Category: Cybersecurity

LinkedIn has become an invaluable platform for professionals. People use it to connect, network, and explore business opportunities. But with its growing popularity have come some red flags. There has been an increase in the presence of fake LinkedIn sales bots.

These bots impersonate real users and attempt to scam unsuspecting individuals. This is one of the many scams on LinkedIn. According to the FBI, fraud on LinkedIn poses a “significant threat” to platform users.

In this blog post, we will delve into the world of fake LinkedIn sales bots. We’ll explore their tactics and provide you with valuable tips. You’ll learn how to spot and protect yourself from these scams. By staying informed and vigilant, you can foster a safer LinkedIn experience.

Identifying Fake LinkedIn Sales Connections

Social media scams often play on emotions. Who doesn’t want to be thought of as special or interesting? Scammers will reach out to connect. That connection request alone can make someone feel wanted. People often accept before researching the person’s profile.

Put a business proposition on top of that, and it’s easy to fool people. People that are looking for a job or business opportunity may have their guard down. There is also an inherent trust people give other business professionals. Many often trust LinkedIn connections more than Facebook requests.

How can you tell the real requests from the fake ones? Here are some tips on spotting the scammers and bots.

Incomplete Profiles and Generic Photos

Fake LinkedIn sales bots often have incomplete profiles. They’ll have very limited or generic information. They may lack a comprehensive work history or educational background. Additionally, these bots tend to use generic profile pictures. Such as stock photos or images of models.

If a profile looks too perfect or lacks specific details, it could be a red flag. Genuine LinkedIn users usually provide comprehensive information. They do this to establish credibility and foster trust among their connections.

Impersonal and Generic Messages

One of the key characteristics of fake sales bots is their messaging approach. It’s often impersonal and generic. These bots often send mass messages that lack personalization. They may be no specific references to your profile or industry. They often use generic templates or scripts to engage with potential targets.

Legitimate LinkedIn users, typically tailor their messages to specific individuals. They might mention shared connections, recent posts, or industry-specific topics. Exercise caution If you receive a message that feels overly generic. Or one that lacks personalization. Be sure to scrutinize the sender’s profile before proceeding further.

Excessive Promotional Content and Unrealistic Claims

Fake LinkedIn sales bots are notorious for bombarding users. You’ll often get DMs with excessive promotional content and making unrealistic claims. These bots often promote products or services aggressively. Usually without offering much information or value.

They may promise overnight success, incredible profits, or instant solutions to complex problems. Genuine professionals on LinkedIn focus on building relationships. They try to provide valuable insights and engage in meaningful discussions. Instead of resorting to constant self-promotion.

Be wary of connections that focus solely on selling. And that don’t offer any meaningful content or engagement.

Inconsistent or Poor Grammar and Spelling

When communicating on LinkedIn, pay attention to the grammar and spelling of messages. You may dismiss an error from an international-sounding connection, but it could be a bot.

Fake LinkedIn sales bots often display inconsistent or poor grammar and spelling mistakes. These errors can serve as a clear sign that the sender is not genuine. Legitimate LinkedIn users typically take pride in their communication skills. They try to maintain a high standard of professionalism.

If you encounter messages with several grammatical errors or spelling mistakes, exercise caution. Investigate further before engaging with the sender.

Unusual Connection Requests and Unfamiliar Profiles

Fake LinkedIn sales bots often send connection requests to individuals indiscriminately. They may target users with little regard for relevance or shared professional interests.

Be cautious when accepting connection requests from unfamiliar profiles. Especially if the connection seems unrelated to your industry or expertise.

Take the time to review the requesting profile. Check their mutual connections, and assess the relevance of their content. Legitimate LinkedIn users are more likely to have a connection. They typically send connection requests to others with shared interests or professional networks.

Need Training in Online Security?

Spotting fake LinkedIn sales bots is crucial for maintaining a safe online experience. By being vigilant, you can protect yourself from potential scams.

AI is causing an increase in the sophistication of scams. You may need some help navigating what’s real and fake. Employees can also benefit by learning social media security.

Need help with personal or team cybersecurity training? We have a team of friendly experts that can improve your scam detection skills.

Contact TN Techs today to discuss your online security.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Cybersecurity has become paramount for businesses and individuals alike. Cyber threats abound, and data breaches and malware attacks are costly. Attacks come from all sectors, including the cloud tools you use every day.

The average employee uses 36 cloud-based services daily. Managing access to sensitive data and resources has become crucial. It’s a vital piece to maintaining robust security. One breached account in a business app can lead to significant consequences.

Login credentials are lucrative for hackers. Various online accounts can be a goldmine on the dark web. For example, an email administrator login can fetch between $500 to $140,000.

You need to ensure you’re addressing access management in your cybersecurity strategy. Otherwise, you could suffer serious financial consequences. Not to mention the loss of reputation that comes with a data breach.

We’ll look at six reasons access management has become essential to good data security. It plays a pivotal role in safeguarding valuable assets and ensuring data integrity.

Why Identity & Access Management (IAM) Should Be a High Priority

Mitigating Insider Threats

Insider threats can result from malicious actions or unintentional errors. They can come from employees within an organization or their breached accounts. IAM solutions enable businesses to install granular access controls and permissions. This ensures that employees have access only to the data necessary for their roles.

By minimizing excessive privileges organizations can reduce insider threats. Access management also provides visibility into user activities. It enables businesses to detect and respond to suspicious behavior in real-time.

Strengthening Data Protection

Data breaches can have severe consequences for businesses. They can lead to things like:

• Reputational damage
• Financial losses
• Regulatory penalties
• Permanent closure for those that can’t recover

Effective access management helps strengthen data protection. It does this by limiting access to sensitive information. As well as enforcing strong authentication measures.

Multi-factor authentication, encryption, and user authentication limit who can access what in a system. Access management solutions also enable organizations to track and control data transfers. This helps ensure that data remains secure throughout its lifecycle.

By implementing robust access controls, businesses can mitigate the risks. They reduce the chance of unauthorized data access. As well as protect their most valuable assets.

Enhancing Regulatory Compliance

Compliance with data privacy laws is a top priority for many organizations. IAM solutions play a vital role in ensuring regulatory compliance. They provide necessary controls and audit trails.

IAM tools also help companies adopt best practices, such as:

• Role-based access control (RBAC)
• Least privilege principles
• Contextual multi-factor authentication

Using access management, businesses can show compliance with regulatory requirements. IAM solutions also help with regular access reviews. They enable organizations to maintain an accurate record of user access and permissions. This is essential for regulatory audits and assessments.

Streamlining User Provisioning and Deprovisioning

Managing user accounts and access privileges manually can be a time-consuming process. It’s also prone to human error. Just one miskeyed entry can increase the risk of an account breach.

Access management solutions automate user provisioning and de-provisioning. This ensures that employees have appropriate access rights throughout their employment lifecycle.

When an employee joins an organization, access management simplifies the onboarding process. It quickly provisions the necessary user accounts and permissions based on their role.

When an employee leaves the organization, IAM tools ensure prompt de-provisioning of accounts. As well as the revoking of access rights. This reduces the risks of dormant or unauthorized accounts.

Remember the big data breach at Colonial Pipeline a few years back? The breach originated from an old unused business VPN account. One that had never been de-provisioned properly.

Streamlining user provisioning and de-provisioning enhances security and improves operational efficiency.

Enabling Secure Remote Access

Two things have largely changed the look of the traditional “office” in the last decade. These are the rise of remote work and the increasing reliance on cloud services. This change makes secure remote access vital for organizations.

IAM solutions provide secure authentication and authorization mechanisms for remote users. This enables them to access corporate resources and data securely. IAM is there whether employees are working from home, traveling, or accessing data via mobile. Access management ensures that they can do so without compromising security.

It includes features like:

• Virtual private networks (VPNs)
• Single sign-on (SSO)
• Multi-factor authentication (MFA)

These help secure remote access. While also maintaining the integrity and confidentiality of corporate data.

Improving Productivity

Using an identity and access management system can boost productivity. Imagine how much time your HR or IT team spends provisioning user accounts. It can take a significant amount of time to add all those login credentials. Not to mention deciding on user access permissions in each tool.

IAM systems automate this entire process. Using role-based access protocols, they can immediately assign the right level of access. If an employee leaves, the system can also immediately revoke access. This saves your administrative team considerable time and effort.

Get Help Putting a Strong IAM Solution in Place

Access management has evolved into a critical component of cybersecurity. It helps mitigate insider threats, strengthen data protection, enhance regulatory compliance, and more. We can help you put in place an IAM system that works for you.

Contact TN Techs today to schedule a chat about beefing up your access security.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

The number of apps and web tools that employees use on a regular basis continues to increase. Most departments have about 40-60 different digital tools that they use. 71% of employees feel they use so many apps that it makes work more complex.

Many of the apps that we use every day have various alerts. We get a “ping” when someone mentions our name on a Teams channel. We get a notification popup that an update is available. We get an alert of errors or security issues.

App fatigue is a very real thing and it’s becoming a cybersecurity problem. The more people get overwhelmed by notifications, the more likely they are to ignore them.

Just think about the various digital alerts that you get. They come in:

• Software apps on your computer
• Web-based SaaS tools
• Websites where you’ve allowed alerts
• Mobile apps and tools
• Email banners
• Text messages
• Team communication tools

Some employees are getting the same notification on two different devices. This just adds to the problem. This leads to many issues that impact productivity and cybersecurity.

Besides alert bombardment, every time the boss introduces a new app, that means a new password. Employees are already juggling about 191 passwords. They use at least 154 of them sometime during the month.

How Does App Fatigue Put Companies at Risk?

Employees Begin Ignoring Updates

When digital alerts interrupt your work, you can feel like you’re always behind. This leads to ignoring small tasks seen as not time-sensitive. Tasks like clicking to install an app update.

Employees overwhelmed with too many app alerts, tend to ignore them. When updates come up, they may quickly click them away. They feel they can’t spare the time right now and aren’t sure how long it will take.
Ignoring app updates on a device is dangerous. Many of those updates include important security patches for found vulnerabilities. When they’re not installed, the device and its network are at a higher risk. It becomes easier to suffer a successful cyberattack.

Employees Reuse Passwords (and They’re Often Weak)

Another security casualty of app fatigue is password security. The more SaaS accounts someone must create, the more likely they are to reuse passwords. It’s estimated that passwords are typically reused 64% of the time.

Credential breach is a key driver of cloud data breaches. Hackers can easily crack weak passwords. The same password used several times leaves many accounts at risk.

Employees May Turn Off Alerts

Some alerts are okay to turn off. For example, do you really need to know every time someone responds to a group thread? Or just when they @name you? But, turning off important security alerts is not good.

There comes a breaking point when one more push notification can push someone over the edge. They may turn off all the alerts they can across all apps. The problem with this is that in the mix of alerts are important ones. Such as an anti-malware app warning about a newly found virus.

What’s the Answer to App Fatigue?

It’s not realistic to just go backward in time before all these apps were around. But you can put a strategy in place that puts people in charge of their tech, and not the other way around.

Streamline Your Business Applications

From both a productivity and security standpoint, fewer apps are better. The fewer apps you have, the less risk. Also, the fewer passwords to remember and notifications to address.

Look at the tools that you use to see where redundancies may be. Many companies are using two or more apps that can do the same function.

Consider using an umbrella platform like Microsoft 365 or Google Workspace. These platforms include several work tools, but users only need a single login to access them.

Have Your IT Team Set up Notifications

It’s difficult for users to know what types of notifications are the most important. Set up their app notifications for them. This ensures they aren’t bombarded yet are still getting the important ones.

Automate Application Updates

A cybersecurity best practice is to automate device and software updates. This takes the process out of employees’ hands. It enhances productivity by removing unnecessary updates from their view.

Automating device updates through a managed services solution improves security. It also mitigates the chance there will be a vulnerable app putting your network at risk.

Open a Two-Way Communication About Alerts

Employees may never turn off an alert because they’re afraid they might get in trouble. Managers may not even realize constant app alert interruptions are hurting productivity.

Communicate with employees and let them know they can communicate with you. Discuss how to use alerts effectively. As well as the best ways to manage alerts for a better and more productive workday.

Need Help Taming Your Cloud App Environment?

Today, it’s easy for cloud tools to get out of hand. Get some help consolidating and optimizing your cloud app environment. Contact us today.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?

Many everyday objects can lead to identity theft. They often get overlooked because people focus on their computers and cloud accounts. It’s important to have strong passwords and use antivirus on your PC. But you also need to be wary of other ways that hackers and thieves can get to your personal data.

Here are six common things that criminals can use to steal your information.

Old Smart Phones

People replace their smartphones about every two and a half years. That’s a lot of old phones laying around containing personal data.

Just think of all the information our mobile phones hold. We have synced connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all nicely stored on one small device.

As chip technology has advanced, smartphones have been able to hold more “stuff.” This means documents and spreadsheets can now be easily stored on them. Along with reams of photos and videos.

A cybercriminal could easily strike data theft gold by finding an old smartphone. They often end up at charity shops or in the trash. Make sure that you properly clean any old phones by erasing all data. You should also dispose of them properly. You shouldn’t just throw electronics away like normal garbage.

Wireless Printers

Most printers are wireless these days. This means they are part of your home or work network. Printing from another room is convenient. But the fact that your printer connects to the internet can leave your data at risk.

Printers can store sensitive documents, such as tax paperwork or contracts. Most people don’t think about printers when putting data security protections in place. This leaves them open to a hack. When this happens, a hacker can get data from the printer. They could also leverage it to breach other devices on the same network.

Protect printers by ensuring you keep their firmware updated. Always install updates as soon as possible. You should also turn it off when you don’t need it. When it’s off it’s not accessible by a hacker.

USB Sticks

Did you ever run across a USB stick laying around? Perhaps you thought you scored a free removable storage device. Or you are a good Samaritan and want to try to return it to the rightful owner. But first, you need to see what’s on it to find them.

You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait. As soon as you plug it into your device, it can infect it.

Old Hard Drives

When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. Computer hard drives can have other personal data stored in system and program files.

Plus, if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.

It’s best to get help from an IT professional to properly erase your computer drive. This will make it safe for disposal, donation, or reuse.

Trash Can

Identity theft criminals aren’t only online. They can also be trolling the neighborhood on trash day. Be careful what you throw out in your trash.

It’s not unusual for garbage to enable identity theft. It can include pre-approved credit card offers that you considered “junk mail.” Your trash can also hold voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.

A shredder can be your best friend in this case. You should shred any documents that contain personal information. Do this before you throw them out. This extra step could save you from a costly incident.

Schedule a Office IT Security Audit & Sleep Better at Night

Don’t let the thought of identity theft keep you up at night. Contact us today and schedule a office IT security audit. You’ll be glad you did.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Imagine you’re going about your day when suddenly you receive a text from the CEO. The head of the company is asking for your help. They’re out doing customer visits and someone else dropped the ball in providing gift cards. The CEO needs you to buy six $200 gift cards and text the information right away.

The message sender promises to reimburse you before the end of the day. Oh, and by the way, you won’t be able to reach them by phone for the next two hours because they’ll be in meetings. One last thing, this is a high priority. They need those gift cards urgently.

Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?

A surprising number of employees fall for this gift card scam. There are also many variations. Such as your boss being stuck without gas or some other dire situation that only you can help with.

This scam can come by text message or via email. What happens is that the unsuspecting employee buys the gift cards. They then send the numbers back. They find out later that the real company CEO wasn’t the one that contacted them. It was a phishing scammer.

The employee is out the cash.

Without proper training, 32.4% of employees are prone to fall for a phishing scam.

Why Do Employees Fall for Phishing Scams?

Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics. They manipulate emotions to get the employee to follow through on the request.

Some of these social engineering tactics illicit the following:

• The employee is afraid of not doing as asked by a superior
• The employee jumps at the chance to save the day
• The employee doesn’t want to let their company down
• The employee may feel they can advance in their career by helping

The scam’s message is also crafted in a way to get the employee to act without thinking or checking. It includes a sense of urgency. The CEO needs the gift card details right away. Also, the message notes that the CEO will be out of touch for the next few hours. This decreases the chance the employee will try to contact the real CEO to check the validity of the text.

Illinois Woman Scammed Out of More Than $6,000 from a Fake CEO Email

Variations of this scam are prevalent and can lead to significant financial losses. A company isn’t responsible if an employee falls for a scam and purchases gift cards with their own money.

In one example, a woman from Palos Hills, Illinois lost over $6,000. This was after getting an email request from who she thought was her company’s CEO.

The woman received an email purporting to be from her boss and company CEO. It stated that her boss wanted to send gift cards to some selected staff that had gone above and beyond.

The email ended with “Can you help me purchase some gift cards today?” The boss had a reputation for being great to employees, so the email did not seem out of character.

The woman bought the requested gift cards from Target and Best Buy. Then she got another request asking to send a photo of the cards. Again, the wording in the message was very believable and non-threatening. It simply stated, “Can you take a picture, I’m putting this all on a spreadsheet.”

The woman ended up purchasing over $6,500 in gift cards that the scammer then stole. When she saw her boss a little while later, her boss knew nothing about the gift card request. The woman realized she was the victim of a scam.

Tips for Avoiding Costly Phishing Scams

Always Double Check Unusual Requests

Despite what a message might say about being unreachable, check in person or by phone anyhow. If you receive any unusual requests or one relating to money, verify it. Contact the person through other means to make sure it’s legitimate.

Don’t React Emotionally

Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realize it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary.

Get a Second Opinion

Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error.

Need Help with Employee Phishing Awareness Training?

Phishing keeps getting more sophisticated all the time. Make sure your employee awareness training is up to date. Contact us today to shore up your team’s defenses.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for. The user often assumes that they don’t need to worry about security because it’s handled.

This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure. But the user is responsible for configuring security settings in their account properly.

The problem with misconfiguration is huge. It’s the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake. It hasn’t adequately secured its cloud application.

Perhaps they gave too many employees administrative privileges. Or, they may have neglected to turn on a security function. One that prevented the downloading of cloud files by an unauthorized user.

Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 report shed light on how common this issue is. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.

Some of the main causes of misconfiguration are:

• Lack of adequate oversight and controls
• A team lacking security awareness
• Too many cloud APIs to manage
• No adequate cloud environment monitoring
• Negligent insider behavior
• Not enough expertise in cloud security

Use the tips below to reduce your risk of a cloud data breach and improve cloud security.

Enable Visibility into Your Cloud Infrastructure

Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use.

When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team.

How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.

Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.

Restrict Privileged Accounts

The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability. Such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers.

Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.

Put in Place Automated Security Policies

Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches.

For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place.

Use a Cloud Security Audit Tool (Like Microsoft Secure Score)

How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk.

Use an auditing tool, like Microsoft Secure Score. You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps.

Set Up Alerts for When Configurations Change

Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:

• An employee with elevated permissions accidentally changes them
• A change caused by an integrated 3rd party plug-in
• Software updates
• A hacker that has compromised a privileged user credential

Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off.

If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation.

Have a Cloud Specialist Check Your Cloud Settings

Business owners, executives, and office managers aren’t cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.

It’s best to have a cloud security specialist from a trusted IT company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team.

Improve Cloud Security & Lower Your Chances for a Data Breach

Most work is now done in the cloud, and companies store data in these online environments. Don’t leave your company at risk by neglecting misconfiguration. Contact us today to set up a cloud security assessment.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

There are a lot of things that have changed since the invention of the internet. One of these is how we bank and access our accounts. You used to have to go into a local bank branch to make deposits and withdrawals. Now, you can take a picture of a check and deposit it from your phone.

Approximately 73% of people around the world use some form of online banking at least once a month. People have never had such convenient account access. But that convenience can come at a cost.

In 2021, account takeover fraud increased by 90%. New account fraud jumped a whopping 109%. As the ease of online banking has increased, so has banking-related cybercrime.

If someone breaches your Facebook account, it can be a real pain. But, if a hacker breaches your bank account, it can be devastating. It can mean significant losses. Losses that you may not be able to recoup from your financial institution.

In this article, we’ll take a look at the mistakes people make that leave their accounts at risk. Then, we’ll go over some important tips on how to keep your bank account better protected.

Mistakes That Allow Criminals to Access Your Account

Not Enabling Two-factor Authentication

Two-factor authentication (2FA) is a simple process that packs a big punch. When you enable this setting in an online account, it requires an extra step to gain access. That step usually consists of receiving a one-time passcode (OTP) by SMS and entering that at login.

Many people make the mistake of leaving this disabled. They either don’t know it’s there or they think it’s too inconvenient. But leaving this setting off makes it much easier for a bad actor to breach your account.

Falling for a Phishing Scam

There are several types of phishing scams that target online banking. Cyber criminals send emails that look like they come from your bank. They’ll even promise incredibly low rates on credit cards.

Other scams can involve warning you of unauthorized account activity. But when you click the link to log in, you’re actually on a fake page. One designed to look just like your normal bank website.

These are just a few ways that scammers can get your online banking login details. Once they have them, they’ll act immediately to get whatever they can.

Using Easy-to-Guess Passwords

If your account password is easy to remember, it’s also often easy to guess. Using weak passwords is a common mistake that enables many cyber criminals.

Some best practices for passwords include:

• Make them at least 10 characters long
• Include at least one number
• Include at least one symbol
• Include at least one upper-case letter
• Don’t make them personal (e.g., don’t use your birthdate, etc.)

Downloading Unsafe Mobile Apps

Banking trojans are often hidden in malicious mobile apps. These apps can look like something as innocent as a task manager. But, once installed, banking trojans seek out any details they can find. They are looking for banking and wallet apps.

Logging Into Online Banking While on Public Wi-Fi

One surefire way to give away your online banking password is to log in while on public Wi-Fi. Hackers hang out on public hot spots and spy on the activity of others. You should never type in a password or other sensitive details when connected to public Wi-Fi.

Tips for Improving Online Banking Security

Turn On Two-Factor Authentication

Enable two-factor authentication in your online banking account. This is also known as multi-factor authentication or two-step verification. According to Microsoft, it can block 99.9% of fraudulent account login attempts.

Set Up Banking Alerts

Time is of the essence when an intruder breaches your account. The faster you can notify your bank of the breach, the better. You could reduce the impact on you by having your account locked down immediately.

Set up banking alerts through your online banking. These can include things like low-balance alerts and login alerts.

Install an Antivirus & DNS Filtering On Your PC & Mobile Device

It’s important to have reliable antivirus software on your PC and mobile device. Many people don’t think about protecting their phones in this way. Yet, they shop online and bank via mobile devices.

It’s also good to use a DNS filter. This is a filter that protects you from going to dangerous phishing sites by blocking them.

Take Phishing Training Classes

Do you know how to identify phishing? Are you up on all the newest scams? You can make yourself less vulnerable by taking some phishing awareness classes. There are many of these for free online.

Knowing how to spot phishing via text, email, and phone can help you avoid becoming a scam victim.

Get Help Protecting Your Family from Scams

There are some key digital solutions we can put in place to keep your family safer from online threats. Contact us today to schedule a chat about online security.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)

These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach.

According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.

Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.

It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.

Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack.

All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.

Cybersecurity Tactics to Reduce the Impact of a Breach

Use a Hybrid Cloud Approach

Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.

Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.

What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.

Put in Place an Incident Response Plan & Practice It

You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It’s for employees to follow should any number of cybersecurity incidents occur.

Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis.

Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident.

Adopt a Zero Trust Security Approach

Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:

• Multi-factor authentication
• Application safelisting
• Contextual user authentication

Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach.

Use Tools with Security AI & Automation

Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.

Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.

How to Get Started Improving Your Cyber Resilience

Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.

Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects.

As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.

A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.

Need Help Improving Your Security & Reducing Risk?

Working with a trusted IT partner takes a lot of the security burden off your shoulders. Contact us today to schedule a chat about a cybersecurity roadmap.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

Cybersecurity researchers uncovered an alarming mobile statistic. During the first few months of 2022, mobile malware attacks surged by 500%. This is alarming both in scale and because many people aren’t yet protecting smartphones.

For years, mobile phones have become more powerful. They now do many of the same functions as a computer – just with a much smaller screen. Yet, people tend to secure their computers better than they do their smartphones.

This is a behavior that needs to change. Over 60% of digital fraud now occurs through mobile devices. That makes them highly risky if proper safeguards aren’t followed.

Many of these are the same types of protections you have on your computer. It’s time to start thinking about your smartphone as a mini-computer and keeping it just as secure.

Tips to Improve the Security of Your Smartphone

Use Mobile Anti-malware

Yes, your mobile phone needs antivirus/anti-malware too! Malware can and does infect smartphones and tablets. You need to ensure you have a reliable mobile anti-malware app installed.

And beware of those freebies. Freebies are great when you’re talking about food, but not security apps. Malware is often hidden inside free apps. These apps are ironically supposed to make you more secure.

Don’t Download Apps from Unknown Sources

Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like:

• Apple App Store
• Google Play
• The Microsoft Store
• Amazon Appstore

You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later.

Don’t Assume Email is Safe

Many people prefer checking email on their phone rather than PC because it’s so handy. But they have a false sense of security about the safety of emails when viewed on a mobile device.

You can’t assume an email is safe just because you’re not on your computer. Be just as wary about unexpected emails and scam emails masquerading as legitimate.

It’s difficult to hover over a link without clicking when on a smartphone. If you see something questionable and want to check the link, open the email on your PC where you can do that.

Beware of SMS Phishing (aka “Smishing”)

In March of 2022, text spam outpaced robocalls. Unwanted text messages rose by 30%, ten percent higher than robocalls. Many of those spam texts are smishing.

Smishing is the text version of phishing. These texts usually contain malicious links. A hacker can potentially breach your device if you click them. The message may also ask you to text back personal information.

Be on the lookout for text messages that don’t quite make sense. For example, getting a shipping notification when you haven’t ordered anything. Also, beware of texts from unknown sources.

Phishing via text message is a growing concern. It’s also one that most people aren’t aware of yet, so they often get caught in its trap.

Remove Old Apps You No Longer User

Approximately 2.6 million apps haven’t had an update in a year or more. Apps are often abandoned by the developer. This can leave security vulnerabilities on your device. Hackers seek out these types of vulnerabilities to exploit. If they aren’t addressed, then they remain a danger.

Go through your device and remove old applications that you are no longer using. There is no reason to keep them around, potentially leaving your device at risk.

Additionally, look at the time of the last update. If it’s over a year, then you may want to consider replacing that app with something more current. App updates often include security-related items. It’s not good when a year or more goes by without the developer making any type of update to the app.

Keep Your Device Updated

Speaking of updates, you also need to keep your device’s operating system updated. Are you using the current version of Android or iOS? Not installing updates can mean your phone has vulnerabilities. These vulnerabilities allow hackers to breach your data.

Automate updates as possible. If you have a company with several devices, then it’s a good idea to include your phones on a managed IT services plan.

Use a VPN When on Public Wi-Fi

Public Wi-Fi is dangerous. Most people understand that, but many connect to it out of necessity anyhow. You may worry about going over your data plan allotment. Or your mobile carrier reception may be slow. Both cases are reasons people opt to connect to unsecured public hot spots.

You can connect to public Wi-fi with less risk if you use a VPN application. VPNs stand between your device and the internet. They route your data through a secure server. This keeps it away from prying eyes that may be lurking on that public Wi-Fi.

Mobile Security Solutions to Prevent a Data Breach

Don’t wait until your phone is infected with malware to secure it properly. We can help you with automated solutions that protect your device, accounts, and data. Contact TN Techs to schedule a free consultation.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.

There’s a reason that browsers like Edge have added breached password notifications. Data breaches are an unfortunate part of life. And can have costly consequences for individuals. Hackers can steal identities and compromise bank accounts, just to name a couple.

Cybercriminals breach about 4,800 websites every month with form jacking code. It has become all too common to hear of a large hotel chain or social media company exposing customer data.

Hackers can breach your personal information and passwords without you knowing it. And the time from breach to notification of the breach can be lengthy. One example is the data breach of CafePress. This is a popular online retailer that prints personalized items.

CafePress suffered a data breach in February 2019. That breach exposed millions of names and addresses, security questions, and more. Hackers also breached social security numbers that weren’t encrypted.

As mentioned, the breach happened in February. But many consumers weren’t notified until late summer. The FTC recently took action against the company. This was due to its careless security practices.

The point is that months or years can go by without you knowing about compromised data. Unless you happen to look at the right website, you may not even realize it. Those breached password features in browsers are helpful. But what if you have other information beyond a password compromised?

It’s best to protect yourself with some knowledge. We’ll help by listing several recent breaches. If you’ve interacted with any of these companies, you’ll want to take steps to protect yourself from the fallout.

Recent Breaches of Personal Information That May Impact You

Microsoft Customer Data Breach

On October 19, 2022, Microsoft announced a breach that exposed customer data. A misconfigured server was to blame. The breach exposed certain business transaction data. It’s thought that this breach could have affected more than 65,000 entities worldwide.

2.5 Million Records Exposed in a Student Loan Breach

Did you get a student loan from EdFinancial and the Oklahoma Student Loan Authority (OSLA)? If so, you could be in trouble. The organizations notified impacted individuals by letter in July 2022.

The personal information at risk included:

• Social security numbers
• Email addresses
• Home addresses
• Phone numbers.

The breach compromised the data of over 2.5 million loan recipients.

U-Haul Data Breach of 2.2 Million Individuals’ Data

Large rental firm U-Haul is a household name. It also just had a major data breach. It notified clients in August of 2022 of a compromise of some rental contracts. The contacts in question were between November 5, 2021, and April 5, 2022.

The breach exposed names, driver’s license numbers, and state identification numbers. It affected over 2.2 million individuals that rented vehicles from the company.

Neopets Breach May Have Compromised 69 Million Accounts

You wouldn’t suspect a cute site like Neopets to be a cybersecurity risk. But users of the platform got a rude awakening due to a breach of the service. An estimated 69 million accounts may have had emails and passwords leaked.

The full stolen Neopet database and copy of the source code were being offered for sale for about $94,500.

One Employee Computer Causes a Marriott Breach

Hotel giant Marriott suffered another breach in July 2022. It blamed a single unsecured employee computer. About 300-400 individuals had data leaked. This data included credit card numbers and other confidential information.

Unfortunately, the company shows a pattern of poor cybersecurity. Within the last four years, it has suffered three separate breaches. That’s enough to want to pay in cash or use a pre-paid card if you stay there.

Shield Health Care Group Exposes Up to 2 Million Records

In March of 2022, Shield Health Care Group detected a breach. This Massachusetts-based company found that hackers breached up to 2 million customer records. This includes medical records, social security numbers, and other sensitive personal data.

Flagstar Bank Takes 6 Months to Identify Individuals Affected in a Breach

In December of 2021, Flagstar Bank suffered a breach. It wasn’t until 6 months later that it identified the individuals affected. And the impact was large. It included exposed social security numbers. The hack impacted about 1.5 million customers.

8.2 million Current and Former Customers of Block Compromised

Block was formerly known as Square, a popular payment processing platform. It announced in April of 2022 that it was breached the previous December. A former employee accessed customer names and brokerage account numbers. Some accounts also had other stock trading information accessed.

About 8.2 million current and former customers had their data exposed.

Crypto.com Breach Nets Hackers Over $30 Million

Cryptocurrency may be hot at the moment, but it’s very susceptible to cyberattacks. In January 2022, over 483 users had their Crypto.com wallets breached.

The criminals made it past two-factor authentication, which is usually quite effective. They stole about $18 million in bitcoin and $15 million in Ethereum and other cryptocurrencies.

How Secure Are Your Passwords?

There are many solutions that can help you better manage and secure your passwords. Contact TN Techs to learn more about protecting your personal data from a breach.

—
Featured Image Credit

This Article has been Republished with Permission from The Technology Press.