Category Archives: Technology

Apple Issues Emergency Security Update

Posted on by

Apple released critical software patch to fix latest security vulnerability

Apple issued an emergency software update to fix a security flaw that researchers said allowed hackers and governments to invisibly spy on Apple users without so much as a click.

The “zero-click” exploit was discovered by cybersecurity research group Citizen Lab. The researchers said Israeli cybersecurity group NSO Group has been exploiting the software vulnerability since February.

To install the software fix, ensure your iPhone is plugged in or has at least 50 percent battery life. Then:

  • Go to Settings.
  • Click General.
  • Click Software Update.
  • Click Install Now to update to iOS 14.8.

Although cyber security experts contend that the retail iPhone, iPad and Mac users generally need not worry, since such attacks are highly targeted, the discovery still alarmed cyber security experts. “Users of mobile and computing platforms need to make checking for security updates a part of their weekly, if not daily routine,” wrote Steve Turner, an analyst at the tech consulting firm Forrester.

References:

  1. https://www.huffpost.com/entry/cybersecurity-apple-security-update_n_613faff0e4b0628d095f108
  2. https://support.apple.com/en-us/HT201222
  3. https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/apple-releases-security-updates-address-cve-2021-30858-and-cve

Millions of Americans Fall Victim to Identity Theft

Posted on by

While online, your personal information is constantly exposed to bad actors. Take actions to protect your identity and prevent the theft of your identity.

A shocking amount of information about you can be found online. From Social Security numbers to bank account numbers to social media profiles, a savvy thief potentially has access to all the data he or she needs to assume and steal your identity.

Identity theft is a serious crime. It happens when someone uses your Social Security number or uses other personal information about you without your permission to open new accounts, make purchases or get tax refunds. They could use your:

  • Name and address
  • Credit card or bank account numbers
  • Social Security number
  • Medical insurance account numbers

Many Americans whose information was compromised did not realize their identity was stolen until years later when they tried to buy a car, file tax returns or purchase a home.

Experts warn that identity thieves can use social engineering to steal your information. Social engineering is the art of manipulating someone to divulge sensitive or confidential information that can be used for fraudulent purposes.

Social engineering can happen everywhere, online and offline. And unlike traditional cyberattacks, whereby cybercriminals are stealthy and want to go unnoticed, social engineers are often communicating with you in plain sight. Consider these common social engineering tactics that one might be right under your nose.

  • Your “friend” sends you a strange message. Social engineers can pose as trusted individuals in your life, including a friend, boss, coworker, even a banking institution, and send you conspicuous messages containing malicious links or downloads. Just remember, you know your friends best — and if they send you something unusual, ask them about it.
  • Your emotions are heightened. The more irritable we are, the more likely we are to put our guard down. Social engineers are great at stirring up our emotions like fear, excitement, curiosity, anger, guilt, or sadness.
  • The request is urgent. Social engineers don’t want you to think twice about their tactics. That’s why many social engineering attacks involve some type of urgency, such as a sweepstake you have to enter now or a cybersecurity software you need to download to wipe a virus off of your computer.
  • The offer feels too good to be true. Ever receive news that you didn’t ask for? Even good news like, say winning the lottery or a free cruise? Chances are that if the offer seems too good to be true, it’s just that — and potentially a social engineering attack.
  • You’re receiving help you didn’t ask for. Social engineers might reach out under the guise of a company providing help for a problem you have, similar to a tech support scam. And considering you might not be an expert in their line of work, you might believe they’re who they say they are and provide them access to your device or accounts.
  • The sender can’t prove their identity. If you raise any suspicions with a potential social engineer and they’re unable to prove their identity — perhaps they won’t do a video call with you, for instance — chances are they’re not to be trusted.

A thief can get your personal information in person or online. Here are some ways thieves might steal someone’s identity. A thief might:

  • Steal your mail or garbage to get your account numbers or your Social Security number
  • Trick you into sending personal information in an email
  • Steal your account numbers from a business or medical office
  • Steal your wallet or purse to get your personal information

Identity experts share five recommendations for how to protect your identity:

  • Once a year, order and closely review a free credit report from each national credit reporting agency: Experian, Equifax and Transunion.
  • Browse and purchase online while only using a secure connection. Never use autofill features when filling out online forms, unless it is on a trusted site.
  • Refrain from giving solicitors personal or financial information over the phone, by email or through pop-up message.
  • Opt out of pre-screened offers of credit and insurance by mail.
  • Avoid oversharing on social networking sites so you’re not sharing a potential scam with others.

If you do think you’re a victim, call the three major credit bureaus and place a credit freeze and file a report with law enforcement.

Even if you don’t believe it’s that big of a deal, reporting these crimes can help law enforcement prevent others. It took identity theft victims an average of 10 hours to resolve the fraud in 2020, according to LifeLock.

Moreover, you may be responsible for what the thief does while using your personal information. You might have to pay for what the thief buys. This is true even if you do not know about the bills.

How can that happen?

  • A thief might get a credit card using your name.
  • He changes the address.
  • The bills go to him, but he never pays them.
  • That means the credit card company thinks you are not paying the bills.
  • That will hurt your credit.

This is the kind of trouble identity theft can cause for you.

Your best defense against identity theft and social engineering attacks is to educate yourself of their risks, red flags, and remedies. To that end, stay alert and avoid becoming a victim.

References:

  1. https://www.consumer.gov/articles/1015-avoiding-identity-theft#!what-it-is
  2. https://us.norton.com/internetsecurity-emerging-threats-what-is-social-engineering.html
  3. https://www.usnews.com/360-reviews/identity-theft-protection

T-Mobile Data Breach – Was Your Digital Data Compromised

Posted on by

T-Mobile confirmed that its customers’ data had been accessed without authorization in a breach that may impact more than 100 million of its users.

According to an underground forum post, the data for sale includes social security numbers, phone numbers, names, physical addresses, IMEI numbers, and driver licenses information.

T-Mobile is conducting an extensive analysis alongside digital forensic experts to understand the severity of the breach, and they’re coordinating with law enforcement.

This is the third time in recent years that a data breach has hit the wireless carrier.

Have You Been Pwned

Have you been affected by a past or recent data breach? Fortunately, you can minimize your chances of getting “pwned” in the future by using https://haveibeenpwned.com/, a free tool created by Troy Hunt, a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security.

The word “pwned” has origins in video game culture and is a derivation of the word “owned”, due to the proximity of the “o” and “p” keys. It’s typically used to imply that someone has been controlled or compromised, for example “I was pwned in the Adobe data breach”.

The “Have I Been Pwned” (HIBP) site can reveal whether your log-in credentials, financial data, or other details have been stolen or leaked online, and send email alerts about new data breaches.

Consumer Reports

To tighten up your digital security, it’s important to know which of your accounts have been affected. That’s a task you can accomplish at the free site “Have I Been Pwned”, a resource that is widely recommended by security experts and by Consumers Reports. (The term “pwn” is hacker jargon for compromising or taking control of a computer or an application.)

Consumer Reports has been steering people to Have I Been Pwned for years, and the site has gradually become more robust, adding features and expanding its records of compromised data.

Data breaches are rampant and many people don’t appreciate the scale or frequency with which they occurred, according to HIBP. By aggregating the data helps victims learn of compromises of their accounts, but also highlights the severity of the risks of online attacks on today’s internet.

Reference:

  1. https://www.macrumors.com/2021/08/16/t-mobile-data-breach
  2. https://www.consumerreports.org/data-theft/how-to-use-have-i-been-pwned-data-breach-a6598286668
  3. https://haveibeenpwned.com/

Google Knows Your Location | CNET

Posted on by

If you use any Google app, your location and data history might be stored.

You think that you’ve turned off your location history and tracking on your Google account, so now your. But, hold on.

While disabling that setting sounds like a one-and-done, some Google apps are still storing your location data, as explored in a 2018 investigation by the Associated Press.

Fortunately, Google has made it easier to control what location and other data is saved, and what is deleted with features like Your Data in Maps and Search, which give you quick access to your location controls, according to CNET.

How to turn off Google’s location tracking 

To completely shut down Google’s ability to log your location, here’s what to do:

  1. Open up Google.com on your desktop or mobile browser. 
  2. At the top right, log into your Google account if you aren’t already.
  3. Select Manage your Google Account.
  4. In the Privacy & Personalization box, select Manage your data & personalization.
  5. Scroll down to the Activity Controls, and select Manage your activity controls.
  6. There you’ll see a box called Web & App Activity. From there, you can slide the toggle switch to off. 
  7. There will be a disclosure to ensure you understand what disabling this setting will do before you select Pause.

References:

  1. https://www.cnet.com/tech/services-and-software/google-always-knows-where-you-are-heres-how-to-turn-that-off
  2. https://apnews.com/article/north-america-science-technology-business-ap-top-news-828aefab64d4411bac257a07c1af0ecb

Blue Origin’s Successful Launch and Flight into Space

Posted on by

“Amazon founder Jeff Bezos aims to make space travel safe and routine

Jeff Bezos, Amazon.com Inc. founder, made the first human space flight of the New Shepard rocket and capsule launched Tuesday morning on July 20, the 52nd anniversary of the Apollo 11 moon landing. The New Shepard reached the edge of space and safely returned after a flight of just over 10 minutes.

The New Shepard rocket and capsule carried Mr. Bezos and three others (Mark Bezos, Wally Funk, and Oliver Daemon). The rocket and capsule are named for the belief that this blue planet is just the starting point for humankind’s future. The New Shepard capsule reached an apogee of 351,210 feet in altitude.

Flying into Space

Most space experts say that space starts at the point where orbital dynamic forces become more important than aerodynamic forces, or where the atmosphere alone is not enough to support a flying vessel at suborbital speeds.

Historically, it’s been difficult to pin that point of reaching space and earning your astronaut wings at a particular altitude. Hungarian physicist Theodore von Kármán determined the atmosphere versus space boundary to be around 50 miles up, or roughly 80 kilometers above sea level. Today, the Kármán line is set at what NOAA calls “an imaginary boundary” that’s 62 miles up, or roughly a hundred kilometers above sea level.

The Federal Aviation Administration, the U.S. Air Force, NOAA, and NASA generally use 50 miles (80 kilometers) as the boundary, with the Air Force granting astronaut wings to flyers who go higher than this mark. At the same time, NASA Mission Control places the line at 76 miles (122 kilometers).

References:

  1. https://www.wsj.com/articles/jeff-bezos-blue-origin-crew-set-for-space-debut-11626775480
  2. https://www.nationalgeographic.com/science/article/where-is-the-edge-of-space-and-what-is-the-karman-line

Investing in Edge Computing: Cloudflare

Posted on by

Cloudflare’s platform helps clients secure and accelerate the performance of websites and applications. Motley Fool

Cloudflare (NYSE:NET), which completed its IPO in 2019, is a software-based content delivery network (CDN) internet security company that uses edge computing to protect against cybersecurity breaches. The whole premise of edge computing is to bring the access points closer to the end users. Cloudflare has access points at over 200 cities throughout the world, and they claim that 99% of Internet users are close enough that they can access the network within 0.1 seconds or less.

This internet infrastructure company manages the flow of information online and therefore plays an important role in migrating data from the cloud to the edge. Its platform helps clients secure and accelerate the performance of websites and applications. And, it offers myriad security products and development tools for software engineers and web developers.

The public internet is becoming the new corporate network.

Cloudflare is a leading provider of the network-as-a-service for a work-from-anywhere world. Effectively, the public internet is becoming the new corporate network, and that shift calls for a radical reimagining of network security and connectivity. Cloudflare is focused on making it easier and intuitive to connect users, build branch office on-ramps, and delegate application access — often in a matter of minutes.

No matter where applications are hosted, or employees reside, enterprise connectivity needs to be secure and fast. Cloudflare’s massive global network uses real-time Internet intelligence to protect against the latest threats and route traffic around bad Internet weather and outages.

Edge computing

While cloud computing houses data and software services in a centralized data center and delivers to end users via the internet, edge computing moves data and software out of the cloud to be located closer to the end user.

Edge computing reduces the time it takes to receive information (the latency) and decreases the amount of traffic traveling across the internet’s not-unlimited infrastructure. Businesses that want to increase the performances of their networks for employees, customers, and smart devices can take advantage of edge computing to bring their apps out of the cloud and host them on-site either by owning and using networking hardware or paying for hosting at localized data centers.

The company recently launched Cloudflare One, a network-as-a-service solution designed to replace outdated corporate networks. Cloudflare One acts as a secure access service edge (SASE). Rather than sending traffic through a central hub, SASE is a distributed network architecture. This means employees connect to Cloudflare’s network, where traffic is filtered and security policies are enforced, then traffic is routed to the internet or the corporate network.

This creates a fast, secure experience for employees, allowing them to access corporate resources and applications from any location, on any device.

Enterprise accelerating growth

Cloudflare has gained hundreds of thousands of users with a unique go-to-market strategy, according to Motley Fool. It launches a new product for free (with paid premium features) to acquire lots of individual and small business customers and then markets its new product to paying enterprise customers.

Cloudflare has created a massive ecosystem that it can leverage to land new deals and later expand on those relationships. It’s what makes this company a top edge computing pick since businesses and developers continue to flock to the next-gen edge network platform.

There is increased risk associated with a small-cap, pure-play edge computing company like Cloudflare.

References:

  1. https://www.fool.com/investing/stock-market/market-sectors/information-technology/edge-computing-stocks/
  2. https://www.cloudflare.com
  3. https://www.fool.com/investing/2021/06/17/forget-amc-this-growth-stock-could-make-you-rich/

Bill Gates: Avoiding a Climate Disaster

Posted on by

“Do what you can to help keep the planet livable for generations to come.”  Bill Gates

With a new book ‘How to Avoid a Climate Disaster,’ Bill Gates is obsessed with developing clean technology and innovative solutions to combat climate change through his philanthropic work and alongside cadre of billionaire partners.  Additionally, in his new book, he proposes an action plan based on employing technology, innovation and global cooperation to tackle climate change and for ending the world’s carbon dependency.

Gates argues that “world leaders need to shift their focus to long-term strategies aimed at creating a zero-carbon future, a task that scientists warn must be accomplished in a handful of decades to head off catastrophic changes.”

For 20 years, Gates has been studying the twin global afflictions of disease and poverty. These efforts led him to consider climate change and its vexing impact on civilization.  Gates, who is 65, has already confronted intractable problems, like trying to eradicate polio. The co-founder of Microsoft also sounded the alarm early about the need to prepare for a global pandemic. Climate change is yet another challenge Gates used his bully pulpit to sound the alarm.

Bill Gates Has a Master Plan for Battling Climate Change

Bill Gates has confidence in the world’s collective ability to avoid the earth’s descent into a landscape of scorched rainforests and liquefying glaciers, yet his proposed prescription is daunting.  Gates is worried that people will get sick of hearing from him sounding the alarm on the perils of climate change as he flies around the globe in his private jet trying to save the planet.

“This is, you know, a harder problem than ending the pandemic or getting rid of malaria,” Bill Gates says of tackling climate change. But “lots of idealistic people [are] pushing the cause forward.”

“I’ve learned from my work at Microsoft and in philanthropy that the best way to encourage others to take action is to start by doing it yourself’, Gates said. “President Biden has already taken an important first step by rejoining the Paris climate accord. Now the United States can build on that step by adopting a concrete plan that checks several boxes at once: eliminating emissions while adapting to the warming that is already happening, spurring innovative industries, creating jobs for the post-pandemic recovery, and ensuring that everyone benefits from the transition to a green economy.”

In the 15 years that Gates has been learning about and investing in clean energy, he states that he has “benefited from many discussions with scientists, policy experts, and elected leaders from across the political spectrum, in the United States and around the world”.

Drawing on those conversations, he proposes four actions that America and other countries can take to advance their leadership on climate change this year and put the world on a path to zero emissions by 2050:

1.  Increase the supply of innovation.

We need breakthroughs in the way we generate and store clean electricity, grow food, make things, move around, and heat and cool our buildings, so we can do all these things without adding more greenhouse gases to the atmosphere. We have some of the tools we need, like solar and wind power, but far from all of them. And we won’t develop new tools without a dramatic infusion of investment and focus from the federal government.

2.  Increase the demand for innovation.

“I learned the hard way at Microsoft that simply making a great product doesn’t guarantee that you will beat the competition”, Gates explained. “Sometimes there’s just not enough demand for what you’re selling.”

The lesson for climate change is that the world can’t avoid a climate disaster through technological innovation alone. We need policy innovations to make sure that scientists’ breakthroughs make it from the lab to the market, and that they’re affordable enough for developing countries as well as rich ones.

That means doing things like setting standards for how much electricity or fuel must come from zero-carbon options. Governments can also use their procurement power to create demand for cleaner options—for example, buying only electric buses, as the city of Shenzhen, China has done. They can build the infrastructure that allows for green options: charging stations for electric vehicles, or new transmission lines to deliver clean energy from the places where it’s generated to the places where it’s consumed.

Finally, governments can level the playing field so it’s easier for clean alternatives to compete on price.

The idea isn’t to punish people for their greenhouse gases. It’s to create incentives for inventors to create competitive carbon-free alternatives and for consumers to buy them.

3.  Work globally.

Climate change is the definition of a global issue. Temperatures won’t stop going up in Texas unless emissions stop going up in India.

That is why governments need to work together to develop common goals, share knowledge, and make sure that clean technologies developed in one country will spread quickly to others. This cooperation can happen on a bilateral basis—between two countries talking directly to each other—as well as among many governments through venues like the United Nations.

4.  Prepare for a warming world.

“We’re already seeing the impact of climate change”, Gates announced. “So even as we develop and deploy ways to prevent future warming, we also need to adapt to the effects that higher temperatures are having around the world.”

Countries will need to invest in climate-proofing infrastructure to cope with more severe weather and rising sea levels. This includes upgrading electrical grids, expanding storm water drainage systems, and building or expanding seawalls. And two of the best ways for wealthy countries to help low- and middle-income ones is to invest in primary health care and make sure smallholder farmers can grow enough food to feed everyone.

References:

  1. https://www.wsj.com/articles/bill-gates-interview-climate-change-book-11613173337?tesla=y&mod=e2twmag
  2. https://www.politico.com/news/2021/02/15/bill-gates-climate-change-468928
  3. https://www.gatesnotes.com/Energy/4-ways-the-US-can-reassert-leadership-on-climate-change
  4. https://www.gatesnotes.com/Energy/How-to-Avoid-a-Climate-Disaster-announcement

Cyber Security for Small Business – Social Engineering

Posted on by

Social engineering is a cyber criminals favorite way to manipulate and attack small businesses

Small businesses remain extremely exposed to cyberattacks. And, cybersecurity remains one of the primary operational risks for most small businesses . Similarly, many small businesses demonstrate problematic cybersecurity practices in their daily operations.

Almost 60 percent of business executives report an increase receipt of suspicious email over the past year, proving an increasing cyber concern for small businesses. Adapting new technology system without proper knowledge or preparation is another problem of small businesses that may lead to preventable problems like small business owners that may refrain from two-step factor authorization during password setups on a site.

To avoid becoming a victim,  it is important for small businesses to implement proper security measures. From consequences that unpreparedness can bear to reasons behind small businesses as targets, prioritizing cyber-security is extremely critical as hackers get much smarter and more determined.

Cyber security weakest link

People are the weakest link when it comes to cyber security, which is why psychological manipulation of cyber attack victims is so common. Phishing scams, for instance, is an effective form of social engineering in email format that can be sneakily disguised as arriving from legitimate sources. This can fool employees into clicking a virus-filled link.

Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This is used to gather information, initiate cyber fraud, or gain unauthorized IT system access.

Preventing an attack

For small businesses, there are plenty of ways on preventing cyber-attacks – from enforcing simple measures or hiring specialized teams to stay alert on the issue. Along with employing IT teams/specialists, training workers on the current dangers of cyber-security is a necessity as it can avert various issues (such as phishing scams as mentioned earlier). Installing security software and investing in proper cyber-security insurance is also vital in securing businesses from these attacks.

With the extent of small business being large targets for attackers, acquiring proper cyber-security is becoming increasingly important and a necessity, particularly in 2020. As small businesses adopt remote work methods, risks and dangers arise, proving that implementing proper precautions like an IT team or training results to be beneficial.

There are many effective practices that small businesses can implement to address selected cybersecurity risks while recognizing that there is no one-size-fits-all approach to cybersecurity. It is recommended that small businesses consider implementing the following effective practices:

  • Developing identity and access management protocols for staff, including managing the granting, maintenance and termination of access to business and customer data;
  • Limiting access only to their own customers’ data and related reports;
  • Setting minimum password requirements and multi-factor authentication for access to systems and applications employees, vendors, contractors and other insiders;
  • Prohibiting the sharing of passwords among firm staff;
  • Prohibiting the storage of sensitive customer or data in unapproved or prohibited locations (e.g., a file server, cloud provider or thumb drive and without encryption or transmitted without encryption);
  • Establishing minimum encryption standards for all hardware used to access firm systems, including laptops, desktops, servers, mobile devices and removable media devices;
  • Requiring adherence to minimum encryption standards for data-in-transit, such as emails and file transfers that include customer sensitive information;
  • Ensuring only secure, encrypted wireless settings for office and home networks;
  • Maintaining regular patching, anti-virus protection, anti-malware and operating system updates for all computers and servers that access data in a manner that is consistent with industry standards;
  • Developing physical security protocols for all portable devices used to access data and systems, including laptops and mobile devices;
  • Mandating all vendors meet business’ security requirements, especially if the data or other sensitive information will be accessed or maintained by the vendor; and
  • Creating processes and selecting approved vendors for the secure disposal of hard copy records and firm computer hardware (e.g., hardware listed in the firm’s inventory) that may contain sensitive information.

References:

  1. https://cyber-security.mytechmag.com/cyber-security-for-small-businesses-is-important-now-1379.html
  2. https://www.pcworld.idg.com.au/article/636083/10-alarming-cybersecurity-facts/#:~:text=%2010%20alarming%20cybersecurity%20facts%20%201%20There,are%20more%20than%203%20billion%20active…%20More%20

Disruptive Innovation Equals Growth

Posted on by

Innovation is the key to growth.

In the late nineteenth century, three innovation technologies evolved at the same time and changed the way the world worked and its paradigm. Thanks to the introduction of the telephone, automobile, and electricity, the world’s productivity exploded as costs dropped, unleashing demand across the globe.

Today, the global economy is undergoing the largest technological transformation and displacement in history thanks to disruptive innovations.

ARK defines ‘‘disruptive innovation’’ as “the introduction of a technologically enabled product or service that changes an industry landscape by creating simplicity and accessibility while driving down costs.”

Innovation meets three criteria

“Over time, innovation should displace industry incumbents, increase efficiencies, and gain majority market share, offering growth opportunities for investors. More importantly, disruptive innovation impacts and concerns all of our lives and changes the way the world works.” Cathie Wood, Founder, CEO & CIO, ARK Investment Management LLC

According to ARK Investment Management, disruptive innovation will:

  • Experience significant cost declines and unleash waves of incremental demand. When a technology crosses certain cost or performance thresholds, its addressable market can widen and diversify dramatically.
  • Cut across sectors and geographies. A technology that cuts across industries and geographies can enjoy dramatic increases in addressable markets as applications are “discovered” by different business sectors. Spanning across sectors also provides better product-market fits, insulates against business cycle risk, and garners attention from multiple disciplines.
  • Serve as a platform atop which additional innovations can be built. A technology upon which other innovations can be built may expand its use-cases in ways that are almost impossible to imagine. As a result, innovation platforms may be underestimated over expansive time horizons because successful forecasts require anticipation of the scope of new products and services.

Today’s disruptive innovations include:

  • Artificial Intelligence
  • Robotics and Automation
  • Blockchain and Cryptoassets
  • DNA Sequencing and Gene Editing
  • Fintech Innovation
  • Energy Storage and Battery Tech
  • Next Generation Internet

For example, artificial intelligence (AI)  learning systems will transform not only retail, media and telecom, as did the Internet, but all sectors in the economy, even those previously thought impervious to disruption, notably health care and financial services.

Invest in the future

Disruptive innovation displaces industry incumbents (like digital photography has erased Kodak and Fuji film companies), increase efficiencies, and gain majority market share.

The threat to existing businesses is grave. The long-term opportunities for companies participating in this change could relate to exponential growth.

References:

  1. https://ark-invest.com/investment-process/
  2. https://research.ark-invest.com/hubfs/1_Download_Files_ARK-Invest/Marketing_Material/ARK-Invest-Thematic-Investment-Process.pdf?__hstc=13933160.99f789dd545191653572e5ece0571091.1584118328216.1587939706096.1587954906355.105&__hssc=13933160.8.1587954906355&__hsfp=101573855
  3. https://ark-invest.com/invest-in-innovation/

Cyber Security: Recognize Social Engineering

Posted on by

Social engineering is highly successful because the cyber criminals make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users. 

Large companies, like Equifax and Home Depot, are often the target of the most sophisticated and large-scale cyberattacks, but attacks aimed at small businesses can be equally as devastating. Some of the most common social engineering threats include phishing emails, texts or phone calls and malware.

Stay vigilant to social engineering

Small businesses need to do more to protect their IT systems against growing cyber threats. Larger companies have taken significant steps and dedicated significant resources to secure their systems.  As a result, less cyber secure small businesses have become easier targets for cyber criminals.

95% of cyber security breaches are due to human error!

Most small businesses and organizations lack the resources to hire dedicated IT staff and incorporate basic cyber security processes to protect their business, information and customers from cyber threats. Even a small business with one computer or one credit card terminal can benefit from strengthening their cyber security protocols.

Image

Social engineering is used by many criminals, both online and off, to trick unsuspecting people into giving away their personal information and/or installing malicious software onto their computers, devices or networks.  Social engineering is a psychological attack where an attacker tricks you into doing something you should not do through various manipulation techniques. Think of scammers or con artists; it is the same idea. However, today’s technology makes it much easier for any attacker from anywhere in the world, to pretend to be anything or anyone they want, and target anyone around the world, including you.

Social engineering is successful because the cyber criminals are doing their best to make their work look and sound legitimate, sometimes even helpful, which makes it easier to deceive users.  A 2014 IBM study revealed that human error was the primary reason for 95% of cybersecurity breaches.

Most offline social engineering occurs over the telephone, but it frequently occurs online. Information gathered from social networks or posted on websites can be enough to create a convincing ruse to trick your employees. For example, LinkedIn profiles, Facebook posts and Twitter messages can allow a criminal to assemble detailed dossiers on employees. Teaching people the risks involved in sharing personal or business details on the social media can help you partner with your staff to prevent both personal and organizational losses.

Many criminals use social engineering tactics to get individuals to voluntarily install malicious computer software such as fake antivirus, thinking they are doing something that will help make them more secure. Fake antivirus is designed to steal information by mimicking legitimate security software. Users who are tricked into loading malicious programs on their computers may be providing remote control capabilities to an attacker, unwittingly installing software that can steal financial information or simply try to sell them fake security software. The malware can also make system modifications which make it difficult to terminate the program.

The presence of pop-ups displaying unusual security warnings and asking for credit card or personal information is the most obvious method of identifying a fake antivirus infection.

Guard against cyberthreats

Here are 10 tips to help small businesses and organizations to guard against new and emerging cyberthreats:

  1. Develop or review your cybersecurity plan. An effective cybersecurity plan should include strong network security, encryption and authentication technologies. The FCC offers a free cybersecurity planner for small business owners.
  2. Use a firewall and antivirus software. Protect your internet connection by setting up a firewall and encryption. All computers should be equipped with antivirus software and antispyware. Set up automatic software updates on all company devices to ensure security fixes are in place.
  3. Secure your Wi-Fi network. Make sure your Wi-Fi network is secure with password-protected access to your router. Set up a separate guest account with a different password for customers or clients who need to access Wi-Fi, so they don’t have access to your main network.
  4. Protect your devices. Hackers can use a stolen laptop, smartphone or tablet to access your network. Maintain an inventory of equipment, and make sure your employees know to secure any company devices when not in use.
  5. Back up your data. Store data in several places, using off-site and cloud-based services. If you become a victim of a cyberattack, you’ll be able to restore operations quickly without having to pay for a ransomware decryption key.
  6. Strengthen passwords. Enforce strict company-wide policies for creating strong passwords, using different passwords for different applications and changing passwords on a regular basis.
  7. Educate employees. Develop an employee training program to ensure everyone understands security policies and procedures. Schedule refresher courses periodically to keep employees informed.
  8. Increase email security. Train your employees on how to spot a phishing attempt by paying close attention to URLs and reading emails carefully, even those appearing to come from a known sender. Ask them to avoid opening unknown or unexpected email attachments (especially compressed or ZIP files) or clicking on links.
  9. Separate your important data. Reduce the damage of a potential security breach by making sure your data isn’t all stored on one device or in one place. For instance, don’t keep your payroll information on the same device you use to process credit card payments. That way, if one of your devices is compromised, some of your data will still be safe.
  10. Implement an incident response plan. Documenting what to do in the event of a security breach—such as who to notify and where backups are stored—can save your organization valuable time in a crisis.

Cyber training and protocols can make a crucial difference in reducing or eliminating the number of cybersecurity breaches.

References:

  1. https://transition.fcc.gov/cyber/cyberplanner.pdf
  2. https://www.navyfederal.org/resources/articles/small-business/protect-your-business.php
  3. https://www.sans.org/security-awareness-training/resources/social-engineering-attacks/?utm_campaign=2020%20Social%20Media&utm_content=145945029&utm_medium=social&utm_source=twitter&hss_channel=tw-41655252
  4. https://www.ibm.com/developerworks/library/se-cyberindex2014/index.html#:~:text=IBM%20Security%20Services%202014%20Cyber%20Security%20Intelligence%20Index.,names%2C%20emails%2C%20credit%20card%20numbers%2C%20and%20passwords%E2%80%94were%20stolen.