Archives

As we get into the summer, many business owners and employees look forward to a well-deserved break. However, high achievers are known to do a little work on vacation. Unfortunately, studies show that working outside the office, whether on vacation, from a local coffee shop, or even business travelers out on work trips, can lead to significant cyber security issues. If you or your employees plan on answering urgent emails or checking in on projects while on vacation this summer, it’s essential to maintain strong cyber security best practices to avoid exposing the company network to hackers preying nearby. In this blog post, we’ll cover what cyber security best practices for remote workers must be implemented so that you and your team can get your work done and enjoy your vacation without worrying about a data breach. 

 Why Cyber Security Matters While Traveling 

 For business travelers, the need to stay connected to the office is a reality of the digital age, and our handheld devices make it easy. But with this constant connectivity comes an increased risk of cyber threats. Whether you’re using a public Wi-Fi network in the lobby or accessing sensitive files from your hotel room, you can expose your company to hackers, malware, and other cyber risks. 

 Cybercriminals know how this works! They understand that people are more likely to let their guard down while on vacation. They know you’re more focused on enjoying your time off than ensuring your devices are secure. This situation makes travelers an attractive target for cybercriminals, who can use a variety of tactics to compromise your data, such as phishing emails, fake websites, and man-in-the-middle attacks. 

 To minimize the risk of a cyberattack while traveling, here are a few best practices to cover with your team:  

• Use A Virtual Private Network (VPN): A VPN encrypts your internet connection, ensuring your data is secure even when using public Wi-Fi networks. Before you leave, set up a VPN on your devices and use it whenever you’re online. 
  

• Keep Your Devices Updated: Before leaving for vacation, update your devices to the latest software and security patches. Outdated software can leave you vulnerable to cyberattacks, so staying current is essential. 
  

• Be Wary Of Public Wi-Fi: Although convenient, public Wi-Fi networks can be a hotbed for cybercriminal activity. Avoid using these networks whenever possible. Yes, that means no checking your email poolside unless you have a VPN. 
  

• Enable Two-Factor Authentication (2FA): Using 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message code or fingerprint scan. Make sure to enable 2FA for all of your critical accounts before you depart. 
  

• Beware Of Phishing Attempts: Cybercriminals often target travelers with phishing emails, which are designed to trick you into revealing sensitive information. Be cautious of any emails you receive while on vacation, and never click on suspicious links or download unfamiliar attachments. 
  

• Secure Your Devices: Physically secure your devices by always keeping them with you and never leaving them unattended in public places. Additionally, enable password protection, biometric authentication when applicable, and remote wiping capabilities in case your device is lost or stolen. 
  

Traveling for business or pleasure doesn’t mean you should compromise on cyber security. Following these best practices can reduce the risk of a data breach or other cyber security issue while away from the office. However, it’s important to know that these steps aren’t infallible. To truly ensure that your company’s cyber security measures are up to par, you need to work with a qualified IT team that can monitor your network 24/7, patch any vulnerabilities that pop up (which happen regularly), and can alert you if something goes wrong. 

To help you prepare for your vacation and have peace of mind knowing your business is secure while you or your employees are working remotely, click here to schedule a free IT assessment with our experts today. We’ll evaluate your current cybersecurity measures, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe. 

Another day, another scam! A new wave of social media scams has emerged, targeting unsuspecting Facebook and Instagram users. Whether you use your page for personal or business use, this new con could affect you. In this article, you’ll discover what this scam is, how to detect if hackers are targeting you, and how to avoid falling for it and potentially leaking your private information. 

 If you’re a social media user, you may have noticed that in recent years, both platforms are quick to hand out page violations. An inappropriate comment or post can land you in “Facebook jail” or with a 30-day suspension for repeated offenses. Facebook’s goal appears noble – keep these platforms a positive, kind place for all users.  

 To help identify these comments, the platforms have developed a sophisticated bot that can read the posts and detect “flagged” phrases that the platform has deemed inappropriate. Typically, they remove the inappropriate content and notify the user that the post was flagged and warn if they continue posting similar content a ban can occur.  

 However, this robotic peacekeeper is not perfect. It has a reputation for flagging ordinary content because of key trigger words and banning unoffending accounts. This situation is frustrating for users who don’t want to lose access to their social media platforms for an offense they didn’t commit or are worried that years’ worth of memories they’ve accumulated on their account could disappear if their account is wrongfully deleted.  

 Cybercriminals saw their opportunity and went for it. Hackers pose as support agents from Facebook or Instagram, contacting users via direct message on the platforms saying there has been a policy violation and they’ll help the user resolve it by filling out a simple form that gives them the information they need to make this digital slap on the wrist go away. The alarming twist? Once users submit their information, it falls directly into these skilled hackers’ hands, who can use it for who knows what. 

 If you want to protect yourself from this scam, you must first be able to recognize it. If you receive a message like the one below – don’t panic. Cybercriminals want you to be worried, so you slip up and make a mistake. Remember, a Facebook agent will never directly contact you unless you go through the support chat first. The platforms have in-app notifications about banned or flagged content that you will see first, and they will follow up via email.  

 The image below features an actual screenshot of this scam in action and points out other factors to notice when determining the legitimacy of a violation.  

We didn’t request the form to see what information it collects (and neither should you), but we can guess. Facebook has developed strict verification processes for confirming identities to reduce the number of imposters on Facebook and determine the rightful ownership of accounts in hacking situations. The platform will request proof of identity with a photo of your ID or sometimes even business documents proving ownership. Cybercriminals will likely request this information but may take it further by asking to confirm your password, social security number, and more.  

 This deceptive tactic highlights the ever-evolving nature of cybercrime. Just as we’ve seen with the rise of AI-powered tools used in voice cloning scams, these hackers are becoming increasingly creative and sophisticated in their efforts to manipulate social media users. They are watching what’s happening and adapting their tactics accordingly. The stakes are high, and so is the potential damage to individuals and businesses. 

 To safeguard yourself and your business from such threats, it’s crucial to remain vigilant and informed. Here are a few practical tips to help you stay protected:  

• Always verify the authenticity of messages received from social media platforms. Support does not contact you via message unless you request chat support, and they will never ask you to provide sensitive information through direct messages. 
  

• Be cautious of unsolicited messages requesting you to click a link or fill out a form. Instead of clicking the link, visit the platform’s help center or contact support directly to inquire about the issue. 
  

• Strengthen your account security by enabling two-factor authentication, regularly updating your passwords, and using unique, complex combinations of characters. 
  

• Provide regular security awareness training to your employees. Share articles like this one that shed light on emerging scams and engage in ongoing education to ensure your team remains alert and prepared. 
  

• Collaborate with your IT service provider to implement robust cybersecurity measures and disaster recovery protocols. Investing in comprehensive protection is essential in minimizing the risk of falling victim to these sophisticated attacks. 
  

Remember, prevention is critical. Don’t wait until it’s too late to take action. If you’re concerned about the security measures your IT service provider has in place, click here to request a FREE IT Security Risk Assessment. This assessment will give you a clear understanding of your current security stance and whether you’re well-equipped to handle a cyber-attack. 

An Arizona family was recently in the news warning others about how they were the target of a ransom call in which scammers used AI (artificial intelligence) to clone their daughter’s voice to convince the parents they had kidnapped their daughter, with the apparent goal of extorting money.  

DeLynne Bock, the mother of Payton Bock and target of the con, said she feels she can easily spot a fake scam call, but this was on a whole other level. 

According to the news story, the scammers called their home, where DeLynne’s husband answered the call. A man on the other end of the line was screaming and using foul language, saying his daughter had caused an accident, hitting his car, and couldn’t find her insurance. From there, he started making threats, saying he had her tied up in the back of his truck.  

What made the call so convincing was the deep fake of her daughter’s voice on the other end of the line – pleading for help, crying. Unable to reach her daughter by phone, DeLynne called the police while her husband kept the man on the phone. “I called the police, and they’re saying, ‘This is possibly a scam situation.’ I said, ‘There is no way this is a scam. This is my daughter’s voice,’” DeLynne said. “This wasn’t just some person pretending. As a mother, you know your daughter’s voice, and this was my daughter.” 

Apparently, this wasn’t the first time this happened which is how the police were able to suggest it could be a scam. This is just the latest iteration of how hackers are using AI to produce deep fakes to extort money. AI and ChatGPT have been in the news recently for a reason – AI is an extremely powerful tool that, if put in the wrong hands, can do a lot of harm.  

It’s not a stretch to imagine the use of AI to fake a CEO’s voice, signature or writing style in an e-mail, text, call or instant messaging to trick an employee into sending money or doing things that would severely harm the organization, such as providing a login or access to the company’s network, data or critical applications. Or similarly use this same type of approach to scam clients or patients into giving up confidential information or payments.  

A report released by security experts at Home Security Heroes showed that 51% of common passwords could be cracked in less than one minute using an AI. Both the length and complexity of the passwords factored into the speed of successfully cracking the password, but even a complex password with seven characters using both uppercase and lowercase letters, numbers and symbols took just minutes to crack. 

This means it’s hypercritical for all business owners to no longer rely on strong passwords and simple antivirus to protect their organization.  

Today, all businesses should have some type of security awareness training for their employees. For example, simply sharing this article and others we publish like them with them can go a long way toward making sure they’re always on high alert for scams; but sharing the occasional article is not enough. You should have some type of ongoing reminders and formal training so that it’s always top of mind. Employees AREN’T “too smart” to fall for these scams. If someone can trick a mother into believing her daughter has been kidnapped by duping her daughter’s voice, they can trick an employee into clicking on a link, giving them access or transferring funds – and it’s happening right now to a lot of businesses. 

Second, you need to work with your IT company to ensure they have implemented robust cyber security tools and protections, as well as disaster recovery protocols so if you are ransomed, you can be sure to recover your data. This is not an area to be cheap about. Most people stubbornly believe it won’t happen to them, or that it will be a minor inconvenience, not the costly, business-crippling and devastating disaster that a cyber or ransomware attack can have. An ounce of prevention goes a long, long way toward minimizing your risk.   

If you want to make sure your IT services provider is protecting you properly, click here to request a FREE IT Security Risk Assessment. This assessment is not time-consuming, invasive or difficult to do, but will give you the unvarnished truth about your current security and whether or not you will be properly and brilliantly prepared for a cyber-attack.