Posts Tagged ‘Employee Awareness’

Not Your Father’s Phishing Scam

Posted on: July 30th, 2018 by jiml | No Comments

According to a recent FBI study, the weak link in security is us! (People) Specifically, people who click on things they should not or give out information they should not. Cyber Criminals have put a high emphasis on targeting the human element of businesses. The easy way to bypass technology security measures is to trick someone into letting you in! Once the hackers have valid credentials into a network, they will have the same access rights as the person they hacked and give themselves a platform to try and escalate those privileges even further.

Social engineering and phishing scams have evolved greatly in the last few years. Gone are the days when phishing emails were poorly spelled emails from a supposed Nigerian Prince looking to get your bank account information so he can deposit a million dollars in it. Today’s scams are much more difficult to detect and often specifically arranged to try and fool employees of your company. One technique is called email spoofing, where the hacker pretends to be an influential person in your organization. This is an incredibly easy hack to pull off as most businesses have information about their management teams on their web site. In addition to these phishing emails becoming more sophisticated and more common (one recent study by a prominent anti-phishing platform estimates 91% of data breaches come from phishing attacks), the damage done by hackers is also on the rise. Some strains of ransomware will infect your Master Boot Record and essentially turn your computer into a brick if the ransom is not paid. In cases like this, hackers are not after your information, they are purely going after your money. No ulterior motive in play here.

**Remember** : When your business get hacked it doesn’t just affect your business. Once a hackers compromises your email, as an example, they now can see who you communicate with and they will start attacking your customers, your vendors and your partners. A hack at your place of business can cost you business relationships!

Employee awareness is a key component to a comprehensive security plan. What can be done to combat the kinds of sophisticated phishing attacks that are on the rise? Colden Company has a service that will generate phishing emails (without the dangerous results if users click on them) so that you can identify who needs more training and awareness of these types of scams. Every business has them. You could send an email with skull and crossbones, with a note that says “Do Not Click” and someone in your organization will click it. After-all, somebody was falling for the Nigerian Prince scams or they would not have continued for so long. These are the people that put your business at risk! These are the people that specifically need targeted training. Our phishing tests will do just that by sending out sample emails and identifying who is clicking and providing training and feedback immediately.

Today’s cyber world calls for increased security and increased employee awareness. To find out who your “clickers” are, call us at 888-600-4560, email us, or visit us on Facebook or Twitter.

Security for the SMB (Small-Medium Sized Business)

Posted on: June 27th, 2018 by jiml | No Comments

According to a study conducted by VISA, 85% of data breaches occur at small businesses. This is no accident. The simple reasons are 1) there are a lot of small businesses and 2) small businesses are easier targets than large enterprises. Many small businesses are under a mistaken impression that they are safe because they are small. “Who would want to hack my small business?” they say. Security by obscurity, as it is called, is a myth.

The fact of the matter is hackers often do not target your small business. They simply attack what is available to them. Many hacker tools work by inputting a range of IP addresses. These are public IP addresses that is the Internet-facing portion of a business. Hackers often do not know who is behind those IP addresses and therefore do not know if they are attacking the Pentagon or Joe’s Crab Shack. The tools return vulnerabilities that can be exploited at each address. Which entity do you think has more vulnerabilities presenting themselves, the Pentagon or Joe’s Crab Shack? As a generalization, small business does not have the same level of resources to spend on data security that large organizations have. This leaves them as targets to hackers looking for low hanging fruit to attack. Another analogy is the car thief in downtown Manhattan. If he sees a car with the club in the steering wheel, he is going to move on to an easier target as there are seemingly endless targets.

So, what can you do as a small business to protect yourself without breaking the bank? Here are some low-cost but effective ways to improve security:

1) Create stronger passwords. According to a Mastercard study, current hacker programs can crack a 6-digit password in about ten seconds. Stronger passwords are one of the most important things businesses can do for protection. Use password managers like LastPass and KeePass to help you manage those stronger passwords.

2) Lock your computer when you are away. If you have any sensitive data or PII (Personal Identifiable Information) such as credit card information, health information, social security numbers or other human resource data, you have an obligation to protect that data. Make sure your computer screen is locked or locks automatically when you are away.

3) Use encryption. Microsoft has a tool called BitLocker built-in to Windows 10 Professional so the data on your computer will be less likely to be stolen. Laptop users specifically should do this as they are far more likely to be stolen than desktops.

4) Educate your staff. Employee Awareness programs may soon be required for businesses storing protected data. Many scams can be pulled off without any actual breach of a businesses’ defenses. Hackers simply use social engineering to trick employees into giving up information or money.

5) Take security seriously. Many small businesses do not take the threats seriously enough…until a breach occurs. Breaches are costly on many levels and can be a death blow to a struggling business. The threats are real.

Need help improving security without breaking the bank? Call us at 888-600-4560, email us, or visit us on Facebook or Twitter.