Tag Archives: cybercriminals

If You Think Your Business Is Too Small To Be Hacked…Then You’re Probably A Cybercriminal’s No. 1 Target!

23 Jan 18
lverbik
, , , , , , , , , ,
No Comments

In a world of rampant cybercrime, hackers thrive on the blind faith of their targets. Despite high-profile digital security breaches showing up in the news nearly every week, most people assume they’re safe from attack.

The thinking goes that while Fortune 500 corporations like J.P. Morgan, Sony, Tesco Bank, and Target have lost millions of dollars of data breaches in recent years, my business is far too small to justify a hacker’s attention…right?

Wrong. In fact, it’s quite the opposite. According to StaySafeOnline.org, attacks on small businesses now account for over 70% of data breaches, a number that appears to be on the rise. Close to half of small businesses have been compromised, ransomware attacks alone have skyrocketed a whopping 250% since 2016, and incidents of phishing have followed suit, as reported by Media Planet.

Owners of small businesses might be excused for erroneously believing themselves safe. After all, the hundreds of little guys paying out thousands of dollars in digital ransoms each and every day are a lot less newsworthy than, say, the CIA’s recent hacking by the mysterious Shadow Brokers, or the 143 million sensitive customer records stolen in the recent Equifax fiasco. The lack of visibility of the more frequent, smaller-profile incidents plaguing the country can easily lull us into a dangerous false sense of security.

But why would a team of hackers zero in on a small-town operation when they could be targeting a giant like Google? Well, which building is a petty thief more likely to target — the bank in the center of a busy downtown, packed with security guards and high-tech theft prevention equipment, or the house in an affluent part of the city, which the owners always keep unlocked while they’re on vacation? Make no mistake — these hacker gangs aren’t boosting a couple flat screens and a box of jewelry. They’re gutting small businesses with ransoms that stretch to the very edge of their means, as much as $256,000 for a single attack, according to one TechRepublic analysis.

Of course, any small business owner will struggle to afford the security measures implemented by giant corporations. However, there is a balance to be struck between affordability and vulnerability. With just a little research, it’s actually quite easy to find an array of robust and comprehensive digital security solutions to protect your company. Such programs can turn your business from low-hanging fruit into an impenetrable fortress.

Even if you’ve somehow managed to make it through the past few years without a data breach, statistically, you can be confident that hackers will come for your business one day. With that in mind, it’s important to be prepared. Just because you haven’t had a life-threatening illness in the past two years doesn’t mean you shouldn’t have a wide reaching health insurance policy. Just because your car hasn’t broken down since you bought it doesn’t mean you shouldn’t regularly change the oil and invest in car insurance. And just like your car, your network security requires regular maintenance and upkeep to stay effective. If you grab your security software from the bargain bin, install it and forget it, you’re only marginally safer than you were before installing the barrier in the first place. Cyber security isn’t something you purchase to check off a box and give yourself an imaginary peace of mind. Instead, it’s an investment in your company’s future, the safety of your customers, and the longevity of your livelihood.

If your business isn’t too small to attract the attacks of hackers — and we guarantee it isn’t — then it’s certainly precious enough to protect. Cybercriminals will come for your business one day, but equipped with a set of up-to-date, powerful security protocols, you can rest easy knowing they’ll go away empty handed.

 

4 Sneaky Ways Cybercriminals Used Phishing In 2017

10 Jan 18
lverbik
, , , , , , , , , , ,
No Comments

Cybercriminals were more active in 2017 than ever before, with a staggering array of high-profile hacking incidents in the news each month. Here are four of the ways hackers used phishing to penetrate some of the most secure networks in the country last year.

Shipping Info Scam: Last July, an Internet security company called Comodo outlined a phishing strategy that was zeroing in on small businesses. Hackers sent phishing e-mails out to more than 3,000 businesses with the subject line “Shipping information.” When the recipient clicked the tracking link in the body of the e-mail, it downloaded malware to their PCs.

WannaCry: This widespread ransomware exploited a weak point in the Windows operating system to infiltrate networks across the country. Once it was in, the malware locked users out of their files and demanded a hefty ransom to retrieve their data.

The Shadow Brokers: Last April, the ominously named Shadow Brokers released a huge number of classified tools used by the NSA, including Windows exploits, which hackers then used to infect businesses throughout the world.

Google Docs Phishing: In May, hackers sent out false Google Docs editing requests to over 3 million individuals. You know how the story goes — when recipients clicked the link, phishers gained access to their entire Gmail account.

 

SmallBizTrends.com 08/29/2017

Skimp On Data Protection And Pay The Price

10 Oct 17
lverbik
, , , , , , , , ,
No Comments

We’ve said it time and again: Today’s cybercriminals are using more advanced technology than ever. And those malicious tools are becoming even more sophisticated at a breakneck pace. To top it all off, new software developments are enabling these criminals to cast wider and wider nets, targeting businesses that, before, would have flown under their radar. Companies small and large, of every type, are being infiltrated by vicious cyber-attacks across the world each and every day.

Even knowing this, business owners are tempted to cut costs and corners. When you’ve never had a breach, data security can seem like a distant concern, especially for a limited budget. But regardless of which digital barriers you put in place to protect your business, you can bet on one thing: One day, your security will be tested by an attack. Whether or not the hackers punch through could mean the difference between your company shutting down for good — as 60% of small businesses do in the six months following a cyber-attack, according to the Denver Post — and remaining solvent and secure in your position.

When you’re struggling to stay afloat or simply wanting to be a savvy spender, you may think the best way to lock down your data is to put one of your staff on the task or to do it yourself.

And sure, your team can conduct hours of research searching for inexpensive security. And you’ll almost certainly find something cheap with good reviews and a decent track record. You’ll figure out how to install the software across your system, complete with firewalls, server protection, antivirus and maybe a bell and a whistle or two. Perhaps you’ll even hold a meeting to educate your staff on the do’s and don’ts of cyber security.

“Use intricately constructed passwords,” you’ll tell them. “Don’t click suspicious links in your email.”

Then, after a few days of fiddling with settings and ensuring the security software is properly in place, you’ll forget about it altogether. After all, it’s already installed, and you’ve checked to make sure there aren’t any gaps in the system. It’s not something you need to constantly monitor.

A year later, your business has — miraculously — doubled in size. You’re finally reaping profits. Best of all, a recent news story has brought your company into the public eye, and brand-new leads are contacting you every day. For the first time since the company’s inception, you can breathe easy.

Then, one Monday morning, you log into your computer. For a second, everything seems to be normal, until an innocent-looking pop-up fills your screen. “Attention!” an eerie robotic voice barks from your speakers, “Your documents, photos, databases and other important files have been encrypted!”

Thinking it’s a hoax, you click into your server drive. To your dismay, you really are locked out of everything. So, palms sweating, you read the rest of the pop-up. It provides instructions to install the deep web browser Tor as well as an address for you to visit. When you go there, you learn that in order to recover all your data, including the credit card information of your customers, you’ll need to dish out $50,000 in bitcoin.

A year ago, you couldn’t afford adequate cyber security. Can you afford $50,000 in cash today?

Identical situations are unfolding every day, with people exactly like you. Back in April, CNBC reported that across the previous 12 months, half of all small businesses had been infiltrated by malicious hackers. “Cyber security is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses,” wrote the Securities and Exchange Commission in a 2015 report. “The reason is simple: small and midsize businesses are not just targets of cybercrime; they are its principal target.” Cheapo security solutions might be fine for a lone browser surfing the web at home, but they are shockingly inadequate resources on which to base the entire success of your company, your livelihood and the livelihood of your employees.

Frankly, it’s irresponsible to lock your data behind a flimsy $5 firewall. Invest in robust cyber security solutions and secure the future of your company.

5 Common Workarounds For Remembering Passwords, And Why You Should Stop Doing Them Immediately

08 Dec 16
lverbik
, , , , , , , , , , , , , , , , , , ,
No Comments

With everything we do online, it’s impossible to remember all the passwords you need for a web site. So what do most people do? They use one of the following five “workarounds” that make them an easy target for cybercriminals and hackers. Here’s what they are:

  • Using the same password for everything. If hackers gain access to one account, they know you are likely to use the same password for other sites and will use that to try and access everything. Plus, they can easily look at your browsing history to see what sites you’ve been accessing recently.
  • Using easy-to-guess passwords. Without a doubt, obvious passwords such as “123456,” “password” or “qwerty” leave the door wide-open for hackers. Their ever-more-robust programs can sniff out these easy-to-crack passwords in a heartbeat.
  • Allowing your web browser to remember them for you (autofill feature). For highly sensitive web sites, like your bank account, this is a big mistake. Plus, this still doesn’t solve your password problem entirely if you use more than one browser or have multiple devices.
  • Putting them all on a file you save on your hard drive. If a hacker gains access to your computer and discovers that file, you’re toast!
  • Writing them down on a Post-it note on your computer. You wouldn’t lock your house and then tape a key to the doorframe, so how can you possibly think this is safe?

Here’s A Quick and Easy Way To Bullet-Proof Your Passwords

The best solution we’ve found is to use a password manager such as 1Password, KeePass, LastPass or RoboForm.

These popular programs create hacker-proof passwords for you, complex enough to foil intruders, yet stored safely so you don’t have to memorize them. They work with most platforms and use encryption powerful enough that you don’t need to worry about keeping all your passwords in one place.

Choosing and enforcing strong passwords is a chore; but when you consider the costs, loss, downtime and even bad PR that can come with a hacker attack, you cannot take the “easy” road on this.

Spooked About Your Network’s Security?

13 Oct 16
lverbik
, , , , , , , , , , , , , ,
No Comments
You should be, unless somebody’s keeping a vigilant eye on it for you…
Not too long ago, in a place not so far away…when ancient hordes attacked your city, a single breach in the wall could mean certain death – or at least the end of life as you know it.
Yet times change…or do they?
Attacks by today’s cybercriminals on your network, while perhaps not physically life-threatening, can inflict severe damage to the life and health of your business.
FACT: The odds of a successful cyber-attack against your business today are one in five. And, at a typical cost of $300,000 or more, a full 60% of smaller businesses that suffer a breach shut their doors for good within six months, according to the National Cyber Security Alliance.
So, who’s “guarding the gate” at your company’s network?
The problem with keeping your network safe today is that these attacks don’t just happen randomly – they are constant and unrelenting. Ever more sophisticated “robot” software is making it easier than ever for attackers to stalk the Internet, probing for vulnerabilities 24/7.
Here are just a few of the ways these vigilantes can penetrate your network’s defenses:
An SQL Injection can destroy your database, steal e-mail addresses, usernames and passwords, gain access to sensitive client management and billing data, deface your web site and defraud your business. It’s also now the most frequent mode of attack.
Open Ports – An open port is basically a channel for Internet data to connect with devices on your network. A firewall normally filters data, but hacker “web-bots” constantly probe for vulnerabilities. When they find an open port, and if they have installed malicious code inside your system, they are then able to control your devices.
In a DDoS attack, a network of computers attacks a single server with a surge of traffic, forcing it to crash. They most often target political organizations and banks; however, small businesses are also at risk. To avoid getting shut down, you need a defense plan in place and around-the-clock monitoring.
Malware and Viruses – Unfortunately, anti-malware and antivirus software programs in reality often fall short of claims, leaving many SMB networks highly vulnerable. The problem is twofold: First, they only detect a breach after the malware or virus has infected your system. Second, detection solutions often lag behind the latest threats by days or even weeks, leaving a big window for them to inflict heavy damage.
Targeted E-mails – Cybercriminals seem to get better each day at creating enticing e-mails that innocent readers will click on without a moment’s thought. If that reader happens to be on your network, you now have yet another hidden attacker to deal with.
“Drive-By Downloads” are a client-side intrusion where a person in your network innocently picks up a nasty bug…
Credit Card Theft – How would you feel if one of your customers’ credit cards got hacked due to a flaw in your security? Now imagine how you would feel if that incident turned into a lawsuit… Yet that is exactly what can happen if your DLP (Data Loss Prevention) system isn’t up to snuff. As you’ve no doubt seen in the news, credit card data theft is now epidemic. To keep customer data safe and maintain PCI compliance, it’s absolutely crucial to make sure your DLP is on duty 100% of the time.
As cybercriminals hone their evil craft, we must now be on guard, as our businesses grow ever more web-dependent. Yet how do you find the time to keep up with it all, much less make sure your network is safe?
Lucky for you, there’s a silver dagger…our Techno Pros can help you find and install the right protection.  Contact us.