Join us today for an opportunity to learn how companies are being compromised. Security is often consider a technology issue and this is a huge mistake. This is a business issue that all business, small and large, are facing today. Tune in to learn exactly what is going on and what you can do to address this critical problem. Click the image below.
If you don't have the chance to catch the webinar today, don't hesitate contacting us for a recording of the session for you to watch on your own time!
Students Busted for Hacking, Exposing Information and Changing Grades
Three high school kids have been arrested for hacking into their school's system. The students changed their grades and made some money selling quiz answers to classmates. It all started when they broke into the janitor’s office and made a copy of the master key which gave them access to all of the classrooms. Once in the classrooms they attached keylogging hardware to four teachers' computers and later came back to retrieve the keylogging devices (probably just usb drives with basic software you can get for free). This enabled them to get all of the teachers' passwords required to access the central files of the school network.
Once inside they changed their grades to A’s and when they were busted, keyloggers were found on three other teachers' computers indicating the group was expanding their efforts.
These were “smart” kids that were enrolled in AP and honors classes so they really didn’t need the help making better grades. In response, the school expelled two of the students involved and others are to be disciplined for receiving the stolen information. The school also announced that is has “upgraded security” to the system and has advised teachers to change their passwords. I’m absolutely certain nothing has really been done to stop this from potentially happening again.
This sounds pretty familiar to that old film War Games with Matthew Broderick.
Small Business Hacking from an Insider
Most of the time we hear about a company being “hacked” or having it’s data stolen or exposed, more often than not a cyber-crime organization that works from the outside is responsible. Most attacks originate from south east Asia but cyber-criminals live in, and attack from almost every country. There have been and still are many cases where this occurs from the inside where an employee, co-worker or even business partner is the culprit, making you and your business the victim.
Recently, A small medical practice in Atlanta Georgia called A.P.A. had this happen to them. A.P.A.’s director of Information Technology, 38-year-old Eric McNeal, took a position with another firm that competed with A.P.A. The competing firm happened to be located in the very same building. McNeal used his home computer to log into their database, stole the information, then proceeded to delete all of the data of A.P.A.’s server. McNeal used the patient names and contact information he stole to launch a direct-mail marketing campaign for his new employer.
As a result McNeal received a 13 month sentence in prison with three years of supervision after his release. McNeal was also ordered to perform 120 hours of community service.
Had A.P.A. had a formal strategy in place for when employees are terminated or leave the business this could have been averted (especially since McNeal was the director of IT!). These policies need to strictly be enforced.
Another important note is that had McNeal not plead guilty to his crime he could have received up to a 5 year sentence.
Don't become a victim!
The new breed of cyber-criminals.
Lately the domineer of cyber-criminals is one of being untouchable. 'Anonymous' is telling the targeted companies that they are coming and have even given specific dates of which they have to meet their demands or they will shut them down and or expose their data. Time and time again 'Anonymous' would tell Sony “we are coming” and then sure enough they would do it. Sony executives admitted that they were helpless to the attacks and really had no way to defend themselves other than shutting down the services under attack.
The Koobface gang is a small cyber-gang believed to be responsible for spreading a notorious computer worm on Facebook and various other social networks. They pocketed millions from online schemes and are hiding in plain sight in St. Petersburg, Russia. The gang consists of five members that live seemingly regular lives. Recently they have been seen on luxury vacations in places like Monte Carlo, Bali and Turkey. One of the members has even gone as far as posting the locations of the gangs offices by checking in on Foursquare, a location based social network and posting the news on Twitter. They have even posted photos on these social networks some of the members working on their MACs in rooms that look like offices used by tech start-ups.
With such arrogance, the sky truly is the limit for the types of crimes they are willing to commit. It seems way too easy to be a cyber-criminal today.
How to secure your data
There are five steps to creating a good security plan: Assess, Plan, Execute, Monitor and Repeat.
- Risks Assessment. Identify key digital assets and information that need to be protected, including hardware, software, documentation and data. Review the threats and risks. Make a prioritized list of items to protect.
- Plan. Create a work plan for preventing, detecting and responding to security threats. Identify who will be responsible for implementing and monitoring the plan. Agree on a timetable for implementation.
- Execute. Communicate with staff. Train where necessary. Remediate until all known threats are mitigated.
- Monitor. Continue to monitor for new threats and follow with prompt remediation. Build a mindset that security is a discipline and build this mindset into your culture. Software tools alone can’t secure your data. Continue to educate end users and those that have access to the data. Update and modify the plan and user access as changes occur in personnel, hardware or software.
- Repeat. Plan for a complete review periodically. Consider assessing quarterly but not longer than a time of six to twelve months after you complete the first plan or when your business goes through significant changes.
Commit to the program and don’t wait until an incident disrupts your business. It isn’t just the breach; it is the tarnished image that businesses get following the breach which is most costly. Statistics show that customers, typically the high profile ones, will abandon a company or system if they feel uncomfortable with the security of it.
Back in March of 2009 CBS News posted a story about computer viruses propagating on the internet and infecting PCs which enable their creators “cyber gangs” to get information they need to electronically rob the bank accounts of their victims. There are hundreds of these malicious cyber-criminal rings with names like Anonymous, Lulzsec, Grey Pigeons, Russian Business Network and so on. Their motives are to create havoc and profit from their victims by selling their stolen data, taking cash from their bank accounts and other illegal activities.
The interesting part is that virus out breaks have almost disappeared and the feeling of being vulnerable has almost disappeared. Often when I speak to a business leader about addressing this issue a common response could be “we don’t have valuable data”, “They couldn’t profit from accessing our systems”, “I’m comfortable that we aren’t vulnerable” and yet small and mid-sized businesses continue to be easy prey for these cyber thief’s.
There was recently an article written in the Wall Street Journal that reviewed three small companies that had suffered from cyber-attacks and in one case the small business, a burger restaurant, actually went out of business as a result. The lax security in small companies made them easy prey, afterall what kind of information would a hacker want from a company that sells burgers, newspapers or cars.
I recommend you read the article and think about your small business and what strategies you have in place in 2012.
Occasionally I’ll receive an email that is really enticing to me and could really lure me into wanting to click on the link in the message. One of the most recent was one sent from the BBB regarding a recent complaint made on my company. Who would complain about us? I couldn’t recall any recent conflicts that were left unresolved. I didn’t click and rather chalked it up to another great scam which turns out to be exactly what it was. In the past I have seen similar scams that were equally as good end up in my inbox, like the one that states I have a package on the dock at the UPS office and because of their many failed attempts to deliver the package I now have an invoice for a storage fee. These are both examples of a phishing attack and can put your corporate data at serious risk if one of your users accidentally clicks on the link.
So what happens?
Well, to the user nothing happens however something does happen. You downloaded a software program and installed it on your computer. The purpose of the software program is to do one of many things to your computer. One thing would be to allow someone remote access into your system. Another could be that it would automatically send data off your computer to the host system you have connected it to. Another, similar to the first thing, would allow someone from the outside access to your computer to use it for potential malicious activities. Things like hosting spam engines, attacking other networks and all kinds of malicious activities.
So before you click think twice. Contact your IT support person or company and ask. If you did click then own up to it and still contact someone that can assist. Chances are you have put something on your system that should be removed ASAP.
If you think your system may already be at risk or you want to find out click the button below (we promise it's safe). Or you can call us on 804-730-2628 and mention the title of this blog to receive a complimentary risk assessment from one of our trained professionals.
Stay safe!
BBB Scam
Package Delivery Scam
This past summer the Wall Street Journal posted an article about a small firm, City Newsstand Inc. located near Chicago owned by Joe Angelastri. Joe’s News Stand is a small business and his thoughts prior to experiencing the breach were “Who would want to break into us?” and “Were not running a bank”. With limited budgets and no technical experts on staff small businesses generally have weak security. As a security advisor I fully agree with this comment, over the past seven years we have performed many security audits and rarely do we even find the basics in place and working correctly. We never find any advanced security, even at some of the banking clients we have worked with.
Mr. Angelastri has already incurred a $22,000 loss due to the breach but this is just the beginning of his headaches, both emotionally and financially. The worst is yet to come. There will be ongoing pressure from MasterCard, Mr. Angelastri will likely make some investments in his security (arguably should have already been done) and his clients might not trust his business and might make purchases at his competitors newsstands instead.
Here are two more stories involving small businesses
The fact that there are so many types of security threats makes it difficult
for small firms to protect themselves. In April, the FBI issued an alert
about a style of attack in which hackers steal a business's online banking
login details and use them to transfer funds out of the business's account.
That's what happened to Lease Duckwall just after 1 p.m. on Nov. 2, when
someone logged into his company's bank account for Green Ford Sales
Inc. in Abilene, Kan. The hacker added nine new employees to the car
dealership's payroll and transferred $63,000 to them.
Mr. Duckwall learned about the transfers at 7:45 a.m. the next day. He
called his bank, which froze the funds in six cases. But three payments
had already been withdrawn by the recipients and the cash wired offshore.
"I don't have a clue" how or why his company was targeted, says Mr.
Duckwall, who is still out about $22,000.
The costs of a breach can put a small company out of business. In 2006 and 2007, a Bellingham, Wash., restaurant called Burger Me LLC had its computerized cash register hacked.
Criminals made untold numbers of fraudulent charges on customer credit cards.
After the incident, a credit-card company shut down Burger Me's account and put a hold on thousands of dollars in incoming payments, says Rich Griffith, its former owner. By late 2008, fees and lost business from not being able to accept credit cards put Mr. Griffith in so much debt—$12,000 for investigation and remediation costs alone—that he closed his formerly break-even burger joint.
The cyber attack "cost me my dream," says Mr. Griffith, 47 years old. The hacker who stole the data was never identified.
Want to find out if your business is at risk?
Click below
From my experience… the short answer is NO! Here are the key reasons that have caused me to have to continue to use my PC system (Lenovo ThinkPad Laptop) as my primary computer.
-
The MAC operating system doesn’t support my account software program, SAGE Accpac. The work around would be to load a virtual version of windows that I would have to open and log into… too much effort for me.
-
My customer relationship management and business process application, Connectwise, also wasn’t compatible with the MAC OS.
-
The MAC doesn’t support Internet Explorer and one of our key portals that we use to manage, monitor and create reports for our clients with is not compatible with Firefox or Safari and only works in Internet Explorer.
-
The MAC doesn’t really authenticate to my windows network and my network drive letters are constantly disappearing. I watched my tech reset up the connection several times and it was very difficult. I never did memorize how to do it.
-
The drive connection issue also affected me when I was working remotely. The VPN utility worked great but then once connected I couldn’t access my files since the DRIVE LETTER WAS GONE EVERY TIME! Very frustrating! Apparently there is an Apple Mini Server you can purchase and resolves this problem but I wasn’t willing to invest several thousand to verify that.
-
Outlook just wasn’t the same. Specifically with simple things like the signature settings. I prefer to have a different signature when I reply to an email than when I send it the first time. I have links to my social media and blog and it is annoying to send it back and forth every time. Just irritating.
-
I can’t access my public shared folders in Outlook either. It just isn’t there with the MAC version of Outlook.
-
I have to constantly run updates. Screens are always popping up to run ITunes, IPhoto, Ithis and Ithat updates. I also have to manually update all of my Microsoft Office updates and Apple is always releasing some other update.
-
On occasion, about as often as my pc, the system just hangs up and I have to hold the power button down and reset it.
-
The touch pad is hard to drag and drop with so I purchased the MAC magic mouse, after a couple of minutes I just through it in an empty coffee mug on my desk and went back to the touch pad
Clearly I had no choice but to continue to use my PC. I will say despite all of these negative reasons I actually like my MAC. It took me at least two weeks to just get used to finding things and learning how to navigate, that was really frustrating but once I got past that it was okay. My kids and I have enjoyed making videos with the IMovie program. You can check them out on Youtube.com (just search for Sklar Kids), pretty funny stuff. My kids are pretty nuts and funny, well they are to me anyway. There are some other features I’ve found I like but honestly next time I’m just going to purchase an HP or Lenovo and keep it simple.
My $.02