Tag Archives: Security Alert

“$1.5M Cyber-Heist Typifies Growing Threat”

$1.5M Cyber-Heist Typifies Growing Threat

Efficient Escrow of California was forced to close its doors and lay off its entire staff when cybercriminals nabbed $1.5 million from its bank account. The thieves gained access to the escrow company’s bank data using a form of “Trojan horse” malware.
Once the hackers broke in, they wired $432,215 from the firm’s bank to an account in Moscow. That was followed by two more transfers totaling $1.1 million, this time to banks in Heilongjiang Province in China, near the Russian border.
The company recovered the first transfer, but not the next two. They were shocked to discover that, unlike with consumer accounts, banks are under no obligation to recoup losses in a cybertheft against a commercial account. That meant a loss of $1.1 million, in a year when they expected to clear less than half that. Unable to replace the funds, they were shut down by state regulators just three days after reporting the loss.
Net result? The two brothers who owned the firm lost their nine-person staff and faced mounting attorneys’ fees nearing the total amount of the funds recovered, with no immediate way to return their customers’ money.
Avoid Getting Blindsided
While hacks against the big boys like Target, Home Depot and Sony get more than their share of public attention, cyber-attacks on small and medium-sized companies often go unreported and rarely make national headlines.
Don’t let this lull you into a false sense of security. The number of crippling attacks against everyday businesses is growing. Cybersecurity company Symantec reports, for example, that 52.4% of “phishing” attacks last December were against SMEs—with a massive spike in November. Here are just a few examples out of thousands that you’ll probably never hear about:
Green Ford Sales, a car dealership in Kansas, lost $23,000 when hackers broke into their network and swiped bank account info. They added nine fake employees to the company payroll in less than 24 hours and paid them a total of $63,000 before the company caught on. Only some of the transfers could be canceled in time.
Wright Hotels, a real estate development firm, had $1 million drained from their bank account after thieves gained access to a company e-mail account. Information gleaned from e-mails allowed the thieves to impersonate the owner and convince the bookkeeper to wire money to an account in China.
Maine-based PATCO Construction lost $588,000 in a Trojan horse cyber-heist. They managed to reclaim some of it, but that was offset by interest on thousands of dollars in overdraft loans from their bank.
Why You’re a Target—And How to Fight Back!
Increasingly, cyber thieves view SMEs like yours and mine as easy “soft targets.” That’s because all too often we have:
1. Bank accounts with thousands of dollars.
2. A false sense of security about not being targeted.
3. Our customers’ credit card information, social security numbers and other vital data that hackers can easily sell on the black market.
If you don’t want your company to become yet another statistic in today’s cyberwar against smaller companies, and your business doesn’t currently have a “bullet-proof” security shield, you MUST take action without delay—or put everything you’ve worked for at risk. The choice is yours.

Immediate Action Items
Here are three things you can do right away:
1. Remove software that you don’t need from any systems linked to your bank account.
2. Make sure everyone with a device in your network never opens an attachment in an unexpected e-mail.
3. Require two people to sign off on every transaction.

Let Us Help

When it comes to defending your data, whether it’s bank account information, customer and employee records or proprietary intellectual property or processes, do not take chances.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day! Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , | Comments Off

The Single Most Dangerous Assumption Businesses Make About Bank Security That Can Cause Them To Lose ALL Their Money

The Single Most Dangerous Assumption Businesses Make About Bank Security That Can Cause Them To Lose ALL Their Money

Here’s a shocker to most business owners: You’re bank often can NOT reclaim money stolen from your bank account due to fraud or cyber-crime. That means if money gets drafted from your business bank account from a hacker, phishing attack, identity theft or by any other means, you have little to no chance of getting it back.

This often comes as a surprise to businesses who think the FDIC will “save” them from getting their accounts wiped out, and can get the money back once taken. The reality is that the FDIC insurance is to protect you from bank failure, NOT fraud. So if your debit card or account information gets accessed by a hacker and you don’t notice it within the same day, you can pretty much kiss that money goodbye.

Recent studies have shown that 83% of small businesses take no formal measures against cyber threats even though almost half of all attacks are aimed at them.

Here are 5 essential steps you can take right now to protect your business:

1. Enforce A Strict Company Password Policy. This is a simple step, but it is still violated by many companies every day. Make sure that you and your employees change passwords regularly, don’t use the same password for all accounts and require complex passwords.

2. Set Up A Firewall. Small business owners tend to think that because they are “just a small business”, no one would waste time trying to hack into their network. The fact is that hackers will target the weakest link. Without a firewall, that “weak link” is YOUR company.

3. Designate A Banking-Only Computer. Banking fraud is one of the biggest threats to small business. The 2011 Business Banking Study showed that 56% of businesses experienced payment fraud (or an attempt at fraud) and 75% experienced account takeover and fraud online. By using a single computer solely dedicated to online financial transactions (no e-mail, web-surfing, Facebook, YouTube, etc.) it’s much harder for outsiders to gain access to your information.

4. Back Up Your Files Daily. It just amazes me how many businesses never back up their computer network. You can lose data as well as money in a cyber attack. Thanks to many new cloud based technologies, you can even schedule offsite backups to occur automatically. If the data in your business is important to you, make sure that you have more than one copy of it.

5. Educate Employees. You staff is the first line of defense AND your biggest security hole at the same time. Uneducated employees are one of the most common causes of data breaches. Make sure that they are aware of the do’s and don’ts for your company with regards to data security. 

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , | Comments Off

What You Need To Know About The New Security Breach Notification Laws

What You Need To Know About The New Security Breach Notification Laws

It’s Monday morning and one of your employees notifies you that they lost their laptop at a Starbucks over the weekend, apologizing profusely. Aside from the cost and inconvenience of buying a new laptop, could you be on the hook for bigger costs, and should you notify all your clients? Maybe, depending on where you live and what type of data you had stored on that laptop.

An Emerging Trend In Business Law

Since companies are storing more and more data on their employees and clients, most states are starting to aggressively enforce data breach and security laws that set out the responsibilities for businesses capturing and storing personal data. What do most states consider confidential or sensitive data? Definitely medical and financial records such as credit card numbers, credit scores and bank account numbers, but also addresses and phone numbers, social security numbers, birthdays and in some cases purchase history—information that almost every single company normally keeps on their clients.

“We Did Our Best” Is No Longer An Acceptable Answer

With millions of cyber criminals working daily to hack systems, and with employees accessing more and more confidential client data, there is no known way to absolutely, positively guarantee you won’t have a data breach. However, your efforts to put in place good, solid best practices in security will go a long way to help you avoid hefty fines. Here are some basic things to look at to avoid being labeled irresponsible:

-Managing access. Who can access the confidential information you store in your business? Is this information easily accessible by everyone in your company? What is your policy about taking data out of the office on mobile devices?

-IT security and passwords. The more sensitive the data, the higher the level of security you need to keep on it. Are your passwords easy to crack? Is the data encrypted? Secured behind a strong firewall? If not, why?

-Training. One of the biggest causes for data breaches is the human element: employees who accidentally download viruses and malware that allow hackers easy access. Do you have a data security policy? A password policy? Do you have training to help employees understand how to use e-mail and the Internet responsibly?

-Physical security. It’s becoming more common for thieves to break into offices and steal servers, laptops and other digital devices. Additionally, paper contracts and other physical documents containing sensitive information should be locked up or scanned and encrypted.

The bottom line is this: Data security is something that EVERY business is now responsible for, and not addressing this important issue has consequences that go beyond the legal aspect; it can seriously harm your reputation with clients. So be smart about this. Talk to your attorney about your legal responsibility.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , | Comments Off

Top 4 Threats Attacking Your Network And What To Do About Them

Top 4 Threats Attacking Your Network
And What To Do About Them

#1 Overconfidence

User overconfidence in security products is the top threat to your network. Failure to “practice safe software” results in nuisance attacks like porn storms (unstoppable rapid fire pornographic pop-ups) and more subtle key loggers that steal passwords. Surveys promising free stuff, result in theft of information like your mother’s maiden name, high school, etc. used to answer common security questions leading to theft of otherwise secure data. Think before you click!

#2 Social Networking Sites

Social networking sites like Facebook are exploding in popularity. Threats range from malware (eg. viruses, worms, spyware) to scammers trying to steal your identity, information and money. Many businesses and government agencies are using these sites to communicate with clients and constituents, so simply blocking access is no longer reasonable. Defending your company while allowing employee access requires social network education for your employees and the enforcement of strong acceptable use policies. We can help you develop a policy, then monitor compliance using a Unified Threat Management device that controls and reports on network access.

#3 Attacks On Mobile Devices

Everyone is going mobile these days not just the “road warriors.” Once limited to laptop computers, mobile network devices now include PDAs, handheld computers and smart phones, with new appliances appearing in the stores every month. Mobile devices often contain sensitive data yet they are easily lost or stolen. Be sure to password protect and encrypt data on all mobile devices whenever possible. Include mobile devices in your acceptable use policy.

#4 Cloud Computing

“The Cloud,” in its most simple form, involves using the Internet to access and store your data. When you access email using a web browser, you are working in “the cloud.” Using the cloud for automated off site backup is rapidly gaining popularity and is just the beginning. Companies like Microsoft, IBM and Google envision the day when we will use inexpensive terminals instead of computers to run programs and access data located somewhere on the Internet. You need to be sure that any data you store and access across the Internet is secure not just where it is stored, but during the trip to and from the Internet.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!

Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , | Comments Off

Apple Picking?

Apple Picking?

Apples are picked on crowded subways, in quiet parks, on busy street corners, in loud bars. Apples are picked while people are talking on the phone, the picker dashing past and doing the deed in midstride.

I’m not talking about Red Delicious apples. I’m referring to the Apple iPhone. Many major cities have seen an increase in the crime rate because of the Apple iPhone. In New York City alone in 2012 there were 16,000 Apple “pickings”, or 14% of all crimes.

Here are 5 simple things you can do to take the “drama” out of your life and maybe avoid having your phone stolen.

Be Aware – When texting or listening to music you may “zone” out of your recent reality. You become unaware of your surroundings. That makes you a perfect target.

Get Insurance – If you live in an urban area or travel a lot, consider getting “specialized device insurance.” You may also be able to add it through your renters or homeowners for a small yearly cost.

Install Device Recovery Applications – There are several available for Android phones and Apple’s “Find My iPhone” app is pre-installed. You can track it, and as a last resort “wipe” all of your personal data, but cannot render the phone unusable.

Back Up Your Device – While the phone may have monetary value, it also contains much personal information such as your contacts, and photos. So back it up.

Don’t Argue, Give The Thief The Phone! – You can buy a new phone. You, on the other hand, are irreplaceable.
Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , | Comments Off

“How to Pick a Good Password!”

How to Pick a Good Password!

What’s the most common password? You guessed it…”password.” Obviously this is not the best way to protect yourself against hackers and online thieves. But even if you don’t use the word “password,” you might be using an equally easy password to decipher.

We suggest you DON’T use the following passwords for really important web sites, such as your online banking web site or other financially related sites.

• Your name or your spouse’s name.
• Your children’s names.
• Your pet’s name.
• Your birth date.
• The last four digits of your Social Security number.
• Your phone number.
• Your address.
• A series of consecutive numbers, such as “1, 2, 3, 4.”
• A single word that would appear in a dictionary.

Your best bet for creating a strong password: Use combinations of letters, numbers and special characters.

I hope you will find this post informative and useful. I am looking forward to hearing your comments. That’s all I have for today, until next time make it a great day!
Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Leave a comment

Security Alert!

Security Alert! Ads for fake antivirus and antispyware programs are multiplying! How to avoid getting tricked? Many “reputable” sites are compromised and the owners don’t know it. So it’s not always where you surf. Here are four tips that may … Continue reading

Posted in Uncategorized | Tagged , , , , , , , , , , , , , | Comments Off