one that’s safe to use, for one reason or another. Therefore, just remember the old advice, “If it looks too good to be true…” Trust your gut before trusting these people with your bank information.
And, if you’re a company…
If you’re a company who is selling products online on Cyber Monday, or any other day for that matter, make sure you’re taking every possible cyber security precaution there is to protect you and your users. You should also consider taking out cyber insurance or consulting with your provider about additional measures. Remember, your customers are trusting of you, and they wouldn’t want a little purchase on your website to lead to a complete loss of their identity.
Cyber Monday is just a few days away. Are you prepared? No worries! Smeester & Associates is here to help.
A data breach doesn’t discriminate based on the size of your company. Making sure you’re protected, therefore, is extremely important. This is more or less the reason why a lot of companies take out cyber insurance to help pay for indirect costs associated with a data breach. While it’s great news that companies are taking security very seriously, it comes at a bit of a shock once you see how much these claims actually cost. And, not only that, but also where those costs are coming from.
A study done by NetDiligence on cyber claims costs tells us a lot of interesting information. Though the larger companies make up a higher total average of claims at six million dollars, it was actually the smaller companies with less than two billion dollars in revenue that represented a higher cost of claims individually. That’s a whopping 87% majority of the all the companies surveyed.
But, why? Why would a smaller company who makes a heck of a lot less than a larger one be claiming more money than their larger-company counterparts?
Here are a few possible reasons.
For many years, only Fortune 500 companies and government organizations were the main targets for data breaches. IT teams and managed service providers were still an up and coming career. Those who knew how to prevent hackers were mostly hired to protect large organizations like these. But, times are a changin’, and smaller companies are just as likely to get breached. Particularly, in retail and financial sectors.
Without putting any of you small-company folks down, these kind of companies just are not as aware of their exposure as much as large companies are. This means that not only are they unfamiliar with how much sensitive information they possess, but how much of that information isn’t safe from attackers.
When it comes to smaller companies, there aren’t as many resources available to guard against data breaches. Unlike larger companies, they might have a smaller budget or they may be currently preoccupied with getting their business off the ground or managing their customer relations. During these times, a small company may not realize how vulnerable they are. But, that doesn’t necessarily mean they aren’t protecting themselves. When companies have less resources to invest in IT, they may just put that towards insurance. Hence why we see more claims from small companies.
You might wonder why a smaller organization with less to offer hackers would have more incidents than a larger organization. But, believe it or not, the size of your company has both a lot to do and very little to do with it. One thing to note is that hackers don’t really care about the size of your company. If you have important information somewhere in your ne
twork, then you can be a target.
That being said, the fact that you are a small company, in general, may mean you’re not quite up to par with larger companies when it comes to cyber security. That means more incidents can happen, thus leading to a higher cost of claims.
So, where does your company fall in all of this? Smeester & Associates is here to provide you with more information on these topics, so you can make the right decisions for your company.
Ransomware can happen to anyone, though many people tend to think it will never happen to them. Unfortunately, if you fall victim to ransomware, you could end up paying a hefty amount; a ransom, to get back your files. Ransomware occurs when someone hacks your system, corrupts your files, and asks for at least $500 in bitcoin. In case you don’t know, bitcoins are not an easy thing to get your hands on.
For those who have the money to pay up, maybe ransomware is not such a problem for you. But, for most people, ransomware can be a very scary thing to have to face.
Luckily, there are solutions when it comes to fighting off ransomware, but it all starts with you. If you want to make sure this cyber-kidnapping doesn’t ruin your network, then here’s what you can do.
This goes without saying. If you see an email or something suspicious on your system, don’t click on it. Delete it, and if possible, advise your IT person or CIO about what you saw.
As with any form of cyber security, it’s essential you know what it is that you need to protect from potential ransomware. Do you have customer credit card information? Intellectual property? A list of email addresses of potential leads? Decide what it is you need to protect and make sure everyone who’s dealing with it is aware as well.
This is the most important thing you can to do when it comes to protecting yourself from ransomware. The people behind these attacks will take your files, lock them, and only give them back to you once you pay.
Therefore, in order to always be prepared for a ransomware attack, it’s essential that you’re constantly backing up your information. The main goal of these people is to get money from you, so while you should be concerned about what they have, there’s not too much to worry about it.
Make sure you are backing up your data as much as possible. It’s good to also back it up on an external hard drive, as ransomware can get into your cloud. While backing your data up everyday may be a bit overboard, it’s really not. Imagine the one day you don’t do it is the day you get hit with a ransomware attack. But, if doing it everyday is too much for you, then just make sure you at least do a backup whenever you have new important data.
When you find out that you’ve been a victim of a ransomware attack, you’ll know pretty quickly. When you try to access your files, it will ask you to pay up by buying a bitcoin (or several). The first rule and the only rule is to not pay. If you’ve backed up your information, you’ll have nothing to worry about.
If you haven’t backed up your data, then that’s another story. Your options are a bit more limited. However, if the information they have isn’t so vital to you continuing on with your routine matters, then forget about it. After all, giving these guys money just enables them to keep doing what they’re doing. Also, there are occasions where people pay the ransom, only to find the files are inaccessible. Don’t fall into that trap.
Ransomware can happen to anyone, as can any other kind of cybersecurity attack. Of course, each type of attack has different ways of preventing it. But, when it comes to ransomware, the best way to prevent any attack is simply by backing up your information at all costs.