online

The Necessity of Dark Web Monitoring

September 16, 2019 by securewebsite

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

Saying Farewell to Windows 7: Why It’s Time to Move On to an Updated Product

July 20, 2019 by securewebsite

In the Fall of 2018, Microsoft announced that its Windows 7 product would experience its end of life as of January 14, 2020. This will have major implications for businesses as Microsoft will stop providing free Windows 7 support such as security updates. That means business leaders will have to choose between paying Microsoft an annual fee per device for updates and support to maintain Windows 7 or businesses will have to move on to an updated product such as Windows 10. This blog outlines what the end of life for Windows 7 will look like for the consumer, what your options are, and what the experts at ORAM recommend.

End of Life

Just as the human body runs out of steam and becomes too old or sick to continue to function properly, the same is true of technology. Newer, safer, better versions become available so the old technology typically goes the way of the Dodo. This is due to the fact that software manufacturers don’t have the manpower to continue to produce updates and provide support for older products as newer versions become available.

According to a June 2019 update for the Windows Lifecycle Fact Sheet, “Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.”

Extended Support Updates

While the end of life for Windows 7 is set for January 14, 2020, businesses not yet ready to make the switch to a newer version of Windows can opt-in for Extended Support Updates (ESUs). Businesses should be prepared as this extended support is expensive, especially for businesses that have numerous computers, and the cost will continue to increase over time.

For example, the first year of ESUs (January 2020 to January 2021) will cost $25 per device for Windows Enterprise and $50 per device for Windows 7 Pro. The second year of ESUs (January 2021 to January 2022), this cost will double and, by year three, it will double again.

In addition to the extraordinary cost for ESUs, the older versions of Windows won’t have the same capabilities on some newer devices which, again, limits its use.

“Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, NVidia, and Qualcomm,” according to Microsoft. “A device may not be able to run prior versions of Windows if the device hardware is incompatible, lacks current drivers, or is otherwise outside the original equipment manufacturer’s (OEM) support period.”

Microsoft makes it clear on its site that, “If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business (unless you pay the extra annual fee per device): No technical support, no software updates, no security updates.”

What it all boils down to is that without the continued support for Windows 7, businesses are putting themselves at a much higher risk of experiencing a breach or data loss.

It’s Time to Upgrade

In order to avoid security risks and viruses, Microsoft recommends that you upgrade to Windows 10. At ORAM, we agree with Microsoft’s recommendation that it’s time for businesses to make the move to an updated software such as Windows 10. Not only does keeping Windows 7 put your business at a higher security risk, which may put you out of regulatory compliance in some cases, but the cost of ESUs is prohibitive for most businesses and will likely cost your business more money in the long run than it would to upgrade, depending on your individual circumstances.

The software system of Microsoft 7 is very dated. It’s been out for 10 years now and Microsoft can’t maintain so many operating systems. To stay on the cutting edge of technology and save money, it behooves business leaders to upgrade their software.

Hardware Upgrades

In addition to software, now is the time to also take a good look at your business hardware. We recommend new hardware every three to four years to keep up with manufacturer warranties. We want to make sure our clients have hardware that is up to speed, can be effectively managed and is warranted by the manufacturer.

For machines more than a year old, ORAM recommends a hardware upgrade. The reason for this is that there is more activity happening online than there was just three years ago. This means consumers, the clients your business serves, use the latest technology and expect your business is doing the same. For example, voice recognition technology has made huge leaps and bounds in just the last couple of years and consumers are using it more every day.

If you make the move to upgrade your software without upgrading your hardware there are many steps to making the change. This can be costly in terms of IT hours and services. For starters, you’ll need to remove all information from your computer, install the new operating system, reinstall all applications, and then bring your data back over. The cost of that can be quite prohibitive as it can take three to four hours per device to make these updates to older hardware.

Installing new hardware with the new software already on board is more cost effective. It allows you to simply upload the apps you want and add your data. You’re all set to move ahead from there and it takes much less time. Of course, for ORAM clients on managed services contracts, installing new hardware and migrating data is part of our monthly services.

Beat the Rush

At ORAM, we recommend that our clients start getting ahead of replacements and upgrades now as hardware may end up on backorder depending on the increase in demand as we approach the end of life deadline. Additionally, you can expect that the cost of new hardware and software may even increase the closer we get to January. Also, you’ll want to schedule your managed services provider to perform updates and the swapping of hardware as soon as possible before they get completely booked.

For more information about end of life for Windows 7, software and hardware upgrades, or managed services, please contact ORAM Corporate Advisors now at (617) 933-5060 or visit us online.

Personal Identity Management: What You Need to Know About Protecting Yourself Online

November 20, 2018 by securewebsite

We’ve all heard the nightmare stories. Someone had their bank account breached, their social media was spoofed, or, worse, their identity was stolen. Cleanup of such issues can wreak havoc on our credit, personal, and professional lives at a cost of billions of dollars each year in the United States alone. That’s why identity management is so imperative. Here are some facts, stats, and pointers to keep you and your family members better protected online.

Identity Management & Theft
Identity management is the digital security of your identity online. It encompasses your personally identifiable information (PII) such as your birthdate, address, and banking information. Your online identity also encompasses other information found about you online from your social media accounts including Facebook, Twitter, and Instagram to your credit card accounts. Identity management, or IdM as it is known in IT circles, authenticates the identity of a user, information about them online, and who is allowed to access or modify that information.

There are several ways that cybercriminals can steal your identity online with just a bit of your PII. Here’s just a sample of what identity theft can look like:

• Applying for credit cards or loans in your name
• Withdrawing funds from your savings or checking account
• Using health insurance to obtain medical care
• Employing your social security number to steal your tax refund
• Selling your PII on the dark web to other criminals

The Cost of Theft
Time and money are two huge costs affiliated with identity theft. Anyone who has had their identity stolen, their credit card credentials lifted, or their social media breached can tell you how much time it requires to play cleanup. According to a blog by LifeLock, the average time it takes to fix an identity theft issue is seven hours. The same online article reports that in extreme cases, people may spend up to 1,200 hours over the course of a year working to resolve such issues.

The sad truth is you may personally end up investing hundreds or even thousands of dollars to repair your good name and credit. Some of the common costs for repairing identity theft can include:

• Printing fees
• Sending documents by certified mail
• Lost time at work
• Hiring an attorney
• Gas
• Police report fees

The Emotional & Physical Toll
In addition to the time and financial costs of identity theft, there are other costs as well. The Aftermath study by the Identity Theft Resource Center found, “The emotional ramifications of identity crimes continue to leave victims negatively impacted well beyond the initial incident, impacting how they manage their daily lives in perpetuity.”

Identity theft victims interviewed for the study reported long-term feelings of anger and frustration (85.7 percent), and 83.7 percent reported that they felt violated. Another 69.4 percent said they couldn’t trust others and felt unsafe as a result of being victimized online.

The negative emotional impacts left people physically ill as well. According to The Aftermath report, 84 percent of the individuals who participated in the research said they had sleep issues as a result of the identity theft they experienced. More than 77 percent reported an increase in stress levels, 63 percent had problems concentrating, and nearly 57 percent said they experienced persistent aches, pains, headaches, and stomach issues. Another 54.5 percent reported increased fatigue and decreased energy while 50 percent of people lost interest in hobbies and activities.

The Socio-Economic Impact
The Aftermath study also looked at the socio-economic impact of identity theft as well. Nearly 30 percent of victims who participated in the research reported they had to go “to family or friends to ask for financial assistance while remediating their case. For those that could not find a way to get their other needs met, 37 percent went without whatever that need was.”

Respondents in the study reported employment and educational opportunities were also impacted. More than 30 percent of victims in the study said the incident caused problems for them at their place of employment while eight percent reported issues with school as a result of identity theft. Some victims said they lost employment opportunities, benefits, or their jobs because of what happened to them.

To make matters worse, almost 39 percent of respondents said they tapped their savings to address financial needs during remediation of their case. Some even had to dip into their retirement accounts or got into debt they otherwise would not have had.

“An alarming 42.8 percent of respondents noted that as a result of their identity theft incident, they are in debt and 40.5 percent said they could not pay their bills,” reported The Aftermath study.

New Account Fraud
When it comes to identity theft, new account fraud is the most expensive, according to an online piece by LifeLock. This occurs when someone other than you opens a new account, typically a credit card, in your name with stolen PII. The article reported that in 2011, the average cost of resolving this type of theft was $354 and 12 hours of time. Today, the number of fraudulent cases has only increased and the costs have also climbed.

Child Identity Theft
Though your children may not even be old enough to spell their own name, that doesn’t stop criminals from trying to steal their information, too. According to the 2018 Child Identity Fraud Study by Javelin Strategy and Research, more than one million children were the victims of identity fraud in 2017. The fraud of children’s identity led to $2.6 billion in total losses and more than $540 million in out-of-pocket costs to families, according to the same report.

One of the most disturbing trends found in the study by Javelin is that minors who are bullied online are at an even greater risk of identity theft. The research found that victims of online bullying are nine times more likely to be the victims of fraud than those not bullied online.

Here are some great tips to help concerned parents better protect their children’s identity online:

• Train your children to protect their identity in the digital age. For example, teach them not to share login and password information.
• Pay attention to children who may be being bullied online. Children seeking friendship online are more vulnerable to becoming victims of fraud by sharing their personal information.
• Check and freeze their credit. New account fraud is the most pervasive type of fraud against children. This is the most effective method for preventing new accounts from being opened in their name.
• Monitor their accounts. Parents and guardians must actively monitor financial accounts from child savings to credit cards. Review statements online and sign up for account alerts.
• Protect physical documents. Keep sensitive documents such as birth certificates, social security cards, and passports under lock and key.
• Take notifications seriously. If you receive a notification that someone has stolen your child’s identity or that unauthorized activity has taken place on one of their accounts, move quickly to rectify the situation.
• Ask for help. If you find your child’s accounts have been breached or their identity stolen, contact banks and credit bureaus directly. This is the quickest way to close unauthorized accounts and clear their credit history.
• Sign them up for coverage. Just as you can sign yourself and your spouse up for credit monitoring, you can sign your children up for the same protection as well.

More to Chew On
A 2017 study by Javelin Strategy gives us even more information to digest. Here are some more facts and figures from their research:

• There was a 16 percent increase in identity fraud over the previous year; a record high since Javelin began tracking the issue in 2003.
• Identity fraud increased by two million victims in the 2017 study over the 2016 study.
• That increase in identity fraud meant cybercriminals stole roughly $16 billion in 2017.
• Account takeover incidents and losses rose in the 2017 report to $2.3 billion, a 61 percent increase over the previous year.
• People on social media face a 46 percent greater risk in account takeover fraud than those who shun social media.
• Being an American puts you at higher risk. According to a 2018 Internet Security Threat Report by Symantec, more than 791 million identities were stolen in the U.S. in 2016 while France came in at a distant second place with 85 million identities stolen.

What You Can Do
To protect yourself from becoming the victim of identity theft or fraud, the first step is to protect yourself with an identity monitoring program such as ID Agent, which is what we recommend here at Oram. The program monitors the dark web for your information and notifies you if your PII is found there for sale so you can be proactive about blocking thieves. The great thing about ID agent that we love is that it also monitors social media and alerts you if someone is actively targeting you. It also monitors your credit through all three major credit bureaus to let you know of any new accounts or major changes.

Should the worst happen and you do experience an identity theft or fraud, ID Agent has certified restoration specialists that will work on your behalf to completely restore your identity, even if the issue started before you enrolled. When you enroll, you get $1 million in identity insurance to cover related restoration costs.

Here are some other things you can do on your own as well if you are victimized by cybercriminals:

• Review credit card and bank statements for unusual charges. Report any that you didn’t make.
• Notify your bank(s) and creditors. Send them a copy of your ID theft report.
• Place a fraud alert on your credit files and monitor your credit reports regularly. This requires that you contact all three of the major credit reporting firms: Equifax, Experian, and TransUnion.
• Put a credit freeze on your reports.
• Close accounts you know were not opened by you or those that have been tampered with.
• File a complaint with the Federal Trade Commission.
• Contact your local police department or the police in the area where the theft took place and file a report. Make sure you get a copy.
• Change all of your account passwords and PIN numbers. Do not reuse old ones or those from other accounts.
• Contact the social security fraud hotline and request a copy of your personal earnings and benefits statement.
• Check with your local department of motor vehicles to see about getting a new driver’s license number and license.
• Contact your utility companies so thieves can’t open a new account using a utility bill.
• Ensure you are using multifactor authentication on all of your accounts.
• Sign up for credit monitoring if you haven’t already done so.

If you need help securing your personal identity online or remediating an identity theft or fraud, Oram is here to help. Call us now at (617) 933-5060 or visit us online.

Password managers: What you need to know about generating and securing passwords that work

October 26, 2018 by securewebsite

By Ryan O’Ramsay Barrett

Being in IT, we hear about it all of the time. A client calls us in distress because they used the same password on multiple websites, social media platforms, and their email and now they’ve been hacked. The bad guys have access to several of their digital platforms, if not all of them, and things are a mess. The worst part is, the entire scenario could have been easily avoided.

One of the simplest and most commonly recommended cybersecurity practices promoted by experts to prevent problems like the one above is for people to use a password manager. Some are free and others cost a small annual fee but all of them are highly recommended over not using one at all.

What is a Password Manager?
A password manager is a type of software that assists in generating and retrieving complex passwords with the goal of improving your cybersecurity. One of the greatest issues is that most people either use the same password on multiple accounts or their passwords as just too simple. Using the same password for multiple sites can increase the risk that you will be hacked or that your business will experience a data breach. Overly simple passwords also make people more susceptible to being victimized by cyber criminals who would love to get their hands into our bank accounts, business data, and personally identifiable information (PII).

Consider a password manager as a vault of sorts, able to store multiple passwords in an encrypted database or produce them on demand. This means you don’t have to reuse the same password for various accounts, memorize them yourself, or write them down.

Regardless of how many passwords you have or how complex they may be, a password manager can keep track of them for you. Additionally, when you need a stronger password for a new account or to better secure an existing one, a password manager can generate a new, complex password for you.

Security Benefits
According to MyGlue, more than 60 percent of all data breaches are the result of weak or stolen passwords. By using more complex passwords that feature uppercase and lowercase letters, numerals, and special symbols, that are unique to each of your accounts, you are protecting vital online information from credit card numbers to the answers to your security questions. Not only is this important in your personal life but it is imperative to your business as well. Password managers help by generating unique, complex passwords that will not be easily guessed by bad actors.

Another sobering statistic is that more than 30 percent of employees keep track of passwords by writing them on Post-it Notes, according to MyGlue. This is not a secure or suggested form of storing passwords. With a password manager, you only have to remember a single master password to access your “vault” with all of your passwords in one place.

Business efficiency is also improved with the use of a solid password manager because employees won’t have to waste time resetting passwords or searching for that sticky note that disappeared. There will also be a reduction in requests to IT for password resets.

Password managers can also simplify shopping. Payment information can be stored in your password manager so that it’s all at your fingertips when you are ready to shop online.

Risks of Password Managers
I know what you’re thinking. If a hacker gets access to your master password, that would allow them access to all of your accounts. Bad actors have also been known to breach the central vault of password managers. The good news is that there are defenses available to address both of these concerns.

First, any password manager worth its weight is going to employ multifactor authentication. This means that when you, or someone else, attempts to access your “vault” of passwords, you will be sent a text or email with an authentication code to log in. If someone were to steal your master code, you would find out via a text message or email. No one can access your credentials without having both the correct password and the right authentication code. This gives you time to change your master password and notify your password manager should a problem arise.

Vendors usually protect master vaults as well by encrypting your password information locally. That information is encrypted and stored, on servers operated by the vendors who, in most cases, employ some of the best cybersecurity measures available. Some of the free password managers don’t offer the same higher level of security that paid password managers do. Be sure to do your research before signing up with a company or touch base with us at Oram so we can recommend one that works best for your needs.

The Cost of Better Security
There are a multitude of password managers available. Some offer free versions but when it comes to the security of your business, remember that you often get what you pay for. With that in mind, at Oram we recommend paying for a password manager as many don’t cost much.

Most password managers offer some sort of free trial period and range from $12 per year to upwards of $50 a month. The cost may depend on the number of devices or users the program is being employed for.

What Oram Recommends
There are so many password managers available that it can be hard to choose one. Some offer features such as photo login options (a form of multifactor authentication), phone support, and use across a wide variety of operating systems. The two that we recommend to our clients are MyGlue and LastPass.

We highly recommend MyGlue because it offers so many options for a low price. First, as a business owner, you will know who accesses what password and when. MyGlue is easy to use, functions well with multiple operating systems and allows you to share training material with your team for the program so no one is lost. Finally, you can avoid hackers by using strong passwords that are secure, keeping your business information such as the PII of employees and clients and your proprietary data safe. MyGlue also employs the highest security measures available.

If MyGlue doesn’t fit your needs, LastPass is the next best option. LastPass works on iOS, Android, Windows, Mac, and Linux operating systems. It offers a variety of subscription options from a single user to families, teams, and enterprises and all are quite affordable. With LastPass, you can simplify online shopping, store digital records, and share passwords and notes with others securely in addition to storing and generating passwords.

If you have lingering questions or concerns about the use of password managers, please call Oram today at (617) 933-5060 or visit us online. Our team is happy to help you select and engage a password manager that meets all of your business needs.