Tag Archives forcyber scams

5 Add-On Tips to Ensure Your Security is at Its Absolute Best

When it comes to securing your network, there is never really such a thing as “too much.” That being said, a lot of the time people who believe they have a stable security system will neglect it after a while, especially if they’ve hired someone to look after it.

But, security isn’t just something you install and leave. In order to get the most out of your security program, it must be constantly monitored. Whether you’re doing the monitoring or someone else is doing it, these add-ons will help ensure your security is at its absolute best.

1. Add More Authentication Stages

Most of us know that a two-step verification process is a smart way to keep your systems secure. Unfortunately, as much as people know the importance of this, they still are not implementing it where they should. These days, hackers are still finding success by stealing passwords or just by guessing them.

Adding a little more authentication, such as MFA (multi-factor authentication) will help you put up more of a wall on your systems. MFA makes users present multiple forms of evidence in order to gain access to the network. This could be anything from answering personal security questions to providing two separate and unique passwords.

2. Add a Web Application Firewall

Companies and individuals alike should not rely only on a firewall to secure their system. Firewalls are easy to surpass and don’t have the capacity to block out the really serious stuff. That being said, firewalls are still good to use as long as they are combined with other forms of security.

A web application firewall is a type of firewall that can help filter out common web application attacks that are affecting security systems, like SQL Injection attacks. Of course, the best way to be sure this firewall is working properly is to change your settings to only allow apps you trust, and by checking frequently to see if blunt force against an attack would be a necessary added component thereafter.

3. Add More Security Scans and Filters Overall

When you have a lot of traffic coming into your site, that’s a good thing for business. But, it’s not really a great thing for security. Bad sites have a way of sneaking into your regular traffic stats, posing as an ordinary user. The problem is, this won’t be an ordinary web user that you think it is, but some form of Malware that can be easily overlooked.

To help prevent this, you can first add a filter to block off the URLS of these bad sites. You also need to look beyond the traffic and proceed with caution when you receive emails that include suspicious-looking links.

4. Add an Approach That Works Worldwide

In this day in age, many companies have employees that work remotely. These employees need to have the ability to access your company’s network without any hassles. But, finding a solution that lets employees log on easily while maintaining the security of your network is a bit of a challenge. Fortunately, all you need to do, in addition to using a VPN, is make sure data is encrypted at every point of the network. And, make sure your employees are being careful if and when they ever use a public Wifi network.

5. Add On the Best Security Staff There Is

When it comes to your network’s security, you can’t do it alone. Even after you implement all these add-ons, the most important thing is that your security is left in the right hands. Having an educated IT team is a start, but IT, especially one IT guy, isn’t always as prepared for such a situation as a third party provider would be. Whatever route you decide to go, it’s essential that you leave your security with the experts if you’re not already doing so.

Phishing Scam: What to Ask Yourself Before Trusting That URL

These days, most people would say that they can tell the difference between a good URL and a bad one. In fact, most people may not even consider the fact that a URL could be ‘bad’ in the first place. The only time anyone might second-guess a URL is because it would have a lot of strange numbers or characters. However, hackers know that most people are aware of this, which is precisely why they’ve gotten more sophisticated on creating URLs that will trick people.

Whether you’re a personal user or you’re the CEO of a company, here’s why you should think twice before trusting a URL, and how to recognize the signs of a hack.

It All Starts with Language

The first step in being able to identify a bad URL is by understanding what a URL is. A URL is, of course, letters that are put together to make words (or made up words) to lead you to a place on the Web. Maybe you’ve never realized it before, but, almost all URLs on the web are made of English characters. That’s because the Internet was designed initially for an English-speaking audience.

The problem is (or, rather, the benefit for hackers) is that there are many letters in the English language that look exactly the same as letters in other languages. Although these letters don’t hold any of the same phonemic significance, they can be manipulated to make fake URLS that are a mix of letters in other alphabets and English letters. This is known as an “IDN Homograph Attack.”

How to Prevent a Homograph Attack

The reason these fake URLs are able to be created is because the phisher on the other side of the screen has found a website that has let he or she create a domain in which they can take characters from different languages. While a lot of these sites are cracking down on this behavior, it’s pretty much possible to find anything on the Internet. So, one of the easiest ways to stop an IDN Homograph Attack is by restricting IDNs under your browser settings. If this isn’t an option for your company, (maybe because you work with many international businesses) new technology is coming out in various browsers that when updated, will help protect you against such attacks.

Other Ways to Detect Danger

Homograph attacks aren’t the only ways in which people are tricked into opening bad URLs. As long as you know what to look for, you can detect danger and put a halt to it before being affected.

  • Is the Site You’re Going to Secured?: Most browsers will let you know if a website is “unsafe” before continuing. If you see a warning but you’re fairly confident that it is safe, check if the site has security seals. Something as simple as seeing that green address bar can help you be sure.
  • Are the Letter Cases Different?: Typically, letter cases don’t make much of a difference when you’re trying to visit a website. But, checking the letter case on a URL, especially if it was sent to you via email, can help prevent an attack. If something looks out of place, exercise caution, and instead, type in the URL on the address bar as you know it.
  • Is the SSL Certificate Up to Date?: If the website’s SSL Certificate is expired, this could be a red flag. It may not be that the website is being run by a hacker, but it could make the site itself more vulnerable to hackers who want to use it as a bridge to get to you.

Cyber scams can be hard to detect. If you want to protect your company, knowing the signs of such attacks like these are important. Next time you click a new URL, stop and follow these steps.

Will You Be Able to Recognize Executive Impersonation Fraud?

There are all different kinds of ways for a hacker to breach a system, and it seems like once we figure out how to prevent one of them, another one arises. Whether it’s Malware or Phishing scams, it’s hard to predict what the next one will hit and when it will be.

But, right now, there’s a new scam on the rise, and it’s just as concerning as it is clever. Executive impersonation fraud is becoming more and more prevalent and harder to catch. Will you be prepared if it’s used against you?

What is Executive Impersonation?

An Executive Impersonation is yet another type of Business Email Compromise scam. While it may seem like the type of hack anyone could attempt, it’s in fact, very sophisticated. Hackers who do this go to great lengths to pretend to be an executive of a company and seek the information they are looking for. Therefore, it’s one of the hardest scams to recognize.

In an Executive Impersonation hack, hackers target businesses that frequently do wire transfers. These hackers, or impersonators, “take the place” of a CEO, attorney, or trusted vendor with a leadership position; someone who has the power to initiate a bank transfer. Needless to say, these hackers can get their hands on all kinds of sensitive information and use it to their benefit.

Who are the Scammers?

Though many of us tend to fear the biggest threat actors when it comes to data breaches, an Executive Impersonation attack doesn’t need to be carried out by a whole country. Like many other scammers out there, it could just be a random individual. That being said, it does take a lot of research to impersonate a high-powered executive, and we can assure you that these hackers read up.

Which brings us to our next point…

Why Do People Fall For It So Easily?

These days, when you can hide behind a computer screen, you never really know who you’re dealing with. You may wonder how someone could so easily fall for one of these Executive Impersonation scams, but what you really should be asking is, “How can you not?”

First of all, when a CEO gives any type of order, it’s usually respected. Most people, when given a request by someone in power, will automatically say “yes.” The scammers make sure to use that factor to their advantage while replicating business practices unique to the company they’re hacking. To carry out this type of hack, they will ultimately conduct wire transfers on unauthorized funds by compromising email accounts.

Preventing Attacks

The first step to preventing attacks like these is simply being aware. The more your company is up to date with what’s out there, the higher chance you’ll have for keeping yourself safe.

Who is a Target?

If you think just because you’re a small business you won’t be a target for an Executive Impersonation hack, think again. Smaller businesses tend to be the most vulnerable since often times they’ll put their cyber security on the back burner. Therefore, making sure you take as many precautions as possible, like practicing two-step verification and strong passwords, will help you stay safe.

Know The Different Ways Hackers Carry Out the Attack

In Executive Impersonation attacks, there are three main ways in which the hack is carried out:

  • Executive/Attorney Impersonation: When the hacker pretends to be an attorney asking for money for a time-sensitive transaction for whatever reason. Usually, the “attorney,” or the account that’s hacked, is a person in which the company already knows and trusts, and would have no reason to question the request.
  • Data Theft via Human Resources: This is when the hacker impersonates the CEO by compromising his or her email, then contacting someone in HR, Finance, or any other department that deals with the payroll. That employee will then send the “CEO” the payroll or sensitive information requested without second-guessing it. Then, the hacker will use this info to get what they want.
  • Executive Money Transfer Request: This is when an Executive Money Transfer Request is put through when the hacker compromises the executive’s email. They will contact the person who handles money at the office (again, HR or Finance) to submit a direct transfer to a “vendor” or “customer” account.

No cyber attack can be a 100% prevented. However, if you know the signs of an Executive Impersonation attack while making sure your systems are secure, you should be in good shape.

 

How The Key Federal Regulations of Cyber Security Keep You Safe

Part of being safe on the Internet involves both consumers and companies to follow certain standards to ensure data protection. Of course, it’s not enough for people to be expected to do that on their own. This is why key federal regulations of cyber security exist; to implement processes and standards to make sure everyone’s information is protected as much as possible.

Are you familiar with these federal regulations? If you’re using the Internet for work or personal activities, then you should know these.

#1: U.S. Federal Trade Commission Act

The U.S. FTC Act may not get as much attention on the others on this list, but, it very well should. This act was put into play in 1914. Without it, America wouldn’t be the country it is today. Because of this act, consumers are protected as well as business owners.

The act states that there should be no unfair methods of competition. Additionally, it protects consumers from buying into services or products in cases where they are being misled by false advertisements. This act is the basis for all other acts in the last century and the new millennium. Nowadays, the act has been modernized to apply to the digital age, ensuring that businesses and consumers are protected online as much as they are offline.

#2: The Health Insurance Portability and Accountability Act

Also known as “HIPAA,” the Health Insurance Portability and Accountability Act helps protect patients who utilize official healthcare services. Tied into this is also the Health Information Technology for Economic and Clinical Heath Act (HITECH). Both of these acts, which have been around for more than twenty years, help keep you safe when you’re at the doctor. Anything your doctor knows about you is between you and the doctor, only. (Unless you state otherwise.)

#3: The Gramm-Leach-Bliley Act

The GLBA today applies to companies that provide financial services to their clients, such as banks, security companies, insurance companies, etc. To put in plainly, the Gramm-Leach-Bliley Act involves “Any institution engaged in the business of providing financial services to customers who maintain a credit, deposit, trust, or other financial account or relationship with the institution.”

Basically, any company who collects sensitive information of their customers needs to be held accountable if a breach leaks that information. Therefore, this act mandates that these financial industries follow appropriate standards in order to ensure the protection and privacies of their customers.

#4: PSI DDS

Somewhat similar to the GLBA is the Payment Card Industry Data Security Standard. Though it’s not actually a law, any company that collects credit card information of their customers needs to follow certain standards in order to be cyber compliant and protect their consumers. It helps ensure that customers who make payments via a card won’t risk getting their information hacked. Though situations have happened in the past, the standards implemented by PSI DDS ultimately have kept thousands of businesses and their consumers safe.

#5: The Homeland Security Act and the Federal Information Security Management Act

If your organization is a government-backed, then last but not least, FISMA, which is a branch of The Homeland Security Act, applies to you. It requests that government organizations implement mandatory policies and principals to safeguard sensitive information. If government organizations don’t follow FISMA, they can be at a huge risk of being hacked by one of the biggest threat actors, or an independent hacker. It’s a matter of national security, and without this act, our country could essentially be in danger.

Watch Out for These Common Social Media Cyber Scams

Social media is one of the most important things that companies use to drive their business. It’s an amazing way to get more connected to people, have constant communication with customers, and easily implement your inbound marketing campaigns. However, with every good thing, there’s usually a downside. And, the downside to utilizing social media too much is that you can quickly fall victim to a hack.

If your company uses social media at all with your business, then you must be aware of common social media cyber scams. Here they are:

When a Hacker Uses a Fake Social Media Account

Sometimes a hacker can impersonate a social media account user from a bank you use or a company you do business with. This is known as Angler Phishing.

Let’s say you go on Twitter or Facebook to get in touch with a company, either by making a tweet, a post, or sometimes, even sending a message. Something like, “Hey @appname, I need help with…” This is now public information. A hacker can then pose as the customer agent that wants to reply to your post.

In that message, they may add a link that looks exactly like a link that would come from the app company, bank, or whoever you’ve tweeted at. If you follow that link, it becomes very easy at that point for the hacker to get all your information. The solution? A reputable business probably won’t need to have you solve a problem this way. It’s always best to get in touch with someone directly from the company before making a bad mistake.

Hitting “Like” Buttons That Aren’t Really “Like” Buttons

It seems so simple, liking a post on Facebook. You do it every day, probably multiple times a day. But, when you yourself or an employee of your business goes to like something on Facebook, there’s a chance that that like button has been hacked as a means of tricking you. You thought you were giving an individual or an organization a compliment. But, now, you’ve just downloaded Malware onto your computer.

This is known as “likejacking.” These can spread like wildfire too, because after you’ve clicked that link, it can share it on your feed, putting your friends at risk, too.

Sneaky Subscriptions

Have you ever seen a quiz or game come up on your news feed? It looks like fun and all your friends are doing it. Plus, you’re pretty bored at the moment and any type of entertainment would be good right now. So, you decide to click the “play now” or “take the quiz” button. But, before you can start doing anything, it asks you for your phone number or email address.

Suddenly, you’ve just become a victim of a sneaky subscription social media cyber scam. You’ve been signed up for something without your consent. And, if you signed up with your cell phone number, a hefty amount has just been added to your monthly phone bill. Ouch.

A Believable Facebook Post by Shared By a Friend

When something is coming from a friend you know on Facebook, it has to be trusted, right? After all, your friend would probably know that he or she has been hacked, and would do something about it. But, the fact of the matter is that hacks have gotten a lot more believable over the years. Hackers know that people are able to identify hacks much easier than they’ve been able to in the past, so they’ve adjusted their hack accordingly.

So, when your friend shares something on Facebook that says something like, “Wow, check out this crazy video” with a link attached, DON’T click on it. Most of the time, the wording is made out to sound like your friend, and it sometimes takes a while before they even know this message is going around.

Fake Affiliate Program Promotions

You’re scrolling in a Facebook group you like or see an ad or post for an offer that sounds so intriguing. An airline you like is giving away a free trip if you get 100 likes. A store you shop at is giving out a giftcard if you just share their link. Does it sound too good to be true? Then it probably is. Remember, there’s no such thing as a free lunch. Don’t fall for something like this. It’s a very easy way to become a victim of a cyber scam.

These Nation-States Are The Top 3 Threat Actors in the Cyber Security Game

Threat actors can be responsible for seriously impacting another organization’s security. Experienced threat actors with the right resources can hack an organization either externally, internally, or as a partner. Theoretically, a threat actor can really come in any kind of form, but in this case, the biggest actors usually act has whole governments or nation-states.

It’s very important for people to read the news once in a while and be aware who the biggest threat actors are. Whether you’re just an individual who surfs the web on occasion or you’re a huge company that does business globally, you can still be at an equal risk. These groups only need to possess the ability to potentially cause impact in order for them to be considered a major threat actor.

So, who are the biggest threat actors in the cyber security game that you need to look out for? Read on.

1. China

China is neither an ally or an enemy of the U.S. But, when it comes to cyber security, the United States can’t be too careful. That’s because according to comments made by FBI director James Comey, prior to 2015, the Chinese had been the most industrious nation responsible for cyber attacks. One of the biggest threat actors, China has been reported to conduct complex intrusion campaigns to obtain sensitive information that would have supported their state-owned enterprises.

This type of data theft is one of the driving factors that led to the U.S./China agreement over the theft of intellectual property. It’s believed to this day that China was involved in two major breaches, the Anthem Breach, and the OPM Breach. In addition to that, the FBI released a study of 165 companies that experienced data breaches, and 95% of those breaches had come from China. Though it’s believed that the prevalence of attacks from China have somewhat decreased, U.S. companies still need to be aware of how this threat actor could affect them.

2. Russia

Coming in second place is the sanctuary for asylum-seeker Edward Snowden, Russia. It seems as though the Kremlin is always making headlines for cyber security hacks, most recently for their involvement with the DNC and the White House. But, even before then, it’s no question that Russia has consistently played a huge role as one of the biggest threat actors in the world.

And, when it comes to Russia’s involvement, they’ve proved that there is really nothing too big or too outlandish for them to hack. As if the U.S. government isn’t enough, they’re also known to have hacked the medical records of U.S. athletes- Olympic athletes- who had participated in last year’s games in Rio.

3. ISIS

Number three may be a tie between several countries or groups, but because of its uniqueness, ISIS is at number three on this list. ISIS is named a huge threat actor because of its attacks in 2015 and 2016 on the European Union. They also made news for their attack in 2016 that targeted close to 3,000 New Yorkers. Though these New Yorkers possessed nothing in particular that would have made them targets, it’s yet another reminder that you don’t need to be a large company or organization to have your private information hacked.

What These Threat Actors Mean for You

Of course, no one can forget the hack North Korea pulled last year on SONY, which caused the movie to be pulled out from theaters entirely. That was a sophisticated hack the likes of we’ve never seen before. We’ve also seen hacks from Iran and Syria. And, there’s no telling who we may be able to add to this list in the future.

You might be thinking, “How would these nation-state threat actors even get to me?” Well, the thing with these hacks is that they usually occur on such a large scale and are often very complex. It can be months before a company even knows they’ve been hacked. Most of the time, they won’t even notice the breach themselves. It’s not until the government or a third-party, like a cyber security blogger, reveals the hack occurred, that the company would be able to do anything about it.

The Risks of Free Public WiFi and How To Stay Protected During Travel

So, you’re traveling for business and you’re going to have to do work whenever you get the chance. You’re thinking you’ll find tons of trendy cafes, airport waiting rooms, hotel lobbies, and who knows what else…maybe even food courts and mall restaurants, to do your work at.

As you already probably know, connecting to public WiFi networks is a risk for anyone. It doesn’t matter if you work for a big or small company, or if you’re just surfing online for your own personal business. Someone who wants to get in will do it, and it won’t be hard for them to do so. But, when we see that there is a free network for us to connect to, we get excited. Free?! How great.

Well, not exactly.

Why would you make it easier for hackers to get to you?

Putting a little money into making sure your network is safe and secure while you travel is certainly worth it. But, we also understand that you want to save where you can.

So, here are some alternatives to that public WiFi.

To Avoid Sensitive Info Getting Stolen, Get a VPN

Connecting to a free public WiFi network makes it easier for someone to take your sensitive info without you even knowing it. You could be going to make a transaction or be collecting information from a customer when someone can just slip right in there.

However, this can be solved by getting a VPN, which makes it safe to do transactions over a public network. So, if there is no way to avoid using the free network at the airport or a hotel, then this is the route you want to take.

A solid VPN shouldn’t set you back too much. You can find some VPN services as low as $4 a month. Take a look at TheBestVPN.com for more information on the best VPN choices out there.

To Stay Safe, Stick to One Device

One way to be more susceptible to hackers is by using a mobile device. While it’s tempting during travel to use tablets, phones, and anything else that’s essentially “mobile,” this can put you at risk. For one, setting up security systems on a phone is definitely more of a puzzle than doing so on a computer. Second, it’s a lot harder to tell with a mobile device if you’ve been hacked or not.

To stay safe while you’re traveling, do yourself a favor and stick to just one device. Sure, you might bring your phone and tablet along for the trip. But, if you’re going to be doing any work or personal stuff, then keep it all to your computer or another device that’s already secured for these kinds of connections.

Watch Where You Plug in Your Devices, and Carry Your Own “Outlets”

Have you ever noticed at airports or malls that there are charging stations? What about USB outlets in a rental car? While this may not be quite the same as a free public WiFi network, it’s similar in that it’s something convenient that can present huge consequences. Of course, not everything is a risk, but it’s nice to be aware of these things.

If you really need to charge your device, consider getting your own power bank, or charge up in safer places.

Substitute Free Public WiFi Networks for Your Own Hotspot

Nothing is ever 100% safe, especially when it comes to protecting your sensitive information. Even when you have to “pay” to use a public network (like buying a cookie at a cafe to get the password) there are still no guarantees. There are also no guarantees that the WiFi you connect to will be strong enough to allow you to conduct business.

So, to fix all of those potential problems, consider bringing your own secure connection. Nowadays, it’s easy to find personal hotspots at mobile carrier stores that cater to your needs. You can also use your own phone as a hotspot, but like always, make sure it’s secure.

Do you need some cyber security tips for upcoming work travel? Smeester & Associates can help you get all the information you need.

10 Ways Ransomware Can Affect You if You Don’t Take Charge

Ransomware is a nasty type of virus that extorts people for money by essentially blackmailing them. When it comes to major companies and even small businesses, ransomware can seriously take advantage of you and anyone else involved. And, as we all know, ransomware can affect our personal lives as well.

Unlike other types of hacks, ransomware is not easy to get rid of. Often, people need to either pay the money or risk losing all their data instead.

Don’t let ransomware take over your business or your life. Here are the ways ransomware can affect you if you don’t take charge. (And, by take charge, we mean taking all the cyber security precautions there are, including backing up your data!)

1. It can take away everything you’ve worked towards

Ransomware essentially takes your data hostage. If you’re a small company who has put in a lot of work to get your business off the ground, this is a huge disappointment. If you’re a major company, you’re going to have a lot of backtracking to do, and a lot of “‘splainin'” to do, too. No one wants to have to start back at square one again.

2. It can force you to pay up

If you didn’t back up your data and you’re not in a place to lose everything you’ve worked for, then ransomware can force you to pay up. Though the FBI discourages paying these cyber terrorists, it may be the only way to get back your important data.

3. It can ruin your reputation

If people are familiar with your company, a ransomware attack can seriously ruin the reputation you have with your customers. Sure, if you can overcome the ransomware no problem, then it may be that no one will find out and you can move on with your life. But, if your company goes down the drain or sensitive customers’ information gets leaked, you’re really in trouble.

4. It can make you vulnerable to attacks in the future

If we let ourselves get affected by ransomware one time, we’re probably going to do our best to make sure it doesn’t happen again. But, if a ransomware attack happens in the first place, it may mean you don’t have a good cyber security plan in place. Therefore, you may be vulnerable to more attacks in the future. 

5. It can take away your precious memories

When ransomware affects your work life, that’s one thing. But, when it affects your personal life, it’s another. Ransomware can get into your own personal computer and take away your precious memories, including photos, videos, writings, or even conversations you’ve saved.

6. It can take away your “evidence”

Some of us keep very important information on our computers. This can be everything from our tax documents to bank information or photocopies of a passport. In some cases, this type of information is your “evidence.” It’s proof you paid your taxes or proof that you paid a bill. Ransomware can take that away, wreaking havoc on your personal finances.

7. It can access any IoT device

Believe it or not, ransomware has started to affect SmartTVs, video game systems, cars, and other IoT devices. Despite the fact that IoT makes our lives easier, remember, the Internet can be a very dangerous place. With convenience, there sometimes is a catch. You don’t want to be trying to relax and watch TV when a ransomware message appears on your screen.

8. It can take away privacy in ways you wouldn’t believe

Amazon Echo may be helping to solve a murder, as it may have recorded the mysterious events that took place. While this is bad news for the murderer and good news for the family, it makes a lot of us wonder how private our lives really are when we invest in all this smart technology. Ransomware and other type of hacks can lead to us being watched and heard without us even knowing it. There’s no telling what or how they will use what they gather against you.

9. It can play a risk to your health

As you can start to see, ransomware can pretty much affect any device, including health technology. This could be any device to help aid a person’s health. Think pacemakers, implants, and in the future, other health machines like digital contact lessons. If hackers can go to any means necessary to make you desperate enough to pay, would you really put it past them?

10. It can cause a ton of stress

The bottom line is that ransomware is a very scary thing. It can come at a surprise and put us in a situation where we really have no idea what to do. It can cost us time, money, and a lot of hard work. This can cause a heck of an amount of stress, that will certainly take a toll on our work and personal life as a whole.

How to Stay Safe on Cyber Monday (Or Any Other Day)

Nowadays, people find it a lot easier to do their shopping, especially their holiday shopping, online. But, when customers from all over the world are using their sensitive information to make purchases, there is always the risk that a security breach could occur. And, that that security breach could put you at a serious risk.

Black Friday is over, and so far, there haven’t been any major incidences. (At least compared to previous years.) While that’s all great to hear, that doesn’t mean it’s time to let our guard down just yet. The cyber threat is still prevalent and we need to be on guard.

If you plan on participating in Cyber Monday or any other kind of online shopping this holiday season, here are a few tips on keeping yourself safe behind the screen.

cyber-monday-theftAvoid Using Your Mobile Devices

Though using your mobile device to make a purchase is definitely time-efficient, it’s not always safe. There are a lot of companies that use mobile apps to cater to their users. While this is a nice thing for both the company and the user, it can also be a nice thing for any hacker who won’t even need to lift a finger to take your information. Stick to a computer that you’re familiar with.

Consider Alternative Payments

If your browser asks you if you want it to remember your card information, don’t check off that box. Even if it’s your own personal computer, this kind of thing makes it easier for anyone to take your information. And, even if you opt out of having your credit card memorized, you should consider leaving the credit card or debit card behind altogether. If you have gift cards, Paypal, or a prepaid card, it’ll keep you a little safer.

Go With Companies You Know

Maybe a lot of those third-party, out-of-country eCommerce sites have some really good-looking deals. And, while some of those sites may be very well legitimate, you should never buy from a company that you haven’t heard of. Stick to the places and the names you know and love. There’s a better chance their online shopping platform is just safer, and if a breach were to happen, that they would at least do their best to make sure you’re protected.

Trust Your Gut

Cyber Monday and the holiday season, in general, are pretty overwhelming days to be on the Internet. There are a lot of good deals out there that are really convincing. But, not all deals are what you think they are. Some are really deceiving. It may not be that there is a hacker running a fake website with fake deals directly behind the screen. But, it may mean that the website you see one of these “deals” on may not be one that’s safe to use, for one reason or another. Therefore, just remember the old advice, “If it looks too good to be true…” Trust your gut before trusting these people with your bank information.

And, if you’re a company…

If you’re a company who is selling products online on Cyber Monday, or any other day for that matter, make sure you’re taking every possible cyber security precaution there is to protect you and your users. You should also consider taking out cyber insurance or consulting with your provider about additional measures. Remember, your customers are trusting of you, and they wouldn’t want a little purchase on your website to lead to a complete loss of their identity.

Cyber Monday is just a few days away. Are you prepared? No worries! Smeester & Associates is here to help. 

Here’s Why Smaller Companies Could Have Bigger Cyber Claims

A data breach doesn’t discriminate based on the size of your company. Making sure you’re protected, therefore, is extremely important. This is more or less the reason why a lot of companies take out cyber insurance to help pay for indirect costs associated with a data breach. While it’s great news that companies are taking security very seriously, it comes at a bit of a shock once you see how much these claims actually cost. And, not only that, but also where those costs are coming from.

A study done by NetDiligence on cyber claims costs tells us a lot of interesting information. Though the larger companies make up a higher total average of claims at six million dollars, it was actually the smaller companies with less than two billion dollars in revenue that represented a higher cost of claims individually. That’s a whopping 87% majority of the all the companies surveyed.

But, why? Why would a smaller company who makes a heck of a lot less than a larger one be claiming more money than their larger-company counterparts?

Here are a few possible reasons.

Fortune 500 Companies Are No Longer the Only Targets

For many years, only Fortune 500 companies and government organizations were the main targets for data breaches. IT teams and managed service providers were still an up and coming career. Those who knew how to prevent hackers were mostly hired to protect large organizations like these. But, times are a changin’, and smaller companies are just as likely to get breached. Particularly, in retail and financial sectors.

Small Companies Aren’t As Aware of Their Exposure

Without putting any of you small-company folks down, these kind of companies just are not as aware of their exposure as much as large companies are. This means that not only are they unfamiliar with how much sensitive information they possess, but how much of that information isn’t safe from attackers.

Resources are Limited

When it comes to smaller companies, there aren’t as many resources available to guard against data breaches. Unlike larger companies, they might have a smaller budget or they may be currently preoccupied with getting their business off the ground or managing their customer relations. During these times, a small company may not realize how vulnerable they are. But, that doesn’t necessarily mean they aren’t protecting themselves. When companies have less resources to invest in IT, they may just put that towards insurance. Hence why we see more claims from small companies.

Overall, Smaller Organizations Have More Incidents

You might wonder why a smaller organization with less to offer hackers would have more incidents than a larger organization. But, believe it or not, the size of your company has both a lot to do and very little to do with it. One thing to note is that hackers don’t really care about the size of your company. If you have important information somewhere in your ne
twork, then you can be a target.

That being said, the fact that you are a small company, in general, may mean you’re not quite up to par with larger companies when it comes to cyber security. That means more incidents can happen, thus leading to a higher cost of claims.

So, where does your company fall in all of this? Smeester & Associates is here to provide you with more information on these topics, so you can make the right decisions for your company.

>