Cybersecurity

“Know Ye That We Have Granted And Given License To Adam Robernolt and William le Sauvage…to annoy our enemies by sea or by land, wheresoever they are able, so that they share with us the half of all their gain.” These were the words of King Henry III of England as he issued one of the first letters of marque, effectively employing private sailors to bolster his naval power and fill the royal coffers, all under the guise of lawful privateering. This clever maneuver not only financed the kingdom’s ambitions but also paved the way for the discovery and plunder of new worlds, all at the expense of England’s adversaries. Fast-forward several centuries, and we find the essence of privateering alive and well, albeit in a new battlefield: cyberspace. Today, businesses, particularly in the United States, find themselves at the mercy of digital privateers. Recently, the FBI testified before Congress that the People’s Republic of China was preparing to “sow chaos” by taking down the US power grid, oil pipelines and water systems in the event of a conflict over Taiwan. As small business owners, you are not mere spectators in this digital skirmish but frontline warriors. The misconception that cyber security is a concern reserved for larger entities couldn’t be further from the truth. In reality, the agility and often less fortified digital defenses of small businesses make you prime targets for these modern-day privateers. The revelation of these threats isn’t meant to dishearten but to awaken a recognition of the critical need for robust cyber security measures. The landscape has shifted, and the onus is on you to protect your enterprise from digital marauders. The good news? There’s a silver lining in the form of unprecedented opportunity for those ready to fortify their defenses. Consider this: The investment in cyber security is not merely a safeguard but a strategic advantage. The narrative has evolved from viewing digital protection as an operational cost to recognizing it as a cornerstone of business resilience and growth. CEOs and business leaders are now acknowledging the indispensability of cyber security and integrating it into their core business strategies. So, where do you stand in this evolving scenario? This moment calls for reflection, for a candid assessment of your cyber security posture. Are you prepared for the digital equivalent of a storm at sea? Have you charted a course that not only navigates through these treacherous waters but also seizes the opportunities they present? The urgency cannot be overstated. The threats are real, and the consequences of inaction grave. We’ve made it easy for you to take the next step toward a proactive defense and invite you to join us for a complimentary 15-minute discovery call. On this call, we’ll get an idea of where your business stands to see if it makes sense to have further discussions. To do this, simply call us at 774-241-8600 or go to https://centrend.com/contact/ The era of digital privateering is upon us, but so is the opportunity for unparalleled growth and security. Let’s embark on this journey together, safeguarding your enterprise and securing its future in the digital frontier.

What you are about to read is a real story showing you how a business can be devastated by cybercriminals in the blink of an eye. Most importantly, I’ll share several ways this could have been avoided. Make sure to forward this to anyone who might be making online payments and, better yet, your entire staff. The name of the company and principals have been withheld so they don’t become a further target. $43,000 Gone In The Blink Of An Eye Imagine, on a normal Friday night after a long week of work, you glance down at your phone and see an alert from your bank. You open it to find that you’ve just paid a company you’ve never heard of $43,000! This was an all-too-real situation for one small business owner a few weeks ago – and there’s NOTHING the owner, or police, or anyone else can do to get that money back. It’s gone forever. Thankfully, for this company, $43,000 was a loss they could absorb, but it was still a huge hit and, frankly, they are lucky they weren’t taken for more. Here’s what happened and how you can keep this from happening to you. The E-mail That Started It All Imagine receiving an e-mail so convincing, so utterly devoid of red flags, that you find yourself compelled to act. This isn’t a failure of judgment; it’s a testament to the sophistication of modern cyber threats. In this case, an employee in the accounting department received an e-mail from the company’s “CEO” saying they were starting to work with a new company and needed to get them set up in the system and make a payment to them right away. This was NOT an abnormal type of e-mail, nor was the amount anything that aroused suspicion – they made and received large amounts of money often. The only telltale clue might have been that it came in on a Friday afternoon and it was made clear that it was an urgent matter that had to be handled right away. The employee, thinking they were doing exactly what their boss wanted, set the attacker’s company up in the system, including their bank routing number, and made a payment. And the minute they hit “Send,” the money was never to be seen again. It wasn’t until the CEO called minutes later, after receiving notification of the transfer, that alarm bells started to ring! But by then it was all too late. So What Happened? While it’s impossible to know what exactly occurred to kick off this chain of events, the most likely culprit is that an employee, possibly even the owner, received an e-mail sent by a cybercriminal weeks or even months earlier that allowed this person to gain access to some of the company’s systems. In all likelihood, the e-mail looked normal and had a link that, when clicked, downloaded software onto the recipient’s computer, and that’s where things started to go wrong. Over the following weeks, the cybercriminals accessed company communications, figuring out who the players were, and devised a plan to make it look like the CEO needed a vendor to be paid urgently. And when the criminals determined the time was right, they “attacked” and walked away with $43,000 for their efforts. Home Alone While this scenario may sound far-fetched, it’s not new. If you remember seeing the classic movie Home Alone, would-be thieves watched houses immediately preceding Christmas to determine which families would be away for the holidays so they could break into those homes. Cybercriminals do the same thing, but from a distance, and you’d never know they were ever there. The scary fact is, your system could be compromised right now, and you would have no way of knowing it, until an attack happens. In the cybercrime world, the kind of attack this company suffered is referred to as spear phishing. Criminals identify a single point or person in an organization who they believe could fall victim to a scam like the one that happened here, and they engineer a scheme to specifically target them. What You And Your Employees Need To Know To Help Thwart Attacks The sad fact is that there is no 100% safeguard against cybercriminals. But, just like our robbers in Home Alone, cybercriminals go after the low-hanging fruit. If your house has a gated entry, security system, outside cameras and lights, and has three vicious-looking dogs roaming around, would-be thieves are much more likely just to move on to a house without all these layers of security. Cybercriminals operate in the exact same fashion, looking for companies that aren’t protected and then targeting them specifically. So, the best thing you can do is have layers of protection for your company, along with education for your employees. 3 Things To Do Right Now To Protect Your Company Whatever You Do, Don’t Do This!!! Maybe the worst thing the owner of the company that lost $43,000 did was they then posted a video and story on social media. While their intentions were good because they wanted to warn other business owners not to fall victim to the same scam, they might as well have had T-shirts made with a big target on the back. It’d be like having cash from your house taken, then going online and telling people exactly how it happened – you’re just inviting more people to come try to take your cash. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cyber Security Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

The year of 2023 marked a significant turning point for cyber-attacks with the introduction and wide proliferation of AI (artificial intelligence), now in the hands of people who wish to do you harm and who are actively using it to find faster and easier ways to rob you, extort you or simply burn your business to the ground. As I write this, I’m well aware there’s a tendency to shrug and just accept the “we’re all gonna get hacked anyway” mantra to avoid having to deal with it. Further, like overhyped weather reports, it’s also tempting to just ignore the warning signs, thinking all of this is just fearmongering rhetoric designed to sell stuff. However, it truly is becoming a situation where the question is no longer IF your organization will be hacked, but WHEN. The Hiscox Cyber Readiness report recently revealed that 53% of all businesses suffered at least ONE cyber-attack over the last 12 months with 21% stating the attack was enough to threaten the viability of their business. This year is going to be a particularly nasty one, given the U.S. presidential election along with the ongoing wars between Russia and Ukraine and Israel and Hamas. Tensions are high and hacking groups are often motivated by revenge as well as money. Now, here are the 5 biggest developments in cyber threats you need to know about. If cybersecurity is a chess game, AI is the Queen, giving the person in possession the most powerful advantage for whomever plays it best. All cyber-related reports expect to see highly sophisticated deepfake social engineering attacks on the rise designed to separate you from your money. We’ve already seen scams using AI-generated voices of family members, calling relatives to claim they’ve been injured, kidnapped or worse, to extort money. This is also being used to hack into companies by getting employees to provide login information to people they think are their IT department or boss. This is where employee awareness training comes in, as well as controls such as MFA (multi-factor authentication), come into play. The expansion of remote work is a trend that is not going away; and with that comes an exponentially greater risk for cyber threats. From laptops being carried around and connected to suspicious Wi-Fi to mobile phones providing a “key” to logging into critical applications (like your bank account, Microsoft 365, line-of-business and credit card applications), these devices pose a high risk for being easily lost or stolen. Further, when people use their own devices or work remote, they tend to mix business and personal activities on the same device. That employee who frequents gambling or porn sites may be using the same device used to login to company e-mail or critical applications. Even logging into personal social media sites that get hacked can provide a gateway for a hacker to get to YOUR company’s information through a user’s (employee’s) personal accounts. There are an estimated 1.7 million ransomware attacks every day, which means every second 19 people are hacked worldwide. If you’ve been lucky enough to avoid this, know that someone else is getting hacked on a very frequent basis, and you are very likely to be hit. Last year, ransomware attacks increased by 37% with the average ransom payment exceeding $100,000, with an average demand of $5.3 million. Fortunately, not all ransom attacks are successful. Businesses are getting much smarter about cyber protections and have been able to put in place protections that prevent hackers from successfully extorting their victims IoT, or “Internet of Things,” is a term to describe the proliferation of Internet-connected devices. Today, even kitchen appliances, like a refrigerator, can be connected to the Internet to tell you when it’s time to change the water filter to alerting you if there’s a power outage. This means hackers have a FAR greater number of access points into your world. If there are 100+ more doors to walk through in a house, you have a much greater security risk than if there are only five. That’s why IoT attacks present such a problem for us, and a huge opportunity for the hackers. While many people know they should lock their PC, they might not be as meticulous in locking down their fridge or their dog’s tracking collar, but those could all provide access to you, your devices, e-mail, credit card and personal information. To try and combat the out-of-control tsunami of cybercrime, the government is initiating more comprehensive federal and state laws requiring business owners to have in place “reasonable security” protections for their employees and clients. The FTC (Federal Trade Commission) has been the most active in this space, bringing numerous actions against companies it alleges failed to implement reasonable security measures, issuing monetary penalties. Of course, all 50 states plus Washington D.C. have passed laws imposing security requirements as well as data breach notification laws that require businesses to notify anyone whose data and PII (personally identifiable information) has been stolen or accessed by hackers via the company. For example, in California, under the California Privacy Rights Act (CCPA), a business could face a penalty of $100 to $750 per consumer and per incident if that company gets hacked and the court determines they failed to put in place reasonable security procedures. Not Sure If You’re As Protected And Prepared As You Should Be? To make sure you’re properly protected, get a FREE, no-obligation Cybersecurity Risk Assessment. During this assessment, we’ll review your entire system so you know exactly if and where you’re vulnerable to an attack. Schedule your assessment with one of our senior advisors by calling us at 774-241-8600 or going to https://centrend.com/contact/

Have you ever searched for a specific website but landed on a completely different one after misspelling a letter or two in the URL? This deceptive tactic is known as cybersquatting. This practice not only jeopardizes the online presence of businesses and individuals but also poses a significant challenge in the ever-evolving landscape of cyber security. The scariest part is that you can be a victim of a cybersquatted domain and not even realize it. Here’s what you need to know about this type of cybercrime: What Is Cybersquatting? Cybersquatting, also known as domain squatting, involves the malevolent act of registering a domain name that is confusingly similar to that of a legitimate entity, be it a business, organization or individual. The primary motive behind this maneuver is often financial gain, with cybersquatters aiming to exploit the recognition and success of well-known brands. However, the repercussions extend beyond monetary losses, as cybersquatting can stain the reputation of its victims. Types Of Cybersquatting There are many types of cybersquatting scams, but here are the most common ones that you need to be aware of. Typos are easy to make, so misspelled domains can generate a lot of traffic. Here are a few examples: Lookalike: Microsofty.com Looking at these, you might not think they’d easily trick users, but they still do! How To Avoid Being A Cybersquatting Victim You can avoid being a cybersquatting victim by taking a proactive approach. Here are a few steps to take: Cybersquatting is only one method hackers use to cause chaos. Cybercriminals are constantly coming up with new ways to scam businesses and individuals alike. If you want to double down on security to make sure you and your company are protected from sneaky attackers, we can help. We’ll conduct a FREE, no-obligation Security Risk Assessment where we’ll examine your network security solutions to identify if and where you’re vulnerable to an attack and help you create a plan of action to ensure you’re protected. Click here to book a 10-minute Discovery Call with our team to get started.

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm’s entire Facebook account to be shut down. Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.  Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled. In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.  Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.  The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.  When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.  Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee. The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself: If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

The infamous Xenomorph Android malware, known for targeting 56 European banks in 2022, is back and in full force targeting US banks, financial institutions and cryptocurrency wallets.  The cyber security and fraud detection company ThreatFabric has called this one of the most advanced and dangerous Android malware variants they’ve seen. This malware is being spread mostly by posing as a Chrome browser or Google Play Store update. When a user clicks on the “update,” it installs the malware designed to automate the process of accessing your online accounts and extracting and transferring funds.  Besides being alert to this scam (and you should let your spouse, partners and family know as well), you should be aware of a few ways to protect yourself: But remember, bank fraud can manifest itself in several forms, including:  To protect yourself, use strong, unique passwords for your online banking accounts and never store them in your browser. Also, update your passwords monthly with significant changes to them, using uppercase and lowercase, symbols and numbers that are at least 14 to 16 characters.  Second, always turn on multifactor authentication (MFA) so you’re notified if anyone tries to log into your accounts without your knowledge. Third, set up alerts for large withdrawals. You can ask your bank to require a physical signature for wire transfers to protect you from someone taking money from your account without your signature.  Fourth, get fraud insurance that specifically covers employee and online theft so you are protected in the event a cybercriminal steals money from your account. And, as always, make sure you have strong cyberprotections in place for ANY device that logs into a bank account or critical application. Far too many businesses think that if their data is “in the cloud,” they are safe. Remember, your bank account is “in the cloud,” and the bank likely has a secure portal, but that doesn’t mean YOU can’t be hacked. If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.  It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Have you started business planning for 2024? The last few months of the year can get hectic, between trying to close out the end of the quarter strong and mapping out your plan to ramp things up in the new year. One area that small business owners often skip over when creating their new year strategy is cyber security planning. Cyber security is NOT an IT decision, it’s a business decision. Your company hinges on your ability to keep your data – and your clients’ – safe from cybercriminals. To create a reliable plan for the next year, there are a few cyber security basics that every business owner needs to be aware of to avoid being the next victim of a data breach. Cyber issues are becoming such a regular occurrence that it’s easy to become desensitized to the effects of data breaches, which can leave you vulnerable to an attack. Here are 10 BIG takeaways about cyber security that you should keep in mind. Your security depends on it! Hackers love that small business owners think this way because it makes them an easy target. If you have money or data of any size or amount, you are at risk. Takeaway – Protect your business and consult a cyber security expert on what you need. Takeaway – Invest some of your budget in cyber security training for your team. This is true for your web browsers too. If you get a notification about an available update, it often means that a bug or a vulnerability needs to be patched. If you don’t patch it, that’s a little hole in your network that hackers can and will find. Takeaway – Have your IT team run automatic updates and always manually update if prompted. Takeaway – Have an off-site backup and test it regularly to ensure it works properly. Takeaway – Use a VPN, or virtual private network, to keep your network safe from hackers while on the go. The cost of data breaches puts most small companies that get hacked out of business within six months. These can range from hundreds of thousands to millions of dollars, depending on the damage done. Takeaway – Invest in cyber security. Don’t play around and risk everything you worked hard to build. Being compliant means you are fulfilling all the requirements that the government has issued. This does not mean you are 100% secure; it means you have implemented the basics. Takeaway – Consult with a cyber security professional who deals with clients in your industry to make sure that you’re not only compliant but that you have the proper security systems in place to protect your organization. These are helpful, but they aren’t enough to keep you secure. Hackers are routinely finding ways to break through this software, so if you’re not implementing other security measures, you’re at risk. Takeaway – Consult with a cyber security professional to find out what you need. It’s often not as expensive as people think and will cost you WAY less if you ever become a victim of a data breach. When it comes to data breaches, whether you’re at fault or not, you’ll be the one to catch the blame from your customers, employees, attorneys, the media and more, and it will be ugly. Takeaway – You can prevent this by taking a proactive approach to cyber security. Take your security seriously in 2024. We offer a FREE, no-obligation Security Assessment. Even if you already have a cyber security company you work with, it can’t hurt to have a second expert opinion to assess if and where you’re vulnerable to an attack. We have limited spots available and expect to fill up before the holiday break, so if you’re interested, click here to book your assessment with our team now

College has changed since many of us were students. Years ago, we’d be shuffling from class to class, holding a single notebook and a pencil for scribbling down notes. There wasn’t as big a risk of photos or data being stolen online. That’s no longer the case. Students today have at least one – usually two or three – devices readily available. The scary part is, most college-age students think of themselves as tech-savvy “digital natives”; however, a study by Atlas VPN showed that Gen-Zers and millennials are the age groups most likely to fall for phishing scams. In fact, according to the National Cybersecurity Alliance, 20% of Gen-Zers have had their identity stolen at least once. Here are just a few of the terrifying ways cybercriminals attack this young crowd: Sadly, the list goes on and on! How can kids raised on technology fall for so many scams? Here are just a few of the big reasons why: What can you do? We have robust cyber security solutions and 24-hour monitoring to protect the businesses that we work with and can even recommend at-home security software, but what about when your kids go off to school, away from your watchful eye? You certainly can’t pack up and camp out at college to make sure they’re following cyber security best practices. But you can make sure they know what to look out for and give them the tools and resources to stay as safe as possible. Here are 14 actions your child can take to prevent being a victim of cybercrime when they’re off at college: Run through this list with your children! When students leave for college, cyber security is not a priority for them, but unfortunately, if they’re targeted it could negatively impact their lives at a time when they’re just getting started. Cyber security takes just a few minutes of conscious effort but is a critical lesson to learn in this age when nearly everything we do involves technology. The risks of cybercrime will only continue to grow. If your organization could benefit from cyber security training similar to this but more in-depth for employees, so they know the risks and best practices of cyber security, we can help. Start with a completely FREE Cybersecurity Risk Assessment by clicking here.

Cybercriminals know the easiest way to sneak under your radar is to pretend to be a brand you know and trust. These large companies have spent years on marketing, customer service, branding and consistency to build a trustworthy reputation, and hackers leverage this to go after you. The most common method is to use phishing attacks. These thieves set up URLs that look scarily similar to the real company’s website. To slip by your watchful eye, here are some of the simple switches hackers make that can go unnoticed: Some criminals will take it a step further and set up a web page that looks identical to that of the real website. When you click the link – via e-mail, SMS or even through social media – several dangerous results can occur. The first is that malware can be installed on your computer. Clicking a bad link can set off an automatic malware download that contains malicious files with the ability to collect personally identifiable information from your device, like usernames, credit card or bank account numbers and more. The second is the fake website will have a form to harvest your information. This could be login credentials, passwords and, in some cases, your credit or bank information. The third most common issue is an open redirect. The link might look legit, but when you click on it, you’re redirected to a malicious website where the intent is to steal your information. What brand impersonations do you need to look out for? Well, all of them, but according to Check Point’s latest Brand Phishing Report, there are 10 companies that top the chart in overall appearance in brand phishing attempts. Here Are The Top 10 Most Frequently Impersonated Brands In Phishing Attempts In Q2 Of 2023: Take a minute and ask yourself how many of the companies on this list send you regular e-mail communications. Even just one puts you at risk. Cybercriminals go the full mile with these scams. They know what types of messages work best for each company to get your attention. Here are three common phishing attacks cybercriminals have used under these brands’ good names to gain access to your private information. 1. Unusual Activity – These types of e-mails will suggest that someone gained access to your account and you need to change your password quickly. They leverage fear so people will click without thinking, hurrying to change their password before they’re a victim of the attack. They usually have buttons that say, “Review Recent Activity” or “Click Here To Change Your Password.” These e-mails can go as far as to show fake login information detailing the region, IP address, time of sign-in and more, like real messages from the companies do to convince you to click.  2.  Fake Gift Cards – These e-mails suggest that someone sent you an e-gift card. When you open the e-mail, they either redirect you to a website to “claim your gift card” or have a button to “redeem now.” 3.  Account Verification Required – These e-mails suggest that your account has been disconnected, and they need you to verify your information. As soon as you enter your login credentials, the hacker has access. These scams are happening every single day. You’re a target, but so are the unsuspecting employees in your company. Without proper training, they might not know what to look for, panic and try to resolve these “issues” under the radar, ultimately causing the problem. There are multiple steps to making sure your network is secure. One would be getting e-mail monitoring to help reduce the likelihood of these phishing e-mails ending up in your inbox. It’s also important to make sure employees know what to look for so that if an e-mail does get by the phishing detection system, they can still keep your company safe. The best thing to do is to start here with your FREE Cybersecurity Risk Assessment. We’ll evaluate your network and provide a full report on areas where you are vulnerable and what to do to fix them. There’s no obligation, but you should know where you’re at risk. Click here to schedule your assessment now.

Back in May, the company MOVEit, a file transfer platform made by Progress Software, was compromised by a Russian ransomware operation called Cl0p. They used a vulnerability in Progress’s software that was unknown to exist at the time. Shortly after the attack was noticed, a patch was issued. However, some users continued to be attacked because they didn’t install it. The software is used by thousands of governments and financial institutions and hundreds of other public and private companies from around the world, and it’s been estimated that at least 455 organizations and over 23 MILLION individuals who were customers of MOVEit have had their information stolen. Some of the organizations compromised include: The majority of those organizations (73%) are based in the US, while the rest are international, with the most heavily impacted sectors being finance, professional services and educational institutions. Cl0p is a type of ransomware that has been used in cyber-attacks since 2019. Data stolen is published to a site on the dark web – a section of the worldwide web where cybercriminals sell and trade information without having to reveal themselves. The ransomware and website have been linked to FIN11, a financially motivated cybercrime operation that has been connected to both Russia and Ukraine and is believed to be part of a larger umbrella operation known as TA505. What makes this attack so terrible is that many of the organizations compromised provide services to many other companies and government entities, which means it’s very likely their customers, patients, taxpayers and students were compromised by association. And yes, you’re probably one of them. The big question is, were you notified? For some reason, this breach didn’t make mainstream headlines, but when a company is compromised, they are obligated to tell you if your data was stolen. This can come in the form of an e-mail or snail mail letter. However, due to spam filters, e-mail delivery is clearly not a reliable way to ensure an important message is received, and organizing a letter for over 36 million people can take time. If you use the software, you need to ensure that all your passwords and PINs are changed ASAP and you must be on the lookout for any strange activity. Don’t use the same passwords and make sure they are at least 12 characters long, using uppercase and lowercase letters, as well as special characters and numbers. You should also ensure that MFA, or multifactor authentication, is turned on for all critical software applications and websites you use, such as Microsoft Office, QuickBooks, banking and payroll software, your credit card processor, etc. Want to know if your company’s information is on the dark web? Click here to request a free Dark Web Vulnerability Scan for your organization (sorry, we don’t offer this for individuals). Simply let us know your domain name and we’ll conduct the search for free and contact you to discuss what was found via a confidential review (NOT via e-mail). Questions? Call us at 774-241-8600.