How to keep your customer information secure

How to Keep Your Customer Information Secure

Good security comes from good planning, so you need to carefully consider how to handle customer information in order to be successful. It’s your responsibility to make your customers feel safe and let them know that they can trust you. A large part of that is keeping your own computer systems safe. Because if you can’t protect your software, how can you protect sensitive customer information?
Collecting customer information is a delicate act of balancing expectations with results. You have to be straightforward and plan diligently in order to prove that you’re trustworthy and have the right safeguards in place to protect against breaches and loss of private information.

Read more

the dark web

Hackers, Passwords and the Dark Web: What You Need to Know

Criminals love stealing credentials, and too many people are handing them the keys to the kingdom. A recent study by Verizon showed that 91% of phishing attacks targeted the user’s credentials. Why? Because stealing your username and password is the easiest way to break in to your business data, your bank account and more.
We make it even easier when we choose weak passwords or reuse the same passwords in multiple places. In fact, the study reported that 63% of confirmed data breaches involved weak, stolen or default passwords.

Read more

Credit card skimming

Credit Card Skimming: What You Need to Know

With all the discussion around cybercrime and phishing attacks, we know that pesky Nigerian princes or long-lost millionaire relatives are out to steal our money. We probably don’t suspect the ATM at the convenience store down the street. Unfortunately, ATMs and points of sale aren’t always safe, as more and more thieves are using credit card skimmers to steal credit card information.

Read more

Critical cyber insurance loopholes

Critical Cyber Insurance Loopholes You Should Know About

Faced with the growing threat of hacks and data breaches, more and more businesses are looking toward cyber liability insurance to protect themselves. Being proactive about cybercrime is a good thing. Unfortunately, many cyber insurance policies have gaps in coverage that can leave your business vulnerable.
The cyber security field is exploding in popularity, but it is still a young field, and cyber insurance is equally immature. There’s little standard language for defining coverage, and every policy is a little different in terms of what’s included and what’s not. Businesses need to be careful to read the fine print.

Read more

3 lessons from the Google phishing scam

3 Lessons from the Google Phishing Scam

If you haven’t heard, a super-sneaky phishing attack posing as Google Docs recently rampaged among Gmail users. The cleverly disguised email only took a couple clicks (through a REAL Google site!) to access your email account and forward the phishing email to everyone in your contact list. Google reacted quickly to stop the attack, but it spread like wildfire while it was active because it was so hard to detect.
Here’s how it worked:

Read more

7 tips to defend against a data disaster

7 Tips to Defend Against a Data Disaster

One click may be all it takes…
You’re checking your email Monday morning, cup of coffee in hand. You mark a few to follow up, confirm a meeting for the afternoon, and then delete a couple of junk promotional emails. But then you come across one that looks important – and it’s about an overdue invoice. You click on it and open the attached document to see what the problem is. Little did you know, a malicious file that was embedded in that document is now infecting your system, spreading like wildfire across your network.
Suddenly a note pops up on your screen:

Read more

top 5 worst IT blunders of 2016

The Top 5 Worst IT Blunders of 2016

Last year was a year filled with security gaffes, data breaches, and hacks—many of which were felt country and even nationwide. Well-known organizations such as Yahoo, the NSA, and the IRS each had to deal with their own security breaches that found millions of user accounts compromised or exposed to malicious third parties. Everything from login details to personally identifiable information (PII) was released or obtained by hackers in 2016; but the attacks didn’t stop with just looted data.

Larger attacks occurred during Q3 and Q4, seeming to serve only a single purpose: disruption. There were also breaches revealed in 2016 that actually occurred years prior (much to the public’s dismay), which indicates that not only were many of these companies not capable of detecting the breach, but that they also most likely didn’t have any kind of recovery plan in place to handle the aftermath of being compromised.
While ‘blunder’ might seem like a harsh word for victims of a hack, the majority of companies could have done a lot more to mitigate the damage of their respective breaches. A noticeable percentage of the affected groups also didn’t immediately come forward about the hacks, which also constitutes a blunder, albeit a legal and PR related one.
The following summaries highlight five of the most prolific IT blunders to go down in 2016.

Read more

6 tactics to combat high level it security threats

6 Tactics to Combat High-Level IT Security Threats

The number of cyber-attacks and security threats across the country and throughout the globe has gone up – but there’s an even more critical problem businesses should worry about. The complexity and threat-level of those security breaches have increased, becoming more sophisticated. It’s increasingly more common for hackers to target larger companies—oftentimes, many at once. Today’s malware tends to have many different attack vectors compared to malware five or ten years ago. This means IT security is even more integral now to the overall health and integrity of your company’s data infrastructure.

One of the most recent cyberattacks to make the headlines sent ripples out across the world as Internet usage flickered out for many large businesses and popular online services, such as Netflix, Twitter, and the Financial Times. The attack on the New Hampshire-based Internet performance management company, Dyn, was carried out as a distributed denial-of-service (DDoS) attack that came in waves. The result was literally hundreds of thousands of devices around the world infected with malware.
cyberattack motivation chart
Hackers are becoming emboldened, and as activity from hacktivist groups and both cyber warfare and espionage remain somewhat steady, the world of IT security has to rise to the challenge of protecting and preventing future attacks. If the DDoS on Dyne was any indication of the scope or power of hackers out there, then companies most certainly need to reevaluate their level of IT security to ensure they have something capable of handling high-level security threats such as these.

Read more

Insider threat rises for data breaches

Insider Threat Rises for Data Breaches

Data breaches have been a challenge to many businesses over the past twenty years. Cyber criminals have held files for ransom, leaked personally identifiable information (PII) to third parties, and turned millions of dollars’ worth of hardware useless. The threat of being exposed to hackers has always been a fear in the minds of computer users; however, there’s a threat as insidious lurking somewhere much closer to home.

As computing moves toward cloud-based operations and accessibility improves, employees have earned a spot on the list of threats to your company’s network.
In a previous post, we discussed the consequences of unsafe browsing while at work, but the threat posed by insiders isn’t always accidental or due to negligence. Recently terminated employees or those from the past with a grudge could spell trouble for companies if the proper measures aren’t taken.

Read more

HummingBad infects over 10 Million android devices

HummingBad Malware Infects Over 10-Million Android Devices

More than 10 million Android phones have been infected with an annoying little piece of malware called HummingBad.
This malware looks to exploit a device’s data by stealing and selling it. While its tactics are fairly run-of-the-mill for malware—drive-by-download, data theft, etc.—HummingBad goes a step further by attempting to root itself.

Gaining “root access” to a device allows malicious users to gain administrative-level control capable of overriding any Android subsystems. Hackers exploit this mode of infection to cause the most damage, and to make their malware difficult to remove. Once HummingBad has rooted itself, it can force the user to click on ads and download apps, but there’s a little more to this malware than that.

Read more