Online Security

  • Alicia East
  • No Comments

Scammers Are More Subtle Than Ever, so You Have to Be More Savvy Than Ever
Scammers Are More Subtle Than Ever, so You Have to Be More Savvy Than Ever 2560 1829 Alicia East

At this point, we all know the Nigerian prince emails are bogus, but scammers are getting more sophisticated. That means you need to get more sophisticated, too. Some of my friends’ parents are buying a house right now. It’s right across from their daughter’s family (read: grandkids). These salt of the earth people have worked toward this goal for years and are investing their entire life’s savings into this home. Have you figured out where this is going? They got an email that looked legitimate about transferring $100,000 for the home purchase and they nearly fell for it. I don’t have to tell you how shaken they were by the narrow miss, but not everyone is so lucky. Your level of diligence has to exceed the scammers sneaky ways or you’re going to be vulnerable, too.

The IRS issued warnings around tax time and if you’re like me, you’re getting emails from your banking institutions, and pop-ups when you check your credit card balance. Bad actors have endless points of entry. They have text, social media, phone calls, emails, and more. It’s time to shut your web windows and lock your digital doors.

5 Things You Can do to Protect Yourself From Scammers

Limit Opportunity

Block and filter as much of the junk as you can. Wireless carriers have some built-in features and you can find subscription-based services for a little extra protection. Still, some bogus links and callers will get through your filters and there’s no substitute for your diligence, so read on.

Click With Caution

Go directly to the source. We know we need to check domains and email addresses, but scammers are getting smarter about that. It’s not enough to look for the right words in the domain. Do you see the difference between WellsFargo.com and WellsFɑrgo.com? A quick glance will breeze right on by that Cyrillic A in the second example.

Before you click on anything you weren’t expecting or something that is even the tiniest bit fishy, you can go straight to the company’s website, log in, and see if you have a message that confirms the veracity of the communication. If not, it’s probably a scam. You can always call their verified phone numbers as well.

Notice the “per your request” language in the one below. Did you actually request it? If not, be very suspicious. This is an especially alluring topic because they’re talking about the recipient’s paycheck! They’re banking on it being important enough to you that you’ll click. Instead, you can reach out to your payroll representative and ask if they did indeed send it. It’s a simple and worthwhile extra step.

Still, it’s not just the alarming stuff that should give you pause. This one is a casual, lighthearted request: Just vote for your favorite snacks! I hate to say that I’d probably be more drawn in by this one than the payroll one. It looks so benign! And who doesn’t love snacks?!

Be Suspicious When Something is Overly Alarming or Appealing

Whenever you receive a notice about an urgent problem or, on the other end of the spectrum, a big reward that you need to act on right now, be very suspicious. This is what happened with the real estate transaction. They said the deal was in danger if they didn’t send their down payment. You know how much paperwork goes into buying a home? It’s easy to get a little sloppy when you’re handling that many details.

Scammers come with a false sense of urgency–like you’re gonna get thrown in jail or lose access to your account if you don’t deal with the supposed problem right now. Slow down. Talk to someone. Don’t transfer money or hand over information until you’ve at least run it by a friend or an objective party. If you’re buying a house, call your agent before you transfer money. Ask them what to expect from the process and be wary of anything outside of those expectations.

Freeze ‘Em

This isn’t convenient, but you can freeze your credit. It’s similar to two-factor authentication in a way. You’ll get a PIN number to unfreeze your credit whenever you need to apply for a loan or open a new card. It’s one of the most surefire ways to stave off fraudulent credit requests. It doesn’t prevent you from transferring money to a fraudulent party though, so you’re still on the hook for making sound, slow, and steady decisions.

If You See Something, Say Something

If you think you’ve been scammed or are the victim of an attempt, tell the FTC at ReportFraud.ftc.gov. You might help someone else or be a part of bringing accountability to a bad actor.

The Bottom Line

When a scammer comes in with alarming news or false urgency, take a deep breath and sloooooooow down a minute before clicking or transferring money. Take extra care clicking on any links in emails or texts. Limit incoming calls and texts where you can. Chances are that you, like I, know some smart people who’ve fallen (or almost fallen) for these increasingly subtle and sophisticated tactics.

  • Alicia East
  • No Comments

Cybersecurity: Five Digital Hygiene Practices That Protect Your Customers
Cybersecurity: Five Digital Hygiene Practices That Protect Your Customers 2560 1707 Alicia East

If you’re a production company with expensive gear, you lock it up well and insure it. You keep your wallet or purse close to you while you’re in public. Unlike tangible items though, we can’t keep our identity, data, and personally identifiable information (PII) in our sight or locked up with a key. Cybersecurity requires a different approach. Businesses have extra responsibility because they have access to their workers’ personally identifiable information. Every time you engage an employee or a temporary worker, some level of personally identifiable information changes hands. Just think about how many social security numbers pass through your system. If those stay on your hard drives, you are putting your customers’ information at risk! This is one reason, among many, that it’s so important to have a high level of data security on a company level and to train staff in digital hygiene practices.

Current Threats

It seems every week, a major company, city, or hospital experiences an alarming security breach. Each error compromises something, whether it’s privacy (hacked laptop/phone cameras or Zoom calls, for example), data, or PII. Credit monitoring companies, phones, hospitals, and entire cities have been compromised or even taken hostage. The government has identified the cyberworld as its own domain (after land, air, water, and space). As such, it requires businesses and individuals to have a strategy and implement measures to keep countries, businesses, and people safe.

Businesses and consumers increasingly rely on apps and software to get their everyday work done. Customers, employees, and sometimes patients trust companies with their information. This comes with a responsibility to handle that information well.

So What’s a Company to do?

It’s kind of scary, sure, but there are solutions. While some require third-party software, many of them are basic.

  1. Password Management: There are tools that offer super secure ways to make sure your company passwords are accessible only to whom you want them to be. If you’ve ever tried to access a company account after the person who managed it is no longer with the company, you see the value here. Aside from the convenience, it’s a way to keep information super secure.
  2. Make Your Policies And Procedures Airtight: Prevention is always ideal. Train employees on good security etiquette. For most organizations, human error is by far the most likely source of mistakes that lead to breaches.
  3. Check Your Insurance Coverage: Should you experience a breach, having solid insurance coverage in place can make it a lot less painful by covering the financial loss. Talk to your insurance provider about your current coverage and where there might be gaps. 
  4. Conduct Penetration Tests: Have third parties perform monthly security checks and an annual penetration test to ensure that anyone that tries to come after you will have a tough go of it. 
  5. Encrypt Customer Information: Encrypt all information at multiple levels. Encryption scrambles data so that it’s unreadable without the encryption key. 

Conclusion

Any investment in your security is a wise investment indeed.

  • Alicia East
  • No Comments

What do Supply Chain Shortages, $1.2 Billion, and Compromised Healthcare Have in Common?
What do Supply Chain Shortages, $1.2 Billion, and Compromised Healthcare Have in Common? 2560 2048 Alicia East

To quote the Fiddler on the Roof: “That I can tell you in one word.”

Ransomware

Ransomware is an ever-growing global threat where the attackers hide behind computer screens. It’s a growing concern for governments, industries, and individual private citizens because it can cause serious disruptions in everything from the food supply to healthcare. Short-term inconveniences like a cream cheese shortage and waiting in long lines for gas are just the beginning. It can be downright dangerous when people aren’t able to heat their homes or when healthcare quality is compromised. Here’s a fact it’s time to face: Ransomware is nothing short of a national security threat.

And as long as it’s profitable to the tune of billions of dollars, it’s not going anywhere.

How Did We Get Here?

According to New York Times reporting, the Facebook model of “move fast and break things” is catching up with companies that built systems quickly to beat competitors to the market. It’s no wonder that cutting corners has landed us in worse shape in the long run. Businesses are facing painful consequences like enormous ransom fees, loss of business operations, compromised data and damaged reputations.

We are facing a very rude awakening, but this is by no means a new problem. Attackers have been honing their skills and wreaking havoc quietly for years. If you’re old enough to have had one of the first email accounts back in the days of dial-up, you may remember getting an email asking for a few hundred dollars in exchange for unlocking your device. It’s now grown into an issue that costs billions of dollars and includes national security risks. What’s new about it is that people are feeling the effects personally.

Who is Behind The Attacks?

According to published sources, over half of the attacks have one thing in common: They originate in Russia. These attackers write code specifically designed to bypass Russian businesses and Putin will not prosecute cybercriminals or extradite them upon U.S. request. Experts believe that Russian attackers operate under two unspoken rules:

  1. Don’t attack Russian businesses.
  2. Be ready to do favors for the Russian government upon request.

What if Companies Don’t Pay?

In 2019, cybercriminals demanded $75,000 after an attack on the city of Baltimore. Baltimore decided not to pay it and ended up paying $18 million to rebuild the systems instead. The theory is that if all companies refuse to pay, hackers lose their leverage and incentive.

The bigger the impact, the more leverage the attackers have. When you see hospitals turning away ambulances at the door, it becomes really hard to ignore or take the time to rebuild systems altogether. It’s legal to pay the attackers off and many companies find it much more cost-effective to do so.

Hackers, then, are rewarded for their efforts and the cycle continues. The result? Companies spend millions in ransom to get their compromised systems running again. Individuals have their personal information compromised regularly and governments are grappling with an issue they’re now ranking as dangerous to national security as terrorism.

Okay, Well What Can we do About it?

On an individual level, it really is as unglamorous as brushing up on cyber hygiene. The Daily podcast cites the saying that, “security is only as good as your weakest link” and it usually ends up that the weakest links are employees and individuals. The Colonial Pipeline attack was traced back to a single employee with a compromised inactive account.

Josh Hornung at Hornung Technology Services, which specializes in IT Support and Cyber Security services said, “A good unique password for each site is step one. Enabling two-factor or multi-factor authentication everywhere you can is step two. Too many people use the same password across many accounts, which is how a lot of this stuff happens nowadays.”

Even the professionals aren’t immune. Hornung knew of an IT professional at a different company who got hacked. He said the attackers “stole a spreadsheet where he kept all of his clients’ logins and security info.” From there, they “started logging into his clients and infecting them with ransomware.”

On a company level, you can either build your systems correctly on the front end and save yourself a world of hurt, or you can fix the problem retroactively and pay dearly for it. And no matter what: the right time to start fixing what’s broken is right now. To quote Hornung, “It’s wild out there!”

How Does PayReel Keep Clients Safe? 

With the mountains of personally identifiable information we handle each day, security is hugely important to us. We train our employees regularly on cybersecurity and we pay people to try to infiltrate our systems just to find vulnerabilities. At this point, such penetration tests might be a good idea for most companies—even those that only handle smaller-scale data.

That might not seem very glamorous, but in this case, boring is exactly what you want. If your systems are secure, hackers may be inclined to move along to the low-hanging fruit and leave you alone. Either that or you can become fluent in Russian and start operating all of your business in Russian. нет? Okay, well then get on it.

Note: We relied heavily on The Daily’s podcast episode “Who is Hacking the U.S. Economy?” for this post.

Enter your
text here

LOG IN TO PAYREEL ONLINE

Contact Us