5 CyberSecurity Halloween frights!
Identity theft - Having your identity stolen may be one of the scariest incidents you have to deal with! Are there thieves lurking around your bank account? Having your identity stolen can affect your finances, medical records and reputation. Identity theft isn't just for individuals, business identity theft is when a business is impersonated by a third-party. For example, a business’s website could be copied or business invoices, filings and records could be falsified. The aim of these actions is to defraud the business itself or its creditors, suppliers, financial institutions, owners and officers, or even customers!
Here are 5 steps to take if your business identity is stolen:
1. If you become the victim of identity theft or fraud, change your passwords for online accounts.
2. Consider signing up for a credit protection service.
3. Identify compromised information – If your Social security number was stolen, reach out to the social security administration, if your driver's license was stolen, reach out to your state’s department of motor vehicles. If a fraudulent tax return was filed in your name, contact the IRS. If your business's identity was stolen find resources here http://www.businessidtheft.org/.
4. File a report with law enforcement – File a report with law enforcement to provide copies to your bank, creditors, credit bureaus, and debt collectors.
5. Report a stolen identity to the Credit Bureaus - Equifax at 1-800-525-6285, Experian at 1-888-397-3742 or TransUnion at 1-800-680-7289 and contact the Social Security Administration’s fraud hotline 1-800-269-0271.
Online Stalking - Online stalking can take place through emails, text messages, social networks and even through hacking.
Here are 5 steps to take if you find yourself targeted by an online stalker:
1. Save all communications as evidence.
2. Keep a record of each incident.
3. Report the incident to site administrators.
4. Block the person through social networks, text and email.
5. If the stalker threatens you or the situation becomes dangerous, contact authorities. Stalking is illegal in all 50 states and the District of Columbia.
For more information: http://victimsofcrime.org/our-programs/stalking-resource-center.
Cat phishing - Using online sites for companionship and dating has become a commonplace practice. Be cautioned, those profiles are not always real people! Catphishers may use fake photos or steal identities to give the impression that they are younger, more attractive or even a different sex. Always safely verify via phone or video before trusting someone you met online, whether as a friend, business partner, client or more!
Cat phishing is a form of bullying – Once the victim enters into the false relationship, the bully may reveal the truth and use the event or information obtained from the false relationship to harass the victim.
Just as with phishing, cat phishers pose as someone else with the intent of committing fraud. These individuals may claim to need (or have!) financial help early on in the conversation.
Don’t get spoofed – Hackers may pose as someone you already know. If you see a familiar name in spam, it’s usually because it’s a spoof! Find out what kind of reaction your employees would have to spoofing or phishing by planning an internal test. Create a believable email that employees are likely to click, like something from an internal department or a request for information confirmation.
Ransomware – Ransomware is a malware that locks your computer until a ransom is paid. These attacks can affect desktops, laptops or phones. Since ransomware programs are altered so frequently, protection against attacks can be difficult. WannaCry may be the most well-known ransomware to date. Instead of attacking through phishing, this program attacks every vulnerable computer on a network. The cost so far of this has been estimated to be $4 billion. While the targets of these attacks are usually businesses, individuals can be subjected as well.
Hackers - Now that we rely on “smart” technology for more and more of our daily life, we are vulnerable in more ways than we may know, smart cars and smart homes constantly connect to the internet to get updates and provide us with our every want and need, but at what price? Having so many connected devices all around us makes us more vulnerable than ever before to be hacked. Businesses are appealing targets for hackers since they hold data in large volume, especially data that can be used to perform identity theft. Financial institutions, hospitals and education entities such as colleges and universities are especially appealing targets for hackers.
Here are 5 things your business can do to protect data from Hackers and Ransomware:
1. Perform a Security Risk Assessment at least once annually. A Security Risk Assessment helps your business determine potential vulnerabilities so you can protect your data.
2. Update your policies and procedures often. Each time a major event occurs, these need to be reviewed each time there is a change to the way you are storing data, to address vulnerabilities found during the risk assessment.
3. Policies and procedures should include Incident response planning, you may choose to contract a vendor to assist with breaches to help you recover from the event.
4. A vendor can also assist with conducting Vulnerability assessments and penetration testing which help you assess how employees may react to ransomware or phishing attempts.
5. Conduct Security Awareness training at least once a year to ensure your current employees understand security policies and procedures and follow proper protocols, they are more likely to pass the social engineering or vulnerability tests that you conduct if the training is conducted annually.
