Watch Out for Cyber Attacks this Holiday Season

watch out for cyber attacks this holiday season. technology challenges

Cyber security is something we all need to worry about, but the holiday season may make us more vulnerable to certain kinds of cyber attacks, most of which revolve around holiday shopping.

Here are some of the scams that tend to show up this time of year:

E-Skimming

The target of e-skimming is company’s online stores. The attackers tend to go for medium-sized companies that have a good number of customers but don’t have the cybersecurity resources of, say, Amazon. They insert malicious code into the shopping cart that harvests personal information when you buy something. While there is only so much you can do, using a strong password or passphrase is helpful.

Public Wi-Fi Problems

If you shop in the store, you might think you are safe from cyberattacks. However, with more and more people hooking up a device to the internet during their shopping trip, whether while taking a break or to compare prices on an item, scammers have a window. Malls and stores offer free wi-fi, and this can be compromised. Public wi-fi can be vulnerable to hackers, and rogue operators may also set up fake wi-fi networks, tricking you to connecting to them instead. Avoid connecting to public wi-fi, and if you must, be very careful what you do on it. Never do financial transactions over public wi-fi and if you use it regularly consider getting a VPN.

Scammy Social Media Promotions

We’re all looking for deals this time of year. And promotions show up all over social media. They might offer free gift card codes, free giveaways, massive discounts on items. In some cases these promotions are designed to trick you into clicking on an infected website. They might also be trying to get your personal information in exchange or a free item that is either extremely cheap or doesn’t even exist. If a promotion looks too good to be true, it is.

Phishing

Phishing spikes around the holiday season, particularly in certain areas. The following are particularly common:

  • Promotions or giveaways that are too good to be true, as the social media promotions above.
  • Fake notices from your bank telling you a large purchase was made. As a note, if you are a victim of credit card fraud, your bank will call you, not email you, and if they do you should always hang up and call the number on the card, rather than talking to the person who called them.
  • Phony invoices, shipping status alerts, receipts, or order cancellation notices for goods you never ordered or purchased. All of these come with malicious links that if you click on them will take you to the scammer’s site. Often these are attempts to harvest login credentials for major e-commerce sites. If you know you didn’t order the item, ignore the notice. If it’s a real shipping status alert for a gift, then you should be able to check with the person who sent it to you.

Cloned Websites

Website cloning is when the scammers reverse engineer a copy of a real website. It’s often extremely hard for even tech savvy users to realize they are on a clone. E-commerce sites are common victims of website cloning. The scammers will buy a URL that is one character away from the original (typo squatting) and then buy Google ads so it shows up higher. Or they will hack the actual site and add redirects. (Be aware that this is also a common travel scam, usually victimizing hotels and people booking rooms). If you do fall victim to a clone, disputing the charges with your credit card company will usually get you redress.

The holiday season is a time when we’re all stressed and rushed, and scammers will take advantage of that. Be particularly careful. Don’t click on links in email, don’t get fooled by too-good-to-be-true promotions and make sure you’re on the site you think you are on.

For more cyber security advice, contact 4 Corner IT.

7 Cyber Security Basics to Teach Your Employees

7 cyber security basics to teach your employees

When people hear “cyber crime,” they will often picture a malicious, shadowy figure doing complex hacking to break into a system. The reality is that the danger is much more likely to be from your own staff.

Employee negligence is the biggest risk to cyber security for American companies, with human error being the main cause behind 47 percent of data breaches in a 2018 survey. In order to fight this, managers need to train their staff to identify risks, protect company data, and use different security tools effectively.

Clean Desk Policy

Papers and documents on an employee’s desk present a significant security risk. A clean desk policy dictates how these should be stored and ensures desks are kept clear of sensitive information. Best practices include making sure you have the policy in writing, communicate it often, enforce it all levels of the organization, and provide appropriate storage options. You should also encourage a culture of prioritizing digital files over print-outs.

Identifying Phishing

Phishing (getting you to click on a malicious link or file) is one of the simplest and most common ways that hackers try to take advantage of your employees. Luckily, while some phishing emails are exceptionally well-made, the vast majority of them can be spotted from a mile away.

According to CNET, a combination of common sense, grammar and spelling checks, protective browser extensions, and a healthy amount of suspicion toward any email that tells you to “act immediately” will help you identify most scams.

Updating Software

Out-of-date software is vulnerable software. All employees need to know the importance of keeping all software updated, including any necessary patches. However, simply clicking the “Update” button whenever prompted doesn’t quite cut it because several vulnerabilities will be harder to spot and keep track of. A patch-management system is an extremely useful tool for this, and there are several free options available for businesses on a budget.

Smart Password Management

Common password errors made by employees include using weak passwords, using the same password for everything, and writing down passwords in unsafe places (like a post-it on the screen). A password manager can solve all of these problems, giving your employees a central location in which to securely store complex, individual passwords. Wirecutter rates 1Password as the best available, with the free version of LastPass being the top budget choice.

Social Media Awareness

While employees are usually told to positively represent the company online, little is said about the potential of social media to affect security. According to Forbes, social media posts by employees are often used to tailor attacks like phishing emails, so people should be careful about the information they share online. Also, access to company social media accounts should be spread among several people, and passwords should be stored on a password manager.

Using a VPN

According to PC Mag, any company that stores important data in the cloud or that employs remote staff should be looking to protect their connections with a VPN. Essentially, a VPN provides secure encryption and connection at a fraction of the price of more complex security systems. Make sure any staff using the VPN connection is fully trained in what it does and how to use it effectively and professionally.

Data Recovery Plan

Your company should have an overall data recovery policy, but it can also be useful to teach your employees how they can quickly react to data loss. Secure Data Recovery has an extensive guide to data recovery and data breach protection for several types of operating systems. Simply identifying which sections are relevant to your company and circulating this information can help protect your company’s data.

Remember that staff training should be ongoing. Most of the above practices will take time to become second nature for employees, so it’s up to you to provide regular reminders and incorporate security into the company culture. It will take a bit of time, but with the right tools and training, you will end up with a business that is significantly better protected against cyber crime.

Contact Us Today!

Check Out These 10 Scary 2019 Cybersecurity Statistics

tips for protecting your business from a cyber attack computer tip of the day. Cybersecurity statistics

In today’s world with everything being put on the World Wide Web, there is seen a rapid increase in cybersecurity threats. Often small businesses do not invest enough money and energy into foolproofing their data. As a result, such businesses can become susceptible to threats and attacks from the cyberspace. We have collected cybersecurity statistics from the year 2019.

If you are a small business owner then the following statistics might interest you. 

10 Scary 2019 Cybersecurity Statistics

  1. Email is the most common way in which a cyber attack can occur. About 95% of successful cyberattacks are the result of phishing scams. And even though 78 percent of employees are aware of the risks of clicking on a suspicious email link, they still do it.
  2. According to this source, of the 269 billion emails sent and received in 2017, 39% was spam.
  3. And as per the same report mentioned in the point above, cyber attackers target small businesses 43% of the time over others.
  4. According to this report, about 46% of websites have high levels of cybersecurity vulnerabilities. A high vulnerability means that attackers can fully compromise the confidentiality of the website data. And a whopping 87% of websites show medium level security vulnerabilities.
  5. And even then, only 32% of businesses are successful in discovering their cybersecurity breaches.
  6. In 2019, a business becomes a victim of a ransomware attack every 14 seconds. By 2021 this time is predicted to become 11 seconds.
  7. Research published in 2019 shows that of all the accounts hacked globally, 23.2 million of them used a simple 123456 as their password. 
  8. As of today, only 36% of business have cybersecurity policies in place. Businesses spend an average of only 2% of their IT budget on security.
  9. From 2017 to 2019, the average cost to business from a cyberattack has increased to 71%. In fact, by 2021 cybercrime will reach a global cost of over $6 trillion per year.
  10. A study by Juniper Research predicts that by 2023, 33 billion records will be stolen.

But do not let such facts scare you. In fact, most of the threats from cybersecurity can be handled by imparting proper training to the employees. Hence as a business owner, you should seriously consider investing in cyberlearning programs so that you can be ready in the offhand chance of a data breach. 

Now Safely Use Any Internet Connection with a VPN

now safely use any internet connection with a vpn

You may have already heard some of the hype about Virtual Private Networks. A VPN works by masking the user’s IP address so their true identity and location remain unknown. They permit anonymity and keep others from tracking web activities. The internet connection is rerouted through remote servers to accomplish this. Governmental and geographic boundaries can often be circumvented. These networks bring possibilities of avoiding censorship and allow anonymous material downloading or streaming.

For those in both the business and personal worlds, one of their greatest benefits is the ability they give to utilize public WiFi networks safely and securely. Rapid, secure, effective communications are now possible anywhere internet connections exist.

Public WiFi Use Risks

How many businesses have representatives who work out of the office in one capacity or another? The short answer is a substantial percentage, with the amount continuing to increase. Personal or business emails, phone communications, chat room conversations, and passwords were all at severe risk from hackers in public WiFi areas until the coming of VPNs. With a VPN, business can be conducted by company representatives anywhere without fear of these hackers stealing valuable information. And personal use is safe as well.

How VPNs Work

How does a VPN work? The Virtual Private Network not only masks your identity and location, it utilizes encryption to secure your data. This encryption can only be decrypted by legitimate recipients in the network. Think of it as a secure information passageway, accessible only to those with proper credentials and encryption. This secure information passageway makes any information virtually impossible to hack.

Business and Personal Benefits

Communicating important information more securely, quickly, and concisely has always been an advantage. In centuries past, distant armies sometimes waged war for extended periods after hostilities ceased because communications were so glacially slow. When the telephone was first invented, nobody had any idea how its vast communication networks would change the world. The same was true with computer technology. Advances in computer and communication technology tend to build on earlier technology, to be cumulative. VPNs are certainly another forward step that brings significant advantages to both business and personal computing.

Contact 4 Corner IT today to find out more about VPNs or IT support for the latest in computer technology.

Backup Data Offsite to Thwart Cyber Criminals

backup data offsite to thwart cyber criminals

Time and time again, managed service providers have stressed the importance of completing regular data backups, even for very small businesses. As even these small businesses have come to rely on their data more and more, most companies do understand why backing up their data is a very smart move on their part. Unfortunately cyber criminals are always on the lookout for additional targets and they do seem to target businesses much more than simple personal users. While performing regular backups is still a must, it’s important to discuss one additional aspect of backing up data that can make or break a company if the worst should happen and they become a target of a cyber thief.

Onsite Backups

If a company never encounters a threat from a cyber criminal, an onsite backup would still be an invaluable asset to have in the event of equipment failure or some other internal failure. All a company would have to do is restore their most recent backup, check for any issues, and once given the all clear sign, employees could continue their work.

The problem with onsite backups is that once a cyber criminal gains access to a company’s network, they likely can gain access to their onsite backup as well. In the case of a ransomware attack, a cyber criminal could hold the data of an entire company hostage, including their onsite backup. Either the company pays the ransom or they face potentially losing all their vital business data.

Offsite Backups

The above scenario is precisely why service providers not only encourage regular backups, but they also encourage companies to store a copy of their backups in an offsite location. As everyone becomes more dependent upon their business data to function, it’s a perpetual race to see whether the cyber criminals will take advantage of vulnerable institutions, or whether companies will start taking their business data seriously and take concrete steps to protect this vital asset.

If you would like to know more about establishing an offsite location for your data backups, please contact us.

Also, checkout our cabling services!