Contact Us For A Demo

Posts Tagged ‘cyber crime’

Hacking Away at Business Security

Tuesday, June 7th, 2011
Masked bandit hacking a laptop

All passwords for the RJWestmore Training System are fully-encrypted.

With the recent hack of various Gmail accounts by cyber criminals, companies are again casting an eye at ways to ensure data security and circumvent the risks associated with cyber crime. Cyber attacks are particularly difficult for law enforcement because they occur anonymously over great distances and are often conducted by highly intelligent individuals who are skilled at covering their digital tracks.

The disruption caused by cyber attack presents businesses with more than just a minor annoyance. High profile breaches, such as the recent attack on Sony’s PlayStation Network, caused significant losses, as thousands of insecure customers bugged out. As a result, Sony claimed to have lost more than $170 million as a result of the breach.

For some entities, such as utilities or defense contractors, cyber attacks cause disruptions which go far beyond the scope of financial loss. A recent survey of senior level IT professionals indicated that they hold cybercrime to be the most dangerous threat for their business, ranking above the fear of natural disasters.

Details of the Recent Gmail Account Hack:

  • Some of the hacked accounts included senior U.S. Government officials, Chinese political activists, and journalists, prompting many to suspect that the Chinese government had something to do with the attack.
  • The accounts were compromised through a phishing attack, which involves gaining access to an account by presenting the user with a legitimate-looking, fraudulent emails or texts. (Many bank customers have been caught by phishing schemes where the crook will say he represents the client’s bank and needs user account information)
  • The Gmail criminals used information from hacked email accounts to contact and infiltrate other user accounts, since people tend to trust messages sent from someone they know.

What Can Businesses Do to Better Safeguard Electronic Information?

  • Establish robust firewalls to prevent intrusions.
  • Conduct an internal employee survey to find out how many of your employees are using “1234” for their password. Prepare to be shocked by the results. Require employees to follow set procedures for password creation and changing of passwords at regular intervals.
  • A popular method for creating hack-resistant passwords is to think of a phrase such as “Cybercrime is a risk I want to manage.” Then, use the first letter of each word from the phrase to create a password: “CIARIWTM.” Then, to mix it up further, add two or three memorable numbers and a symbol to the mix: CI$AR&IW@TM. Also, use different cases instead of all caps or lowercase letters: Ci$aR&iW@Tm. Breaking a password this complicated will keep hackers at bay, since easily-cracked “1234” passwords are easier targets of opportunity. (This is for the same reason thieves prefer to break into cars that have open windows and keys in the ignition than vehicles that are locked and armed with alarms.)
  • Password reset software can be used following a breach to bring passwords back.
  • Review outside vendors who have access to your data. Even if your company has state of the art protection, it is worthless if one of your vendors operates in an open environment which can easily be hacked.
  • Carefully guard client email lists and account numbers. The recent loss of email data by Epsilon cost the company millions of dollars, as customers canceled their credit cards after they discovered their data had been compromised.
  • Run routine security updates on your computer system. But be careful not to click on screen messages from anyone other than the system you subscribe to. Make sure that your employees know they should do a hard reset (manual shut-down) if anything out of the ordinary appears on their computer screens.

A breach not only costs time and money in the short term, but it can be detrimental to customer perception and trust. This is especially true of companies that hold customer data such as social security numbers or financial information. Virtual disasters should demand the same foresight and planning as natural large-scale events such as floods, fires and earthquakes.

When a disaster strikes, prior planning and clear decisive action can help save lives.  For the latest emergency management training for facility/building managers, contact RJ Westmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.

When “You” Isn’t Really You: How to Prevent Identity Theft

Monday, November 15th, 2010
"Identity Theft" typed on documents coming out of a shredder.

Be careful to guard your identity.

Today’s blog post isn’t about the threat of a natural disaster. We will be discussing a manmade crisis that can potentially affect anyone and can take months or even years to repair. Today’s topic is Identity Theft. Claiming nearly 10 million victims a year, Identity Theft is the number one complaint lodged with the FTC.

According to research from Nationwide Insurance, four out of five victims of Identity Theft encountered serious issues as a result of the crime, such as lowered credit scores, bankruptcy, foreclosure, or even prison time.

A significant threat now that so many of us handle financial matters online, Identity Theft is a crime that is cloaked in mystery, with most of us imagining identity thieves working in dark, secret computer-filled lairs. The truth is that the crime is far less glamorous than they make it out to be in the movies, with far more serious implications for its victims. The good news is that while Internet anonymity is practically impossible these days, you can take steps to make yourself a less inviting target.

  • When it comes to selecting a password for your online bank account or email accounts, don’t choose “password” or “1234.” Also avoid easily detectable data such as your child’s first name, your birthday, your anniversary, your dog’s name or your street address. This type of data is easily accessible for even casual hackers.
  • No matter how much you hate the hassle of changing and forgetting your passwords, you need to change them periodically. Experts recommend changing passwords on every online account at least every three to six months. People who work with extremely sensitive data change passwords hourly.
  • Check “privacy settings” on social media websites. Recent problems regarding privacy settings on Facebook highlighted the need to carefully consider how public you should be with details about your life. Review your settings and carefully read the “terms of service” on every site you use. Also, look at the amount of data on your social network profiles and determine if certain identifying information should be deleted or altered.
  • Do you like to use WiFi and other public area internet access networks? Take steps to ensure security of your laptop or mobile device when sending information over shared networks. Don’t let the leather chair and tasty beverage lull you into thinking you are at home when you are using your computer at Starbucks.
  • Create truly random passwords. Some popular “systems” for randomizing passwords involve thinking of a phrase such as: “My favorite movie is Gone with the Wind” and using the first letter from each word: MFMIGWTW. Better yet, change the case in some of the letters and swap out the second and fourth letters with characters, so the password would be m@M*GWtw. Randomization and picking phrases only you would know are the keys to real password security.
  • Even if your passwords are difficult to decipher, you might be surprised by how easily experienced hackers can access even complicated encryptions. Fortunately, several applications and software offer secure password management tools. If you do not have access to these tools, consider using a completely random number. And don’t store it near your computer or in your purse.

Also, don’t forget about offline methods that thieves can use to steal your identity. Not every identity thief is a hacker holed up in a basement with five computers and three monitors. Some still take a more old-fashioned but no less harmful approach to assuming someone else’s identity.

  • Don’t leave mail hanging out of your mailbox or dispose of it in the trash can at the post office! The amount of information contained on some of your bills is staggering. Thieves who commit the felony of stealing your mail would have access to your full name, address, phone number, account numbers, bank routing numbers and more. For security, deposit important mail into a USPS drop box.
  • Don’t forget about the trash. Shred any and all documents that contain personal information before you toss away any paperwork…including junk mail.
  • Take a good look at your wallet or purse. Is it a good idea to carry your social security card, checks, paystubs, insurance information and a letter with your mother’s maiden name on it, conveniently located all in one place for the taking?
A lock on top of a credit card

Do what it takes to protect your identity.

What steps should business owners and manager take to guard customer and/or employee personal information?

  • Computer data is hard to erase! If your sell or donate old computer equipment, clicking “delete” on files and folders won’t be sufficient. Purchase an application that can completely wipe the hard drive. Or, better yet, take computers to a trusted source so the hard drive can be erased. All data on CD, DVD or backup tapes should be removed and then destroyed so files are completely unreadable.
  • Mind your laptop. Guard it at all times, as if you are protecting private information. You are! Store sensitive data on secure servers or in the computing “cloud,” behind firewalls, instead of stored on a portable machine.
  • Have old-fashioned paper files? Outsource your document retention services to an established company that will shred or store, as needed. Also, don’t throw boxes of data with sensitive client information into your building’s unsecure storage basement! Invest in a heavy-duty shredder and use it often.
  • Don’t adopt “It Won’t Happen to Me Syndrome.” According to the FTC, in the past five years alone, 27.3 million people were victims of identity theft.

We often discuss the benefits of proactive prevention. And dealing with Identity Theft is no exception. When a disaster strikes, prior planning and clear decisive action can help save lives.  For the latest emergency management training for facility/building managers, contact RJWestmore, Inc. Our new Version 2.0 e-based training system offers the best emergency training system with automated and integrated features. Visit RJWestmore.com for more information and remember to BE SAFE.