Small Business

Exploit: Database infiltration 

Wyzant: Online education marketplace that matches tutors with students

Risk to Small Business: Severe: Hackers took advantage of a database anomaly to steal personally identifiable information (PII) from an undisclosed number of users on April 27, 2019. The tutoring company issued a patch to the database, and a more in-depth investigation is underway.

Individual Risk: Severe Although it’s unclear how many users were impacted by the breach, PII was definitely made available to hackers. This data includes names, email addresses, zip codes, and more. The company’s platform lets users sign in using their Facebook credentials, enabling hackers to siphon off .jpegs of Facebook profile pictures, which can be leveraged to facilitate phishing scams.

Customers Impacted: Unknown

How it Could Affect Your Business: Failing to understand the security vulnerabilities that impact your IT infrastructure can have significant consequences for your users. Especially for companies handling PII for minors, protecting customer information has to remain a top priority. In order to be vigilant and prepared at all times, every organization should partner with a security solution that can proactively monitor the Dark Web for customer and employee data.

Read more

---

In Other News: Card Data Stolen From 201 Online Campus Stores 

201 online campus stores for universities based in the U.S. and Canada were victimized by the popular Magecart attack, where hackers plant malicious JavaScript code on a website. This code collects payment information from customers using an affected platform. Once the financial data is collected, it is remotely stored by hacking groups who subsequently sell that information on the Dark Web.

The Magecart skimming code has been identified on at least ten other platforms and has spread to e-commerce sites as well.

Interestingly, cybersecurity researchers noticed that Magecart groups often don’t pursue e-commerce sites directly. Instead, they target components that often accompany their online store, such as chat and support widgets.

The weight of this incident serves as a reminder: companies need to invest in a holistic suite of cybersecurity solutions that accounts for today’s entire evolving threat landscape.

Read More

If you’re looking to stream or download blockbuster movies when they’re still in theaters, you probably shouldn’t. Why not? Well, first and foremost, this is called piracy and it is illegal. Secondly, any “free downloads” you do find will likely be a scam.

Recently, a popular search engine result for Avengers: Endgame claims to offer either a download or a full viewing of the blockbuster hit. The movie even begins streaming automatically, but you’re prompted to make an account shortly after. Creating an account is free, but you soon find that you must “validate” your account using your credit card details.

Don’t be fooled! If it seems too good to be true, it probably is. Remember the following to stay safe when browsing online:

• Never download anything from an unfamiliar or questionable website. Especially if the download could be stolen, and therefore illegal, material.
• Never give information to a website you can’t trust. Even if you don’t enter credit card data, simply creating an account makes your email address more vulnerable to future scams–especially phishing attacks.
• Never reuse passwords. If you create an account on a dangerous site, scammers will try to use your email and password combination to break into your other accounts.

Stop, Look, and Think. Don’t be fooled.

Exploit: Phishing attack

Partners in Care: Healthcare provider based in Bend, Oregon

Customers Impacted: Unknown

Risk to Small Business: Severe: A phishing attack compromised an employee’s email account towards the end of 2018, providing hackers with access to patients’ health information between November 17 and December 12. After completing a manual email review, the company concluded that sensitive patient information was exposed during the breach.

Individual Risk: Severe: Although it is unclear how many records were compromised in the breach, hackers were able to access patients’ personal information including names, birth dates, medical records, and social security numbers. Patient records related to diagnosis, medications, and insurance details were also revealed. The organization notified those impacted by the breach and are encouraging them to monitor their account statements for suspicious activity.

How it Could Affect Your Business: Companies managing sensitive healthcare information are expected to have mechanisms in place to protect their patients, so a preventable data breach is particularly egregious. While phishing scams are used to gain access to a company’s IT infrastructure, they can be prevented through training and monitoring tools.

Read More

---

In Other News:

Your Google Chrome extension may be an accomplice to phishing scams 

Users of the popular Google Chrome browser could be susceptible to a new phishing scam. Android mobile users running Google Chrome might be familiar with the browser’s aesthetic, user-experience guided method of hiding the address bar when a user scrolls through a website. However, perpetrators of phishing scams are now using this feature to display a fake URL bar that persists when users scroll.

At the same time, the fictitious URL bar can display the credentials of real websites, making users think they are viewing an authentic website. By hiding the original URL bar, users can be easily directed towards malicious third-party sites where users could expose their personal or financial data.

This vulnerability is being exploited to execute effective phishing scams that quickly capture users most sensitive information. Beware!

Read More

Exploit: Employee email account breach
EmCare: Dallas-based healthcare provider that offers physician services and other healthcare functions

Risk to Small Business: Severe: An unauthorized third party accessed employee emails, allowing them to view sensitive personal information and confidential patient data. Through this vulnerability, hackers were able to access as many as 60,000 individual records, including 31,000 patient records. The company was quick to indicate that they don’t believe any personal data has or will be misused, and it’s unclear why this information was accessed. Nevertheless, EmCare will now bear the costs of providing free credit monitoring services and managing public relations.

Individual Risk:  Severe: Employees and patients who received care from the company could have had their name, birth date, age, social security number, and driver’s license number exposed. In some cases, protected health information was also made vulnerable.

Customers Impacted: 60,000

How it Could Affect Your Business: This episode is a reminder that even minor vulnerabilities can have extensive consequences. In this case, accessing just a few email accounts compromised thousands of patient records, creating serious problems for both the victims and the company. Since healthcare organizations are explicitly charged with protecting this information, they need to take every precaution to make sure that their systems are secure. By monitoring where and how hackers use patient and employee information on the Dark Web, providers can offer lasting protection.

Read More

---

In Other News: Cyber-attacks are soaring in 2019 

It’s no surprise that cyber criminals are always looking for new vulnerabilities to take advantage of, and we are now becoming inundated, and even accepting, of breaches making daily news headlines. However, their swift increase in the first quarter of 2019 is shocking even by today’s standards.

According to recent report by Malwarebytes, cyber threats are up 235% year-over-year, primarily the result of a surge in ransomware and trojans.

However, bad actors aren’t just increasing the frequency of their attacks. They are changing their focus. The study found that cyber criminals are targeting SMBs because they have less money and resources to spend on cyber defense.

Most prominently, cyber criminals are relying on ransomware. Corporate ransomware attacks are up 195% from the last quarter, and they have grown at an astonishing 500% since April 2018.

It’s no secret that today’s threat landscape is always evolving, and protecting small businesses requires a continual reevaluation of your organization’s most prominent vulnerabilities. However, in order to fight fire with fire, companies must enlist the help of security solutions that are designed to keep a pulse on hacker activities and employee/customer information.

Read More

PDF files are commonly used in most organizations, regardless of what industry you work in. That’s why PDFs are often thought of as a “safe” file type. Do you hesitate to open them?

• 

Over the past few months, there’s been an increase in the bad guys taking advantage of this trusted file type. They’re finding ways to hide malware in PDFs so they make it past the security filters your organization has in place. Most often, the malware is executed once you open the PDF and click on a misleading link in the file. A different PDF attack steals your login details when you open the file.

Always remember, never open an attachment unless you have asked for it. Even if the attachment appears to come from someone you know, pick up the phone to verify it’s legitimate.

Stop, Look, and Think. Don’t be fooled.

In the age of digital revolution, businesses are increasingly reliant upon their IT infrastructure. After all, the use of technology to manage routine operations has become necessary, especially if businesses want keep up with their competitors.

The entire business landscape is evolving with the help of technological business solutions. It is, therefore, so important to ensure the optimal health of your IT infrastructure. This is where strategic IT consulting services can come into play.

The Need for IT Consulting Services

IT Consulting Services brings unparalleled expertise your infrastructure. The right consultants will maintain the smooth functioning of your infrastructure while making certain your business stays relevant with the latest technologies.

Hiring IT consulting services gives businesses an advantage. The cost of hiring an entire IT department is eliminated and they are partnered with a team of experts with decades of field experience.

Oram Corporate Advisors has a combined 30 years of experience in providing strategic IT Consulting to small and mid-sized business. Looking for consultancies in Boston? Call us 1-617-933-5060 or fill this form to contact us today!

Top 4 IT Consulting Services

There are many ways an IT consultancy can help your business. Here are the top 4 of services they offer.

1. IT Asset Management

Let’s start with the basics. IT Asset Management is one of the most important services you should seek for your business. The team will keep track of every component of your IT infrastructure while ensuring its functionality, proper use, and security.

1. IT Support Services

IT Support  Services include 24/7 customer support, onsite hardware installation, user training, troubleshooting, problem management, and much more.

Hiring IT support services ensures that the IT infrastructure of your business is flawless, allowing you to focus on more important parts of your business such as product and service development.

1. Network Support

It doesn’t matter whether you are a small business or a large scale enterprise. What matters is that you have a secure network system that works well across all departments. IT consulting services include network support which covers WAN/LAN/VPN design and implementation, email continuity, and data backup and recovery.

Network support ensures that your business’s firewall is protected against any possible data breaches and intruders.

1. Server Support and Website Services

From making sure that your website functions smoothly with hosting, graphic design, and DNS Setup to ensuring 24/7 server support, SQL Management, and server maintenance, IT consulting services cover it all.

Hire strategic IT Consulting services to ensure the smooth functioning of your website and servers.

Conclusion

A decision to hire an experienced IT consulting company is a decision for security, efficiency, and peace of mind. Make sure that you choose a reputed consulting company for your business. Looking for consultancies in Boston? Call us at 1-617-933-5060 or fill this form to contact us today!