Tag Archives: cybercrime

3 “Must-Do” IT Resolutions for 2017

Posted on January 16, 2017 by J. Michele Miller

3 “Must-Do” IT Resolutions for 2017

“Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today.” That’s what The Evolution of Ransomware, a study by Mountain View, California-based cybersecurity firm Symantec, reported recently.

If you have any illusions that your company is safe from cyber-attack in 2017, consider just a few findings stated in a recent report by the Herjavec Group, a global information security firm:

– Every second, 12 people online become a victim of cybercrime, totalling more than 1 million victims around the world every day.

– Nearly half of all cyber-attacks globally last year were committed against small businesses.

– Ransomware attacks rose more than an astonishing 300% in 2016.

– The world’s cyber-attack surface will grow an order of magnitude larger between now and 2021.

– The US has declared a national emergency to deal with the cyberthreat.

– There is no effective law enforcement for financial cybercrime today.

Clearly, your company’s information and financial well-being are at greater risk than ever in 2017. And you cannot count on the federal or state government or local police to protect your interests. That’s why I strongly suggest that you implement the following resolutions starting TODAY.

Resolution #1: Tune up your backup and recovery system.

The #1 antidote to a ransomware attack is an up-to-date backup copy of all your data and software. Yet managing backups takes more than just storing a daily copy of your data. For one thing, if your business is at all typical, the amount of data you store grows by 35% or more per year. If your data management budget doesn’t expand likewise, expect trouble.

Resolution #2: Harness the power of the cloud—but watch your back.

Huge productivity gains and reduced costs can be achieved by making full use of the cloud. Yet it’s a double-edged sword. Any oversight in security practices can lead to a breach.

Here are two things you can do to harness the cloud safely:

– Determine which data matters. Some data sets are more crucial to your business than others. Prioritize what must be protected. Trying to protect everything can take focus and resources away from protecting data such as bank account information, customer data and information that must be handled with compliance and regulatory requirements in mind.

– Select cloud providers carefully. Cloud vendors know that data security is vital to your business and promote that fact. Yet not all cloud vendors are the same. You can’t control what happens to your data in the cloud, but you can control who’s managing it for you.

Resolution #3: Set and enforce a strict Mobile Device Policy.

As BYOD becomes the norm, mobile devices open gaping holes in your network’s defenses. Don’t miss any of these three crucial steps:

– Require that users agree with acceptable-use terms before connecting to your network. Be sure to include terms like required use of hard-to-crack passwords, conditions under which company data may be “wiped” and auto-locking after periods of inactivity.

– Install a Mobile Device Management System on all connected devices. A good system creates a virtual wall between personal and company data. It lets you impose security measures, and it protects user privacy by limiting company access to work data only.

– Establish a strong protocol for when a connected device is lost or stolen. Make sure features that allow device owners to locate, lock or wipe (destroy) all data on the phone are preset in advance. That way, the user can be instructed to follow your protocol when their phone is lost or stolen.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!
Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , | Comments Off on 3 “Must-Do” IT Resolutions for 2017

“$1.5M Cyber-Heist Typifies Growing Threat”

Posted on November 29, 2016 by J. Michele Miller

$1.5M Cyber-Heist Typifies Growing Threat

Efficient Escrow of California was forced to close its doors and lay off its entire staff when cybercriminals nabbed $1.5 million from its bank account. The thieves gained access to the escrow company’s bank data using a form of “Trojan horse” malware.
Once the hackers broke in, they wired $432,215 from the firm’s bank to an account in Moscow. That was followed by two more transfers totaling $1.1 million, this time to banks in Heilongjiang Province in China, near the Russian border.
The company recovered the first transfer, but not the next two. They were shocked to discover that, unlike with consumer accounts, banks are under no obligation to recoup losses in a cybertheft against a commercial account. That meant a loss of $1.1 million, in a year when they expected to clear less than half that. Unable to replace the funds, they were shut down by state regulators just three days after reporting the loss.
Net result? The two brothers who owned the firm lost their nine-person staff and faced mounting attorneys’ fees nearing the total amount of the funds recovered, with no immediate way to return their customers’ money.
Avoid Getting Blindsided
While hacks against the big boys like Target, Home Depot and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported and rarely make national headlines.
Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. Cybersecurity company Symantec reports, for example, that 52.4% of “phishing” attacks last December were against SMEs—with a massive spike in November. Here are just a few examples out of thousands that you’ll probably never hear about:
Green Ford Sales, a car dealership in Kansas, lost $23,000 when hackers broke into their network and swiped bank account info. They added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some of the transfers could be canceled in time.
Wright Hotels, a real estate development firm, had $1 million drained from their bank account after thieves gained access to a company e-mail account. Information gleaned from e-mails allowed the thieves to impersonate the owner and convince the bookkeeper to wire money to an account in China.
Maine-based PATCO Construction lost $588,000 in a Trojan horse cyber-heist. They managed to reclaim some of it, but that was offset by interest on thousands of dollars in overdraft loans from their bank.
Why You’re a Target—And How to Fight Back!
Increasingly, cyber thieves view SMEs like yours and mine as easy “soft targets.” That’s because all too often we have:
1. Bank accounts with thousands of dollars.
2. A false sense of security about not being targeted.
3. Our customers’ credit card information, social security numbers and other vital data that hackers can easily sell on the black market.
If you don’t want your company to become yet another statistic in today’s cyberwar against smaller companies, and your business doesn’t currently have a “bullet-proof” security shield, you MUST take action without delay—or put everything you’ve worked for at risk. The choice is yours.

Immediate Action Items
Here are three things you can do right away:
1. Remove software that you don’t need from any systems linked to your bank account.
2. Make sure everyone with a device in your network never opens an attachment in an unexpected e-mail.
3. Require two people to sign off on every transaction.

Let Us Help
When it comes to defending your data, whether it’s bank account information, customer and employee records or proprietary intellectual property or processes, do not take chances.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , | Comments Off on “$1.5M Cyber-Heist Typifies Growing Threat”

“Are You A Sitting Duck?”

Posted on December 15, 2015 by J. Michele Miller

The 7 Most Critical IT Security Protections Every Business Must Have In Place Now To Protect Themselves From Cybercrime, Data Breaches And Hacker Attacks

You, the CEO of a small business, are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses.

Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.

In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing and mobile devices, and store more information online. You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity. Because of all of this, it’s critical that you have these 7 security measures in place.

1. The #1 Security Threat To ANY Business Is… You! Like it or not, almost all security breaches in business are due to an employee clicking, downloading or opening a file that’s infected, either on a web site or in an e-mail; once a hacker gain’s entry, they use that person’s e-mail and/or access to infect all the other PCs on the network. Phishing e-mails (e-mails cleverly designed to look like legitimate messages from a web site or vendor you trust) is still a very common occurrence – and spam filtering and anti-virus cannot protect your network if an employee is clicking on and downloading the virus. That’s why it’s CRITICAL that you educate all of your employees on how to spot an infected e-mail or online scam. Cybercriminals are EXTREMELY clever and can dupe even sophisticated computer users. All it takes is one slip-up; so constantly reminding and educating your employees is critical.

On that same theme, the next precaution is implementing an Acceptable Use Policy (AUP). An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.

Having this type of policy is particularly important if your employees are using their own personal devices and home computers to access company e-mail and data. With so many applications in the cloud, an employee can access a critical app from any device with a browser, which exposes you considerably.

If an employee is logging into critical company cloud apps through an infected or unprotected, unmonitored device, it can be a gateway for a hacker to enter YOUR network – which is why we don’t recommend you allow employees to work remote or from home via their own personal devices.

Second, if that employee leaves, are you allowed to erase company data from their phone or personal laptop? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?

Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.

2. Require STRONG passwords and passcodes to lock mobile devices. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.

3. Keep your network and all devices patched and up-to-date. New vulnerabilities are frequently found in common software programs you are using, such as Adobe, Flash or QuickTime; therefore it’s critical you patch and update your systems and applications when one becomes available. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.

4. Have An Excellent Backup. This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!

5. Don’t allow employees to access company data with personal devices that aren’t monitored and secured by YOUR IT department. The use of personal and mobile devices in the workplace is exploding. Thanks to the convenience of cloud computing, you and your employees can gain access to pretty much any type of company data remotely; all it takes is a known username and password. Employees are now even asking if they can bring their own personal devices to work (BYOD) and use their smartphone for just about everything.

But this trend has DRASTICALLY increased the complexity of keeping a network – and your company data – secure. In fact, your biggest danger with cloud computing is not that your cloud provider or hosting company will get breached (although that remains a possibility); your biggest threat is that one of your employees accesses a critical cloud application via a personal device that is infected, thereby giving a hacker access to your data and cloud application.

So if you ARE going to let employees use personal devices and home PCs, you need to make sure those devices are properly secured, monitored and maintained by a security professional. Further, do not allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps.

But here’s the rub: Most employees won’t want you monitoring and policing their personal devices; nor will they like that you’ll wipe their device of all files if it’s lost or stolen. But that’s exactly what you’ll need to do to protect your company. Our suggestion is that you only allow employees to access work-related files, cloud applications and e-mail via company-owned and monitored devices, and never allow employees to access these items on personal devices or public WiFi.

6. Don’t Scrimp On A Good Firewall. A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network or they are completely useless. This too should be done by your IT person or company as part of their regular, routine maintenance.

7. Protect Your Bank Account. Did you know your COMPANY’S bank account doesn’t enjoy the same protections as a personal bank account? For example, if a hacker takes money from your business account, the bank is NOT responsible for getting your money back. (Don’t believe me? Go ask your bank what their policy is on refunding you money stolen from your account!) Many people think FDIC protects you from fraud; it doesn’t. It protects you from bank insolvency, NOT fraud.

So here are 3 things you can do to protect your bank account. First, set up e-mail alerts on your account so you are notified any time money is withdrawn. The FASTER you catch fraudulent activity, the better your chances are of keeping your money. In most cases, fraudulent activity caught the DAY it happens can be stopped. If you discover even 24 hours after it’s happened, you may be out of luck. That’s why it’s critical that you monitor your account daily and contact the bank IMMEDIATELY if you see any suspicious activity.

Second, if you do online banking, dedicate ONE computer to that activity and never access social media sites, free e-mail accounts (like Hotmail) and other online games, news sites, etc. with that PC. Remove all bloatware (free programs like QuickTime, Adobe, etc.) and make sure that machine is monitored and maintained behind a strong firewall with up-to-date anti-virus software. And finally, contact your bank about removing the ability for wire transfers out of your account and shut down any debit cards associated with that account. All of these things will greatly improve the security of your accounts.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!
Continue reading

Posted in Uncategorized | Tagged , , , , , , , | Comments Off on “Are You A Sitting Duck?”

“Your Computer Network Is Being Haunted!”

Posted on October 17, 2015 by J. Michele Miller

Your Computer Network Is Being Haunted!
(And It’s Worse Than Ghosts And Goblins)

Your small business is under attack. Right now, extremely dangerous and well-funded cybercrime rings are suing sophisticated techniques to hack into thousands of small businesses to steal credit cards, blackmail you to recover data and swindle money directly out of your bank account.
82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses just like yours. You just don’t hear about it because it’s kept quiet for fear of bad PR, lawsuits and sheer embarrassment.
The National Cyber Security Alliance reports that 1 in 5 small businesses have been victims of cybercrime in the last year and this number is growing rapidly as businesses continue to move to cloud computing, mobile devices and store more information online.

Here are 7 critical security measures your business must have in place to have any chance of fending off these criminals:

1. Train Employees On Security Best Practices. The #1 vulnerability for business networks are the employees using them. If they don’t know how to spot infected e-mails or online scams, they could infect your entire network.
2. Create An Acceptable Use Policy (AUP) And Enforce It! An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. Having this type of policy is critical if your employees are using their own devices to access company email and data.
3. Require STRONG passwords throughout your company. Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number.
4. Keep Your Network Up To Date. New vulnerabilities are found almost daily on common software programs you use all the time; therefore it’s critical you patch and update systems frequently.
5. Have An Excellent Backup. A quality backup can foil even the most aggressive ransomware attacks, where a hacker locks up your files and holds them ransom until you pay up. If your files are backed up, you don’t have to pay to get your data back.
6. Don’t Allow Employees To Download Unauthorized Software. One of the fastest ways to access your network is by embedding malicious code in seemingly harmless apps.
7. Don’t Scrimp On A Good Firewall. Your firewall is the frontline defense against hackers, so you need a really good one with monitoring and maintenance done regularly.
I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!
Continue reading

Posted in Uncategorized | Tagged , , , , , , | Comments Off on “Your Computer Network Is Being Haunted!”

5 Steps to Protect Your Business from Cyber Crime

Posted on June 28, 2013 by J. Michele Miller

5 Steps to Protect Your Business from Cyber Crime

A Seattle company was recently broken into and a stash of old laptops was stolen. Just a typical everyday crime by typical everyday thieves. These laptops weren’t even being used by anyone in the company. The crime turned out to be anything but ordinary when those same thieves (cyber-criminals) used data from the laptops to obtain information and siphon money out of the company via fraudulent payroll transactions. On top of stealing money, they also managed to steal employee identities.

Another small company was hacked by another “company” that shared the same high-rise office building with them. Management only became aware of the theft once they started seeing unusual financial transactions in their bank accounts. Even then, they didn’t know if there was internal embezzlement or external cybertheft. It turned out to be cybertheft. The thief in this case drove a Mercedes and wore a Rolex watch…and looked like anyone else walking in and out of their building. Welcome to the age of cybercrime.

You Are Their Favorite Target

One of the biggest issues facing small businesses in the fight against cybercrime is the lack of a cyber-security plan. While 83% lack a formal plan, over 69% lack even an informal one. Half of small business owners believe that cybercrime will never affect them. In fact, small businesses are a cybercriminal’s favorite target! Why? Small businesses are not prepared and they make it easier on criminals.

The result? Cyber-attacks cost SMBs an average of $188,242 each incident and nearly two-thirds of the businesses affected are out of business within 6 months (2011 Symantec/NCSA Study). A separate study by Verizon showed that over 80% of small business cybercrime victims were due to insufficient network security (wireless and password issues ranked highest). With insecure networks and no formal plan to combat them, we make it easy on the criminals.

How They Attack

The #1 money-generating technique these “bad guys” use is to infect your systems with malware so that whenever you (or your employees) visit a website and enter a password (Facebook, bank, payroll, etc.), the malware programs harvest that data and send it off to the bad guys to do their evil stuff.
They can get to you through physical office break-ins, “wardriving” (compromising defenseless wireless networks) or e-mail phishing scams and harmful web sites. Cyber-criminals are relentless in their efforts, and no one is immune to their tricks.

5 Steps to Protect Your Business

-Get Educated. Find out the risks and educate your staff.

-Do a Threat Assessment. Examine your firewall, anti-virus protection and anything connected to your network. What data is sensitive or subject to data-breach laws?

-Create a Cyber-Security Action Plan. Your plan should include both education and a “fire drill.”

-Monitor Consistently. Security is never a one-time activity. Monitoring 24/7 is critical.

-Re-Assess Regularly. New threats emerge all the time and are always changing. You can only win by staying ahead!

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!
Continue reading

Posted in Uncategorized | Tagged , , , , , , , , | Comments Off on 5 Steps to Protect Your Business from Cyber Crime