Small Business

The Week in Breach-BBH

April 12, 2019 by securewebsite

Exploit: Unsecured business associate portal

BBH: Mental health service provider based in Missouri

Risk to Small Business: Severe: BBH has sent letters to patients notifying them of a breach that occurred in August of last year. Potential attackers would be able to infiltrate a business associate’s portal to access electronic protected health information (ePHI) and compromise sensitive records. The mental health service provider noted that there was no evidence of unauthorized access, but will be providing free identity monitoring, protection, and reporting from agencies including Equifax, Experian, and TransUnion. Along with the direct costs associated with offering such services to patients, the organization will have to pour funds into reputation management.

Individual Risk: Severe: The exposed records included names, addresses, contact information, DOBs, medical history information, driver’s license numbers and SSNs. Given the amount of time that has lapsed, patients are at high risk and should immediately begin monitoring their identity and credit reports.

Customers Impacted: 67,493 patients

How it Could Affect Your Business: As breaches continue to become more commonplace, companies are being held accountable for providing free identity protection for their customers and employees. Such damage can be disabling for small businesses, especially when combined with the costs that come with managing public relation.

In Other News:

Celebgate 2.0: attacks on the Apple accounts of musicians and athletes

A Georgian man has confessed to hacking the Apple accounts of NFL and NBA players, along with famous musicians. By creating fake accounts and impersonating Apple’s customer service, Kwamaine Jerell Ford was able to send phishing emails that coaxed victims into providing their login credentials as early as 2015. Once he had taken over the accounts, he would change the email addresses and passwords, and proceed to purchase air travel, hotels, and furniture.

With credit card information from Apple in hand, he was also able to transfer money to his own online payment accounts. Ford has pleaded guilty to one count of computer fraud and one count of aggravated identity theft. He will be sentenced on June 24.

Such an incident serves as a strong reminder of just how much damage can be inflicted through phishing. To prevent this highly effective form of cyberattack, small businesses and security providers invest in solutions that are specifically designed with customers and employees in mind, and able to proactively stop phishing campaigns in their tracks.

Scam of the Week: Realistic Phishing Attacks Take Advantage of U.S. Tax Season

April 10, 2019 by securewebsite

ALERT: Tax season scams are peaking. So, when you get any emails or phone calls about your taxes or W2 forms, verify whether the person sending the email or making the call is legitimate–whether you know them or not.

Here are some tips to stay safe this tax season:

Manually type the recipient’s email address into the “To” field. NEVER make the mistake of clicking on “reply” and attaching your tax information, because the reply email address might be spoofed.
Triple-check that the email address you are sending it to is correct.
If you want to be 100% safe, hand-carry your tax information to your preparer and do the tax return in person with them.

Visit the official IRS website to see more tax scams you should watch out for.

Stop, Look, and Think. Don’t be fooled.

Scam of the Week: Fake Calls from the IRS

April 3, 2019 by securewebsite

With taxes due in the upcoming days, you should be on high alert for fraudulent calls claiming to be from the Internal Revenue Service. These scammers insist that you owe money to the government. Then, they threaten you with loss of your driver’s license, arrest, or even deportation. Once they’ve caught you off guard, they’ll insist that you send the money using a prepaid card or wire transfer. Don’t do it! Remember:

The IRS will never require a specific type of payment.
The IRS will generally mail a bill to any taxpayer who owes taxes, and you will always have the opportunity to question or appeal the amount owed before sending a payment.
Do not share any type of personal information with anyone you don’t know over the phone.
If you get this type of call, hang up the phone immediately and report the call to the appropriate agency.

Stop, Look, and Think. Don’t be fooled.

IT Tips for Today’s Tax Professionals

April 2, 2019 by securewebsite

With tax day just two weeks away, many people may have their minds set on getting their taxes filed fast if they haven’t done so already. Tax professionals always find themselves swamped from February to May with businesses and individuals alike trying to finish up their taxes for the previous year. As a result, information technology (IT) may not be on the top of your mind as a tax professional but it should be.

With all of the personally identifiable information (PII) tax professionals work with on a daily basis from birthdates to social security numbers, IT security is a must to prevent breaches and data loss. Here are some top tips to keep your tax business and your clients safe.

Don’t Get Phished

Phishing emails are one of the most common ways hackers target businesses through email according to the Internet Security Threat Report Volume 24 by Symantec. “Employees of smaller organizations were more likely to be hit by email threats- including spam, phishing, and email malware- than those in large organizations,” according to the report.

Learn how to recognize phishing emails and train your employees to do so as well. Emails from unknown sources, especially those coming from someone pretending to be the Internal Revenue Service (IRS), e-Services, a tax software provider, or cloud storage provider should be deleted. Be sure to never open any link or attachments in suspicious emails as this is how the bad guys access your email and network. Note that the IRS never initiates initial contact through email with tax professionals regarding returns, refunds, requests for PII or other sensitive data.

The Symantec report does offer some good news in that “Phishing levels declined, dropping from 1 in 2,995 emails in 2017, to 1 in 3,207 emails in 2018.” This may be the result of better training and anti-phishing software. Be sure to keep your employees trained so your business isn’t phished.

Draft Your Data Plan

Every business, especially those in industries that are highly regulated or those that are often targeted due to the sensitive information they handle, should create a data security plan. When it comes to tax professionals, your security plan should use IRS Publication 4557, which addresses the proper safeguarding of taxpayer data. You will also want to look at Small Business Information Security- The Fundamentals developed by the National Institute of Standards and Technology, a non-regulatory federal agency charged with promoting U.S. innovation and industrial competitiveness.

These standards outlined in these publications will help you develop a data security plan that meets rigorous standards and the individual needs of your tax business. If you need assistance developing a data security plan, third-party vendors such as ORAM Corporate Advisors can handle this for you through an IT assessment.

Security Software

You’ll need to review the internal controls your business has in place to protect its data. Start with installing anti-malware and anti-virus software if you haven’t already done so, or if you have, you may want to update the software you have in place. This will need to be done on all of the devices used for business from laptops and desktops to routers and tablets. Don’t forget about your phones as well. Be sure to keep your security software set to automatically update as software companies push out updates and patches regularly.

Powerhouse Passwords

Be sure to use passwords that are powerful. Use a mix of at least 8 or more upper and lowercase characters, numerals, and signs in your passwords. Ensure your passwords are strong and unique for each different login you have. While this might seem overwhelming, there are a number of password managers available that can help you keep them all straight.

You will also want to password protect every wireless device in case of loss or theft. Use a phrase or words that are easily remembered and periodically change your passwords. Finally, never use old passwords and use multi-factor authentication wherever possible. Be sure to train your employees on these password best practices as well.

A Prescription for Encryption

In addition to strong password protections, one of the best ways to secure data in your tax business is to encrypt sensitive files and/or emails. In a worldwide survey of businesses by Statista, encryption was “employed extensively” by 63 percent of enterprises in 2018. Another 24 percent of businesses survey by Statista said encryption was partially deployed in their company databases. There are many types of encryption software to choose from. At ORAM, we recommend Mimecast for email encryption. For full-drive encryption, ORAM recommends eSet Endpoint Encryption so you can encrypt your sensitive files when they are in storage.

Back It Up

Be sure to back up all of your sensitive data to protect your business in the event of a disaster scenario. Ransomware is rampant, viruses can infect your network, and natural disasters such as fires and hurricanes can wipe out your data. To ensure that you always have access, have a backup plan in place and know exactly what you are backing up and to where. See ORAM’s blog on “The Biggest Backup Mistakes Businesses Make” to learn what to avoid.

Proper Disposal

Make sure that when you dispose of data, it’s being done so properly. Whether you are super shredding hard copies of data or replacing old computers, be cognizant of how you do it. All of your old computer hard drives should be wiped clean or destroyed before you dispose of them. This is also true of printers which can also store sensitive data.

Limit Access

Limit access to taxpayer data to only those employees who require it to fulfill their job duties. This is meant to protect both your client data as well as your own business. While many breaches happen due to outside sources, internal threats are still an issue in organizations around the world.

As a matter of fact, an online article from Security Intelligence reported that insider threats account for nearly 75 percent of security breaches. Disgruntled employees, those recently let go, and others may be ready to turn on your business to make a buck or out of spite. In the IT world, this limited access is known as the practice of least privilege. Be sure to employ it to protect your business from insider threats.

Check Your IRS e-Service Account

Be sure to check in on your businesses IRS e-Service account on a weekly basis. This allows you to ensure that the number of returns your business has filed with its EFIN is correct. If there are any discrepancies with the number of returns filed, contact the IRS immediately. Additionally, you will want to report any data theft or loss immediately. You will need to determine the appropriate IRS Stakeholder Liaison with whom to report the loss.

Keep In Contact

Stay in contact with the IRS and keep abreast of new developments though a subscription to the e-News for Tax Professionals, the latest national and local IRS news. QuickAlerts sends important messages, within seconds, to keep you up to date on the events that affect authorized IRS e-file providers like you. You can also keep in contact with the IRS through various social media as an authorized IRS e-file provider.

The IRS also has a Data Security Resource Guide for Tax Professionals that details the signs of data theft, teaches you how to report data theft to the IRS, and provides a number of data theft links. We recommend all tax professionals download the guide and read through it so you are prepared for a worst case scenario. This way you won’t be struggling for resources when you’re already under stress.

If you need more assistance securing the data of your tax business, please contact ORAM today at (617) 933-5060 or visit us online. We are happy to schedule a free initial consultation to get your tax business on the road to better security fast.

Misconceptions About Outsourcing It Solutions

April 2, 2019 by securewebsite

Are you considering whether or not to outsource hospitality consulting in Boston?

Are you wondering how outsourcing hospitality IT solutions can be more profitable than having a dedicated in-house doing the same job?

Whenever the term “outsourcing” is mentioned, it’s often associated with high costs. But did you know that outsourcing hospitality IT solutions to a hospitality consultant in Boston is more affordable than creating and maintaining an in-house team?

Yes, it’s true: outsourcing IT solutions will prove to be cheaper in the long run than having an in-house IT staff.

In today’s post, we are going to debunk common misconceptions about outsourcing IT solutions to a business management solutions agency:

COST-EXTENSIVE:

Many companies think that outsourcing IT solutions means having to shell out a tremendous amount of money. The truth is, however, that the cost is dependent upon the needs of the business. Overall, outsourcing is a more cost-efficient option. How so? Creating an in-house team requires hiring network experts, hardware specialists, and security chiefs. It also means investing in big tools and technology, and training your staff on the new systems. Instead, consider that you could hire a consultant that takes care of these issues for you, saving you time and money.

COMPROMISED QUALITY:

Just because you have outsourced a team doesn’t mean they aren’t invested in your company. The job of an IT service provider is to make sure that your organization’s network and support system is operating at peak efficiency. Outsourcing agencies like ORAM Boston are dedicated to providing support of the highest quality.

LOSS OF CONTROL:

One of the biggest fears companies face when they consider outsourcing is the loss of control over their organization. Outsourcing doesn’t mean you need to relinquish control or decision-making powerl. ORAM Boston will involve you on all levels responding to every question, piece of feedback and report.. You – the business owner – retain your position as the supervisor of your network support and security solutions. You would have the same level of control with both an outsourced and an in-house team will be the same, but with ORAM Boston, you get better quality service at a reasonable price.

Just like any industry, hospitality struggles with the common IT issues such as database overloading, network troubles, data loss, and privacy concerns. It difficult to create an in-house team of industry experts without sacrificing valuable time, internal resources and money.

Outsourcing hospitality IT solutions would benefit your business in the long run by saving you time and money that you can invest in your top priorities. Ultimately, you decide what is best for your business; however, don’t fall for the common misconceptions listed above if you are considering outsourcing hospitality IT solutions.

If you plan to go for hospitality consultancy in Boston, reach out to our 24/7 ORAM Boston services team. We will ensure the smooth and efficient operation of your organization.

Get in touch without IT consulting representative today!

This Week in Breach: Oregon Department of Human Services (DHS)

March 29, 2019 by securewebsite

Oregon Department of Human Services (DHS): State agency of Oregon.

Risk to Small Business: Severe: Last Thursday, the Oregon DHS announced that it suffered a data breach after nine employees opened phishing emails and exposed their accounts to hackers. As a result, the social security and personal information of an undecided number of citizens could have been exposed. Along with having to inform the affected individuals, the state’s largest agency will be forced to upgrade security efforts and likely conduct cybersecurity training for employees.

Individual Risk: Moderate: The privacy breach could have included first and last names, addresses, DOBs, SSNs, and case numbers related to DHS programs. State residents should monitor their credit reports for possible payment fraud but will remain at risk.

Customers Impacted: To be determined

How it Could Affect Your Customers’ Business: In the wake of numerous phishing attacks resulting in privacy breaches, organizations storing personal information must take notice and begin protecting individuals. Employee phishing scams are entirely preventable with proper cybersecurity training, which can effectively mitigate the risk of breach. The case and ROI for phishing security solutions becomes intuitive when we consider the potential damages and costs.

Read more

In Other News: Why small businesses struggle with cybersecurity best practices

A recent report unveiled that almost 70% of companies have cybersecurity best practices in place but neglect to take the necessary steps for securing their business. The new study by ESET and Kingston Digital that surveyed 500 British business leaders also found that 44% do not even secure devices with anti-virus software, exposing themselves to cyber threats and GDPR fines.

The reason? A disconnect between the procurement teams responsible for providing equipment, IT teams who implement guidelines, and employees who follow them. To shift the paradigm, security professionals must work closely with other departments to avoid silos and use the right tools to ensure employee adherence.

« Previous Page