Entries tagged with “data security for small businesses”.


An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.

Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.

While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.

FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.

“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”

Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.

A major mail courier was recently the victim of a cyber security breach. The breach effected both employees and customers. The cyber criminals stole data that can potentially be used for identity theft.

It’s important that people are aware of this episode of data breach. Although there’s no evidence that the data was used maliciously, there’s still a cause for concern.

This case is just another reason why businesses should take additional steps to protect their financial data. According to recent article, the reason for the data breach was the mail courier’s employees weren’t following protocol regarding network security.

This means that it’s possible that the security breach could have been prevented. Managers aren’t the only ones who have to worry about cyber security. It’s a company-wide issue.

Cyber security works on two levels. First, businesses need to invest in the proper equipment to protect their network and data and prevent security breaches. Without the right infrastructure, businesses are putting their data at risk.

But even if businesses purchase the best equipment, it won’t mean anything if employees aren’t trained in cyber security. Businesses have to establish a strict cyber security policy and train their employees how to protect business data.

The mail courier is now conducting an internal investigation to find out what exactly caused the breach. Your business can avoid all of this by investing in cyber security and training your employees.

To talk more about how to prevent cyber security breaches, please contact us.

When fraud is improperly managed, it’s not only money and assets that are lost. Companies also lose intellectual property and people when trust in the company culture is lost. To be able to survive and thrive, fraud prevention is essential for all small businesses.

Preventing fraud in the workplace is not as simple as separating the accounts receivable and the accounts payable position. Management and administrators must also know who is most likely to commit fraud, and how the fraud can be detected.

Who is likely to commit fraud?

According to the Association of Certified Fraud Examiners (ACFE), males are twice as likely as females to commit fraud. Also, their average “take” is twice as high. Single perpetrators are twice as prevalent as groups when it comes to defrauding – 64 percent of all frauds are committed by one person. The losses from these individuals are staggering, nearly five times the amount of multiple perpetrators.

The largest losses are likely to come from the top, rather than the bottom of the organizational chart with owners and executives stealing far more than low-level employees. Long-term employees are much more likely to steal than the new people.

Much of this has to do with trust. Employers are more likely to place their trust in those individuals with a long tenure and a large amount of responsibility. For this reason, measures should be in place so that stealing is more difficult – these measures are called internal controls.

What are people most likely to steal?

The four types of assets most commonly stolen are: cash, inventory, information and securities. Although cash is the most common type of theft at 88 percent, securities fraud has an average loss of $1.85 million.

When it comes to fraud, “cash” is rarely in the form of greenbacks. Fraudulent disbursements are where almost 72 percent of theft occurs. Practices like “skimming” are when an employee accepts payment from a customer but does not record a sale. There is also “cash larceny” which is where an employee steals cash and checks from daily receipts before they can be deposited.

How to prevent small business fraud?

  1. A good set of internal controls is vital. Examples: Reconciling bank statements each month, splitting the financial processes over several people, and protecting cash and checks against unauthorized use.
  2. Implementing an anonymous tip line where fraud can be safely reported without fear of repercussion. This should coincide with company training about fraud and ethical behavior.
  3. Implementing a mandatory vacation policy. If an employee, particularly one in the financial departments, refuses to take a vacation, it can be because they cannot afford to have anyone look too closely at their activities.
  4. Open communication and perceptive hiring. If an employee begins to live above his or her means, fraud should be considered.

Please contact us for more information on fraud prevention in your business.

Small businesses don’t have many of the luxuries that large corporations enjoy. One errant transaction, for example, will affect a small business much more than it would a corporation. That’s why small businesses have to practice fraud prevention at all times.

A general rule of thumb would be that if anything seems too good to be true, than it probably is. But fraud prevention goes much deeper than this. Sometimes, businesses have to look out for seemingly normal transactions.

There are characteristics of suspicious transactions that all business owners should be aware of. On top of this, they should pass this knowledge on to employees so the entire company will be aware.

A recent Business 2 Community article talks about fraud prevention and describes some telltale signs of suspicious transactions. According to the article, businesses should always look closely at a buyer’s billing address:

“Be wary of unusually large orders placed online without any contact from the customer, or rush orders for large quantities or for expensive goods, warns Janet Attard, author of The Home Office and Small Business Answer Book. Other red flags: orders shipped to a different address than the billing address; orders from foreign countries; and billing addresses that don’t match the information on file with the credit card company.”

If a buyer actually lives at his or her recorded billing address, it would be relatively easy for businesses to respond to any foul play. But if the billing address is a fake, then businesses have no real way of tracking down the buyer.

We wish that we didn’t have to warn business owners about fraud, but that’s the reality we face today. You can’t just take a transaction for what it is. If you want to actually receive money, you have to have a system in place to prevent fraud.

To talk more about fraud prevention, or anything else, please contact us.

Regarding the matter of securing your accounts from cyber criminals, most purchasers have heard the online security warnings before. Avoid entering financial data at an unprotected computer and don’t reuse passwords over numerous sites.

The right security measures are mandatory in order to provide the continued financial success of your small business. Below are some do’s and don’ts that you should be aware of in regard to online security.

-Don’t be deceived into doling out classified information, including worker data, financial information or organization insights. Don’t react to messages or telephone calls that do not seem legitimate.

-Continuously erase suspicious messages and emails. Actually opening or seeing these messages can harm your computer and cause undesirable problems.

-Verify that your machine is running the most recent security patches, antivirus and firewall. Work in user mode, not administrator mode.

-Don’t leave delicate information around the workplace, this includes printouts containing delicate or private information. Lock them in a drawer or shred them. It’s simple for a guest to look around and see sensitive data. Keep your work area clean. It makes the workplace look more sorted out, and diminishes the danger of data leaks.

-Many applications seem authentic, such as antivirus software and tools. They may trick you into contaminating your system. On the off chance that you like an application and think it might be valuable, investigate it thoroughly before installing.

The extra expenses that some security measures require can be troublesome, yet the results of a breach are significantly more costly. One approach to add an additional layer of security is through banding together with an outside security vendor. They can assist you in discovering any vulnerabilities that may have overall gone unnoticed. If you’d like more information on online security tips for your small business, please contact us.