Phishing Archives - Les Olson IT

Compliance with the FTC Safeguard Rules Deadline – 9 New CyberSecurity Standards

Barry Preusz — Wed, 28 Dec 2022 16:20:26 +0000

[cz_image id=”cz_89327″ image=”17457″][/cz_image]

Date: December 28, 2022
By Barry Preusz
Edited and reviewed by Michael Moorehead, Senior MIT Engineer Lead, PCSNA, CCNA, MCSA, CSIS, CSCP, CIOS, CSSS, CCAP, CLNP

The Federal Trade Commission (FTC) develops and deploys regulations and rules to thwart the onslaught of cybercrime and data security breaches. The FTC accomplishes its cybersecurity mission by imposing protective standards upon businesses that collect and store consumer data. This blog article will offer an overview of cyberfraud and the current rules governing businesses involved with collecting consumer data. The article will also present proposed solutions to protect consumer privacy and maintain the security of customer information.

What businesses do the cyber protection rules affect?

The scope of financial institutions subject to this law consists of businesses undertaking certain monetary activities rather than how others may categorize the company. These financial institutions must fall under the jurisdiction of the FTC. They cannot be subject to another regulatory authority falling under the Gramm-Leach-Bliley Act (GLBA), 15 U.S.C. Section 6805. The companies affected by these rules include businesses engaged in transactions and customer data collection.

List of Businesses Required to Implement FTC Safeguard Rules

Mortgage lending
Payday loans
Financing
Accounting
Check cashing
Wire transfers
Collections
Credit counseling
Financial advising
Tax preparation
Investment advising (not registered with the SEC)
Credit unions (not FDIC insured)
Companies that bring buyers and sellers together to complete a transaction
Financial institutions and other businesses that record, use, and maintain information or connect to a system containing customer information, including industrial/process controls systems, telephone switching and private branch exchange systems, and environmental controls systems¹
Retailers who extend layaway, deferral payment plans, or accept payment terms utilizing credit cards issued by other institutions do not fall under the provisions of these rules. However, businesses that provide credit purchases through their company’s financial services or promote their own credit cards for purchases are subject to these laws²

Whom does the law protect?

The design of the law is to protect consumer privacy and personal information. Consumers include anyone who has a customer relationship with a business entity.³

Why was this FTC network security rule enacted?

Most businesses collect customer information to process payments and complete transactions. This information is then stored and often used in subsequent purchases. These records contain nonpublic personal information about the customer. This data may take on two forms, a paper record or an electronic transcription. In either form, the records are vulnerable to discovery and digital exploitation attacks. The FTC rules seek to protect consumer privacy, personal information, and financial data from known threats.

Cybercrime losses exceeded $6.9 billion in 2021 according to the Investigation’s (FBI) Internet Crime Complaint Center (IC3).⁴ Since 2019, the combination of phishing, vishing, smishing, and pharming constituted the highest number of incidents among the tools employed by cybercriminals. During 2021, this combination of cyber threats accounted for 323,972 incidences⁵ and $44,213,023 in losses.⁶ Ransomware losses to infrastructure entities cost nearly $50,000,000 in 2021. Healthcare and public health sectors experienced high numbers of attacks. Even government is subject to these attacks, accounting for the fifth highest target.⁷ The T-Mobile confirmation of one of the largest breaches of cybersecurity occurred on August 17, 2021. The T-Mobile data breech reported the confirmed loss of the social security number, name, address, date of birth and driver’s license identification numbers--all the information needed for identity theft--for 40 million customers.⁸

Cyber threats are rampant. Many occur without detection for an extended time. Electronic thieves constantly work to develop new ways to steal data and derive profit from criminal activity. Most disturbing are cybercriminals posing as technical support or IT professionals, offering to resolve data breach issues in an effort to further exploit and commit additional fraud and theft. The IC3 received 23,903 complaints about Tech Support Fraud from victims in 70 countries. The losses amounted to more than $347 million in 2021.⁹ Below is a list of common forms of cybersecurity crimes and 2021 losses.

The Cost of Cybercrimes

Cyberfraud	Loss
Email Fraud	$2,395,953,296
Investment	$1,455,943,193
Confidence Fraud	$956,039,740
Personal Data Breach	$517,021,289
Real Estate	$350,328,166
Tech Support	$347,657,432
Non-Payment/Non-Delivery	$337,493,071
Identity Theft	$278,267,918
Credit Card	$172,998,385
Corporate Data Breach	$151,568,225
Government Impersonation	$142,643,253
Advance Fee	$98,694,137
Civil	$85,049,939
Spoofing	$82,169,806
Other	$75,837,524
Lottery/Sweepstakes/Inheritance	$71,289,089
Extortion	$60,577,741
Ransomware	*$49,207,908
Employment	$47,231,023
Phishing/Vishing/Smishing/Pharming	$44,213,707
Overpayment	$33,407,671
Computer Intrusion	$19,603,037
Intellectual Property/Copyright/Counterfeit	$16,365,011
Healthcare	$7,042,942
Malware/Scareware/Virus	$5,596,889
Terrorism/Threats of Violence	$4,390,720
Gambling	$1,940,237
Shipping	$631,466
Denial of Service/TDoS	$217,981
**Crimes Against Children	$198,950

*Regarding ransomware adjusted losses, this number does not include estimates of lost business, time, wages, files, or equipment, or any third-party remediation services acquired by a victim. In some cases, victims do not report any loss amount to the FBI, thereby creating an artificially low overall ransomware loss rate. Lastly, the number only represents what victims report to the FBI via the IC3 and does not account for victim reporting directly to FBI field offices/agents.¹⁰
**Crimes against children incur a significantly higher cost than any financial burden.

The Growth of E-commerce and Information Technology

Retail e-commerce sales rose to approximately 5.2 trillion U.S. dollars globally in 2021,¹¹ a 17.1% growth rate¹². Statista studies and projects year-over-year (YOY) growth of e-commerce. In the United States, e-commerce growth projections show an increase of 56% through 2026.¹³ This explosive growth utilizes information technology (IT) to help businesses expand their markets while reducing transaction costs.

Business is not the only entity benefiting from using IT. Governments also benefit by allowing consumers to pay taxes and utilities, register vehicles, and request building permits online. As the use of IT grows to serve increasing business needs, the risk of cyber security threats also grows. Malware, trojans, ransomware, DDoS attacks, spam, and viruses yielded by cyber criminals are rampant. Government laws and regulations seek to reduce consumer cyber risks by requiring businesses to “employ reasonable security measures.”¹⁴ Most often, these protective security measures experience delays and implement long after significant breaches occur. Indeed, the detection of security vulnerabilities occurs after criminal exploitation, not before.

What are the FTC Safeguard Rules?

The Safeguard Rules adopted many core concepts of the New York Department of Financial Services Cybersecurity Regulation. These new measures direct businesses to reduce the vulnerability of information to cybercriminals and impose breach notification procedures.¹⁵ Legal researchers Daniel Solove and Woodrow Hartzog assert that the FTC’s privacy laws are currently equivalent to common law rather than contract law. They further suggest that these laws should enforce privacy and stand as regulatory stipulations rather than merely policy.¹⁶ The new FTC Safeguard Rule along with other government rules on cybersecurity are not without objections; some indicate that the regulations employ an inflexible “one-size-fits-all” tactic toward data security. Therefore, additional rules enacted on January 10, 2022, provide financial institutions the flexibility to design an information security program appropriate to the size and complexity of the financial institution, the nature and scope of its activities, and the sensitivity of any customer information at issue.¹⁷

The rules require businesses, particularly financial institutions, that record consumer information to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards. The security program must protect customer confidentiality and guard against unauthorized access to consumer information. The provisions provide nine standards for a rosbust information security program (ISP).

Nine Standards for CyberSecurity

Appoint a qualified individual to supervise the ISP.
Conduct a risk assessment.
Implement security safeguards to control the identified risks, including safe information storage, encryption, multi-factor authentication, information disposal after 2-years of non-use, and maintaining a log of authorized user activity. To meet these safeguards, some IT companies offer three separate Network and Data Security Plans.
Periodically monitor and test.
Train staff members on security awareness. Some IT Service Companies offer FREE Cybersecurity Training.
Monitor service providers.
Regularly update the ISP.
Develop a written incident response plan.
The ISP supervisor must provide at least annually a written report to the company board of directors. The annual report must include an overall assessment of the company’s compliance, risk assessment, risk management, control decisions, test results, security events, management response, recommendations, and service provider agreements.¹⁸

When will businesses be accountable for implementing the new cybersecurity rules?

The Federal Trade Commission establishes a deadline for businesses to comply with the FTC Safeguards Rules by June 9, 2023. Announced on November 15, 2022, this date is an extension of six months over a previous deadline. The extended deadline offers businesses more time to assess their data vulnerabilities and put the nine standards of information security in place.¹⁹

Future Cybersecurity Measures

Besides the government, many individuals and organizations are active in developing solutions to global cybersecurity issues. Proposals for future measures to protect consumers from privacy and data breaches include the following six proposals.

Develop cybersecurity partnerships that share information on prospective threats.²⁰
Develop a cybersecurity knowledge graph to construct a knowledge base for increased cybersecurity situation awareness and intrusion detection.^{21 & 22}
Develop a web-based blockchain-enabled cybersecurity awareness system^{23 & 24}
Employ an unsupervised deep learning technology like an Auto Encoder (AE) or a Restricted Boltzmann Machine (RBM). ²⁵
Engage governments under binding international treaties to enact and enforce cybersecurity laws, particularly China and Russia.²⁶
Stimulate regulations of cybersecurity within the European Union through the Cybersecurity Resilience Act.²⁷

Summary

Privacy and security threats are not going away. Businesses cannot rely on government legislation to curb the tide of data security breaches. Implementation of the nine standards for consumer privacy and information security included in the FTC Safeguard Rules will help protect against known network vulnerabilities. The above proposed security measures may also contribute to stemming data theft. The starting point for most businesses is to implement a Comprehensive Network Analysis. From this point, the development of a strong security plan follows to comply with federal rules and to protect consumers.

Footnotes

¹FTC Safeguards Rule: What Your Business Needs to Know. Federal Trade Commission, May 2022. Glossary, Financial institution. Accessed 14 Dec. 2022. https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know#Information_system.
²Code of Federal Regulations Title 16. Standards for Safeguarding Customer Information. National Archives. 16 CFR Part 314, Section 314.2(h) Amended 12/19/2022. Accessed 23 Dec. 2022. www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#314.2
³Code of Federal Regulations Title 16, Section 314.1(b). www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314#314.2
⁴Abbate, Paul. Internet Crime Report 2021. Federal Bureau of Investigation. 2021, Page 18. Accessed 16 Dec. 2022. www.ic3.gov/Media/PDF/AnnualReport/2021_IC3Report.pdf.
⁵Abbate, Internet Crime Report 2021, 8.
⁶Abbate, Internet Crime Report 2021, 23.
⁷Abbate, Internet Crime Report 2021, 15.
⁸Sievert, Mike. The cyberattack against T Mobile and our customers: What happened, and what we are doing about it. (2021). Accessed 22 Dec. 2022. www.t-mobile.com/news/network/cyberattack-against-tmobile-and-our-customers
⁹Abbate, Internet Crime Report 2021, 17.
¹⁰Abbate, Internet Crime Report 2021, 23.
¹¹Chevalier, Stephanie. Global Retail E-commerce Sales 2014-2026. Statista, 21 Sept. 2022, Accessed 15 Dec. 2022. www.statista.com/statistics/379046/worldwide-retail-e-commerce-sales.
¹²Gaubys, Justas. Global Retail E-commerce Sales 2014-2026. Global Ecommerce Sales Growth (2021–2026) [Oct 2022 Update]. Accessed 15 Dec. 2022. www.oberlo.com/statistics/global-ecommerce-sales-growth.
¹³Chevalier, 1.
¹⁴Breaux, Travis D., and David L. Baumer. Legally ‘reasonable’ security requirements: A 10-year FTC retrospective. Computers & Security 30.4 (2011): 178-193. Accessed 14 Dec. 2022. www.sciencedirect.com/science/article/pii/S0167404810001124.
¹⁵Casey, Brian T., Augustinos, Theodore P., and Cox, Alexander R. New Federal Trade Commission’s Safeguards Rule Is a Game-Changer for Extended Warranty and GAP Waiver Industries. Accessed 14 Dec. 2022. heinonline.org/HOL/LandingPage?handle=hein.journals/blj139&div=85&id=&page=.
¹⁶Solove, Daniel J., and Woodrow Hartzog. The FTC and the new common law of privacy. Colum. L. Rev. 114 (2014): 583. Accessed 14 Dec. 2022. heinonline.org/HOL/LandingPage?handle=hein.journals/clr114&div=19&id=&page=.
¹⁷Federal Trade Commission. Standards for safeguarding customer information; final rule. 16 CFR Part 314. Federal Register, May (2002). Accessed 14 Dec. 2022. www.federalregister.gov/documents/2021/12/09/2021-25736/standards-for-safeguarding-customer-information.
¹⁸FTC Safeguards Rule: What Your Business Needs to Know. Federal Trade Commission. May, 2022. Glossary, Financial institution.
¹⁹FTC Extends Deadline by Six Months for Compliance With Some Changes to Financial Data Security Rule. Federal Trade Commission, 15 Nov. 2022, Accessed 23 Dec. 2022. www.ftc.gov/news-events/news/press-releases/2022/11/ftc-extends-deadline-six-months-compliance-some-changes-financial-data-security-rule.
²⁰Rodin, Deborah Norris. The cybersecurity partnership: A proposal for cyberthreat information sharing between contractors and the federal government. Public Contract Law Journal 44.3 (2015): 505-528. Accessed 16 Dec. 2022. www.jstor.org/stable/26419479.
²¹Yan, Jia; Yulu, Qi; Huaijun, Shang; Rong, Jiang; Aiping, Li. A practical approach to constructing a knowledge graph for cybersecurity. Engineering 4.1 (2018): 53-60. Accessed 16 Dec. 2022. www.sciencedirect.com/science/article/pii/S2095809918301097.
²²Wang, Xiaodi, and Jiayong Liu. A novel feature integration and entity boundary detection for named entity recognition in cybersecurity. Knowledge-Based Systems (2022): 110114. Accessed 16 Dec. 2022. www.sciencedirect.com/science/article/abs/pii/S0950705122012102
²³Razaque, A.; Al Ajlan, A.; Melaoune, N.; Alotaibi, M.; Alotaibi, B.; Dias, I.; Oad, A.; Hariri, S.; Zhao, C. Avoidance of Cybersecurity Threats with the Deployment of a Web-Based Blockchain-Enabled Cybersecurity Awareness System. Appl. Sci. 2021, 11, 7880. Accessed 16 Dec. 2022. www.mdpi.com/2076-3417/11/17/7880.
²⁴Lucio, Yeisón Isaac, Siler Amador Donado, and Katerine Márceles. Architecture of an intelligent cybersecurity Framework based on Blockchain technology for IIoT. SYSTEMS ENGINEERING 24.2-2022. Accessed 16 Dec. 2022. revistaingenieria.univalle.edu.co/index.php/ingenieria_y_competitividad/article/download/11761/14962/45117.
²⁵M. Z. Alom and T. M. Taha, Network intrusion detection for cyber security using unsupervised deep learning approaches, 2017 IEEE National Aerospace and Electronics Conference (NAECON), 2017, pp. 63-69, doi: 10.1109/NAECON.2017.8268746. Accessed 16 Dec. 2022. ieeexplore.ieee.org/abstract/document/8268746.
²⁶Alom, Md Zahangir, and Tarek M. Taha. Network intrusion detection for cyber security using unsupervised deep learning approaches. 2017 IEEE national aerospace and electronics conference (NAECON). IEEE, 2017. Accessed 16 Dec. 2022. www.cambridge.org/core/journals/leiden-journal-of-international-law/article/abs/from-cyber-norms-to-cyber-rules-reengaging-states-as-lawmakers/63A45029B685C11BBD9512AC0459FAE5.
²⁷Ludvigsen, Kaspar Rosager, and Shishir Nagaraja. The Opportunity to Regulate Cybersecurity in the EU (and the World): Recommendations for the Cybersecurity Resilience Act. arXiv preprint arXiv:2205.13196 (2022). Accessed 16 Dec. 2022. pureportal.strath.ac.uk/en/publications/the-opportunity-to-regulate-cybersecurity-in-the-eu-and-the-world.

The post Compliance with the FTC Safeguard Rules Deadline – 9 New CyberSecurity Standards appeared first on Les Olson IT.

Cybersecurity in the Home

Brittany Monson — Mon, 31 Oct 2022 20:19:17 +0000

[cz_image id=”cz_13705″ image=”17416″][/cz_image]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

[cz_title id=”cz_42365″]

3 Steps Households can take

The COVID-19 pandemic forced millions of Americans to embrace working from their own home; a concept they had limited or no experience with at the time. And while many employees have returned to the office, a recent University of Chicago study found that 72% of those workers surveyed would like to continue working from home for at least 2 days a week, and 32% said they would like to work from home permanently. In this new reality, having your household safe and secure from cyber threats needs to be a top priority.

In this increasingly wireless world, the steps households should take in terms of cybersecurity have changed. Most homes now run networks of devices linked to the internet, including computers, gaming systems, TVs, tablets, and smartphones that access wireless networks. Thus, having the right tools in place will instill confidence that your family members can use the internet safely and securely for personal and work-related endeavors.

Below are 3 steps households can take to better protect themselves against cyber-attacks:

[/cz_title]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

[cz_image id=”cz_106228″ image=”17399″][/cz_image]

[cz_title id=”cz_24917″]

Secure Your Wireless Router

Using a wireless router is an increasingly convenient way to allow multiple devices to connect to the internet from different areas of your home. However, unless your router is secure, you risk the possibility of individuals accessing information on your computer, and worse, using your network to commit cybercrimes. Needless to say, all wireless devices using this router are vulnerable if your router is not protected.

Some simple ways to secure this piece of hardware include changing the name of your router. The default ID is typically assigned by the manufacturer, so changing your router to a unique name that won’t be easily guessed by others is a simple way to keep your router protected. Another important step is changing the preset passphrase on your router. Leaving the default password in place makes it significantly easier for hackers to access your network. In fact, according to NCA’s 2021 Oh Behave! Report, only 43% of participants reported creating long and unique passwords for their online accounts “very often” or “always”. Additionally, almost a third (28%) stated that they didn’t do this at all. Embracing unique and strong passwords is a huge and simple step to securing your home from all types of cyber threats.[/cz_title]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

[cz_image id=”cz_48022″ image=”17400″][/cz_image]

[cz_title id=”cz_67663″]

Install Firewalls and Security Software On All Devices

Firewalls are essential because they help keep hackers from using your device which otherwise could result in your personal information being sent out without your permission. They guard and watch for attempts to access your system while blocking communications with sources you don’t permit. Installing a firewall on wireless routers is a necessity. Furthermore, make sure all devices that are connected to the wireless network have security software systems installed and updated. Many of these gadgets have automatic update features, so households should make sure they are on for all available technology. The most up-to-date security software, web browsers, and operating systems are the best defense against online threats such as viruses and malware.[/cz_title]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

[cz_image id=”cz_41219″ image=”17401″][/cz_image]

[cz_title id=”cz_54694″]

Back-Up All Household Data

While steps can be taken to avoid your network, devices and accounts being hacked or compromised, they can never be 100% effective. Households need to embrace backing up data, especially as it relates to important information. Users can protect their valuable work, photos, and other digital information by making electronic copies of important files and storing them safely. This can be done using cloud software in addition to manual storing devices like USBs. Regardless, storing data in an alternative location that is safe and secure provides another layer of protection.

Taking simple, proactive steps to keep family, friends, and yourself safe from cyber criminals inside your household should no longer be viewed as optional but rather a necessity. Between technological devices being introduced and updated at a rapid pace and employees continuing to embrace working from home in some capacity, everyone has an ethical responsibility to actively minimize the risks of breaches and attacks inside their home.

[/cz_title]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

[cz_image css_position=”relative;display: table;margin:0 auto” link_type=”custom” id=”cz_103096″ image=”16120″ link=”url:http%3A%2F%2Fstaysafeonline.org%2Fcybersecurity-awareness-month%2F|target:_blank”][/cz_image]

[cz_gap height_tablet=”8px” height_mobile=”7px”]

The post Cybersecurity in the Home appeared first on Les Olson IT.

4 Tips to Keep Your Business Safe and Secure

Brittany Monson — Fri, 28 Oct 2022 15:26:16 +0000

[cz_image id=”cz_28376″ image=”17397″][/cz_image]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_110338″]

4 Tips to Keep Your Business Safe and Secure

Keeping information safe and secure is a challenging development for businesses of all sizes over the last few years. Expeditious shifts from in-person to online to hybrid workplaces forced companies to change, or at least reexamine, their cybersecurity practices and protocols, and far too often they weren’t prepared. In fact, according to Cyber Edge’s Cyberthreat Defense Report, 85% of organizations suffered from a successful cyberattack in 2021.

Now, businesses that have suffered cyberattacks along with companies that’ve been fortunate enough to avoid being a victim of breaches and hacks are looking at ways they can bolster their defenses and safeguard their data. But which plans, practices, and services should these organizations invest in?

Below are 4 steps businesses of all shapes and sizes can take to better protect themselves against cyber-attacks:[/cz_title]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_image id=”cz_102562″ image=”17399″][/cz_image][cz_title id=”cz_74799″]

Identify “Crown Jewels” of Your Business

Understanding what information cybercriminals are after most is essential to combating cyber-attacks. Therefore, creating an inventory list of the valuable data and assets within your organization, including manufacturer, model, hardware, and software information, is of the utmost importance. In addition, take note of who has access to important data and information while also accounting for all storage locations. This practice will ensure that business leaders have a track record of accessibility so that they know where to look in case of a vulnerability or breach.[/cz_title]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_image id=”cz_105277″ image=”17400″][/cz_image]

[cz_title id=”cz_105770″]

Protect Assets by Updating and Authenticating

At the end of the day, protecting your data and devices from malicious actors is what cybersecurity is all about. To accomplish this, make sure your security software is current. Investing in the most up to date software’s, web browsers, and operating systems is one of the best defenses against a host of viruses, malware, and other online threats. Furthermore, make sure these devices have automatic updates turned on, so employees aren’t tasked with manually updating devices. Additionally, make sure all data is being backed up either in the cloud or via separate hard drive storage.

Another important way to keep your assets safe is by ensuring staff are using strong authentication to protect access to accounts and ensure only those with permission can access them. This includes strong, secure, and differentiated passwords. According to a 2021 PC Mag study, 70% of people admit they use the same password for more than one account. Using weak and similar passwords makes a hacker’s life a lot easier and can give them access to more materials than they could dream of. Finally, make sure employees are using multi-factor authentication. While this may result in a few extra sign-ins, MFA is essential to safeguarding data and can be the difference between a successful and unsuccessful breach.[/cz_title]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”][cz_image id=”cz_66083″ image=”17401″][/cz_image]

[cz_title id=”cz_59373″]

Monitor and Detect Suspicious Activity

Companies must always be on the lookout for possible breaches, vulnerabilities, and attacks, especially in a world where many often go undetected. This can be done by investing in cybersecurity products or services that help monitor your networks such as antivirus and antimalware software. Moreover, make sure your employees and personnel are following all established cybersecurity protocols before, during, and after a breach. Individuals who ignore or disregard important cybersecurity practices can compromise not only themselves, but the entire organization. Paying close attention to whether your company is fully embracing all your cybersecurity procedures and technology is incumbent upon business leaders.

.[/cz_title]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_image id=”cz_60998″ image=”17402″][/cz_image]

[cz_title id=”cz_63888″]

Have a Response Plan Ready

No matter how many safeguards you have in place, the unfortunate reality is that cyber incidents still occur. However, responding in a comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, businesses should have a cyber incident response plan ready to go prior to a breach. In it, companies should embrace savvy practices such as disconnecting any affected computers from the network, notifying their IT staff or the proper third-party vendors, and utilizing any spares and backup devices while continuing to capture operational data.

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_image css_position=”relative;display: table;margin:0 auto” link_type=”custom” id=”cz_57025″ image=”16120″ link=”url:http%3A%2F%2Fstaysafeonline.org%2Fcybersecurity-awareness-month%2F|target:_blank”][/cz_image]

[cz_gap height=”55px” height_tablet=”10px” height_mobile=”10px”]

[cz_image id=”cz_63489″ image=”17219″][/cz_image]

[cz_gap height_tablet=”10px” height_mobile=”10px”][cz_title id=”cz_45205″]

Cyber Security Summit Videos are Up!

[/cz_title][cz_button title=”Watch Now!” btn_position=”cz_btn_center” text_effect=”cz_btn_txt_move_down” id=”cz_79326″ link=”url:https%3A%2F%2Flesolson.com%2Fsecuritysummit%2F|title:Security%20Summit” sk_button=”border-radius:5px;padding-left:30px;padding-right:30px;text-align:center;font-size:24px;line-height:20px;background-color:unset !important;background-image:linear-gradient(0deg,#5b0000,#ba0230);” sk_hover=”color:#ffffff;” sk_icon=”border-radius:4px;padding:10px 10px 10px 10px;margin-left:-8px;margin-right:12px;background-color:#ffffff;” alt_title=”Cybersecurity Info” alt_subtitle=”FREE FREE FREE”]

The post 4 Tips to Keep Your Business Safe and Secure appeared first on Les Olson IT.

The Anatomy of a Data Breach: What are They and What to do When You Spot One?

Brittany Monson — Mon, 17 Oct 2022 23:40:08 +0000

[cz_image id=”cz_47371″ image=”17357″][/cz_image]

[cz_title id=”cz_54269″]Arguably no phrase has dominated the tech world in the last 24 months more than the term “data breach.” From breaches that have impacted critical infrastructure like the Colonial Pipeline to hackers compromising healthcare records at UC San Diego Health, the last two years have been saturated by headlines of cybersecurity mishaps. Yet, despite the prevalence of the breach-centric news cycle, many everyday individuals may not know what exactly a data breach is, how they typically start, and why they occur.

According to IBM, the average time it takes to identify that a breach has occurred is 287 days, with the average time to contain a breach clocking in at 80 days. And with 81% of businesses experiencing a cyberattack during COVID, it is essential that individuals are familiar with the anatomy of a data breach so that they can keep their data, as well as their colleague’s and customers’ data, safe.

With that in mind, here is some helpful background on what data breaches are and why they are so problematic.[/cz_title]

[cz_title id=”cz_36093″]

What is a data breach?

While it may seem like a complex concept, once the jargon is removed, a data breach is straightforward to explain. According to Trend Micro, a data breach is “an incident where information is stolen or taken from a system without the knowledge or authorization of the system’s owner.” And while data breaches can be the result of a system or human error, a vast majority of data breaches are the result of cyber-attacks, where a cybercriminal gains unlawful access to sensitive system data. In fact, 92% of the data breaches in Q1 2022 were the result of cyberattacks.

What kind of data can be breached?

Unfortunately, cybercriminals look to get their hands on any information that they possibly can ranging from more obvious sensitive information such as social security numbers and credit card information to more obscure data like past purchase history.

What are some of the tactics used to execute data breaches?

Cybercrime is getting more sophisticated each day. However, cyberattack tactics do not have to be cutting-edge or advanced to be very effective. Here are a few examples of popular tactics used by cybercriminals:[/cz_title]

[cz_gap height=”100px”]

[cz_service_box type=”vertical” title=”Malware” icon=”fa fa-check” id=”cz_21794″ sk_overall=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;padding:30px 40px 40px 40px;border-width:3px 3px 3px 3px;margin-top:0px;” sk_title=”font-size:36px;color:#ba0230;font-weight:400;” sk_icon=”font-size:36px;color:#ba0230;” sk_icon_con=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;border-width:3px 3px 3px 3px;margin-top:5px;” cz_service_box=””]Another tried-and-true method for cybercriminals is malware. Malware is malicious software that secretly installs itself on devices – often by way of a user engaging with fake links and content – and quietly gains access to the data on an individual’s device or a business network.[/cz_service_box]

[cz_service_box type=”vertical” title=”Phishing” icon=”fa fa-check” id=”cz_56040″ sk_overall=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;padding:30px 40px 40px 40px;border-width:3px 3px 3px 3px;margin-top:0px;” sk_title=”font-size:36px;color:#ba0230;font-weight:400;” sk_icon=”font-size:36px;color:#ba0230;” sk_icon_con=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;border-width:3px 3px 3px 3px;margin-top:5px;” cz_service_box=””]Phishing is when a cybercriminal pretends to be a legitimate party in hopes of tricking an individual into giving them access to personal information. Phishing is one of the oldest tricks in the book for cybercriminals, but it is just as effective as ever. For example, 80% of security incidents and 90% data breaches stem from phishing attempts[/cz_service_box]

[cz_service_box type=”vertical” title=”Password Attack” icon=”fa fa-check” id=”cz_43298″ sk_overall=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;padding:30px 40px 40px 40px;border-width:3px 3px 3px 3px;margin-top:0px;” sk_title=”font-size:36px;color:#ba0230;font-weight:400;” sk_icon=”font-size:36px;color:#ba0230;” sk_icon_con=”border-bottom-style:solid;border-color:#cccccc;border-top-style:solid;border-right-style:solid;border-left-style:solid;border-width:3px 3px 3px 3px;margin-top:5px;” cz_service_box=””]Through password attacks, cybercriminals look to gain access to sensitive data and networks by way of “cracking” user passwords and using these credentials to get into networks and extract data from a given network.[/cz_service_box]

[cz_gap height=”100px”]

[cz_title id=”cz_81201″]

How to spot a possible breach?

The best way to stop a data breach is to stop it before it even starts. This includes taking steps from making sure passwords are long and complex to reporting suspicious emails. If you do suspect that you have been the victim of a breach, immediately contact your IT department or device provider to notify them and follow subsequent protocols to help them scan, detect, and remediate any issues that exist.[/cz_title]

The post The Anatomy of a Data Breach: What are They and What to do When You Spot One? appeared first on Les Olson IT.

Les Olson IT Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion

Brittany Monson — Wed, 28 Sep 2022 21:54:40 +0000

[cz_image id=”cz_106251″ image=”17297″][/cz_image][cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_65462″]Building on annual success Cybersecurity Awareness Month 2022 is set to highlight the growing importance of cybersecurity in our daily lives and look to empower everyday individuals and businesses to take cybersecurity steps by making cyber more accessible[/cz_title]

[cz_gap height=”40px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_34924″]Les Olson IT today announced that it has signed on as Champion for Cybersecurity Awareness Month 2022. Founded in 2004, Cybersecurity Awareness Month, held each October, is the world’s foremost initiative aimed at promoting cybersecurity awareness and best practices. The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations, and individuals committed to the Cybersecurity Awareness Month theme of ‘It’s easy to stay safe online.’

[/cz_title]

[cz_quote name=”John Huston” subname=”Corporate Managed IT Sales Manager at Les Olson IT” rating=”” quote_position=”absolute;top: calc(50% – 60px);right: calc(50% – 60px)” id=”cz_54277″ sk_name=”font-size:26px;color:#ba0230;font-weight:700;”]We are excited to bring free educational content to our community and share best practices for building a cybersecurity culture for your business.[/cz_quote]

[cz_title id=”cz_64844″]From mobile to connected home devices, technology is becoming more intertwined with our lives every day. And while the evolution of technology is moving at the speed of sound, cybercriminals are working just as hard to find ways to compromise technology and disrupt personal and business life. Cybersecurity Awareness Month aims to highlight some of the emerging challenges that exist in the world of cybersecurity today and provide straightforward actionable guidance that anyone can follow to create a safe and secure digital world for themselves and their loved ones.

This year, Cybersecurity Awareness Month’s main focal areas revolve around four key fundamental cybersecurity best practices:[/cz_title]

[cz_stylish_list id=”cz_27133″ items=”%5B%7B%22title%22%3A%22Recognizing%20and%20reporting%20phishing%20%22%2C%22subtitle%22%3A%22is%20still%20one%20of%20the%20primary%20threat%20actions%20used%20by%20cybercriminals%20today.%22%2C%22icon_type%22%3A%22icon%22%2C%22icon%22%3A%22fa%20czico-071-interface-1%22%2C%22icon_color%22%3A%22%23ba0230%22%7D%2C%7B%22title%22%3A%22Understanding%20the%20benefits%20of%20using%20a%20password%20manager%22%2C%22subtitle%22%3A%22and%20dispelling%20existing%20myths%20around%20password%20manager%20security%20and%20ease%20of%20use.%22%2C%22icon_type%22%3A%22icon%22%2C%22icon%22%3A%22fa%20czico-071-interface-1%22%2C%22icon_color%22%3A%22%23ba0230%22%7D%2C%7B%22title%22%3A%22Enabling%20multi-factor%20authentication%22%2C%22subtitle%22%3A%22on%20personal%20devices%20and%20business%20networks.%20%22%2C%22icon_type%22%3A%22icon%22%2C%22icon%22%3A%22fa%20czico-071-interface-1%22%2C%22icon_color%22%3A%22%23ba0230%22%7D%2C%7B%22title%22%3A%22Installing%20updates%20on%20a%20regular%20basis%22%2C%22subtitle%22%3A%22and%20turning%20on%20automated%20updates.%22%2C%22icon_type%22%3A%22icon%22%2C%22icon%22%3A%22fa%20czico-071-interface-1%22%2C%22icon_color%22%3A%22%23ba0230%22%7D%5D” sk_icons=”font-size:36px;” sk_overall=”padding-left:2em;”]

[cz_gap height=”30px” height_tablet=”10px” height_mobile=”10px”][cz_title id=”cz_20387″]Now in its 19th year, Cybersecurity Awareness Month continues to build momentum and impact with the goal of providing everyone with the information they need to stay safer and more secure online. Les Olson IT is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

For more information about Cybersecurity Awareness Month 2022 and how to participate in a wide variety of activities, visit staysafeonline.org/cybersecurity-awareness-month/. You can also follow and use the official hashtag #BeCyberSmart on social media throughout the month.[/cz_title]

[cz_gap height=”35px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_100357″ cz_title=””]

About Les Olson IT Security Summit Event

Save the Date for our Les Olson IT Cybersecurity Summit. October 12th in honor of Cybersecurity Awareness Month. We have a passion for security and want our families, communities, and businesses to be protected. The threat landscape is always changing and we’ve put together a strong lineup of experts in their fields to share with our local business leaders the vision of what they can do to lead with cybersecurity in mind. The event will be tailored to business executives no matter their skill level in IT, but IT leadership will benefit as well. Registration is open now for both virtual an in person attendance. I Hope to see you there. For more information, visit https://lesolson.redpeppersoftware.net/security-summit/[/cz_title]

[cz_gap height=”35px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_74109″]

About Cybersecurity Awareness Month

Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state, and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/[/cz_title]

[cz_gap height=”35px” height_tablet=”10px” height_mobile=”10px”]

[cz_title id=”cz_95862″]About National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and foster a greater “digital” good. National Cybersecurity Alliance’s core efforts include Cybersecurity Awareness Month (October); Data Privacy Week (Jan. 24-28th); and Cybersecure My Business, which offers webinars, web resources, and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.[/cz_title]

The post Les Olson IT Announces Commitment to Growing Global Cybersecurity Success by Becoming a Cybersecurity Awareness Month 2022 Champion appeared first on Les Olson IT.

3 Fundamentals for Shoring Up Phishing Defenses

Brittany Monson — Thu, 07 Oct 2021 23:32:56 +0000

[cz_image fx_hover=”cz_image_zoom_in” id=”cz_76584″ image=”16150″][/cz_image]

[cz_title id=”cz_103138″]

Week 2: 3 Fundamentals for Shoring Up Phishing Defenses

From Ransomware to SolarWinds, the cybersecurity space has been as hectic as it has ever been over the last 12-24 months. However, for all of the emerging threats and news that are cropping up on the horizon, phishing — one of the oldest pain points in cybersecurity — is continuing to quietly wreak havoc, and is as big of a threat as it has ever been.

Despite often being overlooked in terms of hype, phishing has been a mainstay in the cybersecurity threat landscape for decades. In fact, 43 percent of cyberattacks in 2020 featured phishing or pre-texting, while 74 percent of US organizations experienced a successful phishing attack last year alone. That means that phishing is one of the most dangerous “action varieties” to an organization’s cybersecurity health. As a result, the need for proper anti-phishing hygiene and best practices is an absolute must.

With that in mind, here are a few quick best practices and tips for dealing with phishing threats.

1- Know the Red Flags

Phishes are masters of making their content and interactions appealing. From content design to language, it can be difficult to discern whether content is genuine or a potential threat, which is why it is so important to know the red flags. Awkward and unusual formatting, overly explicit call outs to click a hyperlink or open an attachment, and subject lines that create a sense of urgency are all hallmarks that the content you received could be potentially from phish and indicate that it should be handled with caution.

2- Verify the Source

Phishing content comes in a variety of ways, however, many phishes will try to impersonate someone you may already know — such as a colleague, service provider or friend — as a way to trick you into believing their malicious content is actually trustworthy. Don’t fall for it. If you sense any red flags that something may be out of place or unusual, reach out directly to the individual to confirm whether the content is authentic and safe. If not, break-off communication immediately and flag the incident through the proper channels.

3- Be Aware of Vishing and Other Phishing Offshoots

As more digital natives have come online and greater awareness has been spread about phishing, bad actors have begun to diversify their phishing efforts beyond traditional email. For example, voice phishing — or vishing — has become a primary alternative for bad actors looking to gain sensitive information from unsuspecting individuals. Similar to conventional phishing, vishing is typically executed by individuals posing as a legitimate organization — such as a healthcare provider or insurer — and asking for sensitive information. Simply put, it is imperative that individuals be wary of any sort of communication that asks for personal information whether it be via email, phone or chat — especially if the communication is unexpected. If anything seems suspicious, again, break-off the interaction immediately and contact the company directly to confirm the veracity of the communications.

Phishing may be “one of the oldest tricks in the book,” but it is still incredibly effective. And although it may be hard to spot when you may be in the midst of a phishing attempt, by exercising caution and deploying these few fundamentals, individuals and organizations more broadly can drastically mitigate the chances of falling victim to a phishing attack.[/cz_title][cz_image css_position=”relative;display: table;margin:0 auto” id=”cz_36078″ image=”16120″ css_width=”50%”][/cz_image]

[cz_gap height=”25px”][cz_title id=”cz_59603″]

Does your businesses cybersecurity method have you up during the night with worry?

Are you looking for options to help you rest easy? Get a consult with one of our Expert IT Specialists for a Free Network Analysis and get risk score that will tell you how secure your network is.[/cz_title][cz_gap height=”30px”][cz_button title=”Learn More about Les Olson Company’s” btn_position=”cz_btn_block” btn_effect=”cz_btn_fill_right” sk_button=”font-size:17px;color:#ffffff;font-family:Assistant;background-color:#ba0230;border-style:solid;” id=”cz_36193″ link=”url:https%3A%2F%2Flesolson.com%2Fservices%2Fcybersecurity%2F” sk_hover=”color:#ffffff;background-color:#e9283b;” subtitle=”Business Cyber Security Offerings”]

[cz_image link_type=”custom” id=”cz_16225″ image=”7812″ link=”url:%2Fservices%2Fit-services%2Fnetwork-analysis%2F|||”][/cz_image]

[cz_title id=”cz_59995″ link=”url:%2Fservices%2Fit-services%2Fnetwork-analysis%2F|||”]

Get a FREE, Comprehensive Network Analysis

Let us provide a no-obligation health assessment of your computer network and business technology. We will analyze your network to identify vulnerabilities. Depending on what we uncover, we will also make suggestions on ways to augment security systems and get more out of your existing technology infrastructure.[/cz_title][cz_gap][cz_button title=”Request Your Free” btn_position=”cz_btn_block” text_effect=”cz_btn_txt_move_down” id=”cz_21447″ subtitle=”NETWORK ANALYSIS” link=”url:%2Fservices%2Fit-services%2Fnetwork-analysis%2F|||” sk_button=”font-size:18px;text-align:center;line-height:20px;background-color:#ba0230;padding-right:30px;padding-left:30px;border-radius:0px;” sk_hover=”color:#ffffff;background-color:#e8283b;” sk_subtitle=”font-size:17px;color:rgba(255,255,255,0.6);font-weight:400;” sk_icon=”border-radius:4px;padding:10px 10px 10px 10px;margin-left:-8px;margin-right:12px;background-color:#ffffff;”]

The post 3 Fundamentals for Shoring Up Phishing Defenses appeared first on Les Olson IT.

Coronavirus Phishing Scams on the Rise

Marie Bradshaw — Tue, 31 Mar 2020 13:58:32 +0000

[cz_image id=”cz_60892″ image=”13009″][/cz_image][cz_gap height=”25px”][cz_title id=”cz_40263″ cz_title=””]It’s unfortunate, but wherever there’s fear and chaos, you’ll find people willing to take advantage of it. Such is the case with hackers and scammers looking to enrich themselves by tricking unsuspecting people during the Coronavirus pandemic.

Scammers use phishing emails to gain access to your network by tricking you into clicking links that allow them to install malware and ransomware. They also try to get you to give up your sensitive information like account numbers, passwords, even Social Security Numbers. All of us would like to believe we’re too smart to fall for phishing attempts, but the truth is that scammers are increasingly clever and convincing. Their emails look legitimate, and it can take more than a second look to tell the fakers apart from the real deal.

The problem is only exacerbated when everyone is hungry for news, information, and solutions to an overwhelming problem. People are much more likely to click on phishing emails now. An example of an email designed to capitalize on fears of Coronavirus is one that appears to be from the World Health Organization. It urges users to click a button and download a document on safety measures. It looks legitimate enough, but actually is a huge red flag. You should avoid clicking any links on emails coming from outside your organization.[/cz_title][cz_gap height=”25px”][cz_image css_position=”relative;display: table;margin:0 auto” id=”cz_50812″ image=”13011″ sk_css=”box-shadow:2px 2px 10px 0px #323232;”][/cz_image][cz_gap height=”25px”][cz_title id=”cz_105812″ cz_title=””]Another concerning trend is hackers circulating bogus Coronavirus tracking websites and maps, disguised as reliable resources, but designed to install ransomware and malicious software.

Here are Some Examples of Red Flag Content Relating to Coronavirus:

Online sellers claiming they have in-demand products like face masks, medical supplies, and hand sanitizer. They just want you to click the link to their online store.
Emails, text messages and phone calls about getting your stimulus check from the government.
Emails from the Centers for Disease Control and Prevention or the World Health Organization. Scammers are using their reputable names to get you to click links in their emails. You should get your information directly from these organization’s websites. They will not email you.
Online offers for Coronavirus treatments or vaccines.

As a general rule, you should be extremely skeptical of any email that includes links or buttons for you to click, or attachments for you to open. You can’t control what happens once you click that link, so it’s important to be diligent about every email you get. You can hover over a link with your mouse to preview the url. Here is an example of an email from a bad actor, hoping to capitalize on the situation. As you can see, the link in this email looks suspicious, to say the least.[/cz_title][cz_gap height=”25px”][cz_image id=”cz_55608″ image=”13015″ sk_css=”box-shadow:2px 2px 10px 0px #323232;”][/cz_image][cz_gap height=”25px”][cz_title id=”cz_54535″ cz_title=””]Remember, there are many official resources for getting the information you need, so when you see that email with Coronavirus in the subject, take a deep breath and consider deleting it.[/cz_title]

[cz_gap height=”30px” id=”cz_62034″][cz_title id=”cz_88606″ cz_title=””]

Download Our Infographic

[/cz_title][cz_image fx_hover=”cz_image_zoom_in” link_type=”custom” id=”cz_80785″ image=”13018″ link=”url:http%3A%2F%2Flesolson.com%2Fwp-content%2Fuploads%2F2020%2F03%2Fcoronavirus-phishing-Infographic.pdf|||”][/cz_image][cz_gap height=”30px” id=”cz_62034″]

[cz_content_box type=”1″ fx_hover=”fx_inner_line_hover” id=”cz_39112″ sk_overall=”background-repeat:no-repeat;background-size:contain;background-image:url(https://lesolson.redpeppersoftware.net/wp-content/uploads/2019/12/Artboard-1cybersecuritytraining.png),linear-gradient(90deg,#f4f4f4,#f4f4f4);padding-top:50px;padding-bottom:35px;padding-left:50px;” back_content=”Quickly foster with resource maximizing” sk_back=”background-color:#ba0230;border-radius:10px;” sk_back_in=”color:#ffffff;” back_btn_link=”url:http%3A%2F%2Fxtratheme.com%2Ffashion-shop%2Fproducts%2F|||” sk_back_btn=”color:#000000;background-color:#ffffff;border-radius:4px;” sk_back_btn_hover=”color:#ffffff;background-color:rgba(0,0,0,0.76);” back_title=”59% OFF FOR WOMEN CLOTHES” back_btn_title=”Check Collection” link=”|||”][cz_title title_pos=”cz_title_pos_left” id=”cz_84253″ link=”url:%2Fwp-content%2Fuploads%2F2019%2F04%2FGood-Copier-Vendor-Checklist.pdf|||” sk_overall=”background-color:rgba(255,255,255,0.84);”]

REQUEST YOUR

FREE EMPLOYEE

CYBERSECURITY TRAINING

[/cz_title][cz_gap][cz_button title=”Learn About Our” btn_position=”cz_btn_block” text_effect=”cz_btn_txt_move_down” id=”cz_71392″ subtitle=”SECURITY TRAINING” link=”url:%2Fservices%2Fcybersecurity%2Femployee-cybersecurity-training%2F|||” sk_button=”font-size:18px;text-align:center;line-height:20px;background-color:#ba0230;padding-right:30px;padding-left:30px;border-radius:0px;” sk_hover=”color:#ffffff;background-color:#e8283b;” sk_subtitle=”font-size:17px;color:rgba(255,255,255,0.6);font-weight:400;” sk_icon=”border-radius:4px;padding:10px 10px 10px 10px;margin-left:-8px;margin-right:12px;background-color:#ffffff;”][/cz_content_box]

The post Coronavirus Phishing Scams on the Rise appeared first on Les Olson IT.

5 Tips for Avoiding Phishing Email Scams

Marie Bradshaw — Mon, 17 Feb 2020 16:58:34 +0000

[cz_image id=”cz_69434″ image=”12390″][/cz_image][cz_gap height=”25px”][cz_title id=”cz_93416″ cz_title=””]Cyber security has become one of the most important parts of running a business. One tool none of us can do without is email, but sometimes even the best of us make emailing mistakes that can put us at risk for email scams. Make sure you and your employees know these simple tips for recognizing and avoiding phishing attempts so they can do their par to improve email security in your organization.

1. Pay attention to the sender.

Before you open an email, consider whether you know the email sender. If it’s from an organization, person or email address you don’t recognize or they are emailing you about something that has nothing to do with your position, that should be cause for concern.

2. Be wary of emails that ask you for information.

Obviously your bank would never email you asking you to provide information regarding your account but hackers send very convincing emails that are specifically designed to trick you. If you get any email prompting you for information, you should think twice before providing it. If you have an account with an organization that sends you a suspicious email, go to their website (without clicking the links in the email) and log in or look up their phone number and call them directly regarding the email.

3. Check hyperlinks before you click them.

All you have to do is hover over a hyperlink to see where it’s going to take you. When in doubt, just hover over it with your mouse and make sure you’ll be taken to a trusted destination. If the url looks different than where the email claims it will take you, or doesn’t look familiar, don’t click on it.

4. Be on the look out for tricky email and web addresses.

Many times hackers will impersonate reputable companies to gain your trust. Look carefully at the company name in the email address or website. At first glance it may look like a familiar business name but upon further inspection, you may notice something’s not quite right. Certain letters in the name might be switched around or missing, for example, Les Oslon Compny. Looks familiar right? But did you notice something is off? People tend not to notice when just one letter is missing or rearranged in a word upon first glance, so hackers take advantage of this knowledge. Their website might also be slightly different from the organization’s official website.

5. Pay attention to who else the email was sent to.

Was the email sent to other people you don’t know or a group of very random people at your organization? That’s suspicious. This would suggest the email is being sent by a person who is not familiar with your organization, or by a person who is sending it to as many people as possible, in hopes they can trick one or two.

So you think you’ve received as suspicious email. What now? If you’re worried about an email, always forward it to your network administrator. They will want to know if these types of emails are being sent to people within your company so they can respond accordingly. Don’t have a network administrator? Learn how Les Olson Company can help keep your network secure through Managed IT Serivices.[/cz_title][cz_gap height=”25px”]

[cz_gap height=”30px” id=”cz_62034″][cz_content_box type=”1″ fx_hover=”fx_inner_line_hover” id=”cz_19454″ sk_overall=”background-repeat:no-repeat;background-position:right top;background-size:contain;background-image:url(https://lesolson.redpeppersoftware.net/wp-content/uploads/2019/11/Artboard-1NetworkAnalysis.png),linear-gradient(90deg,#f4f4f4,#f4f4f4);padding-top:50px;padding-bottom:35px;padding-left:50px;” back_content=”Quickly foster with resource maximizing” sk_back=”background-color:#ba0230;border-radius:10px;” sk_back_in=”color:#ffffff;” back_btn_link=”url:http%3A%2F%2Fxtratheme.com%2Ffashion-shop%2Fproducts%2F|||” sk_back_btn=”color:#000000;background-color:#ffffff;border-radius:4px;” sk_back_btn_hover=”color:#ffffff;background-color:rgba(0,0,0,0.76);” back_title=”59% OFF FOR WOMEN CLOTHES” back_btn_title=”Check Collection” link=”|||”][cz_gap height=”35px”][cz_title title_pos=”cz_title_pos_left” id=”cz_27621″ link=”url:%2Fwp-content%2Fuploads%2F2019%2F04%2FGood-Copier-Vendor-Checklist.pdf|||” sk_overall=”background-color:rgba(255,255,255,0.84);”]

GET A FREE,

COMPREHENSIVE

NETWORK ANALYSIS

[/cz_title][cz_gap][cz_button title=”Request Your Free” btn_position=”cz_btn_block” text_effect=”cz_btn_txt_move_down” id=”cz_21447″ subtitle=”NETWORK ANALYSIS” link=”url:%2Fservices%2Fit-services%2Fnetwork-analysis%2F|||” sk_button=”font-size:18px;text-align:center;line-height:20px;background-color:#ba0230;padding-right:30px;padding-left:30px;border-radius:0px;” sk_hover=”color:#ffffff;background-color:#e8283b;” sk_subtitle=”font-size:17px;color:rgba(255,255,255,0.6);font-weight:400;” sk_icon=”border-radius:4px;padding:10px 10px 10px 10px;margin-left:-8px;margin-right:12px;background-color:#ffffff;”][cz_gap height=”35px”][/cz_content_box][cz_gap height=”30px” id=”cz_62034″]

[cz_gap height=”30px” id=”cz_62034″][cz_content_box type=”1″ fx_hover=”fx_inner_line_hover” id=”cz_39112″ sk_overall=”background-repeat:no-repeat;background-size:contain;background-image:url(https://lesolson.redpeppersoftware.net/wp-content/uploads/2019/12/Artboard-1cybersecuritytraining.png),linear-gradient(90deg,#f4f4f4,#f4f4f4);padding-top:50px;padding-bottom:35px;padding-left:50px;” back_content=”Quickly foster with resource maximizing” sk_back=”background-color:#ba0230;border-radius:10px;” sk_back_in=”color:#ffffff;” back_btn_link=”url:http%3A%2F%2Fxtratheme.com%2Ffashion-shop%2Fproducts%2F|||” sk_back_btn=”color:#000000;background-color:#ffffff;border-radius:4px;” sk_back_btn_hover=”color:#ffffff;background-color:rgba(0,0,0,0.76);” back_title=”59% OFF FOR WOMEN CLOTHES” back_btn_title=”Check Collection” link=”|||”][cz_gap height=”35px”][cz_title title_pos=”cz_title_pos_left” id=”cz_84253″ link=”url:%2Fwp-content%2Fuploads%2F2019%2F04%2FGood-Copier-Vendor-Checklist.pdf|||” sk_overall=”background-color:rgba(255,255,255,0.84);”]

REQUEST YOUR

FREE EMPLOYEE

CYBERSECURITY TRAINING

The post 5 Tips for Avoiding Phishing Email Scams appeared first on Les Olson IT.

National Cybersecurity Awareness Month: Ensuring Online Safety at Work

Marie Bradshaw — Thu, 18 Oct 2018 16:23:41 +0000

[cz_image id=”cz_22940″ image=”12167″][/cz_image][cz_gap height=”25px”][cz_title id=”cz_59386″ cz_title=””]It’s National Cybersecurity Month. This week we’re exploring cybersecurity in the workplace. Untrained employees can be one of the biggest vulnerabilities to your organization’s network security. Presumably every person in any given organization has their own computer. This makes every employee a potential target for hackers and scammers. A lack of cybersecurity awareness among end users puts businesses at risk due to factors like; phishing, negligence and thoughtless clicking of links. Here are some tips to ensure your employees know how to avoid putting your organization at risk.

#1 Create a Culture of Cybersecurity

It’s important to create an office culture that emphasizes the importance of staying safe online. All employees should have the understanding it’s the shared responsibility of everyone in the office to ensure cybersecurity. You probably have an I.T. department tasked with protecting the organization from cyber attacks, but all it takes is a mistake by one employee to allow an attacker access to your network.

#2 Create a Cybersecurity Policy & Provide Training

A Cybersecurity Policy is a document that should outline specific requirements for appropriate use of your organization’s devices, data, internet, email, passwords, etc. Your policy should apply to each employee, as well as contractors and any other person with access to your network and data. We highly recommend using one of the many templates available online, they will serve as an excellent starting point. Once you have a clear Cybersecurity Policy in place, make sure each employee gets a copy and hold a company-wide training to make sure everyone understands what is expected.

#3 Encourage Strong Passwords & Responsible Management

Encourage your employees to only use strong passwords that can’t be easily guessed or stolen. Passwords should be at least 8 characters long, use a mix of upper and lowercase letters and contain special characters. Passwords should never include things like birth dates or names or people and should be changed frequently. All employees should avoid writing their passwords down. If there are many different passwords that are hard to remember, consider a secure password keeper. Exchanging of credentials should also be avoided. Check out our helpful guide on how to make a strong password.

#4 Educate About Spam & Phishing

Phishing emails and calls are one of the most common risks your employees will face at work. Educating them about spotting and avoiding these attempts is critical. Train employees to be critical of things like vague titles, grammar mistakes, attachments, and unknown senders. In addition to the obvious attempts, make sure they understand that many phishing emails are sophisticated and designed to trick you into acting. Emails could appear to be from someone at the company or even a familiar organization. Teach employees to hover over any hyperlinks to preview where they will be taken if clicked. More detailed information about phishing attacks can be found here.[/cz_title][cz_gap height=”25px”]

[cz_title id=”cz_24372″ cz_title=””]

#5 Communicate About New Threats & Scams

Be sure to keep your employees informed about new threats. If there’s a particular phishing email going around or a breach, make sure they know about it. US-CERT (United States Computer Emergency Readiness Team) has a great resource for alerts on current security issues.

#6 Require Installation of Updates & Patches

Make sure employees know they are expected to install all available updates and patches. No clicking “maybe later”. These updates and patches often include the solution to combating the latest vulnerabilities. If you have an in-house I.T. team, have them double check that everyone is up to date.

#7 Remind Them to Lock Their Devices

Employees should be expected to keep devices password protected and lock them when not in use.

#8 Test Them

There are many great solutions for phishing simulation awareness training. Fake phishing emails are sent to your employees, allowing you to identify and address potential weak spots without ever putting your network in harm’s way.

#9 Discourage Unauthorized Software Downloads

We recommend requiring employees to check with your network administrator before downloading software to their computer’s. Even programs that are commonly downloaded onto home computers without a second thought can open your network up to risks like ransomware. Many times the software being downloaded and installed by employees is not even work related.

#10 Limit Internet Access or Establish Browsing Rules

If you’re not blocking employees from certain websites then it’s important to at least establish browsing rules. An internet usage policy should be outlined in your policy. This will help employees avoid risky behaviors like downloading questionable material, sending confidential information, visiting unsecured websites, and more.[/cz_title]

GET A FREE,

COMPREHENSIVE

NETWORK ANALYSIS

REQUEST YOUR

FREE EMPLOYEE

CYBERSECURITY TRAINING

The post National Cybersecurity Awareness Month: Ensuring Online Safety at Work appeared first on Les Olson IT.

Tips to Avoid the Microsoft Support Phone Scam

Marie Bradshaw — Tue, 16 Feb 2016 17:21:55 +0000

[cz_image id=”cz_89989″ image=”11780″][/cz_image][cz_gap height=”25px”][cz_title id=”cz_19416″ cz_title=””]Recently, Microsoft “Tech Support” Phone Scams have been carried out even more frequently than usual. You may get a phone call from someone claiming to be a Microsoft Support Technician. Be prepared so you can protect yourself and your business from becoming the prey of scammers.

HOW THE SCAM WORKS
Someone claiming to be a support technician with Microsoft (or another tech company) will call your office or even your personal phone to let you know that your computer has “registered a problem” and they can help you fix it.

They will then attempt to persuade you to download software that will allow them to gain remote access to your computer or direct you to fraudulent sites with the promise of “fixing your computer.” While there are legitimate remote help sites used by honest technicians, installing such applications at the request of a stranger claiming to be a technical support technician can result in your computer being compromised.

Many times they will try to get you to provide them with usernames, passwords, credit card numbers or other personal information. They may even request card information so they can “bill” you for their phony services. Some scammers can be quite convincing and seem very knowledgeable about your business.

THE FIRST THING YOU SHOULD KNOW
While many companies including Microsoft and Les Olson Company do offer technical support services – they will NEVER make unsolicited phone calls to ask for money in exchange for computer security or software fixes.

SO YOU SUSPECT YOU’RE TALKING TO A SCAMMER, WHAT NOW?
If you believe that you’re speaking with a scam artist, the best advice is to hang up. While it is best not to engage at all with the scammer, if you find yourself talking with them for any length of time DO NOT give them any information or agree to pay for any software or services. If possible, take down their name and phone number and submit a complaint to the Federal Trade Commission. Complaints help them detect patterns of fraud and abuse. If you receive one of these calls at your office, be sure to let your network administrator know.

Scammers can be very persistent. People have been known to give in to their requests out of sheer exhaustion. No matter how many times they call, they never comply with their instructions.

WHAT IF YOU ALREADY GAVE THEM INFORMATION?
If you think you may have already given a scammer access to your computer or information, it’s important to change your computer’s password, the password to your email account and especially passwords for your financial accounts such as your bank or credit card company. If you think they may have gained access to a work computer, let your network administrator know immediately so they can quickly address the breach. Don’t let embarrassment keep you from telling someone as quickly as possible.

YOUR BEST LINE OF DEFENSE
Your best line of defense is keeping all computer users, whether at home or in your business, informed about this scam. Make sure they know how to recognize this scam and what to do in the event of a fishy phone call.[/cz_title]

GET A FREE,

COMPREHENSIVE

NETWORK ANALYSIS

REQUEST YOUR

FREE EMPLOYEE

CYBERSECURITY TRAINING

The post Tips to Avoid the Microsoft Support Phone Scam appeared first on Les Olson IT.