Cybersecurity

The initial reaction when you suspect your computer or network has been compromised is to panic. However, if your network has been breached, what you do next can make the difference between the incident being a minor inconvenience and being a devastating disaster that brings legal trouble and huge fines and halts your ability to do business. In today’s article, we’ve consulted our cybersecurity experts on the top signs of an affected computer and the five steps you need to take as soon as you notice your network has been compromised to prevent as much irreversible damage as possible. Signs Of An Issue According to IBM’s latest cybersecurity report, the average data breach goes 277 days before it’s noticed and reported. This time frame sounds crazy considering that attacks using malware, viruses, keylogging tools and more can cause a considerable amount of damage very quickly, but most users miss the warning signs and don’t realize they’re under attack until irreversible damage has occurred. Several of the biggest indicators of an issue can be mistaken for a slow or outdated computer or operating system. If you experience any of these issues, it’s a good idea to contact your IT team. If it’s an attack, they’ll know the proper steps to take, and if it’s not, they’ll be able to update your system or replace your device to improve performance. Here are a few key signs your computer could be infected: What To Do Next If you’re experiencing any of these issues, the next steps you take are important. Here is what our team of experts recommends: 1. Take the network offline to isolate the incident, but DO NOT turn off the device or reboot it. When a device isn’t working the way it should, the go-to move is to hit Restart. In many scenarios, that maneuver can work; however, if malware is involved, this simple act can make the situation worse. In some circumstances, rebooting your device can set in motion a crashed file-encryption process that can cause unrecoverable data loss. Disconnect your device from the network but allow it to remain on as you move through the next steps. 2. Call your IT team IMMEDIATELY. It’s important to contain the breach before it infects the rest of your network or causes any more damage. Your IT team will be able to investigate the issue to determine what went wrong and what the impact was and mitigate the breach quickly. Do not try to fix this on your own. Attempting to run a “system cleanup” or your antivirus software will waste time and could cause more damage. Call in the experts. 3. Call your attorney. There are several reasons to call your attorney. Depending on the size of the breach, your attorney may refer you to outside legal counsel with privacy and data security expertise who can advise you on the federal and state laws that may be implicated by the data breach. 4. Change passwords and secure all accounts. As the IT team is working on containing the breach, you’ll want to change your passwords to protect any of your other accounts that may not have been affected yet. Hopefully you have multifactor authentication enabled and will be notified if someone tries to access your account, but if not, begin working through your accounts to secure them, starting with ones that contain financial information like credit card numbers, Social Security numbers and more. 5. Check your bank accounts. Nearly all cyber-attacks are financially motivated, making bank accounts the primary target. As the breach is being mitigated, check your bank accounts and payment processing tools, including third-party merchant accounts and employee payroll systems, for any anomalies or sudden changes. If you’re hit by a cyber-attack, there will be a list of other steps to take, like implementing a PR communications plan, notifying appropriate parties such as law enforcement and more. The most important thing you can do if a data breach occurs is to isolate the incident and hand it over to a qualified cybersecurity professional as soon as possible. Time matters in these situations. If you need a reliable, trustworthy cybersecurity team monitoring your business, start with a FREE Cyber Security Risk Assessment. These assessments are designed to thoroughly examine your network to pinpoint any vulnerabilities and map out a plan to fix them. It is much more cost-effective to prevent a cyber-attack than to fix one, so book your assessment today by going to www.centrend.com/contactus or calling 774-241-8600.

Horror stories of people getting scammed out of hundreds or even thousands of dollars aren’t in short supply. As we scroll through the news app from the comfort of our couch, reading these accounts of how a stupid so-and-so opened an obviously suspicious attachment and a hacker drained their bank account, it’s easy to say things like “I’d never fall for that!” But would you? The sobering truth is that, under the right conditions and with the right threat, anyone can fall victim to a financially devastating scam. This reality was recently demonstrated when a finance guru, someone armed with enough financial acumen to publicly advise others, lost $50,000 to a scammer pretending to be a CIA agent. Charlotte Cowles, a seasoned financial advice columnist for New York Magazine’s digital fashion news site, The Cut, wrote a first-person account of how she boxed up $50,000 in cash in a shoebox, walked it out to the sidewalk in front of her house and willingly handed it over to an unknown person in a white Mercedes SUV. Looking back, she was humiliated that she couldn’t see the red flags, but the way these criminals intricately plotted every step would have convinced most people. I suggest giving her detailed story a read, but to give you the nutshell version, this elaborate scam started early in the day when a woman from “Amazon’s customer service” called to inquire about unusual activity on Charlotte’s account. The woman told her this has been a frequent issue for the company, provided a case number ID and recommended Charlotte check her credit cards immediately. She shared that the issue was so prevalent that the company was working with a liaison at the Federal Trade Commission and offered to refer her to him for additional assistance. Once connected, the FTC agent provided his badge number for reassurance and a direct number to reach him at, and confirmed personal details like her full name and Social Security number. Convincing, right? That’s when things took a turn. The agent shared that he had been following her case for some time, and to date, there were 22 bank accounts, nine vehicles and four properties registered under her name. The bank accounts had wired more than $3 million overseas, mostly to Jamaica and Iraq, and he wondered if she could tell him anything about this. This crazy scheme escalated from there. The agent texted her a photo of her ID, claiming it had been found in a car rented under her name that was abandoned on the southern border of Texas with blood and drugs in the trunk and was linked to an even bigger drug raid. He told her there were warrants out for her arrest in multiple states and that she was facing heavy charges of cybercrime, money laundering and drug trafficking. She frantically googled her name, looking for any warrants. Nothing. Sensing her rising discomfort, he asked if she had recently used public Wi-Fi. She had, at the airport. “Ahh…” he said, “that’s how most of these things start.” As she texted her husband that she was in serious trouble, the agent offered her a solution, but she could tell no one. Everyone was a suspect, and they were watching her every move. The agent said her laptop was hacked, her home was being watched and they could even see her two-year-old son playing in the living room right now. At the mention of her son, she was all in to resolve the problem. Sadly, you know the heartbreaking ending of the story. She drained her savings and hand-delivered it in a floral-printed shoebox to the scammer. Here’s the real kicker: if Cowles, armed with financial acumen and a journalist’s skepticism, can be led astray, what chance do the rest of us stand? It’s a digital Wild West out there, folks, and the outlaws are on the prowl, looking for their next big score. This tale isn’t just a wake-up call – it’s a blaring siren for small business owners everywhere. If you think you’re too smart to get scammed, think again, because it’s happening all the time. When Charlotte began to share her story, everyone seemed to know someone who had gone up against a scammer and lost. One friend’s criminal-defense-attorney father had been scammed out of $1.2 million. Another was a real estate developer duped into wiring $450,000 to someone posing as one of his contractors. Even a Wall Street executive, who had been conned into draining her 401(k) by a guy she met at a bar. These stories are everywhere. Cybersecurity cannot be ignored. With the AI tools available, scams are becoming more and more difficult to identify. If you want to protect yourself, your family and your business, you absolutely MUST take your security seriously. Every day, hackers are buying and selling personal information, like Charlotte’s Social Security number, on the dark web to hackers who will use it to run scams just like this one. You or your loved ones could be next. This ISN’T meant to scare you, although it should; it’s meant to educate you and give you the upper hand to go up against these criminals. To protect what’s yours. The best way we can help is to offer a FREE Cyber Security Risk Assessment. We’ll do an in-depth evaluation of your network’s security system, including scanning the dark web for leaked information, and provide you with a comprehensive report of what you need to do to be secure. You can book your Assessment with one of our experts for FREE by going to www.centrend.com/contactus or calling 774-241-8600.

Tax season is around the corner, which means so are tax scams. Without fail, every year, individuals and business owners alike fall victim to tax scams, resulting in the loss of substantial amounts of money and sensitive personal data. According to the Better Business Bureau, taxpayers lost $5.7 billion due to tax scams and fraud in 2022 alone. In today’s article, you’ll discover the top scams you need to be on the lookout for to reduce your chances of becoming these scammers’ next victim. The IRS has specific methods of contacting you One way to lessen your chances of falling for Internal Revenue Service scams is to know how the IRS will contact you. Per the IRS website, the IRS will not initiate communication with taxpayers through e-mail, text messages or social media platforms for the purpose of soliciting personal or financial information. The IRS’s main method of communication is physical mail; however, if they’re unable to reach you via mail, they may initiate a phone call. If this is the case, they will still try not to solicit any personal or financial information over the phone, and they will never threaten you or demand payment. If you’re second-guessing anything you receive, you can check out this article to help you figure out if it’s really the IRS contacting you. Here are the top scams to keep an eye on this tax season The Refund Scam The Internal Revenue Service has issued a warning to taxpayers regarding a scam designed to deceive individuals into believing they are entitled to a refund. This is often the most common scam that we see happen every year. In this scheme, recipients receive a formal notification, usually a letter, stating that they have an “unclaimed refund” available. There are variations of this, including one scam that uses a cardboard envelope from what looks to be a certified delivery service and bears the IRS logo. Similar to many scams, the deceptive letter provides contact information and a phone number that is in no way affiliated with the IRS. What sets this scheme apart is its request for various sensitive personal details from taxpayers, including detailed images of driver’s licenses. Identity thieves seeking to get ahold of tax refunds and other confidential financial data can exploit such information. Stay vigilant and be cautious of such misleading communications. If something seems off, it probably is. Identity Theft If cybercriminals are able to get access to your personal information, they can file a fake tax return on your behalf and potentially collect a refund payment. The IRS recently shared that more than 1 million tax returns were flagged last year for possible identity theft. One tool to prevent tax ID theft is to apply for an Identity Protection PIN from the IRS before you file your return. It’s also good to file early before criminals have a chance, and if you get a notice about an alleged “duplicate tax return” or a notice saying that additional taxes are owed, contact the IRS directly as soon as possible. The ERC Scam The Employee Retention Credit (ERC), sometimes called the Employee Retention Tax Credit, or ERTC, is a refundable tax credit against certain employment taxes. The IRS and tax professionals continue to see aggressive broadcast advertising, direct mail solicitations and online promotions involving the ERC. While the credit is real, aggressive promoters are misrepresenting and exaggerating who can qualify for the credit. This has led the IRS to issue many warnings about ERC schemes from third-party promoters that charge large up-front fees or a fee based on the amount of the refund. These promoters may fail to inform taxpayers that they must reduce wage deductions claimed on the business’s federal income tax return by the amount of the credit. Businesses, tax-exempt organizations and others thinking about applying for the ERC need to carefully review the official requirements for this credit before they claim it. The “Impact Payment” Scam As you prepare to collect the required documents for filing your 2023 return, be aware of a new online scam circulating. This scheme involves an e-mail displaying the IRS logo and addressing the “third round of economic impact payments,” deeming it an “important matter concerning your recent tax return filing.” The e-mail asserts that certain inconsistencies or missing information have been identified and assures recipients that a refund of $976 awaits them upon submission of the required document. Notably, there’s a button labeled “complete my information,” but IRS Media Relations Specialist Robert Marvin urges you not to click it. The “Additional Information Needed” Scam If you receive an e-mail from the IRS requesting that you submit a tax form, proceed with caution. While there are legitimate forms that taxpayers may be required to complete (such as the W-9 for freelancers and W-4 forms for employees), these are typically directed to companies and do not go directly to the taxpayer from the IRS.[RS1]  To steer clear of potential scams, it is recommended to disregard such messages and promptly report the fraud to the IRS. It’s important to note that the IRS does not initiate contact via e-mail, and any solicitation for forms through this is indicative of fraudulent activity. Another Tax Agency Scam Scammers may adopt the appearance of legitimate or fictitious tax agencies when making phone calls. Instances include impersonating entities like the Taxpayer Advocate Service or the nonexistent Bureau of Tax Enforcement. While the Taxpayer Advocate Service is a legitimate entity, it does not initiate unsolicited calls to taxpayers. On the other hand, the Bureau of Tax Enforcement is not a genuine organization. Exercise caution and skepticism toward unsolicited calls alleging to be from government agencies. Obtain a reference number if possible, terminate the call and initiate a return call using an officially verified phone number. This practice helps protect against potential scams. Be Smart And Protect Yourself The tax season often sees a surge in scams, but with some vigilance identifying an IRS imposter and protecting your finances and

“Know Ye That We Have Granted And Given License To Adam Robernolt and William le Sauvage…to annoy our enemies by sea or by land, wheresoever they are able, so that they share with us the half of all their gain.” These were the words of King Henry III of England as he issued one of the first letters of marque, effectively employing private sailors to bolster his naval power and fill the royal coffers, all under the guise of lawful privateering. This clever maneuver not only financed the kingdom’s ambitions but also paved the way for the discovery and plunder of new worlds, all at the expense of England’s adversaries. Fast-forward several centuries, and we find the essence of privateering alive and well, albeit in a new battlefield: cyberspace. Today, businesses, particularly in the United States, find themselves at the mercy of digital privateers. Recently, the FBI testified before Congress that the People’s Republic of China was preparing to “sow chaos” by taking down the US power grid, oil pipelines and water systems in the event of a conflict over Taiwan. As small business owners, you are not mere spectators in this digital skirmish but frontline warriors. The misconception that cyber security is a concern reserved for larger entities couldn’t be further from the truth. In reality, the agility and often less fortified digital defenses of small businesses make you prime targets for these modern-day privateers. The revelation of these threats isn’t meant to dishearten but to awaken a recognition of the critical need for robust cyber security measures. The landscape has shifted, and the onus is on you to protect your enterprise from digital marauders. The good news? There’s a silver lining in the form of unprecedented opportunity for those ready to fortify their defenses. Consider this: The investment in cyber security is not merely a safeguard but a strategic advantage. The narrative has evolved from viewing digital protection as an operational cost to recognizing it as a cornerstone of business resilience and growth. CEOs and business leaders are now acknowledging the indispensability of cyber security and integrating it into their core business strategies. So, where do you stand in this evolving scenario? This moment calls for reflection, for a candid assessment of your cyber security posture. Are you prepared for the digital equivalent of a storm at sea? Have you charted a course that not only navigates through these treacherous waters but also seizes the opportunities they present? The urgency cannot be overstated. The threats are real, and the consequences of inaction grave. We’ve made it easy for you to take the next step toward a proactive defense and invite you to join us for a complimentary 15-minute discovery call. On this call, we’ll get an idea of where your business stands to see if it makes sense to have further discussions. To do this, simply call us at 774-241-8600 or go to https://centrend.com/contact/ The era of digital privateering is upon us, but so is the opportunity for unparalleled growth and security. Let’s embark on this journey together, safeguarding your enterprise and securing its future in the digital frontier.

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I’ll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don’t become a further target. $43,000 Gone In The Blink Of An Eye Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank. You open it to find that you’ve just paid a company you’ve never heard of $43,000! This was an all-too-real situation for one small business owner a few weeks ago – and there’s NOTHING the owner, or police, or anyone else can do to get that money back. It’s gone forever. Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren’t taken for more. Here’s what happened and how you can keep this from happening to you. The E-mail That Started It All Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn’t a failure of judgment; it’s a testament to the sophistication of modern cyber threats. In this case, an employee in the accounting department received an e-mail from the company’s “CEO” saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away. This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion – they made and received large amounts of money often. The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away. The employee, thinking they were doing exactly what their boss wanted, set the attacker’s company up in the system, including their bank routing number, and made a payment. And the minute they hit “Send,” the money was never to be seen again. It wasn’t until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late. So What Happened? While it’s impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company’s systems. In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient’s computer, and that’s where things started to go wrong. Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently. And when the criminals determined the time was right, they “attacked” and walked away with $43,000 for their efforts. Home Alone While this scenario may sound far-fetched, it’s not new. If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes. Cybercriminals do the same thing, but from a distance, and you’d never know they were ever there. The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens. In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them. What You And Your Employees Need To Know To Help Thwart Attacks The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security. Cybercriminals operate in the exact same fashion, looking for companies that aren’t protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees. 3 Things To Do Right Now To Protect Your Company Whatever You Do, Don’t Do This!!! Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media. While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back. It’d be like having cash from your house taken, then going online and telling people exactly how it happened – you’re just inviting more people to come try to take your cash. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

The year of 2023 marked a significant turning point for cyber-attacks with the introduction and wide proliferation of AI (artificial intelligence), now in the hands of people who wish to do you harm and who are actively using it to find faster and easier ways to rob you, extort you or simply burn your business to the ground. As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid having to deal with it. Further, like overhyped weather reports, it’s also tempting to just ignore the warning signs, thinking all of this is just fearmongering rhetoric designed to sell stuff. However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months with 21% stating the attack was enough to threaten the viability of their business. This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money. Now, here are the 5 biggest developments in cyber threats you need to know about. If cybersecurity is a chess game, AI is the Queen, giving the person in possession the most powerful advantage for whomever plays it best. All cyber-related reports expect to see highly sophisticated deepfake social engineering attacks on the rise designed to separate you from your money. We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss. This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication), come into play. The expansion of remote work is a trend that is not going away; and with that comes an exponentially greater risk for cyber threats. From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk for being easily lost or stolen. Further, when people use their own devices or work remote, they tend to mix business and personal activities on the same device. That employee who frequents gambling or porn sites may be using the same device used to login to company e-mail or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts. There are an estimated 1.7 million ransomware attacks every day, which means every second 19 people are hacked worldwide. If you’ve been lucky enough to avoid this, know that someone else is getting hacked on a very frequent basis, and you are very likely to be hit. Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million. Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, even kitchen appliances, like a refrigerator, can be connected to the Internet to tell you when it’s time to change the water filter to alerting you if there’s a power outage. This means hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers. While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all provide access to you, your devices, e-mail, credit card and personal information. To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have in place “reasonable security” protections for their employees and clients. The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, issuing monetary penalties. Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cybersecurity Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

Have you ever searched for a specific website but landed on a completely different one after misspelling a letter or two in the URL? This deceptive tactic is known as cybersquatting. This practice not only jeopardizes the online presence of businesses and individuals but also poses a significant challenge in the ever-evolving landscape of cyber security. The scariest part is that you can be a victim of a cybersquatted domain and not even realize it. Here’s what you need to know about this type of cybercrime: What Is Cybersquatting? Cybersquatting, also known as domain squatting, involves the malevolent act of registering a domain name that is confusingly similar to that of a legitimate entity, be it a business, organization or individual. The primary motive behind this maneuver is often financial gain, with cybersquatters aiming to exploit the recognition and success of well-known brands. However, the repercussions extend beyond monetary losses, as cybersquatting can stain the reputation of its victims. Types Of Cybersquatting There are many types of cybersquatting scams, but here are the most common ones that you need to be aware of. Typos are easy to make, so misspelled domains can generate a lot of traffic. Here are a few examples: Lookalike: Microsofty.com Looking at these, you might not think they’d easily trick users, but they still do! How To Avoid Being A Cybersquatting Victim You can avoid being a cybersquatting victim by taking a proactive approach. Here are a few steps to take: Cybersquatting is only one method hackers use to cause chaos. Cybercriminals are constantly coming up with new ways to scam businesses and individuals alike. If you want to double down on security to make sure you and your company are protected from sneaky attackers, we can help. We’ll conduct a FREE, no-obligation Security Risk Assessment where we’ll examine your network security solutions to identify if and where you’re vulnerable to an attack and help you create a plan of action to ensure you’re protected. Click here to book a 10-minute Discovery Call with our team to get started.

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm’s entire Facebook account to be shut down. Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.  Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled. In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.  Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.  The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.  When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.  Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee. The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself: If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions and cryptocurrency wallets.  The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen. This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.  Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself: But remember, bank fraud can manifest itself in several forms, including:  To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.  Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge. Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.  Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account. And, as always, make sure you have strong cyberprotections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked. If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of the quarter strong and mapping out your plan to ramp things up in the new year. One area that small business owners often skip over when creating their new year strategy is cyber security planning. Cyber security is NOT an IT decision, it’s a business decision. Your company hinges on your ability to keep your data – and your clients’ – safe from cybercriminals. To create a reliable plan for the next year, there are a few cyber security basics that every business owner needs to be aware of to avoid being the next victim of a data breach. Cyber issues are becoming such a regular occurrence that it’s easy to become desensitized to the effects of data breaches, which can leave you vulnerable to an attack. Here are 10 BIG takeaways about cyber security that you should keep in mind. Your security depends on it! Hackers love that small business owners think this way because it makes them an easy target. If you have money or data of any size or amount, you are at risk. Takeaway – Protect your business and consult a cyber security expert on what you need. Takeaway – Invest some of your budget in cyber security training for your team. This is true for your web browsers too. If you get a notification about an available update, it often means that a bug or a vulnerability needs to be patched. If you don’t patch it, that’s a little hole in your network that hackers can and will find. Takeaway – Have your IT team run automatic updates and always manually update if prompted. Takeaway – Have an off-site backup and test it regularly to ensure it works properly. Takeaway – Use a VPN, or virtual private network, to keep your network safe from hackers while on the go. The cost of data breaches puts most small companies that get hacked out of business within six months. These can range from hundreds of thousands to millions of dollars, depending on the damage done. Takeaway – Invest in cyber security. Don’t play around and risk everything you worked hard to build. Being compliant means you are fulfilling all the requirements that the government has issued. This does not mean you are 100% secure; it means you have implemented the basics. Takeaway – Consult with a cyber security professional who deals with clients in your industry to make sure that you’re not only compliant but that you have the proper security systems in place to protect your organization. These are helpful, but they aren’t enough to keep you secure. Hackers are routinely finding ways to break through this software, so if you’re not implementing other security measures, you’re at risk. Takeaway – Consult with a cyber security professional to find out what you need. It’s often not as expensive as people think and will cost you WAY less if you ever become a victim of a data breach. When it comes to data breaches, whether you’re at fault or not, you’ll be the one to catch the blame from your customers, employees, attorneys, the media and more, and it will be ugly. Takeaway – You can prevent this by taking a proactive approach to cyber security. Take your security seriously in 2024. We offer a FREE, no-obligation Security Assessment. Even if you already have a cyber security company you work with, it can’t hurt to have a second expert opinion to assess if and where you’re vulnerable to an attack. We have limited spots available and expect to fill up before the holiday break, so if you’re interested, click here to book your assessment with our team now