Monday 2 October 2017

Disasters are Prime Time for Cyber Criminals. How to Think Ahead.

Posted by at 9:26 AM

Disasters and other big news events are “triggers” that move hackers to action. Even before Hurricane Harvey’s wind died down, hackers were already setting up bogus charities designed to exploit good people wanting to help the relief effort. They even created web and social networking sites to further their credibility.

Thinking ahead means understanding how hackers find their victims.

Most people don’t know that cybercriminals are trend watchers. They’re “dark marketers” scoping out  major events filling your thoughts. News aggregate sites like Reddit, Quora and Google Trends show current events state-by-state or nationally—allowing hackers a steady stream of opportunities to create phishing and phone scams related to those events.

Thinking ahead means never saying, “It won’t happen to us.”

Cybercriminals consider small businesses low hanging fruit and it’s why their attacks on small business keeps escalating. In spite of more robust security budgets, big business also suffers under the weight of cybercrime.

Equifax, one of the largest credit reporting agencies in America, recently dropped a bombshell on 143 million Americans that an authorized third party gained access to their customer’s names, dates of birth, Social Security numbers, addresses, and in some cases, credit card numbers. It was a major score for cybercriminals!

Street value of hacked emails is high. Profits are made by selling off SSNs and drivers licenses for as much as $20 a piece to other hackers. Multiply that times millions and hackers had a big payday! Most likely the victims in the sale of Equifax “spoils” are already being contacted in phishing emails, phone and other scams.

Emails are 90% of breaches and attacks. Think ahead about training employees.

Using Equifax as an example again, an attack could look like this. You receive a phishing email that appears to come from Equifax saying, “Your data has been compromised. Go ahead and click this link (or it may be an attachment) and we’ll be able to tell if you’re one of the 143 million who was impacted.” So, you click on the link and the hacker is in your system working its way to your sensitive data.

In a hacker phone scenario, the call might look like this, “Hey this is Ben from Equifax and we’re doing a double check to be sure your information is protected. But, first I’ll need to make sure it’s you. Can you give me your social security number and birthday?”

Other big news events like the death of a celebrity, a compelling human interest story, new disease breakthroughs and holidays like Christmas are just a few of the many opportunities hackers take to enter you system. They just need “one” person in your company—it doesn’t matter what their position, to give them access. Once inside, a hacker can move laterally across your network.

It can’t be emphasized enough, training your employees on email security should be one of the first goals for hacker prevention. If you’re considering managed IT services, Locknet has an affordable product for employee training on internet security that has proven to be quite valuable to our small business customers. (Their employees really like it too.)

Think ahead to build the best line of security defense.

Remember when your parents said don’t talk to strangers? The same advice goes for opening unfamiliar emails. Considering the sophistication of hackers, sorting out legitimate charities can be just as difficult.

Watch for indicators like:

  • Signs of a ‘sound-alike’ of a reputable charity.
  • Refusing to give information on how your donation will be used.
  • Having no proof of their tax-deductible status.
  • High pressure tactics to push for your donation.
  • Asking for cash only donations.
  • Offering guaranteed winnings in exchange for your contribution.

For verification, check with third parties like Charity Navigator or Guidestar to confirm that the charity you’re considering is legitimate. You can also see if they’re registered with your state through the National Association of State Charity Officials.

For our EO Johnson IT team, cybersecurity is personal.

We couldn’t be more happy to be part of Homeland Security’s efforts to get the word out on cyber security this month. Most of the small businesses we serve are built by people who had a dream, put in the hard work and provide excellent service to their customers. Thinking ahead of cybercriminals keeps their momentum going! It’s what we do.