Technology Advisor Blog

Cybersecurity is Everyone's Job - Recommended Summer Reading.

Posted by Ann Westerheim on 7/24/18 2:56 PM

App_Security_400A new NIST (National Institute of Standards and Technology) guidebook says Cybersecurity is everyone's job.  While many people may believe that cyber threats are a technology problem looking for a technology solution, the data shows otherwise:  people are the weakest link.  Whether your organization is large or small, a mindset of security and ongoing user education will help keep your data safe.  Sometimes all it takes is ONE user clicking on the wrong link to cause a lot of damage.  

A recent article in SecurityIntelligence provides some helpful highlights of the report (this is a quick read), and the full NIST report is worth a review with your team.

We see too many small businesses that assume they're "under the radar" with respect to cyber attacks.  What too many people don't realize is that the modern threats are automated and all it takes is a few clicks to cause a lot of damage.  A mindset of security is needed to make sure ALL users take the threats seriously and can make informed decisions.  

We strongly recommend considering putting a formal training program in place to make sure your employees are educated.  The MA Data Security Law, HIPAA, and other industry regulations require employee training as part of their required standards.  The training platform is an easy and affordable way to do this, and you can also go with an ad hoc approach, but DO SOMETHING!

Tags: cybersecurity

A Creepy Twist on Ransomware - Using your hacked passwords

Posted by Ann Westerheim on 7/19/18 10:21 AM

HackerRecently there have been many reports on a clever twist on an old scam that's made more believable with your hacked password.  The email purports to be from a hacker who has compromised your computer and recorded you watching porn and will release the information to all your contacts if you don't pay the ransom (payable to a crypto currency account so it's not traceable).   

The added twist is that the the email opens with "I'm aware that <substitute password formerly used by recipient here> is your password".

Apparently the bad-actors have run scripts to pull emails and passwords from the Dark Web from major breaches such as the LinkedIn breach not too long ago.  In many cases, the recipients will note that the password hasn't been used in years, but it IS a password that they recognize, which still makes the threat very scary.  It does not mean that anyone was actually on your system.  

Whenever a major breach occurs, usernames and passwords wind up on the Dark Web and are bought and sold.  If you use Yahoo, EVERY credential has been breached, as an example.  LinkedIn and many popular sites have been hacked more than once in the past few years.

This underscores the importance of password management:  Use STRONG passwords, use DIFFERENT passwords for different sites, and CHANGE your passwords.  To help promote good password policies at your business, our recommended best practices include using a password manager and including Dark Web monitoring as part of your security policy.

For more detail, read the full article at Krebs on Security.

Tags: cybersecurity, cybersecurity, ransomware

Another Scam to Watch Out For:  "Neighbor Spoofing"

Posted by Ann Westerheim on 7/10/18 9:30 AM

cell phoneHave you experienced an increase in the number of "local" junk calls to your cell phone?  You're not alone.  Scammers have yet another tactic to get through to you by "spoofing" a phone number.  When your phone rings and you see a local number, you're more likely to pick up.  After you pick up, your number is proven to be a "real" number which is more valuable to scammers and the number of calls increases.  

In many cases, the calls are just your spoofed to be from your area code and the first three digits of your phone number, but keep in mind that the spoofed calls may be created to look like they come from your children's school or doctors office.  If you can't authenticate the caller, don't give any information over the phone.

What can you do?  Your phone carrier may allow you to block calls, but the scammers just keep changing the numbers.  Adding your number to the National Do Not Call Registry will help (worked well for me when I added my cell number!).   As always, make sure your employees are aware of these kind of scams.   We talk so much about cybersecurity and computers, we also want to remind users that phone scams are still in play.  The "human firewall" is important for phones too:  Think before you click AND think before you answer!

For more information check out this article from the Better Business Bureau:  https://www.bbb.org/en/us/article/news-releases/16670-a-new-kind-of-phone-scam-neighbor-spoofing

 

Tags: cybersecurity, spoofing

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.