Tag Archives: criminals

Why Cyberthugs LOVE Your Business

14 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

It was a typical morning at the offices of a small Midwestern online retailer. This company, whose name we cannot mention due to a non-disclosure agreement with our source (Gary Miller, GEM Strategy Management) owned a very successful online catalog offering a wide variety of women’s apparel and accessories. They had a terrific reputation and brand, and every reason to be excited about their future.

Then, with a single click, the death spiral began…

An employee received an e-mail with a link to a benign-looking catalog. All it took was one click and the company’s entire network was infected. The Crytowall malware dug deep into the company’s accounting system and customer files, including credit card and social security numbers.

Fifteen thousand customer accounts were locked up by the malware. A ransom demand soon followed, requiring $50,000 for the key. Unfortunately, the company’s backup systems had been down for the last three months. With no way to remove the virus without destroying crucial data, the company had its back against a wall.

They paid for the decryption key. But no luck – it didn’t work. Business came to a grinding halt. The company owners couldn’t afford to rebuild their entire network. Within six months, the company closed its doors, strangled by a lack of sales and cash flow.

Could this happen to you?

Hackers have discovered that small businesses make juicy targets. These criminals love going after small businesses because they’re often the easiest to penetrate. IBM reports that over 62% of the 4,000 cyber-attacks that occur every day target small businesses.

Cyberthugs filch information to rob bank accounts via wire transfers. They steal customers’ personal identity information and resell it on black markets. They nab key information to file fraudulent tax returns, and commit health insurance or Medicare fraud – in your customers’ names.

Most small businesses are easy prey because they fail to take precautions. But you don’t have to be like most small businesses. Here are four things you can start doing TODAY to prevent a shutdown that could destroy your fortunes.

Understand evolving threats – Know what’s at risk in your company. Stay on top of the different schemes hackers use to gain entry. Learn all you can about phishing, spoofing, social engineering, malware, systems hacking, pharming and the latest scams so you can see them coming. Identify your company’s weak points and bolster them as needed.

Institute a dual signature policy – Require that two people sign off on every transaction. At the very least, when in doubt, pick up the phone. Verify all fund transfers or requests for payment before releasing funds.

Ingrain a solid data security policy in your company’s culture – Yes, you need to define and document protocols…but that’s not enough. In order for them to work, they must permeate every activity you and your team engages in. Your employees are the gatekeepers of critical data. Train them to see the warning signs, engage in safe practices and respond effectively to an attack. Examples include using only unique, complex passwords and keeping a “clean desk,” where sensitive information isn’t exposed.

Have – and practice – an incident response plan – Just like a fire drill, being ready for a breach gives your team an edge when faced with a crisis. When everyone knows exactly what to do, you’re better able to nip a hack in the bud.

Why play Russian roulette with your company’s data?

If you’ve been putting off cyber protection measures, thinking, “Oh, that would never happen here,” you are putting your company’s entire future in jeopardy. NOW is the time to call in an expert you can trust to verify that your data is safe in today’s rapidly evolving battle against a host of online bad guys.

When it comes to protecting your data – whether it’s bank account information, customer and employee records or proprietary IP or processes – we’ve got you covered.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.