Tag Archives: phishing

Top 5 Cyber Attacks You Should be Aware for Your Business

Posted on June 10, 2019 | Leave a comment

DSA Technologies works with a wide range of businesses, that face many of the same security challenges over and over. Most of these issues are preventable or can at least be mitigated with the right care and awareness. Here’s what the resident expert Michael Reese at DSA Technologies shared with being the most common problems that you should keep an eye out for.

  1. Phishing Schemes
    Phishing is the crime of deceiving people into sharing sensitive information like passwords and credit card numbers. Nearly all successful cyber-attacks begin with a phishing scheme. These attacks are responsible for over $12 billion losses globally! Usually the attack is delivered in the form of an email and will demand that the victim go to a website and take immediate action. If the user clicks the link, they are sent to a fake website that imitates a real website. From here, they are asked to login. The criminal now has your information to cause more damage.
  2. Cloud Cyber Security Threats
    Cloud computing, or the use of an internet source to store information, has grown significantly. Most people assume that cloud storage is safe, but this isn’t necessarily the case. If your provider offers minimal security your sensitive data could be easily accessible to hackers. The amount of security your cloud server offers is usually in the terms and conditions. These can be muddy waters. Don’t be afraid to talk to an expert on how to navigate these threats.
  3. Ransomware/Malware Ransomware
    is like malware in that they are both criminal software used to take control of your computer and/or your information stored. Ransomware attacks are on the rise. Companies like DSA Technologies can help you build your line of defense through software against this type of attack. It’s estimated that an organization will fall victim to ransomware every 14 seconds in 2019. A single attack could leave you out of business for a week or more. Could you afford to be out of business that long?
  4. IoT (Internet of Things) What I call “Internet of Threats”
    IoT devices include internet enabled devices (i.e. iPhones, Amazon Alexa, Printers). There will be more than 20 billion IoT devices by 2020. How are the increasing amounts of data being secured? In most cases it’s not. There are manufacturers who have no security on their IoT devices, meaning anyone can access them. With so many devices being used, businesses should be aware of the security in place on IoT devices. Each device represents a different access point for attacks. With the rise of internet enabled devices the rise of attacks is inevitable. Ensure that your devices for your business are secure to protect sensitive data.
  5. Single Factor Passwords
    Single factor passwords are when you use a username and a passcode to log in. This is traditional and the method most websites maintain. Unfortunately, most passwords can be cracked in a matter of minutes. A second line of defense can help you and your business protect your data. An added defense line is the use of multi-step or two-step authentication passwords. This means that to log into your account, you can enter your password, but then a second step will require you to enter additional information, like a unique code sent to your cell phone. Having at least two steps make hacking your account more difficult in turn making your data less of an appealing target.

    DSA Technologies’ resident Cyber Security Expert, Michael Reese is there to assist businesses tighten their security.
    Visit DSA Technologies to learn more about how they can assist your business.

Leave a comment

Posted in Cyber Security, Security, Uncategorized

Tagged , , , , , ,

Phishing Report Shows Microsoft, Paypal, & Netflix as Top Targets

Posted on October 23, 2018 | Leave a comment

A new phishing report has been released that keeps track of the top 25 brands targeted by bad actors. Of these brands, Microsoft, Paypal, and Netflix are the top brands impersonated by phishing attacks.

Email security provider Vade Secure tracks the 25 most spoofed brands in North America that are impersonated in phishing attacks. In their Q3 2018 report, a total of 86 brands are tracked, which consist of 95% of all attacks detected by the company.

Overall, Vade Secure has stated that phishing attacks increased by 20.4% in the 3rd quarter with the most targeted being Microsoft, followed by PayPal, Netflix, Bank of America, and Wells Fargo.

Cloud based services and financial companies remain the two most targeted industries with Microsoft being the top targeted brand as attackers try to gain access to Office 365, One Drive, and Azure credentials.

“The primary goal of Microsoft phishing attacks is to harvest Office 365 credentials,”stated Vade Secure’s report. “With a single set of credentials, hackers can gain access to a treasure trove of confidential files, data, and contacts stored in Office 365 apps, such as SharePoint, OneDrive, Skype, Excel, CRM, etc. Moreover, hackers can use these compromised Office 365 accounts to launch additional attacks, including spear phishing, malware, and, increasingly, insider attacks targeting other users within the same organization.”

Office 365 phishing emails typically indicate that the recipient’s account has been suspended or disabled and then prompts them to login to resolve the issue. These phishing forms are almost identical to a legitimate Office 365, and by creating a sense of urgency, the attackers hope the victims will be less vigilant as they enter their credentials.

Followed by Microsoft, are PayPal phishing schemes where attackers try to gain access to victim’s money and Netflix, which is used to steal credit card information.

Of particular interest is that attackers tend to follow a pattern as to what days they send the most volume of phishing emails. According to the report, most work related attacks tend to occur during the week with Tuesday and Thursday being the largest volume days. For Netflix, the most targeted days are Sunday when people are taking a break to watch some TV.

Phishing attacks become more targeted

Vade Secure has also noticed that attackers are starting to decrease the amount of times a particular URL is used in a phishing campaign. Instead attackers are using unique URLs in each phishing email in order to bypass mail filters.

“What should be more concerning to security professionals is that phishing attacks are becoming more targeted,” continued Vade Secure’s report. “When we correlated the number of phishing URLs against the number of phishing emails blocked by our filter engine, we found that the number of emails sent per URL dropped more than 64% in Q3. This suggests that hackers are using each URL in fewer emails in order to avoid by reputation-based security defenses. In fact, we’ve seen sophisticated phishing attacks where each email contains a unique URL, essentially guaranteeing that they will bypass traditional email security tools.”

Protecting yourself from phishing attacks

As phishing attacks become more sophisticated, they also become harder to detect. Using cloud services, attackers are now able to secure their phishing forms with SSL certificates from well known and trusted companies such as Microsoft and Cloudflare. This allows the forms to look authentic to victims.

As you can see from phishing attack below, the login form looks legitimate, the site is on a Microsoft owned domain, and the page is secured. To many, this would appear as a legitimate Microsoft form. In reality, the attacker is hosting their form on a Microsoft cloud service in order to create this sense of legitimacy.

Therefore, it is always important to scrutinize a site  before entering any login credentials. If the URL looks strange, there is incorrect spelling, grammar is incorrect, or something does not feel right then you should not enter any account credentials. Instead contact your administrator or the company itself if you are concerned your account has problems.  If you don’t know the sender, don’t open the email.

Leave a comment

Posted in Cyber Security, Data Breach

Tagged

Can You Spot the Bait in a Phishing Attack?

Posted on March 6, 2018 | Leave a comment

Hackers are always trying to find creative and new ways to steal data and information from businesses. While spam (unwanted messages in your email inbox) has been around for a very long time, phishing emails have risen in popularity because they are more effective at achieving the desired endgame. How can you make sure that phishing scams don’t harm your business in the future?

Phishing attacks come in many different forms. We’ll discuss some of the most popular ways that hackers and scammers will try to take advantage of your business through phishing scams, including phone calls, email, and social media.

Phishing Calls
Do you receive calls from strange or restricted numbers? If so, chances are that they are calls that you want to avoid. Hackers will use the phone to make phishing phone calls to unsuspecting employees. They might claim to be with IT support, and in some cases, they might even take on the identity of someone else within your office. These types of attacks can be dangerous and tricky to work around, particularly if the scammer is pretending to be someone of authority within your organization.

For example, someone might call your organization asking about a printer model or other information about your technology. Sometimes they will be looking for specific data or information that might be in the system, while other times they are simply looking for a way into your network. Either way, it’s important that your company doesn’t give in to their requests, as there is no reason why anyone would ask for sensitive information over the phone. If in doubt, you should cross-check contact information to make sure that the caller is who they say they are.

Phishing Emails
Phishing emails aren’t quite as pressing as phishing phone calls because you’re not being pressured to make an immediate decision. Still, this doesn’t lessen the importance of being able to identify phishing messages. You might receive tailor-made customized phishing messages with the sole intent of a specific user handing over important information or clicking on a link/attachment. Either way, the end result is much the same as a phone call phishing scam;

To avoid phishing emails, you should implement a spam filter and train your employees on how to identify the telltale signs of these messages. These include spelling errors, incorrect information, and anything that just doesn’t belong. Although, phishing messages have started to become more elaborate and sophisticated.

Phishing Accounts
Social media makes it incredibly easy for hackers to assume an anonymous identity and use it to attack you; or, even more terrifying, the identity of someone you know. It’s easy for a hacker to masquerade as someone that they’re not, providing an outlet for attack that can be somewhat challenging to identify. Some key pointers are to avoid any messages that come out of the blue or seemingly randomly. You can also ask questions about past interactions that tip you off that they may (or may not) be who they say they are.

Ultimately, it all comes down to approaching any phishing incident intelligently and with a healthy dose of skepticism.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security, Technology

Tagged , ,

Japanese travel agency suffers massive data breach

Posted on June 17, 2016 | Leave a comment

Japan

If you’ve taken a trip to Japan through a travel agency, you might be in a bit of trouble. JTB Corp., a major Japanese travel agency, has suffered a data breach in which the personal information on nearly 8 million people was compromised.

BatBlue reports that the leak began with an email phishing attack, where an employee of the subsidiary company i.JTB Corp. opened an email attachment that infected his or her computer. From there, the hacker could access the main server, and obtained access to the personal data of JTB Corp. customers. The data may also include information on customers who used the booking services by NTT Docomo Inc.

Among the stolen data, Nikkei reports, are the names, addresses, email addresses, and passport numbers of approximately 7.93 million people. JTB states that around 4,300 of those passport numbers are still valid, which means the hacker or anyone who purchases the stolen information can misuse them.

If your passport number was among those stolen, report it and get a replacement immediately. Identity Theft Awareness provides instructions on reporting stolen passports and requesting new ones, and advises acting as soon as possible.

JTB President Hiroyuki Takahashi has apologized for the breach, and has notified law enforcement. The investigation is ongoing, but there are currently no instances of the data being abused.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Security

Tagged ,

Ransomware is Growing as Cyber Crime Pays Off

Posted on June 15, 2016 | Leave a comment

Ransomware
Ransomware is growing and transforming and cyber criminals are taking it to the bank!

Ransomware is growing into a huge business for cyber-criminals. This is business venture has a very low cost to maintain so criminals jump in and out of the business very easily.

An analysis of phishing email campaigns from the first three months of 2016 has seen a 6.3 million increase, due primarily to a ransomware upsurge against the last quarter of 2015. That is a staggering 789% jump.

Published on PhishMe’s Q1 2016 Malware Review identified ransomware is growing by three key trends previously recorded throughout 2015, but have come to full fruition in the last few months:

  1. Encryption Ransomware
  2. Soft Targeting by Functional Area
  3. Downloader/Ransomware: the one-two combination

“Thus far in 2016, we have recorded an unprecedented rise in encryption ransomware attacks, and we see no signs of this trend abating. Individuals, small- and medium-sized businesses, hospitals, and global enterprises are all faced with the reality that this is now one of the most favored cyber-criminal enterprises,” explains Rohyt Belani, CEO and Co-Founder of PhishMe.

Rohyt continues, “Another 2015 trend that emerged into fuller fruition during the first quarter of 2016 is threat actors’ use of soft targeting in phishing. In contrast to both broad distribution and the careful targeting of one or two individuals via spear phishing emails, soft targeting focuses on a category of individuals based on their role within any organization anywhere in the world. Criminals target this subset with content relevant to their role. Such malicious emails are typically accompanied with Microsoft Office documents laden with malware or the ability to download the same.” During the first quarter, JavaScript applications even surpassed Office documents with macro scripts to become the most common malicious file type accompanying phishing emails.

Whichever way the cyber-criminals succeed to infiltrate the organization, the impact on the victimized organization is significant because it needs to use up scarce incident response resources for cleaning up, managing a potential public relations nightmare, and in some cases even caving in to hacker demands of paying the ransom being demanded.

The latest Infoblox DNS Threat Index for Q1 2016 reports a 3,500 percent increase in ransomware domain creation quarter on quarter from 2015. “The relative cost of infrastructure is so low that it completely makes sense from the criminal’s point of view,” Rod Rasmussen, vice president of cyber security at Infoblox.

Another factor behind the fact that ransomware is growing is that people are paying the ransoms.  Don’t mistake this as an honorable act though. According to SecureWorks senior security researcher Keith Jarvis, more than four dozen distinct families of ransomware have emerged since the start of 2015 and “generally, 0.25% to 3.0% of victims elect to pay a ransom,” Jarvis explains, “meaning attackers need to destroy data on anywhere from 30 to 400 computers for every victim who relents and pays the ransom.”

Estimating the ransomware industry, we find that the largest operations are pulling in several million dollars per year. Which is hardly surprising when you consider that 93% of phishing emails delivered last quarter contained ransomware.”

It’s an attractive threat sector for many reasons. Number one, persistent attacks can be avoided. “Ransomware that encrypts all the data and destroys local backups before asking for a lump sum payout,” Dave Venable, VP of cyber security at Masergy told SC, “lets hackers avoid the higher costs and labor of maintaining the infrastructure of persistent attacks.”

Ransomware is popular because the malware can be monetized anonymously and quickly. “Through the use of bitcoin payment systems,” explains Gunter Ollmann, CSO at Vectra Networks, “the criminal can force the victim to pay the ransom in a monetary unit that facilitates complete anonymity and can be trivially converted to cash.” Gone are the days of requiring different and specialist criminal hands to both launder the data and anonymously monetize it.

As Ilia Kolochenko, CEO of High-Tech Bridge, concludes, “Ransomware is not a technical problem, but a business model problem: while it will remain the easiest way to extort money, it will continue skyrocketing.”

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Malware, Security

Tagged ,

93% of phishing emails are now ransomware

Posted on June 7, 2016 | Leave a comment

ransomware-100646738-primary_idge
As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today.

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today by PhishMe.

That was up from 56 percent in December, and less than 10 percent every other month of last year.

And the number of phishing emails hit 6.3 million in the first quarter of this year, a 789 percent increase over the last quarter of 2015

The anti-phishing vendor also counted the number of different variants of phishing emails that it saw. Ransomware accounted for 51 percent of all variants in March, up from just 29 percent in February and 15 percent in January.

The skyrocketing growth is due to that fact that ransomware is getting easier and easier to send and that it offers a quick and easy return on investment.

Other types of cyberattacks typically take more work to monetize. Stolen credit card numbers have to be sold and used before the cards are canceled, for example. Identity theft takes even more of a time commitment.

With ransomware, however, victims tend to pay quickly. Instead of hunting through company networks for valuable data, exfiltrating it, processing it, and monetizing it, ransomware criminals can just sit back and watch the money flow in.

“If you look at the price point of paying the ransom, it is rarely more than 1 or 2 Bitcoin, that’s $400 to $800, maybe $1,000 depending on the exchange rate,” said Brendan Griffin, Threat Intelligence Manager at PhishMe. “That’s a relatively low price point for a small to medium business.”

The amount is low enough that it’s often easier to victims to pay up rather than struggle to recover the data by other means.

And the new, easy-to-use ransomware tools and services are not just attracting criminals who would previously run other kinds of scams, but also bringing new players into the business, he said.

Locky and TeslaCrypt, two common varieties of ransomware have seen significant growth, but not all types of ransomware fared as well. CryptoWall, for example, seems to have fallen out of favor, PhishMe reported. In October and November of last year, CryptoWall accounted for 90 percent of encryption ransomware samples. In March, nearly 75 percent of all samples were Locky.

Soft targeting

In addition to the spike in the number of ransomware emails, one variant that’s seeing increasing popularity is the “soft targeted” phishing message.

It’s somewhere between a business compromise email or spearphishing attack, which is targeted at one specific executive, and the general-purpose spam email that goes out to everybody.

The soft targeted phishing email targets people in a particular job category, but may include some customization, such as the name of the recipient in the salutation.

“This has been a creeping trend for a while now,” said Griffin.

For example, a popular type of phishing email is the resume email, which supposedly has a resume from a job applicant in the attachment.

Recipients who don’t work in human resources or other jobs where they hire people would either ignore it, or forward it on to the appropriate person at the company. Other job functions can be targeted as well.

“For example, our vice president of finance received a message that said it was an important message for the vice president of finance, and had his name in the first line,” said Griffin.

Other common types of soft targeted phishing emails are billing, shipping and invoice-related messages.

According to Griffin, soft targeting increases the likelihood that someone will fall for a phishing email.

If you don’t know the person sending you the email take extra precaution.

 

Leave a comment

Posted in Data Breach, Encryption, Hacking, Security

Tagged ,

Email Scams and Awareness

Posted on April 28, 2016 | Leave a comment

Email_Scam

Emails are the fastest means of communication! This is what we studied in our childhood. And how true! It indeed is. Today, no one can imagine living without an email ID. No work can be completed without the use of emails. Whether it be a job application, or inviting your friends to a party.

This culture of emails has opened up a lot of loopholes which can be exploited by the online scammers to gain monetary or other profits. Scammers these days have been employing new tools and methods to ruin common netizens’ experience of the web. Thus, in this article, we shall be enlisting some common email scams to make you aware of them and the methods to stay protected.

1. Phishing Attacks
Phishing attacks are when an email is sent to you containing a link to a webpage which looks strikingly similar to an authentic webpage. And once you put in your private information such as login credentials, credit card numbers then such data are stored in the depositories of such scammers which can be used later to give action to their malicious intent.

In order to avoid such attacks, recheck the URL of the webpage you’re accessing. If you observe even a slight difference, then close the tab and thank the almighty. Think twice before divulging your personal information on any webpage. Do not download any attachment until you’re 100% sure about the authenticity of the sender. Enable 2-factor-verification for websites which allows so.

2. Nigerian Prince Scam
You might have come across an email stating that you have inherited millions of dollars of a ‘Nigerian Prince’ since he died in a plane crash. Such emails are called “419” emails or Nigerian scams. The poor English in such emails is the first giveaway. However, many newbies on the internet including the senior citizens give into such emails and fall for the trap. Through their sweet talks, they will coerce you into depositing few thousands as the “transfer expenses”. And you guessed right about what happens next!

Avoiding such scams are simple. DO NOT RESPOND TO SUCH EMAILS seems to be the only solution. If you have responded out of curiosity then do not send your personal information and do not deposit any amount that they ask you to do.

3. Viruses in email
Online scammers are smart enough to create a program that can send your banking information as soon as you conduct a monetary transaction over the internet. Such programs or viruses can be attached to the emails as a picture or video or other executable files. And once you click onto it, it latches on to your system and gives out the required information to the hacker.

Updating your OS as well as the antivirus on your system is the key to avoiding such attacks. Scan all your attachments in your emails for viruses and malware and if anything looks suspicious then do not click on them. If you do, then you stand the chance of losing all your hard earned money.

4. Lottery Scam!
Similar to the Nigerian Prince scam, lottery scams, too, are rampant. Needless to say but such emails are fraudulent and believe me, no one is going to give you even $5, forget about the $5 million you just “won.” This is another tactic of collecting your personal information and gaining monetary profit through the “processing fee”.

The solution is simple. Do not fall into the trap. Report such emails as spam and block the email address from sending you such emails again.

Endnote
The advent of technology has made the scammers, too, advance. Above tactics employed by them have been successful for them for a very long period. It’s easy to fall into their traps if you’re not aware of such scams. But once, you’re aware, make sure to not fall or any of the above. Keep your eyes open for any scandalous emails and follow the suggestions given above to avoid the catastrophe.

Leave a comment

Posted in Cyber Security, Data Breach, Hacking, Malware, Security

Tagged , ,

Do Not Respond To This Kind Of Email. It’s A Scam!

Posted on March 31, 2016 | 1 comment

Criminals are tricking corporate employees into giving them payroll information. Here is how the scam works – and how you can prevent yourself from falling prey to it.

getty_462568451_86094

IMAGE: Getty Images

Over the past couple months there have multiple well-publicized cases of criminals tricking corporate employees into giving them payroll information that the crooks then use to commit various crimes: commonly, employees’ identities are stolen and phony tax returns are filed in order to obtain illegal “refunds” of “overpayments,” but thieves continue to find other ways to monetize the data including filing fraudulent unemployment claims.

Here is how the scam works – and how you can prevent yourself (and your business) from falling prey to it.

In the first stage of the attack criminals perform reconnaissance – often checking social media for information that employees have “overshared.” Criminals love it when employees post nonpublic information about some work-related endeavor, for example, because anyone who later claims to be an employee of the company and refers to this information when contacting a real employee will be far more likely to be believed than someone who simply claims to work for the firm but does not know any “insider” information. Criminals also search social media and the Internet in general to find the right “target” employees within the firm whose data they are trying to steal.

After performing reconnaissance, criminals contact their targets – often via a “spear phishing” type email message, but sometimes through other media such as via social media, texting, or telephone. Spear phishing refers to communications targeting a specific intended victim and which impersonates a party whom the receiver is expected to trust. Several recent attacks have involved communications in which the “CEO” or other high level executive of a firm asks an employee with access to payroll information to send him or her the W2s for all employees of the firm; others forms of the attack ask an employee with authorization to make wire transfers to pay some particular party, others may ask the employee to visit some website for some purpose, when, in fact, the site actually installs malware.

Snapchat, Mercy Housing, and Sprouts Farmers Market have all fallen prey to the W2 scam within the last couple months, thereby exposing their employees to all sorts of risks. Other firms have been duped by similar attacks and sent out spreadsheets with personnel information, and the Federal Reserve Bank of New York is believed to have recently issued about $100-Million in fraudulent wire transfer payments as a result of receiving instructions fraudulent to do so.

Here are some ways to help prevent this problem from harming you and your business:

1.       Train employees not to overshare on social media and provide them with technology that warns them if they are doing so.

2.       Train employees not to respond to email requests for sensitive data without picking up the phone and speaking with the person requesting the data to be sent.

3.       Understand — and make sure your employees understand — how phishing works, and why it is a serious problem that is not getting better with time.

4.       Train employees to think about the risk level of requests. As Jonathan Sander, Vice President at Lieberman Software, noted, “If a payroll employee wants one W2, then maybe you just let them have it. If that same employee wants all of them all at once, then there should be something that triggers to say this is a different sort of request that deserves more scrutiny.”

5.       Utilize encryption – if a sensitive document is sent encrypted, an unauthorized party receiving it will have difficulty opening it. As Brad Bussie, Director of Product Management at STEALTHbits Technologies, phrased it: “As a best practice, personal identifiable information should never be transmitted in an un-encrypted format.” I agree.

6.       Use secure email – If a firm has the resources to do so, email security technology can help – but, do not rely on such technology to prevent problems since social engineering can come in through other channels (texting, social media messages, phone calls, etc.), and, sometimes problematic emails can still make it through. Nonetheless, reducing the threat via email can be useful; as Craig Young, Computer Security Researcher at Tripwire, noted “The use of cryptographically signed emails and securely configured mail services with advanced spam filters, sender policy framework (SPF), and DomainKeys Identified Mail (DKIM) configurations can also greatly reduce the likelihood of a successful e-mail scam.” Keep in mind that by reducing the number of problematic emails that reach users, email security technology can cause people to become less vigilant – so make sure to reinforce the need for vigilance via training.

7.       Utilize Data Loss Prevention systems – these types of systems can block certain types of files and attachments from going out to external email addresses.

These are just a few ideas to think about, there are several others !!!

1 Comment

Posted in Data Breach, Encryption, Malware, Security

Tagged , ,

3 Easy Techniques to Protect Your Data

Posted on March 11, 2016 | Leave a comment

Data_LockSome of the best firms use very simple techniques to protect their companies’ information. These techniques can be very efficient with not only securing company data but also your employee’s personal information as well. These may take some time and resources to set up initially, but you will thank yourself down the road.

First you want to implement some sort of yearly or bi-yearly security training program. Something interactive that will keep them involved and teach them the basics of security in the office. Using game-ology or animation in this training will insure that the information sticks with the employees. Not only will you remain compliant with a yearly security training program but you can insure awareness around the main cause of information leaks and breaches; humans.

Once this program is in place, you want to put it to the test. One of the best ways is to create a phishing campaign. This entails you sending out a fake email from a fake address with a false, clickable link that will record the number of users that click on this link. You can set up this campaign to log information like, clicks, openings of emails and even going as far as viewing the users that clicked the link then filled out an informational form about themselves. A phishing campaign is not to be used as a form of punishment but a teaching point about what “exactly” to look for in a phishing email.

Lastly is a step you should take into your own hands as a security professional. Utilize a tool like bit locker and/or Digital Guardian to monitoring what your employees are doing on the internet and help prepare for the worse situations. Having timely backups on all saved information is a plus incase you need to roll back changes on someone’s machine due to a malicious link that was accidently clicked.

Overall the best options, no matter how you do it, is to educate the people that handle sensitive information on best practices and then create assurances around them to protect in case of an accident. Remember in this industry it is not “if” but “when” a security event will take place.

Leave a comment

Posted in Big Data, Cyber Security, Data Breach, Encryption, Hacking, Security

Tagged ,

The 5 Biggest Cybersecurity Risks for Small and Medium Businesses

Posted on March 2, 2016 | 1 comment

Cyber_Security

Cases of data breaches from major corporations around the world are becoming more and more frequent, much to the dismay of business owners all over the world. Every few weeks, there is a report about a big corporation’s data being leaked on some website, causing the company huge monetary losses as well as irreparable damage to reputation.

Although the alarming frequency of such high-profile data breaches would lead one to believe that the hackers must really have it in for large business owners, the fact still remains that small and medium business owners are just as susceptible to data breaches, if not more. Even if small and medium businesses realize that they are under threat as well, they might wrongly think that they would need to spend a large amount of money to keep the threat at bay.

The reality is anything but this. The major factor that decides whether you fall victim to such attacks is your level of negligence. Therefore, this article aims to make you aware about the 5 biggest threats your business might face.




The 5 biggest threats

1. Stolen laptops and mobiles
It is astonishing how much data is stolen or compromised when the devices used by employees are stolen. The one who has access to the systems can access the company data and use it as he or she wishes. Therefore, it is absolutely essential for businesses to encrypt all data that is transferred on portable device of an employee. This would ensure that the data remains protected in the event that the device is stolen.
2. Unsecured Internet Networks
This is a blatant overlooking of your business’s security. Wireless networks are used by all businesses, and even small businesses today require off-shore and remote employees to access corporate data from elsewhere. Therefore, having a secure network is important to prevent unauthorized personnel from entering your network and causing problems.
3. Spear Phishing
This is another term for email scams. Email scams are one of the oldest tricks of the trade of gaining access to a user’s system. Hackers quite often send such tampered emails to all employees of a company in hopes that one of them falls for it. These attacks spread like fire, so if one employee system is affected, the entire network could be done soon enough. This is something employees should keep an eye out for as well, for such emails are usually simple to spot.
4. Malware
Malware is any code that has malicious intentions and has the capability to cause serious problems in your system. Malware are of different types, but they can be warded off by keeping a good anti-virus and anti-malware software on hand. It is also important to regularly update your anti-virus.
5. Insider Threats
This is something that is not always the case but is always a possibility. An employee holding a grudge against your company might take things further by mishandling your sensitive corporate data. To prevent such a thing from happening, make sure employees have differing access to corporate data according to their rank in your company. It is also wise to record the activity of all employees, big or small, to know if something is amiss.
Conclusion
We saw in this article how small and medium businesses can be targeted. The amount of money to be spent on security systems is by no means huge. All it takes is a little background knowledge to invest right in opposition to investing big.

1 Comment

Posted in Cyber Security, Encryption, Hacking, Malware, Security

Tagged , , , ,