Author: Ashner Solomon

The Safest Way To Shop For Mother’s Day Online

Are you planning on buying gifts for the special women in your life for Mother’s Day? If you shop online, there are a few ways to do it SAFELY. During the holidays, cybercriminals ramp up various scams to capitalize on innocent people looking for gifts online. These scams range from fake offers to sham giveaways, all with the goal of stealing your money and information. Times and technology have changed drastically in just the last year, meaning what kept you safe before is no longer enough. In today’s article, we’ll share the best way to pay for your online purchases, the common scams to look out for and the top online shopping best practices to keep you safe.

How To Make Online Purchases Safely

Should you use your debit card to buy online? No! Debit cards are linked directly to your bank account. If you make a bad purchase online, it can be very difficult to get your money back once you’ve alerted your bank. To avoid headaches, hours on the phone arguing with customer support, losing money and, if things escalate enough, legal fees, use your credit card or a third-party payment system instead.

Credit cards have extensive fraud monitoring systems, which can often catch discrepancies as they occur. These companies use statistical analysis and machine learning to track and analyze your transactions to quickly identify suspicious activity, allowing you to dispute the purchases and avoid being charged.

Some credit card companies, like Capital One, go a step further to keep you secure by offering virtual credit cards. These cards provide you with a random 16-digit number, a three-digit CVV and an expiration date that you can use for online or even in-store purchases. While these DO connect to your real accounts, retailers are unable to see your actual card details, keeping your information secure. Bonus: These can be “turned off” at any time, eliminating the hassle of canceling unneeded subscriptions without going through the merchant.

Third-party tools like PayPal are also a great option because no personal information is exchanged with the seller. The company you’re purchasing from does not receive your financial or banking information, keeping your data secure.

01

 

Online Shopping Best Practices

Using a credit card, virtual card or third-party payment tool is a great start, but it isn’t the only proactive step you should be taking to stay safe online. If you’re making purchases online, make sure you’re also:

 

 

02

 

Shopping from real websites

Cybercriminals will set up fake websites that look exactly like big-name websites. Go to the REAL website and search for the item you’re looking for.

 

 

03

 

Avoid too-good-to-be-true offers

If it sounds like a scam, it’s probably a scam! If you’re interested, go to the website and look up the deal to see if it exists.

 

 

04

 

Do NOT click on promo links in e-mails

Cybercriminals will set up spoof e-mails mirroring your favorite brands. When you click on the offer links, they can infect your network.

 

 

05

 

Use a VPN

This hides your location and web browsing information from snooper

 

 

06

 

Don’t save your information

 Password tools are trying to make your life easier by saving your payment information, but they make you more vulnerable to having it swiped.

 

 

07

 

Use unique logins for loyalty accounts

Using the same e-mail and password combo for all your loyalty accounts means that if one is compromised, a smart hacker could break into all of them, and some will have your payment information available.

 

 

08

 

Set up alerts

 Go into your banking system and enable notifications. You can request to be notified when any purchases or purchases over a certain amount are made, so you can quickly report any suspicious activity.

 

 

Cybercriminals will use any method they can to steal your information and money. To stay safe, you must take a proactive approach to protecting your financial information. This is equally true for your business. If hackers are willing to put this much effort into stealing money for low-dollar purchases, imagine what they would do to access your company accounts. Your customer data, employee information, trade secrets and more can be worth millions to them.

If you’re not sure if your company is as secure as it should be or you just want to get a second set of eyes on your system to make sure there aren’t any holes in your security, we’ll perform a FREE Network Security Assessment for you. We’ll go through our multi-step security checklist and let you know if and where cybercriminals can get into your network.

 

 

 

Cyber-Attack Takes Omni Hotels & Resorts Offline; Here’s How To Travel Safely

Another day, another cyber-attack! In early April, Omni Hotels & Resorts was the victim of a cyber-attack that brought down the entire IT system and led to a company-wide outage. The organization took immediate action and brought the entire network offline to isolate the issue, protect its data and prevent further damage from occurring. Unfortunately, this process heavily impacted the hotel’s operations and day-to-day functions, such as managing reservations, unlocking hotel room doors manually and using point-of-sale (POS) systems in restaurants and shops within the hotel. Some estimates expect this attack to cost the Omni over a million dollars. While unconfirmed by the hotel, several sources speculate that the type of cyber-attack was a ransomware attack similar to what happened to MGM in Las Vegas several months ago.

While most customers were aware of the inconveniences of the Omni outage, many weren’t aware of the dangers associated with cyber-attacks. When a network is compromised, unless you have high-grade tools to protect you, every device you connect to is put at risk. When you’re traveling, it’s important to treat everything like a risk to ensure your safety. In today’s article, we’re sharing a couple of tips to keep you safe when you’re on the road for work or even on vacation this summer.

 

01

 

Don’t connect to the public Wi-Fi in the hotel.

Truthfully, this also applies to coffee shops, airport lounges, etc. If a network is compromised and you connect to it, you could be giving hackers access to your devices.

 

 

02

 

Turn off the auto-connect feature.

Even if you don’t actively connect to the hotel’s Wi-Fi, if a hacker has set up a fake Wi-Fi network and your device auto-connects to it, that could be a big problem. Shut the feature off and only manually connect to sources you trust.

 

 

03

 

Use your phone’s hotspot.

Instead of connecting to public Wi-Fi, most cell phones come equipped with a hotspot that allows your other devices to connect to your phone’s internet. If not, one call to your wireless provider can often add this feature.

 

 

These tips will help protect you, but if you travel for work or have employees who travel for work, it’s important that all work devices have professional-grade cybersecurity tools installed on them. You don’t want to send your sales team to a hotel-hosted trade show, and instead of bringing back a list of leads, they bring back malware that could shut down your company altogether.

There is one final lesson in this terrible incident that all SERVICE AREA business owners need to understand: No matter the size of the company, you can still be the victim of a cyber-attack. The Omni chain, which boasts over 50 properties nationwide, would likely have a large budget to defend itself from cyber-attacks and yet still fall victim to hackers. No system is 100% impenetrable, but small business owners who don’t have any security measures in place are putting a big red target on their backs.

If you don’t have a cybersecurity system in place, or if you do and someone else is managing it but you’d like a second opinion, we offer a FREE Security Risk Assessment. This assessment will go over every area of your network to identify if and where you are vulnerable to an attack and propose solutions to fix it.

 

 

Why Risk Assessment Is Needed for Compliance

While assessing whether you did everything in your capacity to ensure full compliance with the regulations, you also need to keep in mind that a regulator seeks evidence of compliance – documented reports. Besides helping you chart a successful path to compliance, a thorough risk assessment adds great weightage to demonstrating evidence of compliance. When you present the risk assessment reports along with other documentation, you demonstrate how your business carried out due diligence in upholding principles of data privacy and protection. 

 

Please remember that no regulator expects you to have a fail-safe strategy. What matters is uncompromising intent, informed action and undeterred consistency. If you can demonstrate all this, you will most likely avoid any punitive action as well as a long list of problems could that surface afterwards. 

 

 

Help Is Just a Conversation Away 

Contrary to what is often claimed, there are no shortcuts to compliance or to any of the steps that lead to it. At the outset, achieving compliance might seem grueling. However, it isn’t as bad as it seems when due process and expert guidance is followed. 

A conversation with us is all you need so we can help you walk through the complexities of risk assessment with diligent and customized guidance. 

Article curated and used by permission. 

 

 

 

 

Security Risk Assessments Unearth Crucial Insights

A thorough and accurate risk assessment can unearth a host of crucial insights from even the deepest and darkest alleys of your IT environment to ultimately empower your decision making. Having actionable insights at your disposal can help you build strategies to reduce risk levels in practical ways instead of shooting in the dark by testing various tools. 

Here are some of the most important details that become more apparent and unambiguous with every risk assessment. 

 

01

 

Baseline of the System 

A risk assessment helps you chart out the lifecycle of all data that is collected, stored and managed in your entire network. 

 

 

02

 

Identification of Threats 

A meticulous risk assessment identifies all the possible threats, such as intentional, unintentional, technical, non-technical and structural, that your business data is exposed to.  

 

 

03

 

Identification of Vulnerabilities 

With each assessment, you get the latest list of vulnerabilities prevalent in your network with respect to patches, policies, procedures, software, equipment and more. 

 

 

04

 

Current Status of Existing Controls 

From the assessment report, you can also understand the existing security and privacy controls protecting your business against vulnerabilities. 

 

 

05

 

Probability of Impact 

An accurate assessment report is fully capable of anticipating the probability of a threat that might exploit one of your network’s existing vulnerabilities. 

 

 

06

 

Strength of Impact 

Risk assessment also helps you gauge the possible impact of any threat hitting your business. 

Imagine how easy it would be for you to build and implement a strategy to fix the security loopholes in your business while maintaining a well-documented record of your efforts. 

 

                                       

                        (more information in next weeks blog)

 

 

First Step to Compliance: A Thorough and Accurate Risk Assessment

Complying with data privacy and protection regulations wouldn’t give several business owners sleepless nights if it only meant installing a predefined list of security solutions. Compliance goes way beyond this and for good reason. In principle, regulators, local or international, want businesses to: 

01

 

assess the type of data that is stored and managed

02

 

 

gauge the potential risks the data is exposed to 

03

 

 

list down the remediation efforts needed to mitigate the risks 

04

 

 

undertake necessary remediation efforts regularly 

05

 

 

most importantly, document every single step of this seemingly arduous process as evidence

Each of the above steps are mandatory and non-negotiable. A closer look will tell you that installing a list of expensive security solutions comes only after the first three steps in the process have been followed. Skipping past these initial steps and acting merely on presumptuous knowledge is tantamount to leaving your business’ future to sheer chance. It’s anyone’s guess what that would lead to. 

That’s why we’re going to explain to you why a thorough and accurate risk assessment is truly the first step towards achieving compliance. Moreover, when repeated regularly, it can help you demonstrate continuous compliance while keeping cyberthreats at bay.

(more information in next weeks blog)

 

7 WAYS TO SPOT A

PHISHING EMAIL

One of today’s biggest phishing risks is email spoofing. This form of phishing involves cybercriminals mimicking official corporate communications to lure unsuspecting employees into interacting with them. In this scheme, emails purporting to be from large firms, such as Amazon, Microsoft or DHL, are malicious. Discerning what is real versus what is fake can help your organization prevent costly cybersecurity breaches.

 

 

01

 

CHECK THE SENDER’S

DOMAIN AND EMAIL ADDRESS

Legitimate companies send emails from their official domain, like “microsoft.com,” and not variants like “microsoft.business.com.” If a domain looks odd, check the address on the company’s website.

 

 

02

 

PAY ATTENTION TO THE

HEADER AND FOOTER FOR CLUES

If the header or footer is inconsistent with other messages from that brand or
has missing information or is just slapdash, it’s likely the message is a phishing attempt.

 

 

03

 

LOOK AT THE

SUBJECT LINE AND PREHEADER

Does the subject line or pre-header of a message seem a little “off” to you? Are
there odd phrases, emojis or unusual things in the subject line and/or pre-header? If yes, it indicates phishing

 

 

04

 

ANALYZE THE

CONTENT AND IMPLIED URGENCY

Claiming an action is urgent, offering a special that’s too good to be true or insisting a company must make a payment before services are cut off are all hallmarks of phishing.

 

 

 

 

05

 

BEWARE OF

FORMATTING RED FLAGS

This is where many of us catch phishing attempts. If the message has strange
formatting, spelling mistakes or bad grammar, or the colors, logos and fonts are
“off,” it’s probably phishing.

 

 

06

 

BE WARY OF

UNEXPECTED ATTACHMENTS LIKE PDFs OR WORD DOCS

If you aren’t expecting an attachment or an attachment looks suspicious because it has a strange name, it might be malware or ransomware, which are frequently deployed through phishing.

 

 

07

 

USE CAUTION IF A MESSAGE ASKS

YOU TO LOG IN THROUGH A NEW LINK

Consider the links that a message asks you to click to see if they go to the company’s actual domain or log in on their site directly. Fraudulent password reset requests are a staple of phishing.

 

 

BETTER SAFE THAN SORRY WHEN IT COMES TO EMAIL MANAGEMENT

Phishing is one of the most common attack vectors employees encounter. The good news, however, is that regular security awareness training empowers employees to spot and stop bogus messages, such as fake branded emails, and reduces your company’s chance of experiencing a damaging cyberattack.

Choose a training platform/learning management system that allows you to design training courses and then upload/deploy them to team members. The solution must host a wide range of training courses including employee safety, conduct (anti-harassment), orientation/employee onboarding, cybersecurity, policy changes and more.

We have the right training solution for your business.

Contact us to learn more.

http://asylumxcd.com/contact-us