Cybersecurity

As former President Ronald Regan once said, the scariest words you’ll ever hear are “We’re from the government, and we’re here to help.” In this case, the government is trying to help by forcing nearly all businesses to implement and maintain a strong cyber security program to protect the customer information these companies host – definitely not a bad thing and all businesses should take this seriously without the government mandating it.  Sadly, the majority of small businesses don’t take cyber security seriously enough and believe they are doing enough to prevent a cyber-attack when they aren’t, which is why the government is having to step in and create laws (the GLBA Act) to enforce better security protocols. What Is The New FTC Gramm-Leach-Bliley Act Safeguards Rule And Who Does It Apply To? Back in April of 2022, the FTC issued a new publication entitled “FTC Safeguards Rule: What Your Business Needs to Know.” This was published as a “compliance guide” to ensure that all companies that fall under the Safeguards Rule maintain safeguards to protect the security of customer information. While you might think your business is “too small” to need to comply or doesn’t hold any data “that a hacker would want,” you’ll be shocked to discover you are likely to be wrong on both fronts. Hacking groups use automated bots to randomly carry out their attacks – and small businesses are their #1 target due to the gross negligence and inadequate protections they have. You are low-hanging fruit. That’s why it’s not only the obvious organizations, such as CPAs, financial institutions, and credit unions, that need to comply. Here’s a short list of just a few of the organizations that fall under this new law. You should know that this is NOT a complete list: Printers that print checks or other financial documents. Automotive dealers who provide financing for car purchases. Any organization that accepts credit or loans for the goods and services they sell, whether or not the credit is granted. Companies that do tax preparation or credit counseling of any kind. Real estate settlements, services or appraisals. Career counselors that provide services to people employed by or recently displaced from a financial organization. As you can see, the companies that must comply are growing rapidly. Bottom line, if you handle any kind of financial data or personally identifiable information, you need to make sure you are complying with these new standards. What You Need To Do Now The rule requires you to implement a “reasonable” information security program. But what does that mean? For starters, you need to designate a qualified individual to implement and supervise your IT security program – and you cannot outsource this. Yes, you can and should get a professional IT firm like us to guide you on the implementation, but the buck still stops with you. The person you designate doesn’t have to have a background in IT or cyber security – but they will be the person responsible for ensuring your company is taking reasonable precautions to comply with the new security standards. Second, the Safeguards Rule requires you to conduct a risk assessment to initiate an effective security program. From there, you would work with your IT company (us!) to roll out a plan to secure and protect the data you have by putting in place access controls, encryption, data backups, 2FA and a number of other protections. Cyber security is not something you do once – it’s an ongoing effort of protection as new threats evolve. If you want to see where your organization stands on cyber security, click here to sign up for a quick, easy and completely free Cyber Security Risk Assessment. That is the first step toward complying and will give you the information you need to know about your own security stance.

Training employees on anything can be an expensive process. You incur the cost of investing in necessary materials plus the time it takes away from your employees doing revenue-generating activities. But what’s worse when it comes to cyber security training is the expense you’ll incur if that training fails. Recent studies show that human error plays a role in a shocking 90% of data breach cases! Smart business owners are taking a proactive approach and training their employees on cyber security do’s and don’ts. While we applaud their efforts and encourage all owners to take this step, research suggests their efforts aren’t paying off. Despite their willingness to train employees, the number of data breaches continues to increase. What gives? We’ll be first to say it – cyber security training can be boring. And what happens during boring presentations? People aren’t engaged, so they tune out and miss the critical information needed to keep your company secure. After the presentation, they sign off, saying they have learned the lessons, but have they really or are they a ticking time bomb in your organization? The latter is likely true. If you want the information to stick, you must take some additional steps – and the most important is putting them to the test! According to Education World, interactive activities are six times more effective when learning and remembering material than simply listening to a lesson. You can incorporate this tactic by putting employees to the test to find out whether or not they can apply what they learned. One of the best ways to do this is to use phishing simulations. Here’s how the process works: A third party creates a realistic but fake phishing e-mail that shows identifiable signs discussed in the training. An example could be creating an e-mail that is similar to the CEO’s requesting private information, an outside company sending a bad link, etc. You can customize it to look like something relevant that your employees could potentially see and fall for. The employees are then put to the test. You choose which employees will receive what links and what dates the e-mails will be sent. Will they be able to identify the threats or will they fall for the scams? The results are collected and shared with you to develop more comprehensive training programs and help you identify which employees are your biggest risks so you can provide specific coaching. Another great way to use phishing simulations is to send out the tests before the training. When employees see that people in the company are making mistakes, they are more likely to pay attention to the lesson. It’s not enough to just teach the information! It must be learned and implemented every day to be effective and keep your organization secure. If you’re looking for effective cyber security awareness training for your employees, our team has a comprehensive program that will engage, teach and test your employees so you can have peace of mind knowing they are working to keep your company safe. Book a FREE call using the link to get in touch with our team and get started on your cyber security training session today. https://calendar.app.google/jSA1tteBxFJKnJkX6

An Arizona family was recently in the news warning others about how they were the target of a ransom call in which scammers used AI (artificial intelligence) to clone their daughter’s voice to convince the parents they had kidnapped their daughter, with the apparent goal of extorting money. DeLynne Bock, the mother of Payton Bock and target of the con, said she feels she can easily spot a fake scam call, but this was on a whole other level. According to the news story, the scammers called their home, where DeLynne’s husband answered the call. A man on the other end of the line was screaming and using foul language, saying his daughter had caused an accident, hitting his car, and couldn’t find her insurance. From there, he started making threats, saying he had her tied up in the back of his truck.  What made the call so convincing was the deep fake of her daughter’s voice on the other end of the line – pleading for help, crying. Unable to reach her daughter by phone, DeLynne called the police while her husband kept the man on the phone. “I called the police, and they’re saying, ‘This is possibly a scam situation.’ I said, ‘There is no way this is a scam. This is my daughter’s voice,’” DeLynne said. “This wasn’t just some person pretending. As a mother, you know your daughter’s voice, and this was my daughter.” Apparently, this wasn’t the first time this happened which is how the police were able to suggest it could be a scam. This is just the latest iteration of how hackers are using AI to produce deep fakes to extort money. AI and ChatGPT have been in the news recently for a reason – AI is an extremely powerful tool that, if put in the wrong hands, can do a lot of harm.  It’s not a stretch to imagine the use of AI to fake a CEO’s voice, signature, or writing style in an e-mail, text, call, or instant message to trick an employee into sending money or doing things that would severely harm the organization, such as providing a login or access to the company’s network, data or critical applications. Or similarly use this same type of approach to scam clients or patients into giving up confidential information or payments.  A report released by security experts at Home Security Heroes showed that 51% of common passwords could be cracked in less than one minute using an AI. Both the length and complexity of the passwords factored into the speed of successfully cracking the password, but even a complex password with seven characters using both uppercase and lowercase letters, numbers and symbols took just minutes to crack. This means it’s hypercritical for all business owners to no longer rely on strong passwords and simple antivirus to protect their organization.  Today, all businesses should have some type of security awareness training for their employees. For example, simply sharing this article and others we publish like them with them can go a long way toward making sure they’re always on high alert for scams; but sharing the occasional article is not enough. You should have some type of ongoing reminders and formal training so that it’s always top of mind. Employees AREN’T “too smart” to fall for these scams. If someone can trick a mother into believing her daughter has been kidnapped by duping her daughter’s voice, they can trick an employee into clicking on a link, giving them access or transferring funds – and it’s happening right now to a lot of businesses. Second, you need to work with your IT company to ensure they have implemented robust cyber security tools and protections, as well as disaster recovery protocols so if you are ransomed, you can be sure to recover your data. This is not an area to be cheap about. Most people stubbornly believe it won’t happen to them, or that it will be a minor inconvenience, not the costly, business-crippling, and devastating disaster that a cyber or ransomware attack can have. An ounce of prevention goes a long, long way toward minimizing your risk.   If you want to make sure your IT services provider is protecting you properly, click here (https://calendar.app.google/jSA1tteBxFJKnJkX6) to request a FREE IT Security Risk Assessment. This assessment is not time-consuming, invasive, or difficult to do, but will give you the unvarnished truth about your current security and whether or not you will be properly and brilliantly prepared for a cyber-attack.

“The biggest risk is the one you don’t take” is a mantra you’ll hear motivational speakers deliver in their presentations to make the argument that you should throw all caution to the wind and go for it (whatever “it” is). And while that may be a good piece of advice to get someone to take action on an idea (and get the speaker applause at the end of their presentation), truly smart, experienced entrepreneurs and business executives NEVER throw “caution to the wind” and take wild risks. They take calculated risks, weighing consequences and putting buffers, hedges, and checks in place to reduce the risk and potential losses. They look for the risk because they know unchecked optimism is not only foolish, but dangerous, and Murphy is always standing by with a big wrench in hand, ready to throw it into your best-laid plans. If you follow Warren Buffett’s two rules of investing, you’ll see this same caution: Rule #1 – Never lose money. Rule #2 – Never forget Rule #1. A good question to ask yourself is where are YOU putting your business and your money at undue risk? While you cannot prepare for and prevent EVERY risk in your business, one area where we see a lot of businesses taking huge, unmitigated risks is with their data and cyber security. Despite the overwhelming evidence that the risk and the financial consequences of cyber-attacks are enormous, we still hear, “Nobody is going to hack us…we don’t have anything they want,” or “We can’t get hacked because _____,” with the blank being things like “we use cloud applications” or “we have a good firewall,” “our people are too smart to click on bad links in e-mails,” or other similar “reasons” for their false sense of security. They explain it away. Candidly, it’s our belief that this is not founded in confidence and logical thought but based on willful neglect and a desire to avoid spending the funds necessary to truly secure their data, their business, and their finances. And while I completely understand that nobody wants to spend a lot of money on IT, the risk doesn’t cease to exist just because you choose to ignore it.  One of the smartest investors in the world, Howard Marks, CEO of Oaktree Financial, said, paraphrased, the less risk you perceive, the more risk there is. For example, if I don’t think there’s any chance I can die in a car wreck on my way to the store, I’ll fail to put on my seat belt, text while I drive, and be a lot less cautious about paying attention to the road than if I thought there was a very high chance I could be in a fatal crash. The lower the risk perceived, the higher the risk actually is, because we lower our guard and don’t protect against it.  That’s exactly why small businesses are the #1 target for hackers. They’re EASY prey. Sure, they don’t get the bragging rights of bringing down a company like Dole or hacking into Microsoft Azure, but hacking millions of small businesses for a few thousand dollars each in ransomware pays. You just don’t hear about these attacks because they don’t make the evening news, just like you don’t hear about the 6 MILLION car wrecks that happen every year. Only the big ones – or the ones that seriously impact rush hour traffic – get noticed.  If you are not all that certain that you are truly and fully protected against such hacks, click here (https://calendar.app.google/jSA1tteBxFJKnJkX6) to schedule a brief discovery call with us. We can conduct a quick and easy cyber security risk assessment and tell you for sure if your current IT company is protecting you, and what level of risk you’re at for a cyber-attack. It’s free and comes with no expectations or cost.  Remember, not all successes are measured in gains secured. Sometimes success is defined as losses avoided. If you were given the chance to go back in time and unwind 2 or 3 financial, business, or life decisions you’ve made, knowing what you know now, I’m sure everyone would take that opportunity. Most likely, you’d go back and warn yourself about dumb mistakes you made and put protections in place to avoid losses you incurred. Sadly, there’s no genie in a bottle to make that happen, so an ounce of prevention against cyber-attack IS, without a doubt, worth a pound of cure. Call us today for your FREE Cyber Security Risk Assessment.

Once upon a time, you could install antivirus software and go about your merry way online and in your inbox, opening, clicking, and downloading files without care. Today, antivirus alone cannot and will not protect you, especially if you INVITE the hack by downloading a file that is infected with a piece of code designed to circumvent your security protocols. Whether it’s a personal computer, phone, or laptop you use for business, here are 5 things you need to STOP doing now to ensure you don’t get hacked. STOP downloading apps from unknown sources. There are thousands of free apps available online that are very tempting to download. Hackers are masters at curiosity and “clickbait” designed to nail you in a moment of weakness. To prevent rogue apps and programs from installing, configure your devices to disallow the installation of programs from unauthorized sources. On your phone, ONLY download apps from your device’s respective app store that are tested and forced to meet the store’s security and privacy requirements.Business owners: while I’m sure all of your employees are trusting souls, it IS possible (and recommended) to have business machines locked down, preventing your employees from downloading any applications (or files) that could harm you and compromise your security. STOP surfing the web unprotected, particularly when accessing downloads. This is particularly true if you are on public WiFi. Starbucks is not going to guarantee your Internet connection is safe, nor is any other business, restaurant, or location offering free Internet access. Talk to your IT company (that’s US!) about installing more than just antivirus, but endpoint protection solutions, like a VPN, that will “hide” you from cyber criminals and filter out nefarious websites and attacks so you CAN use public WiFi without the fear of inviting a hack. STOP opening and downloading files e-mailed to you without extreme caution. Phishing attacks via e-mail are still the #1 way hackers gain access to a network. It’s very common for an attacker to hack into someone’s e-mail and get their list of friends, colleagues, coworkers, and their boss to send e-mails that appear legitimate on “their” behalf, even using their actual e-mail – these are highly sophisticated phishing attacks. So, before you open or download ANY file e-mailed to you, make sure it was the one you were expecting. It’s far safer to use IT-managed file sharing like OnDrive, SharePoint, or Citrix ShareFile to send attachments. But the bottom line, if ANY file “feels” wrong or suspicious about a file download, including a weird extension or suspicious file name, CALL the person who sent it to verify. If it’s important, they can send it again. STOP downloading “bloatware.” It’s common for legitimate, reputable apps to sneak in other applications or toolbars you don’t need. They sell this as a sponsorship to make more money every time one of their users downloads an app. The best way to spot these is to look for checkboxes when installing that automatically opt you into services by default. So, before you hit “Next” and keep rolling to get your app installed, take a second to really read and review what you’re agreeing to when installing that new app. STOP downloading music, software, games, movies, and the like from websites like BitTorrent, RARBG, 1337x, and similar peer-to-peer file-sharing sites. It’s very common for file-sharing networks to be breeding grounds for hackers who post files infected with malicious software for people to download. Some of the ads on these sites are malicious as well. Don’t feel “safe” just because you have antivirus – because you’re not.  Business owners: after showing this to your team for both their work and personal devices, click here (https://calendar.app.google/jSA1tteBxFJKnJkX6) to schedule a quick 10-minute call to find out how we can implement security systems that will give you stronger protections against hackers and against employees who accidentally click on or download a malicious file. 

In his book The Road Less Stupid, Keith Cunningham makes this correct observation about succeeding in business: “I don’t need to do more smart things. I just need to do fewer dumb things.”  When it comes to cyber security, I see a lot of dumb decisions made by smart people based on gross ignorance about what can happen or the desire to stick their proverbial heads in the sand to avoid having to spend the money and time to protect their assets.      One of the biggest mistakes is thinking you won’t get hacked because you’re too small, or because you “don’t have anything the hackers would want.” Allow me to point out that you’re not too small to get hacked, but you are too small to make headline news. Millions of small businesses get hacked every year – they simply don’t talk about it because of the potential liability, bad PR, and loss of client and marketplace trust. They’re embarrassed.      Further, you’re right – hackers, for the most part, don’t want your stuff, unless you happen to have medical records, credit cards, social security numbers, etc. Those are very valuable digital assets that can be sold on the dark web marketplace – and cyber criminals are in it for the money. But more to the point, YOU want your stuff, so they’ll kidnap your information and hold it for a ransom to extort money from you. Kidnappers don’t steal a child because they want to start a family. They steal your children because YOU want your children and they know you’ll pay anything to get them back, safe and sound.      So it goes with ransomware. When all of your work files and e-mails go away, very few businesses can pick up from ground zero and keep operating without any losses. Perhaps the solo operator working from home, but certainly not a small business that has been operating for several years with multiple clients and employees producing work for clients.      Another excuse I’ll hear for not implementing cyber protections is, “Since I’m going to get hacked anyway, why bother spending so much money on cyber security? I’ll just get an insurance policy, back up my data, and take the hit.”      While that might sound logical, here’s why it’s a gloriously stupid plan…      Insurance companies are in business to make money, NOT pay out policy claims. A few years ago, cyber insurance carriers were keeping 70% of premiums as profit and only paying out 30% in claims. Fast-forward to today and those figures are turned upside down, causing carriers to make drastic changes in how cyber liability insurance is acquired and coverages paid. In fact, the CEO of Zurich Insurance Group recently predicted that cyber-attacks are set to become uninsurable.       Today, getting even a basic cyber liability policy requires you to prove you have certain security measures in place, such as multifactor authentication, password management, endpoint protection, and tested and proven data backup solutions. These carriers want to see phishing training and cyber security awareness training in place, and some will want to see a WISP, or written information security program, or a business continuity plan from your organization. Depending on the carrier, your specific situation, and the coverage you’re seeking, the list can be longer.      Also, hackers are onto your backup plan and create ransomware attacks to not only take your data but also corrupt your backup. The additional threat is that if you don’t pay, they’ll release your files online for all to see, including payroll information, ALL e-mail communications, client contracts, and more. Do you really want that in the hands of competitors and the general public? Insurance won’t cover that.      Bottom line: having cyber-protections in place cannot guarantee you will never get hacked, but it CAN dramatically prevent the damage done and absolutely will block the majority of attempts, preventing you from being low-hanging fruit.       Wearing a seat belt, having a safe car, and practicing good driving behaviors (like don’t text and drive) won’t guarantee you’ll never be in a car wreck – but if you do those things, the risk of getting into a crash go down dramatically AND your chances of coming out alive and unharmed will obviously increase.  Want a FREE, confidential assessment of your current cyber security status? Click here to schedule a quick 10-minute call to start a discussion and see if you could benefit from a more robust cybersecurity plan.

A little over a year ago, the FTC made several amendments to the existing Safeguards Rule requiring even very small businesses to ensure the protection of client data. These changes, set to go into effect back in December of 2022, are now going to be enforced starting June 9, 2023 – and it’s very likely that your business, regardless of how small or how your tech is being handled, WILL be required to implement certain new security protocols. The Safeguards Rule was originally created for financial institutions. However, the new amendments broaden the definition of financial institutions to include real estate appraisers, car dealerships, and payday lenders. The FTC goes so far as to include any business that regularly wires money to and from consumers. These organizations are required to develop, implement and maintain a comprehensive security program to keep their customers’ information safe. Here are the provisions you must implement: Designate a qualified individual to oversee their information security program. That means someone at these companies needs to be trained in information security, receive continuing security education, and be in charge of ensuring the organization is correctly executing the written information security plan. If no one on your team meets this requirement, we can provide someone. Develop a written risk assessment. A risk assessment is done in two parts: one, a technical scan, and two, a questionnaire designed to reveal common security loopholes. This is typically outsourced to an IT firm like ours and needs to be reviewed annually (by law), but best practices should be quarterly if not monthly in situations where a business is handling a lot of sensitive information and the tolerance for risk by the owner is low. If you need this risk assessment, contact us. Limit and monitor who can access sensitive customer information. For example, don’t give your entire team access to your credit card processing system. Only allow one employee (the one who works in it day in and day out), as well as one backup person (possibly you, the owner), to be able to log in and access this information. Encrypt all sensitive information. Again, this is typically done by an outsourced IT company like ours, unless your company is large enough to have a robust cyber security team that can handle it. “Sensitive information” is not just medical records and credit cards, but clients’ e-mail addresses, phone numbers, Social Security information, driver’s license information, and birthdays. ALL of this can be used by hackers to exploit your customers using the data you host. Train security personnel. Employee awareness training is another key component to not only this law but also to get and keep insurance coverage on cyber liability, crime, and other insurance policies. Develop an incident response plan. Specifically, if (when?) you get compromised, you need to have a plan in place for how you will respond. This is also another service we offer to our clients but should be reviewed by your insurance agent, leadership team, board, and other key players in the organization. Periodically assess the security practices of service providers. This law also requires you to ensure any companies you are doing business with – specifically ones where sensitive information is shared – are secure and compliant. This may include requiring that vendors state in their contracts that they are adhering to the Safeguards Rule and to certain security frameworks, like CIS or NIST. Implement multifactor authentication or another method with equivalent protection for any individual accessing customer information. Also known as “2FA,” this process ensures anyone logging in to your accounts must authenticate that request via another device, such as a cell phone or e-mail.  If you want to discuss this new rule with us and how to get started with a Risk Assessment, click here https://calendar.app.google/jSA1tteBxFJKnJkX6 to schedule a phone consultation to discuss your concerns, questions, and specific situation. If you prefer, you can call us at 774-504-5558.

What do these three real e-mails have in common?  Kohl’s Winner – “Notifications – Re: 2nd attempt for Paul” WalmartStores – “Re: CONFIRMED: Paul you are selected” Lowe’s Winner – “Congratulations Paul! You Are The Lucky Online Winner Of A Brand-New Sweepstakes Dewalt Power Station Entry No, “Paul” isn’t the luckiest person in the world but, as you might have guessed, the target of cybercriminals.   All three of the above are examples of real recent e-mail scams* that were sent to hundreds of thousands of e-mail addresses with the goal of getting unsuspecting “winners” to provide personal information. This includes things like asking for a Social Security number to “verify” your identity before sending you the award you won. Or getting banking information so they can send you your monetary prize. Of course, they aren’t doing either of those things but rather using that information to steal from your accounts, steal your identity or simply sell the data on the dark web to others who will find ways to use that information. So, how does this affect your business? According to Symantec Security Center (https://www.broadcom.com/support/security-center), the average employee receives a scam e-mail about twice a week. That means companies with just 10 employees would be targeted up to 1,040 times a year!  While your employees may be too smart to actually provide their Social Security or bank account information, did you know that just clicking on a link in an e-mail can open up their computer (and every other computer and network it’s connected to) to a variety of risks? At best, it could just let the sender know the link was clicked and that it’s an active account, which will then often trigger more spam, and often make that account the target of more attacks.  At worst, simply clicking on a link could download a malicious file – like a virus, malware, or spyware – that then compromises the entire network and could record logins and passwords and access client databases and bank accounts.  Or it could lead to a scammy website (often made to look legitimate) where your employee could enter confidential information inadvertently. Obviously, none of these are good outcomes for your employee or your company. In 2020, attacks like this cost small businesses over $2.8 billion in damages, according to the US Small Business Administration, with costs of up to $653,587, according to Verizon. The good news is that there are easy and free ways to protect your employees and your business from these scams, like properly training employees about cyber threats, as well as inexpensive technical solutions like blocking known spam and prohibiting access to illegitimate websites. While these protections are low in cost, NOT having these training and protections in place could be disastrous for your company.  To eliminate worrying about the 1,040+ bad e-mails your employees get and hoping that none of them will EVER click on a bad link, go on the offensive and make sure they never even get these e-mails in the first place, and even if they do, the sites are blocked if they click! To see how to stop being a sitting duck and instead take control of your security, simply call us at 774-504-5558 or go to https://calendar.app.google/jSA1tteBxFJKnJkX6  to set up a quick call, and we’ll walk you through your options. *You can check the facts on these scams and get the details. For the one from “Kohl’s Winner,” go to https://www.youtube.com/watch?v=Hu-c_E8tkD0; from “WalmartStores, go to https://corporate.walmart.com/privacy-security/fraud-alerts/; from “Lowe’s Winner,” go to https://bestlifeonline.com/lowes-air-conditioning-message-scam-news/ Also, visit: https://www.sba.gov/blog/protect-your-small-business-cybersecurity-attacks https://www.verizon.com/business/resources/reports/dbir/2021/smb-data-breaches-deep-dive/

Have you ever had a conversation about a topic, and then later that day you start seeing news, ads, or updates about that subject, and said to yourself, “This can’t be a coincidence”? Well, you’re probably right.  According to Norton, who you may remember as an antivirus software company and who now also owns LifeLock, your smart devices ARE listening to you because that’s their job. However, you probably didn’t realize how much they are listening to you or what they do with the information they collect. In this blog, you’ll see that your devices are listening to you and using and distributing the information they get, and how to protect yourself while still using the features these smart devices offer. Chances are when you activated Siri, Alexa, or Google Assistant, it asked you to accept the terms and conditions, which you did, without reading or listening to them. A quick search of the terms for Siri (https://www.apple.com/legal/privacy/data/en/ask-siri-dictation) advises you that: When you use Siri and Dictation, your device will send other Siri Data, such as: Contact names, nicknames, and relationships (for example, “my dad”), if you set them up in your contacts Music and podcasts you enjoy Names of your devices and those of your Family Sharing members Names of accessories, homes, scenes, shared home members in the Home app, and Apple TV user profiles Labels for items, such as people’s names in Photos, Alarm names, and names on Reminders lists Names of apps installed on your device and shortcuts you added through Siri And Google states (https://policies.google.com/privacy): We will share personal information outside of Google if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary. We may share non-personally identifiable information publicly and with our partners – like publishers, advertisers, developers, or rights holders. For example, we share information publicly to show trends in the general use of our services. We also allow specific partners to collect information from your browser or device for advertising and measurement purposes, using their own cookies or similar technologies. These are just some of the highlights from their privacy policy, which is a lengthy 15 pages.  You’ve got to remember, the privacy policy isn’t there to protect you – it’s there to protect the companies that create them! So, what do you do? Do you stop using smart devices, get rid of your phone and build a house in the woods? That’s probably a little extreme for most, so here are two things that actually make sense. First, you can take some basic actions to disable a few of the “eavesdropping” features built into your smart devices. Norton (the antivirus people) has a three-step way to do that at: https://us.norton.com/blog/how-to/is-my-phone-listening-to-me Second, you need to know that if your data is going to be stolen, it’s probably NOT through Alexa, Siri, and Google.  Most data breaches come from malicious links in e-mails; old, unpatched security vulnerabilities in software; and unsuspecting employees taking actions they shouldn’t be taking. These risks can be mitigated and monitored, and existing vulnerabilities can often be eliminated, simply by having the right software updates installed.  While it’s a little weird that Apple may know that your favorite musician is actually Taylor Swift, it’s much worse if your business data gets stolen or locked down and you’re out of business until you pay ransom to hackers.  Click here to schedule a brief 10-minute call https://calendar.app.google/jSA1tteBxFJKnJkX6 discuss your situation, needs, and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data are safe.

ROI Revolution estimates that e-commerce sales will eclipse $236 billion this holiday season. While that’s the most popular time for consumers to purchase online, in 2021 over $2 billion a day was made in online purchases. Chances are you and your employees make purchases weekly personally and for your business. And…chances are that cybercriminals are doing their best to capitalize on this to steal credit card numbers, logins and passwords and even you and your customers’ banking information.  If they don’t follow these four practices to stay safer (notice I didn’t say safe) buying online, they could be exposing themselves and your business to identity theft, fraud, and more. Don’t reuse passwords from site to site. If you use the same password for multiple sites, when one company’s records get breached (which happens every day) a criminal now has access to multiple accounts. So make sure you use different passwords for different sites. This does make things slightly more complicated for you, but it also makes it infinitely harder for cybercriminals.  Check the URL in the address bar. One indication that a website is secure is that it either has a small lock symbol to the far left of the URL or “https” in the URL. If you see a lock that’s unlocked or just an “http,” the site is not secure – do NOT provide any credit card information or bank account details.  Don’t use a debit card to pay – only use a credit card. This way, if someone is able to access your account, you won’t lose what’s currently in your bank account. And most major credit cards have a $50 or less liability policy if unauthorized charges are made. So it’s important to watch those statements. If you do feel you’re the victim of fraud, make sure to contact your credit card company immediately. Be wary of any texts or e-mails about package deliveries. Even if you have something you’re tracking, go back to the site you originally purchased from to check notifications that way. Any links from an unknown sender could infect the device you’re on, which could expose you to viruses and malicious software.   While there are plenty of cybercriminals happy to scam consumers, who they really want to go after are businesses because they have much deeper pockets and there are multiple ways they can cause havoc.  Click here to schedule a brief 10-minute call https://calendar.app.google/jSA1tteBxFJKnJkX6 to discuss your situation, needs and concerns. If appropriate, we can conduct a simple security assessment for free to know for sure if your network and data is safe. To schedule a 10-minute call to make sure all hybrid employees have all the tools necessary to protect your company’s data, visit https://calendar.app.google/jSA1tteBxFJKnJkX6or call us 774-241-8600.