There are a lot of things that have changed since the invention of the internet. One of these is how we bank and access our accounts. You used to have to go into a local bank branch to make deposits and withdrawals. Now, you can take a picture of a check and deposit it from your phone.
Approximately 73% of people around the world use some form of online banking at least once a month. People have never had such convenient account access. But that convenience can come at a cost.
In 2021, account takeover fraud increased by 90%. New account fraud jumped a whopping 109%. As the ease of online banking has increased, so has banking-related cybercrime.
If someone breaches your Facebook account, it can be a real pain. But, if a hacker breaches your bank account, it can be devastating. It can mean significant losses. Losses that you may not be able to recoup from your financial institution.
In this article, we’ll take a look at the mistakes people make that leave their accounts at risk. Then, we’ll go over some important tips on how to keep your bank account better protected.
Two-factor authentication (2FA) is a simple process that packs a big punch. When you enable this setting in an online account, it requires an extra step to gain access. That step usually consists of receiving a one-time passcode (OTP) by SMS and entering that at login.
Many people make the mistake of leaving this disabled. They either don’t know it’s there or they think it’s too inconvenient. But leaving this setting off makes it much easier for a bad actor to breach your account.
There are several types of phishing scams that target online banking. Cyber criminals send emails that look like they come from your bank. They’ll even promise incredibly low rates on credit cards.
Other scams can involve warning you of unauthorized account activity. But when you click the link to log in, you’re actually on a fake page. One designed to look just like your normal bank website.
These are just a few ways that scammers can get your online banking login details. Once they have them, they’ll act immediately to get whatever they can.
If your account password is easy to remember, it’s also often easy to guess. Using weak passwords is a common mistake that enables many cyber criminals.
Some best practices for passwords include:
Banking trojans are often hidden in malicious mobile apps. These apps can look like something as innocent as a task manager. But, once installed, banking trojans seek out any details they can find. They are looking for banking and wallet apps.
One surefire way to give away your online banking password is to log in while on public Wi-Fi. Hackers hang out on public hot spots and spy on the activity of others. You should never type in a password or other sensitive details when connected to public Wi-Fi.
Enable two-factor authentication in your online banking account. This is also known as multi-factor authentication or two-step verification. According to Microsoft, it can block 99.9% of fraudulent account login attempts.
Time is of the essence when an intruder breaches your account. The faster you can notify your bank of the breach, the better. You could reduce the impact on you by having your account locked down immediately.
Set up banking alerts through your online banking. These can include things like low-balance alerts and login alerts.
It’s important to have reliable antivirus software on your PC and mobile device. Many people don’t think about protecting their phones in this way. Yet, they shop online and bank via mobile devices.
It’s also good to use a DNS filter. This is a filter that protects you from going to dangerous phishing sites by blocking them.
Do you know how to identify phishing? Are you up on all the newest scams? You can make yourself less vulnerable by taking some phishing awareness classes. There are many of these for free online. You can also contact us for more personalized training options.
Knowing how to spot phishing via text, email, and phone can help you avoid becoming a scam victim.
There are some key digital solutions we can put in place to keep your family safer from online threats. Give us a call today to schedule a chat about online security.
This Article has been Republished with Permission from The Technology Press.
No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)
These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach.
According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.
Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.
It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.
Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack.
All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.
Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.
Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.
What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.
You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It's for employees to follow should any number of cybersecurity incidents occur.
Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis.
Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident.
Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:
Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach.
Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.
Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.
Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.
Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects.
As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.
A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.
Working with a trusted IT partner takes a lot of the security burden off your shoulders. Give us a call today to schedule a chat about a cybersecurity roadmap.
This Article has been Republished with Permission from The Technology Press.
Cybersecurity researchers uncovered an alarming mobile statistic. During the first few months of 2022, mobile malware attacks surged by 500%. This is alarming both in scale and because many people aren’t yet protecting smartphones.
For years, mobile phones have become more powerful. They now do many of the same functions as a computer – just with a much smaller screen. Yet, people tend to secure their computers better than they do their smartphones.
This is a behavior that needs to change. Over 60% of digital fraud now occurs through mobile devices. That makes them highly risky if proper safeguards aren’t followed.
Many of these are the same types of protections you have on your computer. It’s time to start thinking about your smartphone as a mini-computer and keeping it just as secure.
Yes, your mobile phone needs antivirus/anti-malware too! Malware can and does infect smartphones and tablets. You need to ensure you have a reliable mobile anti-malware app installed.
And beware of those freebies. Freebies are great when you’re talking about food, but not security apps. Malware is often hidden inside free apps. These apps are ironically supposed to make you more secure.
Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like:
You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later.
Many people prefer checking email on their phone rather than PC because it’s so handy. But they have a false sense of security about the safety of emails when viewed on a mobile device.
You can’t assume an email is safe just because you’re not on your computer. Be just as wary about unexpected emails and scam emails masquerading as legitimate.
It’s difficult to hover over a link without clicking when on a smartphone. If you see something questionable and want to check the link, open the email on your PC where you can do that.
In March of 2022, text spam outpaced robocalls. Unwanted text messages rose by 30%, ten percent higher than robocalls. Many of those spam texts are smishing.
Smishing is the text version of phishing. These texts usually contain malicious links. A hacker can potentially breach your device if you click them. The message may also ask you to text back personal information.
Be on the lookout for text messages that don’t quite make sense. For example, getting a shipping notification when you haven’t ordered anything. Also, beware of texts from unknown sources.
Phishing via text message is a growing concern. It’s also one that most people aren’t aware of yet, so they often get caught in its trap.
Approximately 2.6 million apps haven’t had an update in a year or more. Apps are often abandoned by the developer. This can leave security vulnerabilities on your device. Hackers seek out these types of vulnerabilities to exploit. If they aren’t addressed, then they remain a danger.
Go through your device and remove old applications that you are no longer using. There is no reason to keep them around, potentially leaving your device at risk.
Additionally, look at the time of the last update. If it’s over a year, then you may want to consider replacing that app with something more current. App updates often include security-related items. It’s not good when a year or more goes by without the developer making any type of update to the app.
Speaking of updates, you also need to keep your device's operating system updated. Are you using the current version of Android or iOS? Not installing updates can mean your phone has vulnerabilities. These vulnerabilities allow hackers to breach your data.
Automate updates as possible. If you have a company with several devices, then it’s a good idea to include your phones on a managed IT services plan.
Public Wi-Fi is dangerous. Most people understand that, but many connect to it out of necessity anyhow. You may worry about going over your data plan allotment. Or your mobile carrier reception may be slow. Both cases are reasons people opt to connect to unsecured public hot spots.
You can connect to public Wi-fi with less risk if you use a VPN application. VPNs stand between your device and the internet. They route your data through a secure server. This keeps it away from prying eyes that may be lurking on that public Wi-Fi.
Don’t wait until your phone is infected with malware to secure it properly. We can help you with automated solutions that protect your device, accounts, and data. Contact us to schedule a consultation.
This Article has been Republished with Permission from The Technology Press.
Data privacy has been a growing requirement ever since the internet age began. So much personal information is flying around through computer networks. Protecting it has become a mandate.
Most companies must follow HIPAA, GDPR, or another industry or locality-based privacy rule. By the end of 2024, 75% of the world’s population will have their personal data protected. It will fall under one or more privacy regulations.
You don’t need to be a large enterprise organization to have data privacy compliance at the top of your mind. It goes hand in hand with cybersecurity. Additionally, privacy requirements hit all sized companies.
Between July 2020 and July 2021, GDPR violations rose by 113.5%. The number of associated fines also jumped, by 124.92%. When it comes to HIPAA violations, each incident can carry a penalty between $100 to $25,000.
It’s important to make data privacy a priority and factor it into all your data collection processes. When companies collect, send, or store personally identifiable information (PII) it needs protection. This means putting adequate safeguards in place.
To stay on top of your privacy compliance obligations, you should also keep up with trends in this area. Next up, we’ve documented the biggest data privacy trends happening in 2023 that you should be aware of.
Approximately 40% of privacy compliance technology needs artificial intelligence (AI) to operate. AI has certainly made its way into many of the applications we use on a daily basis.
When you’re typing in MS Word and text just springs up as a suggestion, that’s AI predicting what you’ll type next. When working on a photograph in Photoshop, you can now click a button to give a frowning face a smile. This is also the work of AI.
So, it’s no surprise that AI is running many of the algorithms responsible for keeping data protected. But what happens when there is a problem with the AI?
This is the question that AI governance is working to address. This is a new trend in data privacy because AI has never been so prevalent throughout the data journey as it is now.
Whenever AI is used in the data protection area, organizations need to govern it properly. This helps ensure that automated processes aren’t accidentally exposing sensitive data.
A trend that we’ve seen over the last several months is putting more privacy power into the consumer’s hands. Many privacy regulations require that apps and websites provide data transparency. They need to tell people what data they’re collecting, how they’re collecting it, and what they do with it. People also need an “out” to get their data back.
These needs have led to consumer privacy UX becoming a “thing.” You can think of this as a centralized privacy portal. A place people can access privacy-related settings in various apps. This gives better visibility into how their data is being used.
The pandemic has forever changed the global workforce. Many organizations are now running completely remote offices. Or may be using a mix of remote and in-office staff. The dramatic increase in people working from home has led to data collection changes. Companies are ramping up their monitoring of those employees working off-site.
But this type of monitoring opens a can of worms when it comes to data privacy. Organizations need to ensure that they aren’t encroaching on the rights of their staff. This is most pertinent when putting monitoring in place on employee devices.
For example, approximately 49% of remote employees use their personal computers for work. Companies often put endpoint device monitoring in place for security reasons. They need to ensure they are not gathering or backing up any personal data. That would be data owned by the employee and not the company.
One of the concerns when the social app TikTok became popular relates to location. With the firm being a China-based company, people worried about the privacy of their data. The data was originally stored on servers governed by the Chinese government. A country with very different data privacy rules than the US and other countries.
Data localization is going to become more prevalent. Increasingly organizations look at where their cloud data is being stored. Where a server resides governs the privacy rules and regulations that it may fall under. Thus, companies and governments are now asking a question of cloud providers. This is, “Where is my data stored?” Many want their data to be as close to home as possible.
Data privacy by design is a fairly new term. Using privacy-enhancing computation is a way that AI is helping cybersecurity. By using PEC as a built-in component of software and apps, developers provide value to clients. They address privacy concerns by making data protection more automated.
Look for PEC components in data analytics when shopping for business tools.
How are your data privacy protections? Are you risking a penalty due to lax controls? Give us a call! We can help with a compliance checkup.
This Article has been Republished with Permission from The Technology Press.
Our technology inevitably comes with us when we travel. Most of us won’t even travel to the end of the block without our smartphones. When you go on a trip, not having your technology there when you need it can ruin your day.
Travel smarter and more securely by doing several checks before you go. Use our handy tech travel checklist. It can save you from suffering from lost devices, missing chargers, or a data breach.
Have you ever sat at an airport gate wondering why it looked so empty? You then found out that your gate had changed, and you had no idea. You go rushing to the other end of the concourse, hoping you’re not too late.
How did everyone else know about the gate change? They most likely had the app for the airline and received a notification.
Before you leave for a trip, make sure to download any apps you may need. It’s better to download them when you’re at home on your own Wi-Fi. If you wait until you’re at the airport, reception may be an issue.
Some of the apps you may want to grab or update before your trip are:
People leave behind countless chargers and adapters every day. They litter airports, restaurants, and train stations around the world. Make sure to bring a backup charger for your laptop, tablet, or phone. Otherwise, you may find yourself paying a premium for a new charger in a gift shop. Your device could also go black if you lose its charger and can’t quickly get a new one.
A great way to ensure you have the power you need is to buy a small charging battery. You can find these in most major retailers or online. They are small “blocks” that hold a charge and can power up a cell phone in a pinch.
Having this extra backup also helps you avoid potential juice-jacking ports. These are fake or compromised public USB charging ports. Hackers use them to steal your data when you plug in.
If you’re traveling out of the country, you’ll want to check your mobile plan. If you don’t have the ability to call internationally, then you may not be able to text or call home.
Carriers can add an international capability to your plan, but ask about pricing. It can get expensive if you’re on long calls or using mobile data. An alternative is to set up a VoIP app you can use with your office, friends, or family while you’re traveling. These enable both calls and SMS, but you do need an internet connection.
Free Wi-Fi may be a welcome site when you’re on the road, but it can also be dangerous. You don’t know who else is using that Wi-Fi. A hacker hanging out on the connection can easily steal your data if you’re not protected.
It’s better to use either your mobile carrier connection or a virtual private network (VPN) app. VPN plans are inexpensive and will keep your data encrypted, even if you’re on public Wi-Fi.
Unfortunately, mishaps occur when traveling. You may leave your phone behind on a boat, have your luggage lost, or get your device stolen while in a crowded area.
10% of all laptop thefts happen in airports.
Don’t lose all your data with the device! Back up your devices to the cloud or local storage before you travel. This ensures that you won’t lose the valuable information on your device. You also won't need to think twice about enacting a remote “wipe my device” command if necessary.
Make your devices as secure as possible before you hit the road. When we’re traveling, our minds are occupied by other things. So, you may not think to check your antivirus or avoid suspicious phishing links.
Protect your devices before you go using:
What do we mean by checking your double-checks? Use the buddy system as a backup. When the family is getting off a plane, each should check with the other that they have all their devices.
If you’re traveling alone, have a friend or family member check up by text. Did you grab your charger? Is your VPN turned on?
Those little reminders can go a long way toward avoiding digital travel nightmares.
Don’t leave your devices unprotected. This could mean a breach of your banking app or personal data. Contact us for device security solutions to reduce your risk.
This Article has been Republished with Permission from The Technology Press.
Cybersecurity insurance is still a pretty new concept for many SMBs. It was initially introduced in the 1990s to provide coverage for large enterprises. It covered things like data processing errors and online media.
Since that time, the policies for this type of liability coverage have changed. Today’s cyber insurance policies cover the typical costs of a data breach. Including remediating a malware infection or compromised account.
Cybersecurity insurance policies will cover the costs for things like:
Data breach volume and costs continue to rise. 2021 set a record for the most recorded data breaches on record. And in the first quarter of 2022, breaches were up 14% over the prior year.
No one is safe. Even small businesses find they are targets. They often have more to lose than larger enterprises as well. About 60% of small businesses close down within 6 months of a cyber incident.
The increase in online danger and rising costs of a breach have led to changes in this type of insurance. The cybersecurity insurance industry is ever evolving. Businesses need to keep up with these trends to ensure they can stay protected.
Here are some of the cyber liability insurance trends you need to know about.
The average cost of a data breach is currently $4.35 million (global average). In the U.S., it’s more than double that, at $9.44 million. As these costs continue to balloon, so does the demand for cybersecurity insurance.
Companies of all types are realizing that cyber insurance is critical. It’s as important as their business liability insurance. Without that protection, they can easily go under in the case of a single data breach.
With demand increasing, look for more availability of cybersecurity insurance. This also means more policy options, which is good for those seeking coverage.
With the increase in cyberattacks has come an increase in insurance payouts. Insurance companies are increasing premiums to keep up. In 2021, cyber insurance premiums rose by a staggering 74%.
The costs from lawsuits, ransomware payouts, and other remediation have driven this increase. Insurance carriers aren’t willing to lose money on cybersecurity policies. Thus, those policies are getting more expensive. This is at the same time as they are more necessary.
Certain types of coverage are getting more difficult to find. For example, some insurance carriers are dropping coverage for “nation-state” attacks. These are attacks that come from a government.
Many governments have ties to known hacking groups. So, a ransomware attack that hits consumers and businesses can very well be in this category.
In 2021, 21% of nation-state attacks targeted consumers, and 79% targeted enterprises. So, if you see that an insurance policy excludes these types of attacks, be very wary.
Another type of attack payout that is being dropped from some policies is ransomware. Between Q1 and Q2 of 2022, ransomware attacks increased by 24%.
Insurance carriers are tired of unsecured clients relying on them to pay the ransom. So many are excluding ransomware payouts from policies. This puts a bigger burden on organizations. They need to ensure their backup and recovery strategy is well planned.
Just because you want cybersecurity insurance, doesn’t mean you’ll qualify for it. Qualifications are becoming stiffer. Insurance carriers aren’t willing to take chances. Especially on companies with poor cyber hygiene.
Some of the factors that insurance carriers look at include:
You’ll often need to fill out a lengthy questionnaire when applying for insurance. This includes several questions about your cybersecurity situation. It’s a good idea to have your IT provider help you with this.
This can seem like a lot of work that you have to do to qualify for cyber insurance. As you review the questions, your IT partner can identify security enhancements. Just like other forms of insurance, if you take steps to reduce risk, it can often reduce your premiums.
So, it pays to do a cybersecurity review before applying for cyber insurance. You can save yourself time and money. It can also fortify your defenses against cyberattacks.
Cybersecurity coverage and insurance applications can be complex. If you answer wrong on a question, it can mean paying hundreds more in premiums than you should.
If you’re considering cybersecurity insurance, don’t go it alone. Give us a call and schedule a consultation. We can explain the policy details and provide guidance.
This Article has been Republished with Permission from The Technology Press.
The new year has just begun and it’s a time of renewal as we plan for the possibilities to come in 2023. It’s also a time when you need to plan for resiliency in the face of ever-present cyberattacks.
Sixty-eight percent of surveyed business leaders feel that cybersecurity risks are getting worse. They have a good reason. Attacks continue to get more sophisticated. They are also often perpetrated by large criminal organizations. These criminal groups treat these attacks like a business.
In 2021, the average number of global cyberattacks increased by 15.1%.
To protect your business in the coming year, it’s important to watch the attack trends. What new methods are hackers using? What types of attacks are increasing in volume? Knowing these things is important. It helps you better update your IT security to mitigate the risk of a data breach or malware infection.
We’ve pulled out the security crystal ball for the upcoming year. And we've researched what cybersecurity experts are expecting. Here are the attack trends that you need to watch out for.
The world has been buzzing about 5G for a few years. It is finally beginning to fulfill the promise of lightning-fast internet. As providers build out the infrastructure, you can expect this to be a high-attack area.
Hackers are looking to take advantage of the 5G hardware used for routers, mobile devices, and PCs. Anytime you have a new technology like this, it’s bound to have some code vulnerabilities. This is exactly what hackers are looking to exploit.
You can prepare by being aware of the firmware security in the devices you buy. This is especially true for those enabled for 5G. Some manufacturers will build better firmware security into their designs than others. Make sure to ask about this when purchasing new devices.
This alarming new trend is designed to get past one of the best forms of account security. Multi-factor authentication (MFA) is well-known as very effective at preventing fraudulent sign-in attempts. It can stop account takeovers even in cases where the criminal has the user’s password.
There are a few different ways that hackers try to bypass MFA. These include:
During the pandemic, the cyberattack volume increased by approximately 600%. Large criminal hacking groups have realized that world events and disasters are lucrative.
They launch phishing campaigns for world events. Attacks come for everything from the latest hurricane or typhoon to the war in Ukraine. Unsuspecting people often fall for these scams. This is because they are often distracted by the crisis.
People need to be especially mindful of scams surrounding events like these. They will often use social engineering tactics, such as sad photos, to play on the emotions.
Mobile devices go with us just about everywhere these days. This direct connection to a potential victim is not lost on cybercriminals. Look for more mobile device-based attacks, including SMS-based phishing (“smishing”).
Many people aren’t expecting to receive fake messages to their personal numbers. But cell numbers are no longer as private as they once were. Hackers can buy lists of them online. They then craft convincing fake texts that look like shipping notices or receipts. One wrong click is all it takes for an account or data breach.
Mobile malware is also on the rise. During the first few months of 2022, malware targeted to mobile devices rose by 500%. It’s important to ensure that you have good mobile anti-malware. As well as other protections on your devices, such as a DNS filter.
These days, phishing emails are not so easy to spot. It used to be that they nearly always had spelling errors or grainy images. While some still do, most don’t.
Criminal groups elevate today's phishing using AI and machine learning. Not only will it look identical to a real brand’s emails, but it will also come personalized. Hackers use these tactics to capture more victims. They also allow hackers to send out more targeted phishing messages in less time than in years past.
Is your business prepared for the cyber threats coming in 2022? Don’t wait to find out the hard way! Give us a call and schedule a cybersecurity check-up to stay one step ahead of the digital criminals.
This Article has been Republished with Permission from The Technology Press.
The global home security market has been growing by leaps and bounds. By 2026, experts expect the market to expand at a rate of 20.1%. This is on top of an expected increase of 21.6% from 2021 to 2022.
From Ring doorbell cams to entire home security systems, consumers want these solutions. Watching your front door from afar has never been so easy. With cloud-based video streams, homeowners can view any part of their home.
Sharing doorbell camera shots on neighborhood social media groups is now common. These home security systems also provide peace of mind at a wallet-friendly cost.
But don’t let the ease of setup fool you. Home security cameras can open your family up to risks if you don’t take precautions. Often, people are so excited to see what they can do, they don’t stop to think about device security.
There are horror stories online about hacked video cameras. This includes strangers saying disturbing things through those cameras to children.
Additionally, in 2019, Ring suffered a data breach. That breach exposed the personal data of over 3,000 Ring users. This included usernames and passwords.
It’s enough to make you reconsider your decision to add extra security. But don’t let those incidents scare you off. You can properly secure a home video camera system to ensure it’s not breached.
Here are some of the things you should do for a safe home security setup.
You access an IP security camera via the internet. Any commands going to the system or footage coming from it go through your router. So, you need to make sure that your router is properly secured.
Hackers breach routers so they can get to the devices connected to that network. Ensure your router security protocol is no lower than WPA2. The next generation, WPA3, is even better. These protocols govern the protection of data transmitted through the wireless network.
Give the router a strong password that is at least 12 characters long. Software can crack a password of only 8 standard characters instantly. But a 12-character password with at least one upper case letter, number, and symbol takes 34,000 years.
You also need a strong password for your security system’s admin account. You should also change the default device and username. Hackers have lists of all these device defaults and use them to break into these systems.
Changing the default username and password for the device should be one of the first things you do. Otherwise, it could be mere minutes after you connect to the internet that you’re hacked.
You don’t want the footage from your cameras transmitted for anyone to grab and watch. Make sure the security system you choose notes SSL/TLS. Or another standard encryption.
This ensures that the data cannot be intercepted and accessed. SSL is short for Secure Sockets Layer, and TLS is short for Transport Layer Security. Without a form of encryption, a hacker can easily breach your device.
If your security system has an automatic update feature, turn that on. Unfortunately, many users don’t think about updating their device software. This leaves it more vulnerable to a hack.
Updates often include important security fixes for found vulnerabilities. You want to make sure updates install promptly. That’s why automating this is best.
Do you have several family members accessing your cloud-based security device? If so, set up some access levels. Not everyone needs to be at an administrator level.
Hackers love it when they can breach the login of an admin user for an account. This gives them more privileges, like changing settings. Giving lower-level privileges, such as “view only,” to most family members improves security.
There will be various security features that are available with your system. Manufacturers often do not enable all security settings by default. The user must turn all or some of them on.
If you’re unsure of what settings should be on or off, we’ll be happy to help. Some home security systems have generous sharing options. This can be an invitation for hackers. You want to restrict these as much as possible.
Most people access their security cam through their smartphone. Make sure that you secure yours and keep it updated with the latest operating system. Hackers can gain access to a security system through a device with weak safeguards.
Add things like:
Give us a call and schedule a visit. We’ll be happy to help you ensure your security system is set up with best practices.
This Article has been Republished with Permission from The Technology Press.
There is a reason why phishing is usually at the top of the list for security awareness training. For the last decade or two, it has been the main delivery method for all types of attacks. Ransomware, credential theft, database breaches, and more launch via a phishing email.
Why has phishing remained such a large threat for so long? Because it continues to work. Scammers evolve their methods as technology progresses. They use AI-based tactics to make targeted phishing more efficient, for example.
If phishing didn’t continue working, then scammers would move on to another type of attack. But that hasn’t been the case. People continue to get tricked. They open malicious file attachments, click on dangerous links, and reveal passwords.
In May of 2021, phishing attacks increased by 281%. Then in June, they spiked another 284% higher.
Studies show that as soon as 6 months after training, phishing detection skills wane. Employees begin forgetting what they've learned, and cybersecurity suffers as a result.
Want to give employees a “hook” they can use for memory retention? Introduce the SLAM method of phishing identification.
One of the mnemonic devices known to help people remember information is the use of an acronym. SLAM is an acronym for four key areas of an email message to check before trusting it.
These are:
S = Sender
L = Links
A = Attachments
M = Message text
By giving people the term “SLAM” to use, it’s quicker for them to check suspicious email. This device helps them avoid missing something important. All they need to do use the cues in the acronym.
It’s important to check the sender of an email thoroughly. Often scammers will either spoof an email address or use a look-alike. People often mistake a spoofed address for the real thing.
In this phishing email below, the email address domain is “@emcom.bankofamerica.com.” The scammer is impersonating Bank of America. This is one way that scammers try to trick you, by putting the real company’s URL inside their fake one.
You can see that the email is very convincing. It has likely fooled many people into divulging their personal details. People applying for a credit card provide a Social Security Number, income, and more.
Doing a quick search on the email address, quickly reveals it to be a scam. And a trap used in both email and SMS phishing attacks.
It only takes a few seconds to type an email address into Google. This allows you to see if any scam warnings come up indicating a phishing email.
Hyperlinks are popular to use in emails. They can often get past antivirus/anti-malware filters. Those filters are looking for file attachments that contain malware. But a link to a malicious site doesn’t contain any dangerous code. Instead, it links to a site that does.
Links can be in the form of hyperlinked words, images, and buttons in an email. When on a computer, it’s important to hover over links without clicking on them to reveal the true URL. This often can immediately call out a fake email scam.
When looking at email on a mobile device, it can be trickier to see the URL without clicking on it. There is no mouse like there is with a PC. In this case, it’s best not to click the URL at all. Instead go to the purported site to check the validity of the message.
File attachments are still widely used in phishing emails. Messages may have them attached, promising a large sale order. The recipient might see a familiar word document and open it without thinking.
It’s getting harder to know what file formats to avoid opening. Cybercriminals have become savvier about infecting all types of documents with malware. There have even been PDFs with malware embedded.
Never open strange or unexpected file attachments. Use an antivirus/anti-malware application to scan all attachments before opening.
We’ve gotten great at scanning through text as technology has progressed. It helps us quickly process a lot of incoming information each day. But if you rush through a phishing email, you can miss some telltale signs that it’s a fake.
Look at the phishing example posted above in the “Links” section. There is a small error in grammar in the second sentence. Did you spot it?
It says, “We confirmation that your item has shipped,” instead of “We confirm that your item has shipped.” These types of errors can be hard to spot but are a big red flag that the email is not legitimate.
Both awareness training and security software can improve your defenses against phishing attacks. Contact us today to discuss your email security needs.
This Article has been Republished with Permission from The Technology Press.
Ready To Get Started?
REQUEST A FREE QUOTE!
© 2023 RYC Business IT