websites

The Necessity of Dark Web Monitoring

September 16, 2019 by securewebsite

Protect your identity and business with a consistent watchdog service

We’ve all read about the constant barrage of cyberattacks on businesses and the nightmare that comes from having your personal identity stolen. There are ways to reduce the odds that your business will suffer such an attack or that your personal information will be hacked. One of the best methods for protecting both your business and your identity as well as that of your family is consistent monitoring of the Dark Web.

What Is the Dark Web?

The Dark Web is just what it sounds like. It’s the shady side of the internet. The Dark Web lays in a sub layer of the internet known at the “Deep Web.” This is a place hidden from conventional search engines where criminals often roam searching for their next victim.

Believe it or not, common search engines including Google, Bing, and Yahoo simply scratch the surface of what is actually available online. Such search engines hunt just .04 percent of the indexed internet. The other 99.96 percent of the web consists of databases, private academic and government networks, and the Dark Web, according to ID Agent, which provides comprehensive threat intelligence and identity monitoring solutions for both individuals and businesses through ORAM Corporate Advisors.

What Threat Does the Dark Web Pose?

Not only is the Dark Web a place that threatens your personal identity but it can endanger your business as well. This is a place where the signature pieces of your personal identity (name, date of birth, stolen passwords, and even social security numbers) can be sold daily to the highest bidder. Everything from your credentials such as email logins, passwords, and usernames can be found there.

With such personal information, criminals can hack your email, your bank accounts, and more. They can open new credit card accounts in your name without your knowledge and rack up untold sums of debt before you’re even aware there’s a problem. The threat of personal identity theft can extend beyond you as well to other family members such as your spouse, your children, and your parents.

The loss of such personal information can be devastating to your business, too. Critical business information such as business applications, email, and other online services can be penetrated with your personal information. Logins and passwords can be changed, business information can be accessed and stolen, and your organization can be brought to a complete halt with the personally identifiable information (PII) bad actors are hocking on the Dark Web. Read the ORAM blog “The Dark Web: What It Is, How It Impacts Your Organization, and Ways to Protect Your Business” for more detailed information about the severity of the threat your business faces as a result of the Dark Web.

Protecting Yourself, Your Family, and Your Business

The most effective way of protecting your PII, your family members’ PII, and your business is through Dark Web monitoring. ORAM uses SpotLight ID, which employs Dark Web ID, to monitor your identity and that of your covered family members. Through leveraging Dark Web ID, ORAM focuses on the cyber threats specific to you and the environment you work in. Our proprietary software continuously monitors the Dark Web and the digital criminal underground to determine if our clients’ credentials have been exposed.

With SpotLight ID, ORAM searches for your personal information on the Dark Web. If found, your data is harvested to protect it from typical hacker sites such as Pastebin. Many such sites frequented by cybercriminals require a membership and credibility to enter. Our monitoring system allows us access to search more than 500 internet relay chatroom (IRC) channels, 600,000 private websites, and 600 Twitter feeds utilized by bad actors.

Furthermore, SpotLight ID executes 10,000 queries daily to help monitor and protect your identity and those of the people you love. We also monitor and source information from hidden theft forums, peer-to-peer file sharing programs and networks, and social media. We can even find compromised data harvested through botnets and command and control (C2) servers.

Be On Alert

If your information is identified on the Dark Web, we notify you immediately. This allows you the opportunity to change your logins and passwords before cybercriminals can take advantage of the information they have. This also gives you time to consult with your business’s internal or external IT team as soon as possible to determine if a data breach or cyber incident has occurred using your credentials. Such monitoring and notification can buy your business the time it needs to change your username, login, and password before cybercriminals can strike against it.

In addition to monitoring the Dark Web for your PII, ORAM will alert you if someone actively targets you or your covered family members’ social media profiles. You’ll also receive instant updates, alerts, and access to your credit from all three major credit bureaus if something changes with your credit or that of your covered family members.

Monitoring of the Dark Web also gives you peace of mind that your identity and that of family is covered. With a team of U.S.-based Certified Identity Restoration Specialists, ORAM will work to completely restore your identity should the worst happen, even if the issue began before you enrolled for coverage. You can take even more comfort in knowing that with SpotLight ID, you have up to $1 million in identity insurance to cover related restoration expenses if needed.

If you are interested in learning more about SpotLight ID or registering in one of our affordable and flexible plans, contact ORAM Corporate Advisors online now or call us at (617) 933-5060. The cybersecurity experts at ORAM are here to protect you, your family, and your business from the threat of cybercrime.

Budgeting for Technology in the New Year

January 24, 2019 by securewebsite

How to squeeze the most out of your IT and save your business money

With the New Year in full swing you’re probably preparing to implement your updated information technology (IT) plan. As a business owner or leader, you probably have many questions such as, “How much should my business budget?” You may also be wondering if you’re making the most of the IT you already have in place. In this blog, we break down what every business should be budgeting at the very least as well steps for ensuring your business has the technology it needs and that your network is as secure as possible.

Cloud Computing
If your business has not yet migrated to the cloud for your email and other services, now is the time to do so. There are several reasons it is best for businesses to move to the cloud. From saving money to better data security, cloud computing offers a ton of benefits to modern businesses.

To begin, establishing and maintaining your own data storage is expensive. Not only do you need to purchase the right hardware and software, but you have to hire people to install it and set it up. Cloud computing allows you to pay for just the services you use and can reduce your IT costs. It is so affordable that is was estimated in research by McAfee that nearly one-third of worldwide enterprises would be using software-as-a-service (SaaS) by the end of 2018. Cloud providers typically charge based on the features you choose, storage used, and number of users. Most also charge for time and memory space. This means you get to select the package that best suits your IT budget.

Cloud computing also allows you both flexibility and scalability. Cloud computing lets your employees work from anywhere they have internet access through virtualization. Giving employees the option to work remotely means you can cut the number of workspaces at the office further reducing your costs. In addition, scaling Cloud computing services is a cinch. You don’t have to spend a ton of money on new servers, storage, and licenses as your business grows. With the cloud, you just sign up for additional storage space or features as your business needs them.

If you store your own data, a breach or disaster such as a fire could devastate your business’s valuable information. With the cloud, your data will always be available as long as users have internet access. Many businesses use the cloud specifically for backup and disaster recovery for this very reason.

Data security is also a top priority in this day and age of hacks, breaches, and ransomware. Email is the lifeblood of most businesses to ensuring it is secure should be a top priority. Storing data and using email on the cloud is often more secure than storing it or hosting on physical servers and data centers in your office. Laptops and desktops can be stolen as can other hardware. Data on the cloud can be deleted remotely or moved to a different account and hackers face a greater challenge in breaching cloud platforms so your data is simply more secure. As a matter of fact, 85 percent of enterprises keep sensitive data in the cloud according to Vormetric.

Finally, cloud computing is one of the most effective ways to promote collaboration and it gives you a wide variety of service options to choose from. Your employees will be able to easily share data, collaborate on projects, and provide updates in real time from the field. Time wasted on repetitive tasks such as data entry are no longer an issue and you get to choose the services your business really needs whether it is abundant storage or software from a wide range of providers.

Leveraging Your Existing IT
Hardware and software can be hugely expensive investments for many businesses. Your business needs to get the most out of every bit of IT it has invested in. For example, you may already be using Office 365 for email but is your business using it for file sharing or collaboration between teams? A network assessment and IT audit can tell you where you have room for improvement, opportunities for growth, and options for cost savings.

A study by Bank of America in 2017 revealed small business owners found the greatest barrier to achieving a balance between work and their personal life involved administrative tasks. Perhaps you have software that can help you automate administrative tasks to help your business free up time. For example, Intuit’s QuickBooks Self-Employed software has an expense management system built right into it. An independent IT auditor can show you how to best use what you already have to meet your organization’s needs without spending more money unnecessarily.

Hardware Replacement
Most businesses cannot afford to replace their desktops and laptops all at once. This is especially true when the average lifespan of a desktop today is between three and five years according to a piece by Chron, an online news source.

“Of course, this number is just a generalization and a number of factors play into lifespan, ranging from the computer’s quality, care, and room for upgrades,” according to the blog, “What is the Life Span of the Average PC?” “For small business owners, every new computer is an expense and an investment, one whose worth over time largely depends on how you use it and care for it.”

Laptops are also a typical expense for most businesses. According to a blog by TechGuided, the lifespan of a laptop will depend on the quality of the product you purchase, how often it is used, and how it is maintained. “A mid-range laptop should probably last around four to five years, though, give or take a year or two depending on how you use it,” advises the piece.

To make such updating of your IT more affordable, we recommend making replacements in quarterly cycles rather than all at once. Your IT personnel or your IT auditor can make recommendations as to which hardware needs to be replaced immediately, which can hold off for a few months, and which pieces still have a good life ahead of them. Based on these recommendations, you can schedule a plan for cycling out old hardware each quarter on a regular basis. This serves to level out your IT spending rather than investing a ton of money all at once.

According to an article by Business.org, businesses should “expect to pay between $400 for a basic model with limited storage space to $3,500 for a top of the line desktop with a large hard drive. Desktops also range in price based on operating system as well. For example, models that run Windows may be less expensive than Apple models. Apple desktops vary in cost from $1,500-$3,500, depending on which features you need.”

The same piece also stated that laptops “range from $300 for the most basic models to $3,000 for high-speed models with large storage capacity. Similar to desktops, laptops also vary in cost depending on which operating system you prefer. Apple laptops tend to fall towards the middle of the price scale, ranging in cost from $1,000 to $2,500. Laptops that run Windows have a wider price range, and cost depends mostly on features and brand.”

The Latest Software
In addition to hardware, businesses will also need to consider the software they are using. When you purchase software, it is licensed to your business and may have an end date to your user agreement. Additionally, software changes over time and there may be upgrades that could benefit your company or even new software that is better than what you have.

This is where the IT audit can once again assist your business with saving money. Your IT auditor can evaluate your existing needs versus the software you have in place. They can determine if you have the latest software or if the software you have simply needs to be patched or updated. A real IT expert can educate you about software to help you achieve your business goals while saving you money. Based on their recommendations, you can choose to either use what you already have or purchase better software to save your business money over the long term.

Email Security
As we mentioned before, email is as critical to business continuity as breathing is to life. That means you need to have quality security for your email. Software such as Microsoft Office 365 and other programs can scan for threats, identify phishing attempts, and filter spam. Programs such as Mimecast offer many of the same advantages and can also aid employees when it comes to identifying websites as safe or unsafe to visit based on URL reputation. Anti-virus, anti-spam, and firewall software are also good to include in your IT plan.

The cost of software will vary by brand and product. For example, a one-year subscription to Office 365 Unlimited Professional is just $99.00 online. That cost covers up to five desktops, five tablets, and five mobile devices such as smartphones. There are also monthly subscriptions to Office 365 Business for as little as $8.25 a month. What you spend will ultimately depend on what software you purchase or subscribe to, how many devices you need to cover, and for what length of time.

Technology Awareness Program
All of the hardware and software in the world won’t protect your business if your employees are not technology savvy. Any IT expert will tell you that regularly-scheduled, ongoing employee education is the cornerstone of securing your business data. This is something that every business should budget for because it’s your employees that can make or break your business.

The cost of security awareness and end-user training will, again, vary from business to business. This is because most companies that handle Technology Awareness Training programs, such as Oram Corporate Advisors, base their rate on how many people are being trained, how in depth the training will be, and how frequently you host trainings. Ideally though, businesses should train every new employee as part of their onboarding process with all-staff training every six months to keep employees updated on the latest threats and how to avoid or combat them. This investment in training will pay off in dividends as each employee becomes more aware of the threats they face and their role in protecting your business.

At the end of the day, how much your business should budget for technology this year will depend on a variety of factors from how you store your data to what hardware and software you have as well as your business goals. If you would like more information about IT asset management, network assessments and IT auditing, or other IT support services, please contact Oram at (617) 933-5060 or visit us online. We can even schedule a free technology assessment to get your business started off on the right foot in 2019.

‘Tis the season for being victimized

November 13, 2018 by securewebsite

Tips for staying safe online this holiday season

Whether you’re sharing plans for your upcoming vacation on Facebook, you’re knocking out holiday shopping online, or you’re a retailer ready to strike while the iron is hot through a virtual store, the holidays can be risky business. Hackers connive year-round to steal important data that can leave you broke or your organization in shambles, but the holidays are an especially profitable time for them.

With modern technology, information is always at our fingertips. What you don’t want is your information being shared as it can put you at risk online and off both as an individual and as a business leader. Here are some things to think about before sharing, shopping, and selling online this season.

Beware & Don’t Overshare
It is hard not to get wrapped up in all the excitement of the holidays and want to share it with others. After all, who wouldn’t want to read about all of the visitors, gifts, and fun from your seasonal gatherings? While you may wish to share photos of your family, talk about your travel plans, and show off your new gifts, you must be wary of sharing too much.

Just as your friends and family enjoy your posts cybercriminals, cyber criminals could be as well. The information you share on social media accounts, especially when your privacy settings are public, can be seen by everyone. Criminals can use this information to misrepresent themselves as someone you know, use the information to crack your account passwords, or even learn when you’re out of town to rob your home or business.

Put a Lock On It
Analysts project that there will be more than three billion active social media users by 2021, according to Statista, a compilation of statistics and studies from more than 22,500 sources. That equates to about 40 percent of the world’s population. Be sure to set your accounts to maximum privacy and carefully choose who you give access to your social media. Here are a few tips to keep you socially savvy during the holiday season:

• Set the privacy settings to be as secure as possible.
• Don’t accept friend or connection requests from people you don’t know.
• Be careful not to overshare on your social media.
• Never announce when you have plans to be out of town on social media.

Online Shopping Set to Boom
When it comes to online shopping during the months of November and December, this year promises to see the largest online holiday sales yet. According to a piece by Shopify, worldwide online holiday sales reached $94.4 billion in 2016 but that jumped to $108.15 billion in 2017. Online purchases peak between Black Friday and Cyber Monday but the entire week of Thanksgiving is one big shop ‘til you drop event for consumers. According to the Shopify article, online spending is set to jump again this year with an estimated $3.35 billion in expected sales on Thanksgiving and $5.8 billion in sales for Black Friday which means people are learning to love shopping from the comfort of home.

Safer Shopping
The thought of dragging yourself to the store, fighting holiday crowds, standing in long lines, and dealing with traffic can make the holiday elf in all of us quickly turn into the Grinch. Avoiding all of that while easily finding the best deals on the gifts we want to give (and get) has become irresistible. Criminals can put a huge dent in your holiday budget though, if you aren’t careful.

To best protect yourself while shopping online, stick to retail websites you already know and trust. Avoid shopping through links on social media and email as they can take you to legitimate-looking sites that are actually fraudulent. If you do find a must-have gift on an unfamiliar site, do some investigative work before handing over your credit card number. Check the company out online, see if they have a social media following, and read customer reviews. You can even contact the business directly and call the Better Business Bureau for more information.

You will also want to ensure that when you sign up for new accounts that you use strong passwords that are unique to each site. You can use a password manager to help you keep track of new accounts. Be sure to use a complex set of lowercase and uppercase letters, numerals, and special characters when creating your passwords.

Be On Alert
Regardless of when you do your holiday shopping online, there are some precautions you should be taking. There is an easy acronym (ALERT) to help you shop smart and stay safer online:

• A– Activate two-factor authentication on all banking transactions. This means that you need to input a one-time password (OTP) which is sent by your bank (via SMS or email) to confirm the transaction. This provides an added level of security as anyone trying to use your cards would also have to have access to your mobile phone or email.
• L– Look for signs that the site you are shopping on is secure. Before you type your card details into a website, look for a small padlock symbol in the address bar and a web address beginning with https:// (the s stands for ‘secure’).
• E– Enter a web address yourself and don’t access it through links. Links in email messages, text, instant messages and pop-up ads can take you to websites that look legitimate but are not.
• R– Review all transactions, check your statements, and SMS notifications to ensure that all debits from your account are familiar. Use credit cards, not debit cards, for online shopping. Credit cards offer better fraud prevention and consumer protection.
• T– Treat your details with care. Don’t save your card details on your computer or in your browser. Be selective as to where you input your details, avoid shared devices, and always make sure your security software is up to date.

If You’re the Store
If your business allows people to shop, pay, or schedule appointments online, then it has a responsibility to protect client data at all times. This is especially true during the holidays when hackers are even more likely to attempt to swipe credit card data or personally identifiable information (PII). To ensure the privacy and protection of your clients, you will want to employ the CIA Triad:

• Confidentiality– Ensure the privacy of data so it can’t be accessed by unauthorized parties.
• Integrity– Ensure the accuracy of data in a manner that guarantees the data is reliable.
• Availability– Ensure data is available and cannot be destroyed either maliciously or accidentally.

This triad provides a structured approach to helping businesses appropriately store, transfer, and protect client data as well as their own. In order to do a thorough job of protecting vital, proprietary data, we need to consider data privacy from all angles and the CIA Triad allows us to do just that by encouraging us to think before we click, verify sources of information and requests, ensuring accuracy, and following data security policies.

Keep It Updated
Whether you are an individual or a business, ensure your devices from mobile phones and tablets to laptops and desktops are kept up-to-date. You don’t want to miss any security patches that address vulnerabilities that might make you an easier target for the bad guys. You also want to keep updated on the latest cyber threats, so you know what to watch for and protect yourself against.

Wi-Fi Wisdom
According to Cisco, experts estimate by 2020 there will be 432.5 million public Wi-Fi hotspots. While this relieves your data use when you’re out and about, cybercriminals love them because they can use such public networks to capture PII, credit card credentials, and other profitable data.

Avoid Email Scams
We have all seen them. Those incredible sales and deals that pique your shopping interest, especially during the holidays when we are looking for the perfect gift. Email security is particularly important during the holidays when email scams seem to multiply.

While it’s tempting to click away and open those emails, be careful. Those special offers can lead to computer viruses, malware, and much worse. Play it safe by deleting emails from unknown sources. If you don’t know the company or person sending you an email, simply trash it and definitely don’t open any attachments from unfamiliar businesses or individuals.

Extra Safety Tips for Holiday Shopping, Sharing, and Selling
Here are a few other professional tips to keep your data safer this holiday season:

• You are likely to find yourself in more crowds this time of year. Be careful not to discuss sensitive personal information or business in places such as stores, at parties, or on public transportation.
• Lock your computer screen whenever you walk away from your desk during the workday. When you leave for the evening, log out and shut your computer off as most companies run updates and security scans in off-business hours.
• Don’t disclose sensitive personal or business information on social media.
• Be sure to pick up printed documents immediately from the office printer and clear your desk before leaving it. Don’t leave papers lingering as data can fall into the wrong hands.

Get even more smart security tips online with the Pause, Think and Act security awareness video. You can also contact Oram at any time for extra assistance with ensuring a safe, smart, and successful holiday season for your business. Visit us online or call us now at (617) 933-5060.

Password managers: What you need to know about generating and securing passwords that work

October 26, 2018 by securewebsite

By Ryan O’Ramsay Barrett

Being in IT, we hear about it all of the time. A client calls us in distress because they used the same password on multiple websites, social media platforms, and their email and now they’ve been hacked. The bad guys have access to several of their digital platforms, if not all of them, and things are a mess. The worst part is, the entire scenario could have been easily avoided.

One of the simplest and most commonly recommended cybersecurity practices promoted by experts to prevent problems like the one above is for people to use a password manager. Some are free and others cost a small annual fee but all of them are highly recommended over not using one at all.

What is a Password Manager?
A password manager is a type of software that assists in generating and retrieving complex passwords with the goal of improving your cybersecurity. One of the greatest issues is that most people either use the same password on multiple accounts or their passwords as just too simple. Using the same password for multiple sites can increase the risk that you will be hacked or that your business will experience a data breach. Overly simple passwords also make people more susceptible to being victimized by cyber criminals who would love to get their hands into our bank accounts, business data, and personally identifiable information (PII).

Consider a password manager as a vault of sorts, able to store multiple passwords in an encrypted database or produce them on demand. This means you don’t have to reuse the same password for various accounts, memorize them yourself, or write them down.

Regardless of how many passwords you have or how complex they may be, a password manager can keep track of them for you. Additionally, when you need a stronger password for a new account or to better secure an existing one, a password manager can generate a new, complex password for you.

Security Benefits
According to MyGlue, more than 60 percent of all data breaches are the result of weak or stolen passwords. By using more complex passwords that feature uppercase and lowercase letters, numerals, and special symbols, that are unique to each of your accounts, you are protecting vital online information from credit card numbers to the answers to your security questions. Not only is this important in your personal life but it is imperative to your business as well. Password managers help by generating unique, complex passwords that will not be easily guessed by bad actors.

Another sobering statistic is that more than 30 percent of employees keep track of passwords by writing them on Post-it Notes, according to MyGlue. This is not a secure or suggested form of storing passwords. With a password manager, you only have to remember a single master password to access your “vault” with all of your passwords in one place.

Business efficiency is also improved with the use of a solid password manager because employees won’t have to waste time resetting passwords or searching for that sticky note that disappeared. There will also be a reduction in requests to IT for password resets.

Password managers can also simplify shopping. Payment information can be stored in your password manager so that it’s all at your fingertips when you are ready to shop online.

Risks of Password Managers
I know what you’re thinking. If a hacker gets access to your master password, that would allow them access to all of your accounts. Bad actors have also been known to breach the central vault of password managers. The good news is that there are defenses available to address both of these concerns.

First, any password manager worth its weight is going to employ multifactor authentication. This means that when you, or someone else, attempts to access your “vault” of passwords, you will be sent a text or email with an authentication code to log in. If someone were to steal your master code, you would find out via a text message or email. No one can access your credentials without having both the correct password and the right authentication code. This gives you time to change your master password and notify your password manager should a problem arise.

Vendors usually protect master vaults as well by encrypting your password information locally. That information is encrypted and stored, on servers operated by the vendors who, in most cases, employ some of the best cybersecurity measures available. Some of the free password managers don’t offer the same higher level of security that paid password managers do. Be sure to do your research before signing up with a company or touch base with us at Oram so we can recommend one that works best for your needs.

The Cost of Better Security
There are a multitude of password managers available. Some offer free versions but when it comes to the security of your business, remember that you often get what you pay for. With that in mind, at Oram we recommend paying for a password manager as many don’t cost much.

Most password managers offer some sort of free trial period and range from $12 per year to upwards of $50 a month. The cost may depend on the number of devices or users the program is being employed for.

What Oram Recommends
There are so many password managers available that it can be hard to choose one. Some offer features such as photo login options (a form of multifactor authentication), phone support, and use across a wide variety of operating systems. The two that we recommend to our clients are MyGlue and LastPass.

We highly recommend MyGlue because it offers so many options for a low price. First, as a business owner, you will know who accesses what password and when. MyGlue is easy to use, functions well with multiple operating systems and allows you to share training material with your team for the program so no one is lost. Finally, you can avoid hackers by using strong passwords that are secure, keeping your business information such as the PII of employees and clients and your proprietary data safe. MyGlue also employs the highest security measures available.

If MyGlue doesn’t fit your needs, LastPass is the next best option. LastPass works on iOS, Android, Windows, Mac, and Linux operating systems. It offers a variety of subscription options from a single user to families, teams, and enterprises and all are quite affordable. With LastPass, you can simplify online shopping, store digital records, and share passwords and notes with others securely in addition to storing and generating passwords.

If you have lingering questions or concerns about the use of password managers, please call Oram today at (617) 933-5060 or visit us online. Our team is happy to help you select and engage a password manager that meets all of your business needs.

The Dark Web: What it is, how it impacts your organization, and ways to protect your business

October 19, 2018 by securewebsite

The Dark Web sounds like the name of Hollywood’s latest horror movie. In reality, it is something much scarier. It can rob your business, negatively impact employees, and shutter companies.
While you can’t see it, the Dark Web is a huge threat to the stability and continuity of business. Knowing what it is and why it is threatening is the first step to protecting what you have built with hard work and dedication. Here is what you need to know about the Dark Web, why it’s so dangerous, and ways to best protect your organization.

What is the Dark Web?
The Dark Web is the shady side of the World Wide Web. Digital communities on the Dark Web are accessible with special software that allows users and those operating dark websites to remain anonymous and untraceable. While it offers some legitimate uses, it is estimated that more than 50 percent of all sites on the Dark Web are employed in criminal activities. This can mean everything from the theft of digital credentials to their disclosure through sale.

Your Credentials
Digital credentials such as usernames and passwords keep you and your employees connected to critical business applications, email, and other online services. Criminals know that if they can get those credentials, they can access everything from your business’s list of clients to your trade secrets and funds. This means digital credentials are some of the most valuable pieces of information floating around the Dark Web.

Credential Theft
Criminals steal credentials from login information for social media platforms such as Facebook to dates of birth and credit card numbers. The problem is that many individuals and companies often fail to realize their credentials have been stolen until it’s too late.

In more than 75 percent of cases, it is law enforcement or another third-party that notifies a victim that something is amiss. By then, it’s usually too late to prevent data theft or a serious breach that could stop your company in its tracks, lead to a loss of customers, or even bankrupt your business.

Human Resources and Payroll
Your business relies on its human resources and payroll department(s) but these valuable individuals are some of the biggest risks to your organization’s digital security. When they utilize their work email to access websites and programs such as ADP, Paychex, and Ceridian, it can open the door for criminals who have stolen their credentials.

Cybercriminals can use their stolen information to heist the personally identifiable information (PII) of other employees, access payroll information, and even steal from the company coffers. Such breaches can also lead to other criminal activity such as the identity theft of employees or customers.

Client Relations Management
The client relations management (CRM) tool your business uses allows you to communicate seamlessly with your customers. This is great for your business and it’s great for cybercriminals, too.
Pretend for a moment that you have used the same password for your eBay account as you do for your business’s HubSpot. If a hacker steals your eBay credentials, they can access your business’s HubSpot. They can now send an email to your clients pretending to be you. The hacker can ask your clients for anything they want from money to their PII. This can ruin your name and reputation with your clients and within your industry as well as that of your company.

Communications
Another risk lays in your company’s communications from Verizon to Adobe and T-Mobile. For example, if someone wants to hack your AT&T account, they may be able to reveal your payment information from a bank account or credit card. Now they have access to your accounts and can steal money from you and/or your business. Using your mobile number, they can also spoof text messages, reset your bank account password, and access your cash as well as other websites, social media platforms, and other apps you utilize.

Business tools such as email services can also become hacked with the theft of employee credentials. Whether your company uses Gmail, Yahoo, or Office365, these are all hackable. Once someone has access, they can send spoofed emails to clients pretending to be you or an employee asking for more information or even money.

Collaboration
While collaboration among employees, contractors, and vendors is typically considered a positive attribute in business, it can also put your organization at risk. Many individuals and businesses today use Dropbox as a great method of file sharing and collaboration. Such files often contain a plethora of valuable information including trade secrets, PII, and client data. A hacker can use this information to spoof emails, gather data from clients, and target them as their next victims.

Travel Services
If your business employs a travel service to help them get from point A to point B, this can be another security risk. Companies such as Expedia, Travelocity, and Orbitz typically store your credit card information along with other PII that can be devastating in the event they are breached.

Be sure to employ different login credentials for each of these websites to best protect yourself and your business. Use multi-factor authentication if it is offered and don’t store your billing information with these sites if given this as an option.

E-Commerce
Whether your company orders office supplies online from Staples/Office Depot or your business sells products through Amazon/eBay, this is yet another area of risk. Again, stolen credentials can allow for the theft of PII and access to financial information that can drain your bank account before you realize what has happened.

Banking & Finance
Programs such as QuickBooks or Freshdesk or banking apps from financial organizations such as Bank of America or Wells Fargo can also lead to problems when it comes to credentials. If a hacker steals access to your bank accounts, credit cards, or financial programs, it can be truly devastating for your business.

Imagine having all of your accounts wiped out. How will you pay your employees, cover your business mortgage, or pay out contractors? Once the money is gone, the likelihood you will ever see it again is minimal, as hackers can be very difficult to trace and, even if you do get it back, how will you cover your business expenses in the meantime?

Social Media
If your employees or business are on social media, which most are, this can put your business at higher risk for a breach. Pages on social media can be easily spoofed or copied. A cybercriminal can invite your friends and followers, steal their information, and worse. This can ruin your reputation whether the hacker takes an unpopular political stand on the false page or accesses more people to victimize through spoofing of their personal or business pages.

Other Employee Risks
In addition to the threat of employees having their work credentials stolen, their personal credentials can also put your business at risk if they end up in the wrong hands. For example, if an employee uses their LinkedIn credentials such as their username and password for work in QuickBooks, they can expose your company to a breach. Employees should be trained to use unique usernames and passwords for each program, app, and website they use. This is true not just for work but also for their private internet use as well.

While it can be cumbersome to keep track of different usernames and passwords for each website or app they use, there are password management tools such as MyGlue or LastPass that can keep track of them all. While some of these password management programs are free, some do have a minimal cost associated with them. Remember, you get what you pay for in business. Some of the free apps are poorly encrypted locally on your own device so if you get hacked, the bad guys will still have access to your information. We advise working with a larger company so you know they have the manpower and ability to keep your information safe and secure.

Users often have the same password for multiple services such as network logons, social media, and online stores. This greatly increases the potential for a breach. Train and retrain your employees on cybersecurity. It is worth the investment as is paying a small annual fee for a secure password management tool. Consider this well spent money as an operating expense just as you do with your marketing budget.

Combating the Dark Web
At Oram, our experts are able to search the Dark Web so you don’t have to. Using Dark Web ID from ID Agent, our experts search for your personally identifiable Information (PII) on the Dark Web to determine if you are at risk of experiencing a breach. This gives you time to protect your information, notify your bank or lender, and change passwords before you experience a breach.

How Dark Web ID Works
Dark Web ID is a commercial solution to detecting compromised credentials in real time on the Dark Web. It offers the same advanced credential monitoring capabilities that are employed by Fortune 500 companies. This specially designed software connects to multiple Dark Web services including Tor, I2P, and Freenet where it searches for compromised credentials. With this proprietary software, you don’t have to expose your own software, hardware, or network to these high-risk services directly.

By searching the most secretive and covert corners of the internet, Dark Web ID locates compromised credentials associated with your business, contractors, and personnel. If we find credentials that compromise your company, we notify you immediately BEFORE you become the victim of identity theft, data loss, or a breach. The real-time awareness of compromised credentials Dark Web ID provides means you will know if your PII has been stolen so you can safeguard both your personal and business assets before it’s too late.

Be Prepared
The more information you have, the more valuable it is and the more prepared you can be. We employ extensive logging and reporting capabilities that allow us to track your credentials and the credentials of your employees on the Dark Web. As a result, we can triage incidents quickly and create effective policies and procedures to reduce the risk to your business.

How It Helps Businesses
We use the Dark Web ID as a tool to identify compromises throughout your organization that could put your company at risk for a data loss or major breach. With this software, we are able to monitor the Dark Web 24 hours a day, seven days a week, 365 days a year. It is so effective, it reports more than 80,000 compromised emails daily. In addition to email, the program searches and monitors the following platforms frequented by cybercriminals:

• Hidden chat rooms
• Private websites
• Peer-to-peer networks
• Internet relay chat (IRC) channels
• Social media platforms
• Black market sites
• 640,000+ botnets

Predictable Patterns
While it is good practice to be prepared for a breach, it’s even better to have a warning that one could be coming. Using Dark Web ID, we can identify industry patterns. If we see that your industry is starting to come under attack, we can share that intelligence with you to best protect your employees, your business, and your consultants.

Prevention is the Best Medicine
While a network attack may be inevitable, they can be made less destructive and costly. With proactive monitoring of stolen and compromised credentials, you can be alerted to prevent losses before they happen. With alerts that tell you when your credentials have been stolen, you can respond immediately to prevent a breach.

By employing monitoring services and software such as Dark Web ID, your company can move toward compliance with data breach and privacy laws. Our experts can even help you develop and implement a data breach response plan.

If you would like more information about the Dark Web, Dark Web ID, or reducing cyber risks to your business, please call Oram today at (617) 933-5060 or visit us online.