Facebook-f Twitter Linkedin-in

securewebsite

Scam of the Week: Watch out for W2 and Tax Fraud Phishing

by

The bad guys are starting their tax scams early this season! All employees should look out for urgent emails and phone calls supposedly coming from the IRS or tax-related companies in the next few months.

For all employees, if you receive a phone call from the IRS claiming you owe back taxes and must pay, don’t fall for it. This is a common scam that they try every year.

And HR and Accounting teams should be on even higher alert. Cyber attackers are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.

Remember that when you receive sudden requests like this, they may be spoofed emails. You should double check by picking up the phone to verify that this is a legitimate request coming from that executive. In these cases, it’s OK to “say NO to the CEO”.

This tax season, stay alert for scams like this, and Think Before You Click!

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: China – Boomoji

by

Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.

Risk to Small Business: Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.

Individual Risk: Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.

Customers Impacted:Over 5 million users.

How it Could Affect You:Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.

Read more

In Other News:

Alarming News
A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

Read more

Scam of the Week: New Dangerous Email Extortion Scam

by

The bad guys are continuing to get more and more bold with their extortion scams. The latest extortion scam involves sending you an email that looks like a bomb threat. The email claims there is an explosive device in the building which will detonate unless you pay them in bitcoin.

This threat is being sent to millions of people, so the likelihood that it is real is very small. However, if you receive this type of extortion email be sure to do the following:

  • Follow your organization’s security policy
  • Contact the appropriate authorities in your organization
  • Do not answer or forward the email to coworkers.

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: Quora

by

Quora: A popular question and answer site that boasts 300 million monthly active users.

Risk to Small Business: Severe:People are not soon to forget that the question and answer site was unable to keep their data safe. This could cause a migration from any site to another similar one, something that is common among social media sites in particular.

Individual Risk: Moderate: Those affected by this breach are at an increased risk of phishing attacks

Customers Impacted: Unclear at this time

How it Could Affect You: Quora handled the breach very well, with the CEO releasing a blog post detailing what they know and apologizing to their users. The amount of time it will take for the organization to regain their users’ trust is unclear. The transparency by the organization’s leadership will greatly help it bounce back sooner than if they hadn’t responded as such.

Read more

In Other News:

DNA For Pay
The Leaders of Genomics England has revealed that foreign hackers have attempted to access the DNA data the organization is collecting. The reality that hackers could steal DNA data if they successfully access a network is a scary thought. As the general population becomes more aware that their data is valuable, it should also become apparent that handing over data and in this case, DNA, could result with it ending up on the Dark Web or in the hands of a nation state. While no breach occurred to this organization, the fact that they are regularly under attack should be a wake-up call.

Read more

Scam of the Week: Extortion is Back Again!

by

Extortion scams are back and they are getting more and more dangerous. This time, the bad guys are sending out emails, claiming they have a video of you watching an inappropriate website and then prompting you to download that video and see it for yourself.

But if you do, your computer gets infected with ransomware!

Here are some things you can do to avoid becoming a victim of extortion:

  • Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know.
  • Turn off and/or cover any web cameras when you are not using them.
  • Remember, if you receive an email that claims to have a compromising video of you viewing sensitive material, do not answer or send money. Instead, delete the email.

Don’t fall victim to the bad guys!

Stop, Look, and Think. Don’t be fooled.

Technology Assessments: What they are and why every business needs them

by

Technoology Assessments

Information technology, or IT as it is known in most modern business settings, can be a challenge for small to medium business owners. Whether your business may have its own IT expert in-house or be too small to employ its own, your organization uses IT every day. Government regulations change regularly and growth means IT needs to adapt, too. Additionally, the world of technology is always experiencing new development.

That’s where technology assessments come in. Every business should undertake an annual technology assessment to ensure its IT needs are being met. Here’s a look at what technology assessments are, the purpose behind them, and what types of things they evaluate.

Technology Assessments
Every organization uses technology. Whether your business is using the internet for ecommerce, your non-profit is building a new business website, or your company is sending and receiving emails, you and your employees utilize IT. As your business grows, the complexity of your IT does as well. This can be a challenge for small to medium businesses, however, as they often don’t have the budget to hire a full-time employee to handle such matters. Even if you do have IT staff on hand, they may be so busy that a third-party such as ORAM may be the key to getting your annual IT assessment done quickly and efficiently.

This is where an independent technology assessment comes in. Such assessments evaluate multiple aspects of your existing IT to determine if what you have is effective enough to cover your growing organizational needs and, if not, what changes need to be implemented. Just as you should see your doctor every year for a full physical, your company also requires an annual IT checkup.

The Purpose of IT Assessments
The costs of IT are rising every year, the complexity of IT planning is becoming increasingly difficult, and regulatory compliance is beginning to overwhelm organizational leaders. An annual technology assessment can tell you what your company currently has in terms of IT to overcome these obstacles versus what it really needs to achieve your technology and business goals.

An IT assessment should cover several aspects of your business technology including:

• Strategically evaluating whether your IT infrastructure is ready to grow with your business.
• Identifying areas of opportunity to improve your business processes and reduce your IT costs.
• Pinpointing any “red flag” areas that require deeper analysis and adjustments.
• Prioritizing your IT investments to reflect your business strategy.

What They Do
Information technology assessments examine your existing IT infrastructure and business goals such as growth. Through this audit of your business’s current systems and processes, it can be determined if they are effective at meeting your organizational goals.

For example, if you operate a law firm that wishes to grow by 10 percent each year for the next five years, your IT must be able to adapt to the changing needs of your law firm. In addition, you are bound by several governmental regulations such as the protection of your client’s personally identifiable information (PII). This means you must have achieved a certain level of security to meet those requirements with your IT.

An annual assessment can determine if the IT your business has in place is capable of handling these requirements and, if not, what adjustments need to occur. A strong technology assessment will answer the following questions:

• How is the health of technology in my organization?
• Is my business using technology to its fullest extent?
• Can my existing technology accommodate growth?
• Is my company exposed to risk that can be avoided with proper planning?

What They Cover
Just like a physical, an IT assessment comes with a checklist of things that are covered to ensure the best IT health and the lowest risk to your organization. Areas that should be covered in your IT assessment include the following:

• Physical assets: Servers, desktops, laptops, telephones, networks (internal and external), Peripherals (scanners, printers, copiers, etc.), and data management and tracking (such as storage and disposal)
• Applications: Desktop programs, email management, accounting and other business-critical applications, document management, security programs, and your organizational web site
• Policies, Procedures, and Processes: Business continuity plans, disaster recovery, change management, security management, on-boarding and off-boarding of employees, ongoing IT training, and help desk
• Partner & Vendor Management: Collaborations, sales, purchasing, software licensing, voice and data circuit providers, third-party service providers
• Industry or Business Specific Details: Government-issued regulations, industry requirements, and unique company needs

This list of items is reviewed by conducting interviews with key people in your business and through checks of your business infrastructure. During the interviews, you or your IT staff will be asked to answer specific questions about the technology in place that supports your organization. You will also be questioned about your business and its goals.

When ORAM conducts a full technology assessment, we have a list of 300 questions that thoroughly examine everything from your existing IT policies and procedures to your key IT assets and their settings. We also look at the infrastructure of your organization to determine what you have, how well it works, and what you need. All of this is wrapped up into a results report specific to your company.

Results-Oriented IT
All of the data gathered during the assessment is put into a final report that will allow business leadership to make informed decisions about the IT of your company. In addition to the current status of your IT health, recommendations will also be made to keep your business operating smoothly, protected against threats, and compliant with industry and/or government regulations. Business leadership should review the results to determine what steps to take in order to keep moving forward with safe, effective, and efficient IT that meets business goals within their budget.

The final report is also a terrific means for documenting your IT and planning business continuity in the event of a disaster such as a breach. While this is a wonderful report that can do much to support your business health and goals, it does need to be updated annually to address the changes in technology and your company.

Why Every Business Needs IT Assessments
Since every organization uses IT, every business needs an annual technology assessment. The final report is not only a document that keeps businesses on the cutting-edge of technology and security, but also provides assurance that government regulations are being achieved. Finally, it gives leaders a look at the IT health of their company and acts as a roadmap to guide them through the necessary changes to their existing technology that will allow them to achieve their desired outcomes in the future.

If you are interested in a short, free technology assessment by ORAM, a full technology assessment, or simply have questions regarding your organization’s IT, please contact ORAM at (617) 933-5060 or visit us online today.