Watch Out for Cyber Attacks this Holiday Season

watch out for cyber attacks this holiday season. technology challenges

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.

7 Cyber Security Basics to Teach Your Employees

7 cyber security basics to teach your employees

When people hear “cyber crime,” they will often picture a malicious, shadowy figure doing complex hacking to break into a system. The reality is that the danger is much more likely to be from your own staff.

Employee negligence is the biggest risk to cyber security for American companies, with human error being the main cause behind 47 percent of data breaches in a 2018 survey. In order to fight this, managers need to train their staff to identify risks, protect company data, and use different security tools effectively.

Clean Desk Policy

Papers and documents on an employee’s desk present a significant security risk. A clean desk policy dictates how these should be stored and ensures desks are kept clear of sensitive information. Best practices include making sure you have the policy in writing, communicate it often, enforce it all levels of the organization, and provide appropriate storage options. You should also encourage a culture of prioritizing digital files over print-outs.

Identifying Phishing

Phishing (getting you to click on a malicious link or file) is one of the simplest and most common ways that hackers try to take advantage of your employees. Luckily, while some phishing emails are exceptionally well-made, the vast majority of them can be spotted from a mile away.

According to CNET, a combination of common sense, grammar and spelling checks, protective browser extensions, and a healthy amount of suspicion toward any email that tells you to “act immediately” will help you identify most scams.

Updating Software

Out-of-date software is vulnerable software. All employees need to know the importance of keeping all software updated, including any necessary patches. However, simply clicking the “Update” button whenever prompted doesn’t quite cut it because several vulnerabilities will be harder to spot and keep track of. A patch-management system is an extremely useful tool for this, and there are several free options available for businesses on a budget.

Smart Password Management

Common password errors made by employees include using weak passwords, using the same password for everything, and writing down passwords in unsafe places (like a post-it on the screen). A password manager can solve all of these problems, giving your employees a central location in which to securely store complex, individual passwords. Wirecutter rates 1Password as the best available, with the free version of LastPass being the top budget choice.

Social Media Awareness

While employees are usually told to positively represent the company online, little is said about the potential of social media to affect security. According to Forbes, social media posts by employees are often used to tailor attacks like phishing emails, so people should be careful about the information they share online. Also, access to company social media accounts should be spread among several people, and passwords should be stored on a password manager.

Using a VPN

According to PC Mag, any company that stores important data in the cloud or that employs remote staff should be looking to protect their connections with a VPN. Essentially, a VPN provides secure encryption and connection at a fraction of the price of more complex security systems. Make sure any staff using the VPN connection is fully trained in what it does and how to use it effectively and professionally.

Data Recovery Plan

Your company should have an overall data recovery policy, but it can also be useful to teach your employees how they can quickly react to data loss. Secure Data Recovery has an extensive guide to data recovery and data breach protection for several types of operating systems. Simply identifying which sections are relevant to your company and circulating this information can help protect your company’s data.

Remember that staff training should be ongoing. Most of the above practices will take time to become second nature for employees, so it’s up to you to provide regular reminders and incorporate security into the company culture. It will take a bit of time, but with the right tools and training, you will end up with a business that is significantly better protected against cyber crime.

Contact Us Today!

Is Your Business WiFi Network Secure?

is your business wifi network secure

More and more businesses rely on their internet connection to provide outstanding customer service. Additionally, to support the productivity levels of virtually every employee in their company. Not only is it important for everyone to have good access to the router, it’s also vital to ensure that only employees have access to business WiFi. Here are some tips for small businesses to properly secure their corporate WiFi router.

Place in a Secure Location

Many companies have customers, contractors, sales personnel, etc. walking in and out of their place of business throughout the work day. In order to keep the corporate router physically secure, it should be placed in an area that has restricted access. Only those employees who are trained in the use of the router should be given access to it.

Secure the Settings

When setting up a new router, don’t keep the default login information. Pick a different username and password and only provide those two pieces of information on a need to know basis. A password should be a strong password. Meaning it should be at least 15 characters in length and consist of a mix of letters (upper and lower case), numbers, and special characters. It’s also a good idea to regularly change the password. Companies who utilize a significant amount of private customer information may want to change the password on a monthly basis. Others who deal with little private data may want to change their router password every 6 months or perhaps annually.

It’s also a good idea to change the default network name of the router. That way, hackers can’t look at the router name to determine which manufacturer and model they are attempting to hack.

Routers also have a WPS (WiFi Protected Setup) setting that is best disabled. This particular feature is designed to pair the router with a device at the press of a button. That’s great if the device is one that an employee is using for work-related tasks, but if an outsider is physically near enough to the router signal, they should not be allowed to pair their device with your router.

Updates

Lastly, keep your router up to date with all the manufacturer firmware updates, along with software updates for any network security your company uses as well. Technology companies often send out updates after they discover security issues, so staying abreast of updates means less chance for your company to fall victim to a security problem. 

If you have more questions regarding how to properly secure your router, please contact us!

Check Out These 10 Scary 2019 Cybersecurity Statistics

tips for protecting your business from a cyber attack computer tip of the day. Cybersecurity statistics

In today’s world with everything being put on the World Wide Web, there is seen a rapid increase in cybersecurity threats. Often small businesses do not invest enough money and energy into foolproofing their data. As a result, such businesses can become susceptible to threats and attacks from the cyberspace. We have collected cybersecurity statistics from the year 2019.

If you are a small business owner then the following statistics might interest you. 

10 Scary 2019 Cybersecurity Statistics

  1. Email is the most common way in which a cyber attack can occur. About 95% of successful cyberattacks are the result of phishing scams. And even though 78 percent of employees are aware of the risks of clicking on a suspicious email link, they still do it.
  2. According to this source, of the 269 billion emails sent and received in 2017, 39% was spam.
  3. And as per the same report mentioned in the point above, cyber attackers target small businesses 43% of the time over others.
  4. According to this report, about 46% of websites have high levels of cybersecurity vulnerabilities. A high vulnerability means that attackers can fully compromise the confidentiality of the website data. And a whopping 87% of websites show medium level security vulnerabilities.
  5. And even then, only 32% of businesses are successful in discovering their cybersecurity breaches.
  6. In 2019, a business becomes a victim of a ransomware attack every 14 seconds. By 2021 this time is predicted to become 11 seconds.
  7. Research published in 2019 shows that of all the accounts hacked globally, 23.2 million of them used a simple 123456 as their password. 
  8. As of today, only 36% of business have cybersecurity policies in place. Businesses spend an average of only 2% of their IT budget on security.
  9. From 2017 to 2019, the average cost to business from a cyberattack has increased to 71%. In fact, by 2021 cybercrime will reach a global cost of over $6 trillion per year.
  10. A study by Juniper Research predicts that by 2023, 33 billion records will be stolen.

But do not let such facts scare you. In fact, most of the threats from cybersecurity can be handled by imparting proper training to the employees. Hence as a business owner, you should seriously consider investing in cyberlearning programs so that you can be ready in the offhand chance of a data breach. 

How to Safely Use Any Internet Connection with a VPN

how to safely use any internet connection with a vpn

Whether you are working from home or in an office, a VPN (Virtual Private Network) has become the go-to option for many people who want to mask their current location. Most assume it’s because such individuals are doing some illegal activities. However, we live in a world where cyber criminals or hackers can quickly access your data just by using an internet connection. Furthermore, most of us love using public Wi-Fi hotspots without inspecting the network. As a result, our devices be it a laptop, or mobile phones are vulnerable to getting infected with malware and data theft.

Besides, most businesses have a remote or mobile workforce. As a result, they need to keep their data away from unwanted parties. This applies no matter the type of internet connection used. And that is where a good VPN comes in. Apart from enhancing security, a VPN increases productivity and allows you to access corporate resources remotely. With the availability of public Wi-Fi comes the need to know how to use any internet connection with a VPN safely. In this post, we will cover how a VPN works, how to use it to secure any internet connection, and the safest way to implement one.

How a VPN Works

When you use a VPN, your traffic and data are encrypted while in transit. This prevents any unwanted parties from accessing the data. Only people with approved devices will be able to access the data regardless of the remote location or the internet connection they are using. As a result, any device connected to your router will not see or access your web traffic. Since the traffic will appear as if it’s coming from the chosen VPN server, your IP address will also be hidden. Hiding your IP address will come in handy when you want to spoof your current geo-location.

How to Use VPN to Secure Any Internet

When you are working remotely, a VPN is the best way to protect your data and devices. We are constantly using the internet to communicate or send information via email, web, social media, and any other messaging app. We are sending all the data without any security or privacy whatsoever. This leaves internet users vulnerable to different types of criminals. You are even more vulnerable when using public internet or someone else’s Wi-Fi network.

With a VPN, you will have a private tunnel such that no matter which internet connection you use, anything that you send will be encrypted. While you might be tempted to use a proxy, what’s great about a VPN is that it covers all your internet activity. Which means you get total security.

VPN Implementation

There are various types of VPN. The best VPN should help you implement the right security strategy. It should also offer your business an affordable means of using any internet to access the company’s internal networks. With a reliable VPN, you will protect all your devices even when you are traveling. Remember, choose a VPN provider that has a server in the geo-location you prefer. The safest way to get a VPN that is right for you is to get it from a reputable provider whose specialty matches your goals.

Want to know more about the best VPN that meets your needs? Feel free to contact us anytime.