social media

The Necessity of Dark Web Monitoring

September 16, 2019 by securewebsite

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

The Modern Office and Connectivity: Why Access to IT Drives Today’s Businesses

June 13, 2019 by securewebsite

As we discuss what makes the modern office function fluidly, we cannot overlook the importance of connectivity. While the end user sees only a portion of internet technology (IT) that actually exists, the fact of the matter is that IT is the driving force behind today’s modern business. Not only does connectivity allow employees the access they need for top productivity, but it provides clients, customers, and business partners the doorway to the information they require as well.

Connectivity is all about how every one of us gets the information we need every day from email to secure remote access. When it comes to getting your end users access to corporate information securely and consistently, connectivity is key. It is connectivity that allows us to perform the normal, day-to-day operations of our business effectively and efficiently.

Email Access & Connectivity

Email access is a necessity in the modern business world whether you are working on your desktop at the office, your iPad on the subway, or your laptop at home. Connectivity allows businesses to provide every employee unified email access. With the latest IT, your business can provide fully synchronized connectivity across all devices at all times with all employee contacts, calendars, and email.

In today’s modern office, your workforce can access email from their smartphones, smart watches, tablets, laptops, and desktops with certainty. This means higher levels of productivity, ease of use for the end user (i.e. every employee), and flexibility, all protected with the level of security your business requires.

Not only is email access important for your employees but consider your business partners, subcontractors, and consumers. There are many people clamoring to communicate with your business on a daily basis and email is the lifeline of much of that communication. Without the right connectivity, your business partners may not be able to close the deal without immediate access to all team players; service providers won’t be able to access what they need to get your job done; and consumers may become so frustrated that they seek out other businesses that are connected to fulfill their needs.

File Access

Connectivity allows the modern office to have secure access to a variety of systems. For example, you can provide your employees with secure access through a virtual private network (VPN). Connectivity also gives them access to files through cloud-based systems such as OneDrive, SharePoint, Box.com, or Dropbox to name a few.

In many industries, businesses also require the ability to share access to information with organizational partners. When you need to share proprietary information securely with subcontractors and other business partners, which is the case in many industries, connectivity is there to achieve your goal. The right connectivity also allows this to be done so securely.

Meeting Customer Expectations

The modern consumer is incredibly tech savvy and they expect businesses to be the same. This means every business from the small mom and pop to the multinational corporation are expected to provide the same level of connectivity. No longer does the work day run 9 to 5. Customers want access to businesses around the clock and they have the voice to demand it.

The 2018 Deloitte GLOBAL Human Capital Trends report shows important changes facing business leaders worldwide. One of those is in the strength consumers now have, making business connectivity more important than ever. Deloitte’s global survey of more than 11,000 business and human resource leaders shows the “shift in power to the individual is being propelled by today’s hyper-connected world, which enables people to track information about companies and their products, express their opinions to a wide audience, and sign onto social movements, globally and in real time.”

Today’s consumers want to be able to connect with businesses instantly, get answers quickly, shop, and more, both day and night. Customers want to connect with your business on all levels. What’s more, they expect your business to provide that connectivity for them on any device they choose to use.

In order to retain clients and customers, connectivity is an absolute necessity, especially in industries such as retail, education, and finance. Not only will you need the right hardware and software to meet customer demands, you’ll also need business processes and the network infrastructure in place to implement connectivity. Connectivity can be achieved affordably allowing every business to draw in new customers, meet their expectations, and retain them.

The Future is Now

There was a time when businesses simply needed a website, telephone number, and/or email address for people to reach out to them. That is no longer the case. Mobile technology has exploded which has led to the need for businesses to be available 24 hours a day. With the “always on” mentality of the modern business world and the drive to meet customer expectations, connectivity has become the right hand of business. Now is the time to ensure your connectivity is up to par as the future has arrived.

What You’ll Need

In order to meet the connectivity expectations of employees, business partners, and consumers, you will need to implement several elements of connectivity. Begin by looking at your hardware. Are your computers, servers, modems, printers and other hardware up to date? If not, or if they are nearing their end of life, don’t wait to upgrade otherwise you may find your business falling behind the times and that can lead to a loss of customers and revenue.

You’ll also need to look at your software. This is a banner year for software changes. Several companies such as Microsoft will be allowing software programs to pass into their end of life cycle over the next few months. This means companies will be issuing new software programs to replace the old. Be ready in advance for changes because if not, your business could be at risk for breaches since updates to old software will stop being issued. Up-to-date software is a prime element of strong connectivity.

Cloud applications are also imperative for effective connectivity. A cloud application is a type of software program where local components such as your existing hardware and software function cohesively with cloud-based programs. This means your business will have to rely, at least to some extent, on remote servers and the internet. This piece of connectivity can make file sharing like that mentioned above simple.

Mobile apps are also becoming mainstream for modern businesses as well. Whether you are a retailer hoping to capture consumers online and allow them to shop anytime or you are a financial institution that wants to promote e-trading directly through your clients’ mobile devices, you can have an app constructed for your business. Whatever your need is to reach your target customer and keep them engaged, there’s an app for that. Many third-party service providers such as ORAM offer mobile app development for businesses at surprisingly affordable rates.

Social media is another piece of the connectivity puzzle that many businesses fail to recognize or utilize to its full potential. Modern businesses introduce their brand, express their values, and cultivate higher sales through the use of social media from Facebook to Twitter and LinkedIn to YouTube. Such social media platforms offer businesses the opportunity to connect with consumers, praise hard-working employees, tout their products and services, boost their brand recognition, and so much more.

Changing Connectivity

Just as your business plan is a living document, your connectivity will need to grow and adapt to the demands of your business and the outside world. Connectivity is never static and your business will have to be ready to change with the times. For example, even small businesses are realizing that they have substantial bandwidth requirements to meet their connectivity needs. Standard broadband is becoming a limitation with today’s high-speed world.

You may also find that you need to revisit your software licensing or usable hardware to facilitate the growth and speed your business requires. After all, the plan is to grow your business which means more hardware, software, and connectivity. The expectation is that the demands of connectivity will only continue to grow and morph as technology changes and continues to expand.

Competing in a Competitive Marketplace

When it comes to business, competition can be fierce whether you are aiming to garner more clients, increase sales, or hire an effective workforce. You need to ensure your connectivity is in top condition to achieve your business goals regardless of what they may be. The truth is that all businesses require connectivity to gain and maintain a competitive advantage in today’s marketplace. Furthermore, it will allow you to raise awareness of your brand, provide you further reach, and allow your employees to achieve more.

If you want to learn more about how to improve your business connectivity, modernize your office, or talk about your business IT needs, contact ORAM at (617) 933-5060. You can also connect with us online.

Major components of a solid cybersecurity plan for businesses

January 15, 2019 by securewebsite

It happens every day. Businesses of all sizes experience data breaches which can lead to the loss of proprietary or private client data, damage a company’s reputation, or even unleash lawsuits. The consequences can be so damaging, in fact, that an organization may face closure as a result.

In addition to the aforementioned concerns, small to medium-sized businesses face additional challenges that larger businesses often don’t; a lack of IT personnel, funding for strong IT, and knowledge for developing a cybersecurity plan, for example. With that said, there are several major components every business owner and leader should consider when creating a solid cybersecurity plan that will serve to best protect their organization.

IT Audit
The first step in creating a cybersecurity plan for your business is to conduct an IT audit. An IT audit is when your company’s information technology (IT) infrastructure, policies, and operations are examined and evaluated for security purposes and to see if they measure up to best practices. This will help determine where your security is strong and where it needs improvement.

Information technology audits allow businesses of all sizes to determine if the controls (hardware, software, practices, and policies) they have in place protect the company’s assets, ensure the integrity of data, and align with the organization’s overall goals. These audits are typically conducted by IT auditors who examine the physical security of your business in addition to the security of your information systems ranging from financial controls to your company’s overall business policies.

Some IT organizations such as Oram Corporate Advisors offer free technology assessments to get you started. These free technology assessments can assist in strategically evaluating whether your IT infrastructure is ready to grow, identify areas of opportunity for improvement, and can “red flag” areas that require deeper analysis and adjustments. Just remember that all technology assessments are not created equal and you often get what you pay for.

When it comes to IT audits, they can be expensive, but businesses need to have them to secure their organizational data, assure clients that their information is safe, and to protect their reputation. Additionally, many industries are now required by their state and/or federal government to participate in regular audits among other IT regulations. Be sure to check with your state and federal government to determine if your business is affected by such IT regulations. Your IT auditor should be able to answer these questions for you as well and assist your business with regulatory compliance requirements.

The cost of an IT audit can be prohibitive for many small to medium businesses. As a matter of fact, they can run into the thousands depending on how much work has to be completed to conduct the audit. Fees are typically charged on an hourly basis and can range from IT company to IT company. Most IT auditors should be willing to give you a free estimate, however, so you know what your investment will be.

Employee Training
The next step in developing a solid cybersecurity plan for your business is to train your employees. After all, your employees can be your strongest line of defense or your weakest link. Information technology best practices require regular IT training for all employees.

Every employee should know certain IT rules such as not opening emails or attachments from unknown or untrusted sources. Phishing scams are one of the most common ways hackers attempt to infiltrate business networks using email. Other items employees should be trained on include spear-phishing, executive whaling, and malware. Training should also include specific company IT policies and procedures that support better data security. Employees should also be trained in a myriad of other topics such as the proper disposal of confidential data (both digital and hard copy), how to handle requests for information, and how to report a suspected breach.

A blog by Forbes magazine online offers small and medium businesses five tips on how to train employees. While these are general training guidelines for any type of employee education, they can also be applied to IT training. In addition to hosting your own educational meetings, most IT companies offer employee training for best IT practices as well. The cost for such training will depend on which company you hire, how frequently you wish to schedule training, and how many employees you have.

Your WISP
The third component of your business cybersecurity plan should be your written information security plan or WISP. This encompasses many items and includes several steps in and of itself. You will need to sit down with an IT specialist and outline a WISP that is specific to your business and the information it holds. Your WISP will need to include the following at a minimum:

Objective– Outlines your WISP including the creation of effective administrative, technical, and physical safeguards for the protection of personal and proprietary information.

Purpose– Outlines what your WISP will do such as ensuring the security and confidentiality of personal information, protect against any anticipated security threats, and protect against unauthorized access or use of information.

Scope– In formulation and implementing your WISP, outline the scope of the plan including reasonably foreseeable internal and external risks, the potential and likelihood of damage caused by such risks, evaluate the sufficiency of your existing IT policies, and design and implement a WISP that puts safeguards into place to protect data. In addition, regular monitoring of the effectiveness of those safeguards should also be included.

Data Security Coordinator– Designate a data security coordinator in your WISP that will implement, supervise, and maintain your written plan. They will head the initial implementation of your plan, train employees, and regularly test the safeguards outlined in the WISP. The security coordinator will also evaluate the ability of each third-party service provider to supply appropriate security measures for information to which they have access. They will also review the scope of the security measures in the WISP and conduct annual training for all employees including the owners, managers, and independent contractors as well as temporary employees who have access to personal information.

Internal Risks– Identify probable internal risks to security, confidentiality, and/or integrity of electronic, paper, or other records containing personal or proprietary information. Also evaluate how to limit such risks and implement necessary measures for reducing them.

External Risks– Identify probable external risks to security, confidentiality, and/or integrity of electronic, paper, or other records containing personal or proprietary information. Also evaluate how to limit such risks and implement necessary measures for reducing them.

Implement Your Plan
Implementing your business’s cybersecurity plan is the next step. This includes adding data security features you have opted to employ in addition to making employee training a reality, integrating new software such as updated anti-virus and/or firewall programs on your network, and updating patches to existing software.
Other layers of your cybersecurity plan should include:

Social Media Education– Hackers can find personal information online from social media sites such as Facebook, Instagram, and LinkedIn that they can use to manipulate employees of companies, getting them to disclose personal or sensitive information. Train employees about social media best practices as well as the use of different passwords for each site, software, or application they use. Emphasize your company’s security protocols as well as IT best practices such as the use of least privilege.

Let’s Get Physical, Security– While you may think your building is secure enough to protect your sensitive data, good hackers know how to penetrate this type of security. Be sure not to leave computers exposed and destroy all hard drives using professional services. Physical security breaches can be avoided by encrypting hard drives, leveraging cloud backups, and enclosing hardware ports exposed to the public. Employing theft recovery software, checking door locks and cameras, and properly disposing of shredded paper also help.

Wi-Fi Protection– Wireless internet can also pose a threat. Wi-Fi signals can extend beyond office walls. A bad actor can connect to your signal from far away and infiltrate your network where they can steal files containing proprietary or personal information. Businesses should employ WPA2 (Wi-Fi Protected Access 2) protocols as they are safer than the old WEP (Wired Equivalency Privacy) or WPA (Wi-Fi Protected Access) protocols. Ensure your router has a strong, unique password that is not easily guessed.

Password Protocols– Passwords should be changed often and kept private. Train employees on this and teach them that the strongest passwords include uppercase and lowercase letters, numerals, and special characters. Additionally, passwords need to be different across all accounts. The best way to remember passwords is to use a password manager. There are some free password managers available but the most secure ones typically charge a small annual or monthly fee. Most also allow businesses to sign up for a membership that covers all employees.

Two-Factor Authentication– Even with difficult, unique passwords on every account, seasoned hackers can often penetrate security. As a backup, it’s best to employ multifactor authentication wherever possible. Most large companies use it including Apple, Google, and Dropbox. Using a mobile number and/or email account, multi-factor authentication provides an added level of security. Your business can also implement it with other applications and services as well. New technology such as facial recognition, fingerprints, and/or ultrasonic sounds are on the near horizon and companies should prepare to employ more secure technologies as soon as they are commercially available.

Email Security– This is the most necessary asset for your business to protect. Once in your email, hackers can reset passwords and wreak all types of havoc so be sure to prioritize protecting company email. Never click links in emails or attachments from untrusted or unknown sources as these could take you to a phishing site that looks like a real website. Using Google Gmail and Google Apps is recommended given they have the best spam, virus, and phishing protections available in addition to multifactor authentication already built in.

Anti-Virus– Keep your anti-virus updated at all times. While this helps protect your email and other sensitive information, new malicious viruses are always being created. That means anti-virus companies are always updating their software to address the threats on their “blacklists.” Consider using a service that employs a “whitelist,” which only allows software and programs that are pre-approved to be downloaded adding extra security to your network.

If you need assistance with conducting an IT audit, crafting an IT plan or WISP, or implementing your plan, contact Oram Corporate Advisors today at (617) 933-5060. You can also reach out to us online. Our professionals are always here to support your business with superior IT and IT services.

Personal Identity Management: What You Need to Know About Protecting Yourself Online

November 20, 2018 by securewebsite

We’ve all heard the nightmare stories. Someone had their bank account breached, their social media was spoofed, or, worse, their identity was stolen. Cleanup of such issues can wreak havoc on our credit, personal, and professional lives at a cost of billions of dollars each year in the United States alone. That’s why identity management is so imperative. Here are some facts, stats, and pointers to keep you and your family members better protected online.

Identity Management & Theft
Identity management is the digital security of your identity online. It encompasses your personally identifiable information (PII) such as your birthdate, address, and banking information. Your online identity also encompasses other information found about you online from your social media accounts including Facebook, Twitter, and Instagram to your credit card accounts. Identity management, or IdM as it is known in IT circles, authenticates the identity of a user, information about them online, and who is allowed to access or modify that information.

There are several ways that cybercriminals can steal your identity online with just a bit of your PII. Here’s just a sample of what identity theft can look like:

• Applying for credit cards or loans in your name
• Withdrawing funds from your savings or checking account
• Using health insurance to obtain medical care
• Employing your social security number to steal your tax refund
• Selling your PII on the dark web to other criminals

The Cost of Theft
Time and money are two huge costs affiliated with identity theft. Anyone who has had their identity stolen, their credit card credentials lifted, or their social media breached can tell you how much time it requires to play cleanup. According to a blog by LifeLock, the average time it takes to fix an identity theft issue is seven hours. The same online article reports that in extreme cases, people may spend up to 1,200 hours over the course of a year working to resolve such issues.

The sad truth is you may personally end up investing hundreds or even thousands of dollars to repair your good name and credit. Some of the common costs for repairing identity theft can include:

• Printing fees
• Sending documents by certified mail
• Lost time at work
• Hiring an attorney
• Gas
• Police report fees

The Emotional & Physical Toll
In addition to the time and financial costs of identity theft, there are other costs as well. The Aftermath study by the Identity Theft Resource Center found, “The emotional ramifications of identity crimes continue to leave victims negatively impacted well beyond the initial incident, impacting how they manage their daily lives in perpetuity.”

Identity theft victims interviewed for the study reported long-term feelings of anger and frustration (85.7 percent), and 83.7 percent reported that they felt violated. Another 69.4 percent said they couldn’t trust others and felt unsafe as a result of being victimized online.

The negative emotional impacts left people physically ill as well. According to The Aftermath report, 84 percent of the individuals who participated in the research said they had sleep issues as a result of the identity theft they experienced. More than 77 percent reported an increase in stress levels, 63 percent had problems concentrating, and nearly 57 percent said they experienced persistent aches, pains, headaches, and stomach issues. Another 54.5 percent reported increased fatigue and decreased energy while 50 percent of people lost interest in hobbies and activities.

The Socio-Economic Impact
The Aftermath study also looked at the socio-economic impact of identity theft as well. Nearly 30 percent of victims who participated in the research reported they had to go “to family or friends to ask for financial assistance while remediating their case. For those that could not find a way to get their other needs met, 37 percent went without whatever that need was.”

Respondents in the study reported employment and educational opportunities were also impacted. More than 30 percent of victims in the study said the incident caused problems for them at their place of employment while eight percent reported issues with school as a result of identity theft. Some victims said they lost employment opportunities, benefits, or their jobs because of what happened to them.

To make matters worse, almost 39 percent of respondents said they tapped their savings to address financial needs during remediation of their case. Some even had to dip into their retirement accounts or got into debt they otherwise would not have had.

“An alarming 42.8 percent of respondents noted that as a result of their identity theft incident, they are in debt and 40.5 percent said they could not pay their bills,” reported The Aftermath study.

New Account Fraud
When it comes to identity theft, new account fraud is the most expensive, according to an online piece by LifeLock. This occurs when someone other than you opens a new account, typically a credit card, in your name with stolen PII. The article reported that in 2011, the average cost of resolving this type of theft was $354 and 12 hours of time. Today, the number of fraudulent cases has only increased and the costs have also climbed.

Child Identity Theft
Though your children may not even be old enough to spell their own name, that doesn’t stop criminals from trying to steal their information, too. According to the 2018 Child Identity Fraud Study by Javelin Strategy and Research, more than one million children were the victims of identity fraud in 2017. The fraud of children’s identity led to $2.6 billion in total losses and more than $540 million in out-of-pocket costs to families, according to the same report.

One of the most disturbing trends found in the study by Javelin is that minors who are bullied online are at an even greater risk of identity theft. The research found that victims of online bullying are nine times more likely to be the victims of fraud than those not bullied online.

Here are some great tips to help concerned parents better protect their children’s identity online:

• Train your children to protect their identity in the digital age. For example, teach them not to share login and password information.
• Pay attention to children who may be being bullied online. Children seeking friendship online are more vulnerable to becoming victims of fraud by sharing their personal information.
• Check and freeze their credit. New account fraud is the most pervasive type of fraud against children. This is the most effective method for preventing new accounts from being opened in their name.
• Monitor their accounts. Parents and guardians must actively monitor financial accounts from child savings to credit cards. Review statements online and sign up for account alerts.
• Protect physical documents. Keep sensitive documents such as birth certificates, social security cards, and passports under lock and key.
• Take notifications seriously. If you receive a notification that someone has stolen your child’s identity or that unauthorized activity has taken place on one of their accounts, move quickly to rectify the situation.
• Ask for help. If you find your child’s accounts have been breached or their identity stolen, contact banks and credit bureaus directly. This is the quickest way to close unauthorized accounts and clear their credit history.
• Sign them up for coverage. Just as you can sign yourself and your spouse up for credit monitoring, you can sign your children up for the same protection as well.

More to Chew On
A 2017 study by Javelin Strategy gives us even more information to digest. Here are some more facts and figures from their research:

• There was a 16 percent increase in identity fraud over the previous year; a record high since Javelin began tracking the issue in 2003.
• Identity fraud increased by two million victims in the 2017 study over the 2016 study.
• That increase in identity fraud meant cybercriminals stole roughly $16 billion in 2017.
• Account takeover incidents and losses rose in the 2017 report to $2.3 billion, a 61 percent increase over the previous year.
• People on social media face a 46 percent greater risk in account takeover fraud than those who shun social media.
• Being an American puts you at higher risk. According to a 2018 Internet Security Threat Report by Symantec, more than 791 million identities were stolen in the U.S. in 2016 while France came in at a distant second place with 85 million identities stolen.

What You Can Do
To protect yourself from becoming the victim of identity theft or fraud, the first step is to protect yourself with an identity monitoring program such as ID Agent, which is what we recommend here at Oram. The program monitors the dark web for your information and notifies you if your PII is found there for sale so you can be proactive about blocking thieves. The great thing about ID agent that we love is that it also monitors social media and alerts you if someone is actively targeting you. It also monitors your credit through all three major credit bureaus to let you know of any new accounts or major changes.

Should the worst happen and you do experience an identity theft or fraud, ID Agent has certified restoration specialists that will work on your behalf to completely restore your identity, even if the issue started before you enrolled. When you enroll, you get $1 million in identity insurance to cover related restoration costs.

Here are some other things you can do on your own as well if you are victimized by cybercriminals:

• Review credit card and bank statements for unusual charges. Report any that you didn’t make.
• Notify your bank(s) and creditors. Send them a copy of your ID theft report.
• Place a fraud alert on your credit files and monitor your credit reports regularly. This requires that you contact all three of the major credit reporting firms: Equifax, Experian, and TransUnion.
• Put a credit freeze on your reports.
• Close accounts you know were not opened by you or those that have been tampered with.
• File a complaint with the Federal Trade Commission.
• Contact your local police department or the police in the area where the theft took place and file a report. Make sure you get a copy.
• Change all of your account passwords and PIN numbers. Do not reuse old ones or those from other accounts.
• Contact the social security fraud hotline and request a copy of your personal earnings and benefits statement.
• Check with your local department of motor vehicles to see about getting a new driver’s license number and license.
• Contact your utility companies so thieves can’t open a new account using a utility bill.
• Ensure you are using multifactor authentication on all of your accounts.
• Sign up for credit monitoring if you haven’t already done so.

If you need help securing your personal identity online or remediating an identity theft or fraud, Oram is here to help. Call us now at (617) 933-5060 or visit us online.

‘Tis the season for being victimized

November 13, 2018 by securewebsite

Tips for staying safe online this holiday season

Whether you’re sharing plans for your upcoming vacation on Facebook, you’re knocking out holiday shopping online, or you’re a retailer ready to strike while the iron is hot through a virtual store, the holidays can be risky business. Hackers connive year-round to steal important data that can leave you broke or your organization in shambles, but the holidays are an especially profitable time for them.

With modern technology, information is always at our fingertips. What you don’t want is your information being shared as it can put you at risk online and off both as an individual and as a business leader. Here are some things to think about before sharing, shopping, and selling online this season.

Beware & Don’t Overshare
It is hard not to get wrapped up in all the excitement of the holidays and want to share it with others. After all, who wouldn’t want to read about all of the visitors, gifts, and fun from your seasonal gatherings? While you may wish to share photos of your family, talk about your travel plans, and show off your new gifts, you must be wary of sharing too much.

Just as your friends and family enjoy your posts cybercriminals, cyber criminals could be as well. The information you share on social media accounts, especially when your privacy settings are public, can be seen by everyone. Criminals can use this information to misrepresent themselves as someone you know, use the information to crack your account passwords, or even learn when you’re out of town to rob your home or business.

Put a Lock On It
Analysts project that there will be more than three billion active social media users by 2021, according to Statista, a compilation of statistics and studies from more than 22,500 sources. That equates to about 40 percent of the world’s population. Be sure to set your accounts to maximum privacy and carefully choose who you give access to your social media. Here are a few tips to keep you socially savvy during the holiday season:

• Set the privacy settings to be as secure as possible.
• Don’t accept friend or connection requests from people you don’t know.
• Be careful not to overshare on your social media.
• Never announce when you have plans to be out of town on social media.

Online Shopping Set to Boom
When it comes to online shopping during the months of November and December, this year promises to see the largest online holiday sales yet. According to a piece by Shopify, worldwide online holiday sales reached $94.4 billion in 2016 but that jumped to $108.15 billion in 2017. Online purchases peak between Black Friday and Cyber Monday but the entire week of Thanksgiving is one big shop ‘til you drop event for consumers. According to the Shopify article, online spending is set to jump again this year with an estimated $3.35 billion in expected sales on Thanksgiving and $5.8 billion in sales for Black Friday which means people are learning to love shopping from the comfort of home.

Safer Shopping
The thought of dragging yourself to the store, fighting holiday crowds, standing in long lines, and dealing with traffic can make the holiday elf in all of us quickly turn into the Grinch. Avoiding all of that while easily finding the best deals on the gifts we want to give (and get) has become irresistible. Criminals can put a huge dent in your holiday budget though, if you aren’t careful.

To best protect yourself while shopping online, stick to retail websites you already know and trust. Avoid shopping through links on social media and email as they can take you to legitimate-looking sites that are actually fraudulent. If you do find a must-have gift on an unfamiliar site, do some investigative work before handing over your credit card number. Check the company out online, see if they have a social media following, and read customer reviews. You can even contact the business directly and call the Better Business Bureau for more information.

You will also want to ensure that when you sign up for new accounts that you use strong passwords that are unique to each site. You can use a password manager to help you keep track of new accounts. Be sure to use a complex set of lowercase and uppercase letters, numerals, and special characters when creating your passwords.

Be On Alert
Regardless of when you do your holiday shopping online, there are some precautions you should be taking. There is an easy acronym (ALERT) to help you shop smart and stay safer online:

• A– Activate two-factor authentication on all banking transactions. This means that you need to input a one-time password (OTP) which is sent by your bank (via SMS or email) to confirm the transaction. This provides an added level of security as anyone trying to use your cards would also have to have access to your mobile phone or email.
• L– Look for signs that the site you are shopping on is secure. Before you type your card details into a website, look for a small padlock symbol in the address bar and a web address beginning with https:// (the s stands for ‘secure’).
• E– Enter a web address yourself and don’t access it through links. Links in email messages, text, instant messages and pop-up ads can take you to websites that look legitimate but are not.
• R– Review all transactions, check your statements, and SMS notifications to ensure that all debits from your account are familiar. Use credit cards, not debit cards, for online shopping. Credit cards offer better fraud prevention and consumer protection.
• T– Treat your details with care. Don’t save your card details on your computer or in your browser. Be selective as to where you input your details, avoid shared devices, and always make sure your security software is up to date.

If You’re the Store
If your business allows people to shop, pay, or schedule appointments online, then it has a responsibility to protect client data at all times. This is especially true during the holidays when hackers are even more likely to attempt to swipe credit card data or personally identifiable information (PII). To ensure the privacy and protection of your clients, you will want to employ the CIA Triad:

• Confidentiality– Ensure the privacy of data so it can’t be accessed by unauthorized parties.
• Integrity– Ensure the accuracy of data in a manner that guarantees the data is reliable.
• Availability– Ensure data is available and cannot be destroyed either maliciously or accidentally.

This triad provides a structured approach to helping businesses appropriately store, transfer, and protect client data as well as their own. In order to do a thorough job of protecting vital, proprietary data, we need to consider data privacy from all angles and the CIA Triad allows us to do just that by encouraging us to think before we click, verify sources of information and requests, ensuring accuracy, and following data security policies.

Keep It Updated
Whether you are an individual or a business, ensure your devices from mobile phones and tablets to laptops and desktops are kept up-to-date. You don’t want to miss any security patches that address vulnerabilities that might make you an easier target for the bad guys. You also want to keep updated on the latest cyber threats, so you know what to watch for and protect yourself against.

Wi-Fi Wisdom
According to Cisco, experts estimate by 2020 there will be 432.5 million public Wi-Fi hotspots. While this relieves your data use when you’re out and about, cybercriminals love them because they can use such public networks to capture PII, credit card credentials, and other profitable data.

Avoid Email Scams
We have all seen them. Those incredible sales and deals that pique your shopping interest, especially during the holidays when we are looking for the perfect gift. Email security is particularly important during the holidays when email scams seem to multiply.

While it’s tempting to click away and open those emails, be careful. Those special offers can lead to computer viruses, malware, and much worse. Play it safe by deleting emails from unknown sources. If you don’t know the company or person sending you an email, simply trash it and definitely don’t open any attachments from unfamiliar businesses or individuals.

Extra Safety Tips for Holiday Shopping, Sharing, and Selling
Here are a few other professional tips to keep your data safer this holiday season:

• You are likely to find yourself in more crowds this time of year. Be careful not to discuss sensitive personal information or business in places such as stores, at parties, or on public transportation.
• Lock your computer screen whenever you walk away from your desk during the workday. When you leave for the evening, log out and shut your computer off as most companies run updates and security scans in off-business hours.
• Don’t disclose sensitive personal or business information on social media.
• Be sure to pick up printed documents immediately from the office printer and clear your desk before leaving it. Don’t leave papers lingering as data can fall into the wrong hands.

Get even more smart security tips online with the Pause, Think and Act security awareness video. You can also contact Oram at any time for extra assistance with ensuring a safe, smart, and successful holiday season for your business. Visit us online or call us now at (617) 933-5060.

The Dark Web: What it is, how it impacts your organization, and ways to protect your business

October 19, 2018 by securewebsite

The Dark Web sounds like the name of Hollywood’s latest horror movie. In reality, it is something much scarier. It can rob your business, negatively impact employees, and shutter companies.
While you can’t see it, the Dark Web is a huge threat to the stability and continuity of business. Knowing what it is and why it is threatening is the first step to protecting what you have built with hard work and dedication. Here is what you need to know about the Dark Web, why it’s so dangerous, and ways to best protect your organization.

What is the Dark Web?
The Dark Web is the shady side of the World Wide Web. Digital communities on the Dark Web are accessible with special software that allows users and those operating dark websites to remain anonymous and untraceable. While it offers some legitimate uses, it is estimated that more than 50 percent of all sites on the Dark Web are employed in criminal activities. This can mean everything from the theft of digital credentials to their disclosure through sale.

Your Credentials
Digital credentials such as usernames and passwords keep you and your employees connected to critical business applications, email, and other online services. Criminals know that if they can get those credentials, they can access everything from your business’s list of clients to your trade secrets and funds. This means digital credentials are some of the most valuable pieces of information floating around the Dark Web.

Credential Theft
Criminals steal credentials from login information for social media platforms such as Facebook to dates of birth and credit card numbers. The problem is that many individuals and companies often fail to realize their credentials have been stolen until it’s too late.

In more than 75 percent of cases, it is law enforcement or another third-party that notifies a victim that something is amiss. By then, it’s usually too late to prevent data theft or a serious breach that could stop your company in its tracks, lead to a loss of customers, or even bankrupt your business.

Human Resources and Payroll
Your business relies on its human resources and payroll department(s) but these valuable individuals are some of the biggest risks to your organization’s digital security. When they utilize their work email to access websites and programs such as ADP, Paychex, and Ceridian, it can open the door for criminals who have stolen their credentials.

Cybercriminals can use their stolen information to heist the personally identifiable information (PII) of other employees, access payroll information, and even steal from the company coffers. Such breaches can also lead to other criminal activity such as the identity theft of employees or customers.

Client Relations Management
The client relations management (CRM) tool your business uses allows you to communicate seamlessly with your customers. This is great for your business and it’s great for cybercriminals, too.
Pretend for a moment that you have used the same password for your eBay account as you do for your business’s HubSpot. If a hacker steals your eBay credentials, they can access your business’s HubSpot. They can now send an email to your clients pretending to be you. The hacker can ask your clients for anything they want from money to their PII. This can ruin your name and reputation with your clients and within your industry as well as that of your company.

Communications
Another risk lays in your company’s communications from Verizon to Adobe and T-Mobile. For example, if someone wants to hack your AT&T account, they may be able to reveal your payment information from a bank account or credit card. Now they have access to your accounts and can steal money from you and/or your business. Using your mobile number, they can also spoof text messages, reset your bank account password, and access your cash as well as other websites, social media platforms, and other apps you utilize.

Business tools such as email services can also become hacked with the theft of employee credentials. Whether your company uses Gmail, Yahoo, or Office365, these are all hackable. Once someone has access, they can send spoofed emails to clients pretending to be you or an employee asking for more information or even money.

Collaboration
While collaboration among employees, contractors, and vendors is typically considered a positive attribute in business, it can also put your organization at risk. Many individuals and businesses today use Dropbox as a great method of file sharing and collaboration. Such files often contain a plethora of valuable information including trade secrets, PII, and client data. A hacker can use this information to spoof emails, gather data from clients, and target them as their next victims.

Travel Services
If your business employs a travel service to help them get from point A to point B, this can be another security risk. Companies such as Expedia, Travelocity, and Orbitz typically store your credit card information along with other PII that can be devastating in the event they are breached.

Be sure to employ different login credentials for each of these websites to best protect yourself and your business. Use multi-factor authentication if it is offered and don’t store your billing information with these sites if given this as an option.

E-Commerce
Whether your company orders office supplies online from Staples/Office Depot or your business sells products through Amazon/eBay, this is yet another area of risk. Again, stolen credentials can allow for the theft of PII and access to financial information that can drain your bank account before you realize what has happened.

Banking & Finance
Programs such as QuickBooks or Freshdesk or banking apps from financial organizations such as Bank of America or Wells Fargo can also lead to problems when it comes to credentials. If a hacker steals access to your bank accounts, credit cards, or financial programs, it can be truly devastating for your business.

Imagine having all of your accounts wiped out. How will you pay your employees, cover your business mortgage, or pay out contractors? Once the money is gone, the likelihood you will ever see it again is minimal, as hackers can be very difficult to trace and, even if you do get it back, how will you cover your business expenses in the meantime?

Social Media
If your employees or business are on social media, which most are, this can put your business at higher risk for a breach. Pages on social media can be easily spoofed or copied. A cybercriminal can invite your friends and followers, steal their information, and worse. This can ruin your reputation whether the hacker takes an unpopular political stand on the false page or accesses more people to victimize through spoofing of their personal or business pages.

Other Employee Risks
In addition to the threat of employees having their work credentials stolen, their personal credentials can also put your business at risk if they end up in the wrong hands. For example, if an employee uses their LinkedIn credentials such as their username and password for work in QuickBooks, they can expose your company to a breach. Employees should be trained to use unique usernames and passwords for each program, app, and website they use. This is true not just for work but also for their private internet use as well.

While it can be cumbersome to keep track of different usernames and passwords for each website or app they use, there are password management tools such as MyGlue or LastPass that can keep track of them all. While some of these password management programs are free, some do have a minimal cost associated with them. Remember, you get what you pay for in business. Some of the free apps are poorly encrypted locally on your own device so if you get hacked, the bad guys will still have access to your information. We advise working with a larger company so you know they have the manpower and ability to keep your information safe and secure.

Users often have the same password for multiple services such as network logons, social media, and online stores. This greatly increases the potential for a breach. Train and retrain your employees on cybersecurity. It is worth the investment as is paying a small annual fee for a secure password management tool. Consider this well spent money as an operating expense just as you do with your marketing budget.

Combating the Dark Web
At Oram, our experts are able to search the Dark Web so you don’t have to. Using Dark Web ID from ID Agent, our experts search for your personally identifiable Information (PII) on the Dark Web to determine if you are at risk of experiencing a breach. This gives you time to protect your information, notify your bank or lender, and change passwords before you experience a breach.

How Dark Web ID Works
Dark Web ID is a commercial solution to detecting compromised credentials in real time on the Dark Web. It offers the same advanced credential monitoring capabilities that are employed by Fortune 500 companies. This specially designed software connects to multiple Dark Web services including Tor, I2P, and Freenet where it searches for compromised credentials. With this proprietary software, you don’t have to expose your own software, hardware, or network to these high-risk services directly.

By searching the most secretive and covert corners of the internet, Dark Web ID locates compromised credentials associated with your business, contractors, and personnel. If we find credentials that compromise your company, we notify you immediately BEFORE you become the victim of identity theft, data loss, or a breach. The real-time awareness of compromised credentials Dark Web ID provides means you will know if your PII has been stolen so you can safeguard both your personal and business assets before it’s too late.

Be Prepared
The more information you have, the more valuable it is and the more prepared you can be. We employ extensive logging and reporting capabilities that allow us to track your credentials and the credentials of your employees on the Dark Web. As a result, we can triage incidents quickly and create effective policies and procedures to reduce the risk to your business.

How It Helps Businesses
We use the Dark Web ID as a tool to identify compromises throughout your organization that could put your company at risk for a data loss or major breach. With this software, we are able to monitor the Dark Web 24 hours a day, seven days a week, 365 days a year. It is so effective, it reports more than 80,000 compromised emails daily. In addition to email, the program searches and monitors the following platforms frequented by cybercriminals:

• Hidden chat rooms
• Private websites
• Peer-to-peer networks
• Internet relay chat (IRC) channels
• Social media platforms
• Black market sites
• 640,000+ botnets

Predictable Patterns
While it is good practice to be prepared for a breach, it’s even better to have a warning that one could be coming. Using Dark Web ID, we can identify industry patterns. If we see that your industry is starting to come under attack, we can share that intelligence with you to best protect your employees, your business, and your consultants.

Prevention is the Best Medicine
While a network attack may be inevitable, they can be made less destructive and costly. With proactive monitoring of stolen and compromised credentials, you can be alerted to prevent losses before they happen. With alerts that tell you when your credentials have been stolen, you can respond immediately to prevent a breach.

By employing monitoring services and software such as Dark Web ID, your company can move toward compliance with data breach and privacy laws. Our experts can even help you develop and implement a data breach response plan.

If you would like more information about the Dark Web, Dark Web ID, or reducing cyber risks to your business, please call Oram today at (617) 933-5060 or visit us online.