Blog

April 28th, 2016

2016Apr28_Security_CWhy do hackers attack? Is it for money, notoriety, or political reasons? Many business owners never ask these questions, and instead only think about the means of how a cyber attack takes place. But knowing the motive behind a hacker’s attack can help you understand whether or not you’re a target and what data you need to protect. So let’s take a closer look at 4 different types of hackers and their motives.

Script Kiddies

When it comes to skill level, Script Kiddies are at the bottom of the totem pole and often use scripts or other automated tools they did not write themselves - hence the name. With only an elementary level of technical knowhow, Script Kiddies usually don’t cause much damage...usually. The Script Kiddy virus known as the Love Bug which sent out an email with the subject-line “I LOVE YOU” fooled millions of people, including some in the Pentagon, in the early 2000’s. The virus reportedly caused around 10 billion in lost productivity and digital damage.

So who is a Script Kiddie? Most of the time they’re simply bored youth looking for a thrill or notoriety. Many never evolve into a full-time hacker, and instead just use their skills as a hobby. Oddly enough, many Script Kiddies find a career later on working in the security industry.

Hacktivist

If you’ve heard of Anonymous, LulzSec or AntiSec, then you’re familiar with Hacktivists. These groups are made up of members of varying skill levels, all the way from Script Kiddies to some of the most talented hackers in the world. Their mission is largely politically motivated as they aim to embarrass their targets or disrupt their operations, whether that be a business or government body. Two of the most common ways they attack their target are by stealing sensitive information and exposing it or denial of service (DDoS) where a server is overloaded till it finally crashes.

As a small or medium-sized business owner you are not necessarily immune to Hacktivist disruption. If your business or a company you’re associated/partnered with participates or provides services that can be seen as unethical, such as Ashley Madison (who fell victim of a major Hacktivist attack last year), then you too may be targeted by Hacktivists.

Cyber Criminals

Often talked about in the media and well-known by most SMBs, cyber criminals are after one thing: money. Their targets run the gamut, including everyone from individuals to small businesses to large enterprises and banks. But what do these targets usually have in common? They either have a very valuable resource to steal or their security is easy to exploit...or a combination of both of these. Cyber criminals can attack in a number of ways including using social engineering to trick users into providing sensitive information, infecting an organization/individual with ransomware or another form or malware, or exploiting weaknesses in a network.

Insiders

Perhaps the scariest type of hackers are the ones that lurk within your own organization. Insiders are made up of disgruntled employees, whistleblowers or contractors. Oftentimes their mission is payback; they want to right a wrong they believe a company has perpetrated toward them, so they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization - the US government.

Now that you know what motivates your enemy, you’ll hopefully have a bit of an idea as to whether or not you’re a target. To learn more about how to secure your business from these types of hackers, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Topic Security
April 13th, 2016

2016Apr13_Security_CIn the 21st century, personal computing is with us wherever we go. This is all thanks to the proliferation of mobile devices such as smartphones and tablets. These devices allow us to take work home with us. And, with bring your own device (BYOD) strategy, businesses have never been so productive. However, BYOD poses a number of security risks if you’re not careful. What are these problems? How are they caused? Here are some BYOD security risks you should know before implementing it in your business.

Data leakage

The biggest reason why businesses are weary of implementing a BYOD strategy is because it can potentially leave the company’s system vulnerable to data breaches. Personal devices are not part of your business’s IT infrastructure, which means that these devices are not protected by company firewalls and systems. There is also a chance that an employee will take work with them, where they are not using the same encrypted servers that your company is using, leaving your system vulnerable to inherent security risks.

Lost devices

Another risk your company has to deal with, is the possibility of your employees losing their personal devices. When devices with sensitive business information are lost, there is a chance that this could end up falling into the wrong hands. Additionally, if an employee forgets to use a four digit PIN code to lock their smartphone or tablet, anyone can gain unauthorized access to valuable company data stored on that particular device. Therefore, your company should consider countermeasures for lost devices like completely wiping the device of information as soon as an employee reports a missing or stolen phone.

Hackers can infiltrate your system

Personal devices tend to lack adequate data encryption to keep people from snooping. This along with the fact that your employees might not have updated their devices can allow hackers to infiltrate your IT infrastructure.

Connecting to open Wifi spots makes your company more susceptible to hackers. Open wireless points in public places can put device owners at risk because there is a chance that hackers may have created that hotspot to trick people into connecting. Once the device owner has connected, attackers can simply surveil web activity and gain access to your company’s accounts.

Vulnerable to malware

Viruses are also a big problem when implementing BYOD strategies into your business. Using personal devices means your employees can access whatever sites or download any mobile apps that your business would normally restrict to protect your system.

Jailbreaking or rooting a device also puts your systems at risk because it removes limitations imposed by the manufacturer to keep the mobile software updated and protected against external threats. It’s best to understand that as your employees have the freedom to choose whatever device they want to work with, the process of keeping track of vulnerabilities and updates is considerably harder. So if you’re thinking about implementing BYOD strategies to your business, prepare your IT department for an array of potential malware attacks on different devices.

So you might be thinking that it would probably be best to just avoid implementing a BYOD strategy in the first place. However, BYOD will help your business grow and adapt to the modern workplace, and should not be dismissed as a legitimate IT solution. It’s just important to educate your company about these risks so that problems won’t occur for your business down the line.

If you need some help implementing IT security solutions for your company, or if you have any concerns regarding IT, give us a call.

Published with permission from TechAdvisory.org. Source.

Topic Security
March 29th, 2016

2016Mar29_Security_CAs companies go to the Internet to conduct their business, their IT security becomes more vulnerable to many hackers and viruses. That’s why it’s even more important to recognize whether or not your systems are under threat from malicious software to swiftly fend off the infection. So how do you know if your company’s IT security is under threat? Here are a few warning signs to tell if you are a victim of malware infection.

Slow computer

The most common symptom of a malware infection is a slow running computer. Are your operating systems and programs taking a while to start up? Is your data bandwidth suspiciously slow? If so, your computer may potentially have a virus.

However, before you immediately assume your computer has a virus, you should check if there are other causes to your computer slowing down. Check if you’re running out of RAM. For Windows, open task manager (Ctrl + Shift + Esc) and go to the Performance tab and check how many gigabytes of RAM you are using under the Memory section. For Mac OS users, you can open the Activity Monitor app and under System Memory you should be able to find out your RAM usage.

Other causes of a slow system include a lack of space on your hard drive and damaged hardware. Once you’ve ruled out the other potential causes, then a virus may have infected your device.

Blue screen of death (BSOD)

If your PC crashes regularly, it’s usually either a technical problem with your system or a malware infection. You might not have installed the latest drivers for your device or the programs you’re running could possibly be incompatible with your hardware. If none of these problems are apparent in your PC then the virus could be conflicting with other programs causing your crashes. To check what caused your last BSOD go to Control Panel> System and Security> Administrative Tools> Event Viewer and select Windows Logs. Those marked with an “error” are your recorded crashes. For troubleshooting solutions, consult forums or your IT department to figure out what to do next.

Programs opening and closing automatically

Malware can also be present when your programs are opening and closing automatically. However, do check if some programs are meant to behave this way or if they are simply incompatible to run with your hardware first before coming to the conclusion that your computer has a virus.

Lack of storage space

There are several types of malware that can manipulate the files saved on your computer. Most tend to fill up your hard drive with suspicious files. If you find any unknown programs that you have never installed before, don’t open the application, search up the program’s name over the Internet and use antivirus protections once you’re certain that it’s malware.

Suspicious modem and hard drive activity

Combined with the other warning signs, if your hard disk is working excessively while no programs are currently running or if you notice that your external modem is always lit then you should scan your computer for viruses.

Pop-ups, websites, toolbars and other unwanted programs

These are irritating signs that your computer has a virus. Pop-ups come from clicking on suspicious pages, answering survey questions to access a website’s service or installing free applications. Don’t click on ads where Jane says she earned $8000 a month staying at home. When you get pop-ups appearing out of the blue, refrain from clicking anywhere on the pop-up page and just close out of the window and use your anti-malware tool immediately.

Equally, free applications allow you to download their service for free but the installation process can be riddled with malware. When you’re installing a program from the Internet it’s easy to just skim over the terms and conditions page and repeatedly press next. This is where they get you. In the process of skipping over certain installation steps, you might have agreed to accepting a new default browser, opening unwanted websites and other programs filled with viruses. Just be cautious the next time you download something for free. It’s best to try avoiding any of these practices when you can in order to protect your computer.

You’re sending out spam

If your friends are telling you that you’ve been offering them suspicious messages and links over social media or email, you might be a victim of spyware. These may be caused from setting weak passwords to your accounts or forgetting to logout of them.

In the end, it’s best to know how malicious software affects your computer so you can take steps to rectify the situation as soon as possible. Regardless of whether or not your system has experienced these symptoms, it’s always smart to perform regular malware scans to ensure your business is safe. To find out more about malware and IT security, contact us today.

Published with permission from TechAdvisory.org. Source.

Topic Security
March 15th, 2016

2016Mar15_Security_CWhen it comes to monitoring your employees online, there are potential positives and negatives for your company. But as a business owner who’s never done it before, you may be clueless as to what these are. So to help, we’ve come up with a list of the pros and cons of employee monitoring. And if you do decide to go through with it, we’ve provided some tips for a smooth implementation process.

The case for monitoring

There are a number of reasons why monitoring your employees is a good idea. Doing so can help you:
  • Protect your organization from data theft or harm - because some disgruntled employees may try to steal from you or corrupt your data.
  • Ensure you have a harassment free workplace - because cyber harassment (sexual or otherwise) happens among employees.
  • Ensure staff are complying with policies - not downloading illegal programs or spending time on websites with illegal or hostile content.
  • Provide evidence in case of a lawsuit - heaven forbid this happens, but if an employee participates in illegal activities on your business’s computers, monitoring can provide evidence of it.
The sad fact of the matter is that many businesses who monitor end up discovering that employees are doing things they’re not happy about. Research by Nancy Flynn, the executive director of the ePolicy Institute in Columbus, Ohio, revealed that two thirds of companies monitor their employees, and half of them have fired employees due to their behavior on email and the web.

Cons

Of course there are some potential downsides to monitoring that you should be aware of as well. These include:
  • Productivity loss - monitoring can kill employee morale, and therefore you may see a hit in their productivity if they feel you distrust them.
  • TMI and lawsuits - you’ll likely learn about the personal lives of your employees that you would’ve never known about had you not monitored. You may discover their political or religious views, sexual orientation or medical problems. This could potentially open up your business to privacy or discrimination issues if you or your management team act negatively on this information.

Monitoring guidelines to follow

If you decide to monitor your employees, here are a few tips you should follow.

1. Create written policies

When you decide to monitor, ask yourself, are you doing it for security purposes? Is it to ensure your employees are not wasting large amounts of time on Social media? Whatever the reasons, it’s smart to balance your policies with the expectations of your employees. If you’re too strict with your monitoring, you could create that atmosphere of distrust we mentioned above. So set guidelines for acceptable use of email, social media, web surfing, instant messaging, and downloading software and apps. Also, in your policy, include how monitoring will be carried out and how data will be secured or destroyed.

2. Tell your employees

It’s important to inform your employees about your monitoring. If they find out you’re doing it without their knowledge, you could create resentment among them or even face legal issues. And just by letting staff know, you may actually see a boost in productivity as it could deter them from wasting time on the web.

When you tell your employees, explain why you’re doing it and the risks your business faces from misuse of digital assets. Reassure them you’re not doing it to spy on their personal life, but only attempting to create a compliant and law abiding workplace. Because their activities will now be less private, encourage your staff to keep their personal communication to their smartphones. Also, provide a copy of your written policy to employees to read over and sign.

3. Get the right technology tools

While there are many technology tools to monitor your employees, bear in mind, you don’t need to follow their every move. In fact, you shouldn’t as it will not only waste your time, but also cause you to find out more information than necessary. So look for technology that will alert you to potential problems, so you can focus on more important things. Lastly, you may also want to consider technology that can block certain content, like porn or hate websites, as employee access to this content could create larger problems.

Whether or not to monitor your employees can be a tricky decision but, if implemented correctly, could benefit your business in making it more secure and even more productive. For more information about security and other IT support tools, get in touch. We’ll make our best effort to help however we can.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 29th, 2016

2015Feb29_Security_CTTP’s stands for threats and tactics, techniques and procedures, the number of which has been gradually increasing since 2015. The financial services sector has long been the target for cyber criminals, where they apply a myriad of techniques ranging from social-engineering to credential-stealing malware. This means the time for security professionals to boost cyber situational awareness has never been more fitting. These are the seven latest threats that have recently surfaced:

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim's network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 9th, 2016

2016Feb9_Security_CEmployees are one of your biggest security holes. There is no foolproof prevention method for human error, and this is why employee mistakes are one of the most common causes of a security breach. So what can you do to prevent it? Well at the very least you need to include policies in your employee handbook, and ensure your employee reads through it and signs off on agreeing to abide by them. Having measures in place drastically reduces the chances of a security breach. Here are four areas to keep in mind when developing your own.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:
  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.
These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with permission from TechAdvisory.org. Source.

Topic Security
January 25th, 2016

2016Jan20_Security_CWhen big companies like Dropbox or Ashley Madison are hacked, the whole world hears about it. But how often do you hear about cyber attacks on the SMBs of the world? Probably not often, or never. Well, today, that’s all about to change. The NY Times recently ran an article telling the story of a small business, just like you, who suffered a major cyber attack. Here’s the story, and some ideas as to how to protect your business.

Last holiday season, Rokenbok Education, a small, California-based toy company of seven employees realized its worse nightmare. During the busiest time of the sales year, the files in their database had become unusable, infected with malware. The hackers used ransomware, a malware designed to hold a business’s data hostage, to encrypt their files and demanded a payment to make them usable again. However, instead of paying the ransom, Rokenbok restructured their key system. To do this it took four days. That’s four days of downtime, lost sales, and confused customers who likely lost confidence in the integrity of their company. Luckily this did not put Rokenbok Education out of business. But many SMBs aren’t so fortunate, and are forced to close after such a security debacle.

So why do security breaches like this happen to SMBs?

There are many reasons, but a common one is that small and medium-sized businesses often focus on profits over security. And really, it’s hard to blame them. When you’re small, you want to grow your organization as quickly as possible. And you likely think that because you’re small, no one is going to attack you. However, nowadays hackers are on to this way of thinking. They know that SMBs don’t focus as much on security, which make them a perfect target. In fact, according to Timothy C. Francis, the enterprise lead for Cyber Insurance at Travelers, 60 percent of all online attacks in 2014 targeted SMBs.

So what can your business do to protect itself against online attacks? There are a range of options, but it’s best to start off with an audit of your current security system to see where the holes are. This audit should check areas of risk which include customer data, employee access, and assets such as servers, computers and all Internet-enable devices.

After that, an obvious thing to do is to strengthen your passwords. While this has been said thousands of times over, many SMB owners do not take heed. Clay Calvert, the director of security at the Virginia-based firm MetroStar Systems, notes that hackers analyze how we create passwords and use big data analytics to crack them. “They have databases of passwords,” Calvert said. The best way to create a strong password is to make it long with a mix of characters. Password managers that encrypt your passwords can also help.

Aside from passwords, there are many other ways to boost your business’s security that include installing a firewall, keeping your antivirus up-to-date, and moving data over to the cloud (instead of storing it on company servers). Also, since many security attacks occur because an employee clicked on a malicious website or link, training your employees is a smart move. A good way to start this training is to create an employee manual that includes security guidelines they must follow. For ongoing training, you can keep them up-to-date on the latest security threats through email updates and regular meetings. Once you feel confident that your employees are up-to-speed and your security practices are updated, you can try hiring ethical hackers to test your systems and try to break through your security. This will let you know if there are any security holes you missed.

Calling in a security specialist

However, if all of this sounds far too much to bother with, consider outsourcing your security to a service provider that specializes in digital security. This can oftentimes save valuable time and money in the long run. Best of all, this can provide peace of mind, knowing that you have a security specialist watching over your business.

If you’re feeling overwhelmed and unsure where to start with your business’s security, we’re happy to help perform a thorough audit and provide you the digital security solution you need to keep your business protected. Security worries don’t have to keep you up at night, and we can help you implement the measures that will protect your business from disastrous security problems.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 29th, 2015

Female hand giving a bribe to businessman - closeup shotThe threat of being infected by malicious software is part and parcel of spending time on the internet, and no sooner have the antivirus and security software programs released an update or new patch than cyber criminals are scrambling for ways to circumvent them. In addition, as end users become savvier to the tricks and scams used to steal our data, money or identities, new tactics are employed to try and fool us. And that includes Chimera, a new strain of ransomware which has recently been uncovered.

Business is booming in the world of cyber crime, and scammers, extortionists, phishers and hackers are constantly on the lookout for new ways to exploit our fears and naivety in order to boost their bank accounts, steal our data, or simply cause us mayhem for their own twisted pleasure. One of worst types of malware for playing with our emotions - and therefore increasing the likelihood of us capitulating to its demands - is ransomware. If you don’t know how this program works, read on for an introduction.

If your computer has been infected by ransomware, the first sign that something is wrong is normally discovering that you are unable to open one or more of your files. That’s because the malware encrypts them, rendering them completely inaccessible. The next thing you see will be a ‘ransom note’, either in the form of an email or a notice that appears directly on your screen. You will be told that if you want to see your files again you will need to pay a sum of money. After making payment you will (allegedly) be sent a code that will allow you to decrypt your files.

Some types of ransomware up the fear factor even further by pretending that the FBI, CIA or other national law enforcement or government agency is behind the ‘kidnapping’. You will be told that your files are being held hostage because you have downloaded pirated software or files, or visited an illegal or illicit website - such as those depicting extreme pornography or threatening national security. Regardless of whether or not you are guilty of any of the above - be it a visit to an x-rated website, or downloading a pirated copy of the latest episode of The Walking Dead, your first instinct is probably to panic. The thought of no longer having access to any of our information, files or data is enough to make most of us break out into a cold sweat. If you haven’t backed up, everything from your vacation pictures to your company’s data could be lost for good.

The problem for ransomware creators, however, is that many users have wisened up to their tactics, and are refusing to pay, instead calling in an IT specialist to try and restore their encrypted files. This has left cyber criminals needing to find a way to boost ‘trade’. And that is where Chimera comes in. Christened by the Anti-Botnet Advisory Centre - a part of Germany’s Association of the Internet Industry - unlike previous forms of ransomware, which were indiscriminate when choosing their victims, this latest threat primarily targets businesses.

An employee will receive an email, purporting to be an application for a job within your firm, or some kind of corporate deal. This email will include a link ostensibly to the applicant’s resume or to details of the offer, but will in fact go to an infected file stored in Dropbox. Chimera then infects the user’s computer and encrypts any local files. Once the PC has been rebooted, the ransom note will be displayed on the desktop. Payment is usually set at around $680 USD, which must be paid in Bitcoins. And in order to further scare the victim into paying, the note will also state that failure to make payment will result in the user’s files being published online.

If there is a slight silver lining to the Chimera cloud, it is that the Anti-Botnet Advisory Centre has not found any proof that files have been published - at least not yet. In fact, it is still unknown whether the ransomware does actually take the encrypted files or if it is just an empty threat. Regardless, it is still a threat which could easily convince many users to pay the ransom. And should Chimera make good on its threats, the ramifications for a business are huge - and that’s without taking into consideration the nightmare of having your files encrypted in the first place. With Chimera targeting businesses of all sizes, and random employees within the business at that, isn’t it time you took another good look at your organization’s security posture?

Contact us today and talk to one of our security experts. We’ll be more than happy to help ensure that your small or medium-sized business isn’t taken hostage by Chimera or any other type of ransomware.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 28th, 2015

Organizing business and personal tasks and meetingsAs shown by recent high-profile hacking scandals - targeting everyone from Sony Entertainment to the extramarital-affair-facilitating website Ashley Madison - cyber crime shows no sign of disappearing any time soon. In fact, experts predict that 2016 is going to be an even busier year for cyber criminals, hackers and scammers. So what do you need to know in order to be able to keep your small or medium-sized business safe next year? Here we take a look at what could be in store.

If you think that only big corporations and prominent organizations are targeted by cyber criminals, you are making a deadly mistake. It might be tempting to sweep cyber crime under the carpet and assume that you are flying below the average hacker’s radar, but that simply isn’t true. In fact, it’s the polar opposite, since smaller enterprises are actually far more likely to be at risk than larger ones, owing to their typically less sturdy security postures.

So where does that leave you as a small or medium-sized business owner or manager? Does it mean you need to be taking your cyber security even more seriously? You can bet your bottom dollar it does, as industry experts predict that 2016 is only going to become more of a minefield when it comes to online crime.

The headline trend that IT security professionals pinpointed this year was that no longer were criminals hacking into websites purely to bolster their bank accounts. 2015 has seen the emergence of another strain of hackers, launching cyber attacks as part of a moral crusade. These people are not purely after money although in some cases this may also be a contributing factor - instead, their claimed motivation is revenge, or righting what they perceive as wrong. It is this diversification in the hacking community that has led security watchers to predict that, as we enter 2016, we are likely to see some different behavior from hackers.

Among the unpleasant predictions being made, a number of experts agree that hacks of a destructive nature will be on the rise. The fact that hackers are using attacks for retribution rather than simple monetary gain means that a wider cross-section of organizations may well find themselves being preyed upon, all the way from government agencies - traditionally ignored by hackers - to online retailers and other commercial websites.

Remember when Snapchat got hacked back in October 2014, and the hackers threatened to make public as many as 200,000 photos? Well, the bad news is that apps are going to continue to be targeted. In particular, those mobile apps that request access to your list of contacts, emails and messages can, in the wrong hands, be used to create the kind of portal that enables a cyber criminal to steal data or gain access to a company’s entire network. All this means that in 2016, hackers could be taking advantage of apps to do more than just steal your social media photos - they might have in mind the takedown of your entire company.

As a local business owner, social engineering - a means of tricking an individual into disclosing revealing or personal information about themselves or their company - is something you definitely need to be concerned about. You might pride yourself on being too savvy to fall for a cyber criminal’s tricks, but what about your employees? Can you be sure that each and every one of them exhibits the same amount of self control, cynicism, and wariness that you do? Not only that but, as we enter a new era of online threats, the criminals that use social engineering are growing in confidence and creativity. Dodgy emails from a bizarrely named sender containing a link to an unheard-of website are yesterday’s news. Modern social engineering is highly evolved and extremely cunning, and has the potential to convince even the most streetwise internet user.

How confident are you that your entire team of employees would be completely infallible in the face of a stealth attack from a seemingly innocent source? Could you trust them to restrain from divulging not only their personal details but also information pertaining to your company? Multiply the number of employees in your company by the number of phone apps they potentially use, and add to that the fact that any one of them could at any time be targeted by a social engineering scam, and the end result is a less-than-perfect security posture.

The sad fact is that there are people who want to do you harm - regardless of whether you hold confidential information about celebrity salaries, or are privy to a database full of cheating spouses. People, no matter how well meaning or vigilant, are the weakest link in any security chain, which means that ensuring your business’s safety necessitates educating your staff and ensuring that your network is impenetrable.

Professional training and a vulnerability assessment are two great places to start, so why not get in touch with us? We’ll make sure your business is as hack-proof as it can be.

Published with permission from TechAdvisory.org. Source.

Topic Security
December 18th, 2015

Security_Dec18_CSomething known as “state-sponsored cyber attacks” may not be something you have heard of until now. But with both Facebook and Google viewing the problem as serious enough to warn their users about, it seems this is an issue that could be here to stay. And now with Twitter also recently taking steps to alert their users about possible account hacking attempts, this may well be something that many of us should be concerned about.

But how at risk actually are you from a state-sponsored cyber attack? Is your small or medium-sized business in danger of being targeted? And who is behind these hacking attempts? Well, going by the warnings recently issued by Twitter, reports so far suggest that people, companies or organizations connected to internet security and freedom of speech are currently most likely to be at risk. But ‘currently’ is somewhat ambiguous, for in the world of cybercrime things can happen at lightning speed, and someone who is a target today might be deemed out of danger tomorrow – and vice versa.

As always, the best form of protection is to be forewarned, and you can only do that by learning as much as you can about the latest threats, scams and attacks. If you are a Twitter user, be it personal or for business use, you may be wondering why you have not yet heard of these alerts. That’s because Twitter’s messages were only sent to a small, and mostly rather niche, group of users. The email informed these users that Twitter was contacting them as a precaution due to their accounts “possibly” having been hacked by the state-sponsored actors. The email also stated that they believed that the actors may (or may not) be associated with a government, and that those involved had been looking to obtain personal information such as email addresses, phone numbers and/or IP addresses. So far, so vague!

Twitter then goes on to say that, although they have no evidence that any accounts were compromised or any data was stolen, they are actively investigating. They also lamented the fact that they wished they could say more…but that they had no additional information at that time. The email goes on to attempt to reassure users that their accounts may not have been an intentional target, but admits that if a user tweets under a pseudonym, that Twitter understands they may have cause for concern. But with so many Twitter users tweeting under a different name – and perfectly innocently, at that – what’s the real cause for concern here?

The issue lies with the type of accounts that were mostly targeted. The majority of these belonged to people or organizations connected to, or concerned with, cyber security. In fact, Twitter even offered some handy advice on protecting your online identity, suggesting users read up on the subject at the Tor Project website. Somewhat coincidentally, one of the victims of the attempted Twitter account hack is an activist and writer who currently educates journalists about security and privacy – and who used to work for the Tor Project. Another is a Canada-based not-for-profit organization involved with freedom of speech, privacy and security issues, and one of its founders is a contractor for the Tor Project.

Other Twitter users who received the email are also involved in some way or another in cyber security, albeit as self-described “security researchers” or simply by way of following or engaging with the online security community. This might lead you to the conclusion that, if you’re not in the business of security and instead keep your tweets to sport, entertainment, and the latest must-have gadgets, you are not at risk. But we urge you not to be so hasty. That’s because, within that small group of people who were contacted by Twitter, a large proportion of them had nothing to do with activism, freedom of speech, calls for greater privacy, or anything of the sort.

This means that, far from brushing this latest round of cyber threats under the carpet, individuals and business owners – whatever industry they are in – do have at least some cause for concern. As yet Twitter has not released details of the state the “actors” are sponsored by, so for now we are none the wiser as to whether it’s a homegrown issue or one from further afar – say North Korea or China.

What does all this mean for you as a business owner or manager? It means that you should be taking your online security more seriously than ever. It’s no longer just your network that is at risk; now simply having an account on a social media site such as Facebook or Twitter could be providing less-than-desirable third parties with the portal they need to access your company’s private information.

If you’d like to know how to ensure the online safety of your organization, give us a call today. Our experts have experience in everything from securing your computer network to increasing safety when it comes to sending out those all-important tweets!

Published with permission from TechAdvisory.org. Source.

Topic Security