The Human Factor

If you haven’t noticed a large part of cybersecurity is based on the Human Factor. It is by far the weakest link in the chain of securing your IT environment.  If you choose to ignore this fact and neglect to implement a Cyber Security Awareness Plan then you are risking more than you can imagine. But if you decide that a Cyber Security Awareness Plan is the smart choice and the right thing to do you will not only help keep your Business IT secure but your most valuable asset – your employees – will benefit as well.

Educate your employees to be cyber savvy at work and they will enjoy the benefits at home as well. There are a few ways to get started with your Cyber Security Awareness plan.  I feel the most important first step is to let them know why you are doing it and how they will benefit. This way you are being up front with them that Cyber Security is paramount to the operation of business. You are also showing them their personal and family security is important to you. But it will be hollow succor unless you follow through.

When you implement your Cyber Security Awareness training program make sure you:

    • Explain how they can use your tips and techniques at home to keep their loved ones secure online.
    • Share your experiences and encourage them to participate with ideas.
    • Let them know if they make a mistake the best thing they can to is to report it immediately – don’t try to hide or ignore it.
    • Have them vote for a Cyber Security Awareness Champion. (or you can appoint one)
    • Have a plan to ensure your program will be an ongoing part of your company’s culture.

This is not a definitive list of what you will need to do but it is a good starting point.

If you would like some help teaching your employees to avoid phishing and other scams. This not only helps protect your company but your employee and their family as well from possible scams that can lead to Identity Theft or serious security breaches. Contact us HERE

Password Security

We have all heard password security says we should change our passwords regularly. We also should not ‘reuse’ passwords on different sites. This is sound advice but how many people really follow it. The numbers are shocking. Surveys taken consistently show that over 90% of people know they should not reuse passwords between sites but up to 83% still do.

A survey by Cyclonis confirms these numbers stating “an astounding 83.15% of respondents said they use the same password for multiple sites. …a small but shocking amount of users, 2.20%, said they use the same password for every single website.” You can read the full article at Cyclonis. They also have a nifty tool you can use to see how well you may or may not be doing regarding your password strength and reuse habits.

Businesses need to pay special attention to their password policies. According to an article on Security Boulevard almost 50% of people say there is no difference between the passwords they use at home and those they use at work.

Following a few simple rules can keep your personal information secure.

    • Longer passwords are better. Make sure they are over 8 characters minimum
    • Use Numbers, Special characters and Upper and lower case letters.
    • Replace letters with numbers or special characters. i.e. 3 for E, 5 for S, ! for i
    • Change your passwords regularly.

If you need a bit more encouragement think about it this way. First, if you reuse passwords or even just add a letter or number at the end it does not take any time to crack those passwords. You have to remember time is on the bad guys side. They can just sit back and let their computer do the work, even if it takes their password cracker days to crack.

If they get your email password they have access to all of your emails that have not been deleted. So that probably includes links to your bank, school, work, your kids school and other activities as well as possible purchases you have made.

Once they have the right information you are owned! The majority of people discover identity theft within 3 months but up to 15% of people don’t find out for more than 3 years. The cost to fix everything is tremendous. Not only financial burdens that can escalate to the millions and bankruptcy, there is also emotional stress. In addition you can count on missing days from work and possibly even lawsuits. Your credit will likely suffer as well and is something that you will be paying for for several years after you get everything straightened out.

Most of these problems can be solved or avoided by using a Security Awareness Program that includes a Password policy that can be easily implemented.

Safeguard your business with a Security Awareness Program that will help protect your business and show your employees how they can protect their families too. Contact us HERE

You have a payment in process…

Email Phishing Scams

Below is an email that is just phishy..
FYI As usual, I have disabled URL’s

subject: $41,361.35 sitting in our payment queue

Hey there,

You have a payment in process and will be credited to your account soon…

Amount: $15,102.80

VERIFY PAYMENT NOW <http://pt5.abellacarl.trade/btrevc>

If this email was sent to you by mistake, please ignore it.

Good luck,

Alfie Bentley
Snap Cash Support

This is among the type of spam/scam emails which may catch the unsuspecting person by surprise. Regardless of whether or not it brings a person to a site that downloads any malware, it certainly has the potential to get you put onto another mailing list that may not be so benign.

Among the ‘suspicious’ items in this email is that the unsubscribe link is very far down the page that is full of blank space. It also has a supposed “Report Abuse” link that has the same url as the unsubscribe link as shown below.

Unsubscribe
<http://www.lettermelater.com/unsubscribe.php?mid=1111111&email=********.***>  from this newsletter instantly.

Report Abuse
<http://www.lettermelater.com/unsubscribe.php?mid=1111111&email=********.***>

I suggest simply marking this email as junk/spam and if need be block the senders address.

 

Lock it up!

 

Cell Phone Security

Your cell phone is a very powerful device. It has the ability to take high resolution pictures, browse the internet, socialize on Facebook, give you turn by turn directions and even make video calls. You can message your friends and family, play games, read books and the list goes on. They are amazing little devices that we really need to secure better. they often store personal information and even payment and banking logins and passwords.

While you are probably more likely to lose your phone than have it getting hacked there are still simple precautions you should take.

First and foremost Lock the Screen. I know it is kind of inconvenient but it can really save you a lot of headaches and possible financial hardship if it is not locked and someone gets hold of your phone.

Only install apps from trusted sources. For android that would be Google Play, the Apple App Store for iPhones and Amazon App store for your Amazon Tablets. Get the picture? Of course you can also download apps from your cell carrier, they are also probably a safe bet.

Do the Updates. Yeah they are a bother but they really do help keep your phone more secure and running smoothly. As a matter of fact you should enable automatic updating. That way it will update when you are not using the device or you can set it for a specific time and you won’t have to worry if you are missing important patches.

Track It! Download and install an app that will allow you to track your device from a home computer over the internet. If your device is ever lost or stolen you will be able to locate the phone or if need be wipe its contents.

Application Privacy options. I recommend carefully reading the privacy statements when downloading any apps. If you are uncomfortable with the flashlight app having access to your contacts, photos and location search for one that will meet your needs without the access issues. Disable location for all apps and then go back and only allow location to be used for apps that absolutely need it., like Driving directions and phone locator.

TURN OFF LOCATION ACCESS to apps like facebook, twitter and other social media apps. If you are posting that you are on a cross country trip and a nefarious character sees it then you are basically letting them know you are out of town and your home is unattended.

Your mobile device is a very powerful part of your life. Make it as secure as possible and use it with care by following these few simple steps.

Phishing and Pharming

Two types of email scams out there to be watchful for are Phishing and Pharming.

You have likely heard of Phishing but what about Pharming? I will explain both to give you a clear picture of that both are and what you can do to keep from becoming a Pharmed Phish.

Lets start out with Phishing.

Generally a phishing email is designed to get the recipient to take an action. The email is crafted to scare or bait the recipient into clicking a link contained in the email. The link can lead you to a malicious website or even immediately begin downloading a malware package. The links are usually disguised or spoofed to make you think you will be heading to a familiar and safe website.

Pharming can be much the same.

Your email may have been scraped from a website of social media platform. The email is then sent out with the same intent of getting you to click a link or sometimes even opening the email can be enough. The link characteristics are much the same as in phishing – spoofed! The links can also have the same dangerous actions associated with them.

What can you do?

I suggest that you always have a preview pane to that the email does not actually open. This can protect you a little bit. Also set your email program to never automatically download pictures. You can set the trusted email senders individually to automatically show the images.

It is probably a good idea to initially view all emails as plain text and not as html. It is likely a safer way to get your emails and it will also speed up email retrieval.

As you probably got from the above you do not have to actually opt in  to get on someones email list. As is the case with most criminal activity, the phishers and pharmers and scammers do not care about the laws. Your email can be scraped and bought and sold without your consent or knowledge. Legitimate companies do follow the rules and laws and will not randomly scrape emails from the web and try to scam you.

If you receive unsolicited emails it is safer to just mark them as junk and block them than it is to attempt to unsubscribe.

Learn how you can teach your employees to avoid phishing and other scams. This not only helps protect your company but your employee and their family as well from possible scams that can lead to Identity Theft or serious security breaches. Contact us HERE