Entries tagged with “Data Security”.
Did you find what you wanted?
Dec 16 2014
An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.
Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.
While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.
FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.
“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”
Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.
Dec 12 2014
A major mail courier was recently the victim of a cyber security breach. The breach effected both employees and customers. The cyber criminals stole data that can potentially be used for identity theft.
It’s important that people are aware of this episode of data breach. Although there’s no evidence that the data was used maliciously, there’s still a cause for concern.
This case is just another reason why businesses should take additional steps to protect their financial data. According to recent article, the reason for the data breach was the mail courier’s employees weren’t following protocol regarding network security.
This means that it’s possible that the security breach could have been prevented. Managers aren’t the only ones who have to worry about cyber security. It’s a company-wide issue.
Cyber security works on two levels. First, businesses need to invest in the proper equipment to protect their network and data and prevent security breaches. Without the right infrastructure, businesses are putting their data at risk.
But even if businesses purchase the best equipment, it won’t mean anything if employees aren’t trained in cyber security. Businesses have to establish a strict cyber security policy and train their employees how to protect business data.
The mail courier is now conducting an internal investigation to find out what exactly caused the breach. Your business can avoid all of this by investing in cyber security and training your employees.
To talk more about how to prevent cyber security breaches, please contact us.
Dec 9 2014
Posted by Sara Davis
When fraud is improperly managed, it’s not only money and assets that are lost. Companies also lose intellectual property and people when trust in the company culture is lost. To be able to survive and thrive, fraud prevention is essential for all small businesses.
Preventing fraud in the workplace is not as simple as separating the accounts receivable and the accounts payable position. Management and administrators must also know who is most likely to commit fraud, and how the fraud can be detected.
Who is likely to commit fraud?
According to the Association of Certified Fraud Examiners (ACFE), males are twice as likely as females to commit fraud. Also, their average “take” is twice as high. Single perpetrators are twice as prevalent as groups when it comes to defrauding – 64 percent of all frauds are committed by one person. The losses from these individuals are staggering, nearly five times the amount of multiple perpetrators.
The largest losses are likely to come from the top, rather than the bottom of the organizational chart with owners and executives stealing far more than low-level employees. Long-term employees are much more likely to steal than the new people.
Much of this has to do with trust. Employers are more likely to place their trust in those individuals with a long tenure and a large amount of responsibility. For this reason, measures should be in place so that stealing is more difficult – these measures are called internal controls.
What are people most likely to steal?
The four types of assets most commonly stolen are: cash, inventory, information and securities. Although cash is the most common type of theft at 88 percent, securities fraud has an average loss of $1.85 million.
When it comes to fraud, “cash” is rarely in the form of greenbacks. Fraudulent disbursements are where almost 72 percent of theft occurs. Practices like “skimming” are when an employee accepts payment from a customer but does not record a sale. There is also “cash larceny” which is where an employee steals cash and checks from daily receipts before they can be deposited.
How to prevent small business fraud?
- A good set of internal controls is vital. Examples: Reconciling bank statements each month, splitting the financial processes over several people, and protecting cash and checks against unauthorized use.
- Implementing an anonymous tip line where fraud can be safely reported without fear of repercussion. This should coincide with company training about fraud and ethical behavior.
- Implementing a mandatory vacation policy. If an employee, particularly one in the financial departments, refuses to take a vacation, it can be because they cannot afford to have anyone look too closely at their activities.
- Open communication and perceptive hiring. If an employee begins to live above his or her means, fraud should be considered.
Please contact us for more information on fraud prevention in your business.
Dec 3 2014
Posted by Sara Davis
Regarding the matter of securing your accounts from cyber criminals, most purchasers have heard the online security warnings before. Avoid entering financial data at an unprotected computer and don’t reuse passwords over numerous sites.
The right security measures are mandatory in order to provide the continued financial success of your small business. Below are some do’s and don’ts that you should be aware of in regard to online security.
-Don’t be deceived into doling out classified information, including worker data, financial information or organization insights. Don’t react to messages or telephone calls that do not seem legitimate.
-Continuously erase suspicious messages and emails. Actually opening or seeing these messages can harm your computer and cause undesirable problems.
-Verify that your machine is running the most recent security patches, antivirus and firewall. Work in user mode, not administrator mode.
-Don’t leave delicate information around the workplace, this includes printouts containing delicate or private information. Lock them in a drawer or shred them. It’s simple for a guest to look around and see sensitive data. Keep your work area clean. It makes the workplace look more sorted out, and diminishes the danger of data leaks.
-Many applications seem authentic, such as antivirus software and tools. They may trick you into contaminating your system. On the off chance that you like an application and think it might be valuable, investigate it thoroughly before installing.
The extra expenses that some security measures require can be troublesome, yet the results of a breach are significantly more costly. One approach to add an additional layer of security is through banding together with an outside security vendor. They can assist you in discovering any vulnerabilities that may have overall gone unnoticed. If you’d like more information on online security tips for your small business, please contact us.
Dec 1 2014
Posted by Sara Davis
Data Breaches, Data Security
Are cyber security breaches regarding financial data important? We think so, and we really can’t understate the importance of knowing more about them.
Banks and financial institutions have been experiencing elevated numbers of cyber attacks. The frustrating thing is that customers could protect themselves much more if they would change their behavior, but they refuse. Some indications of customer disengagement include:
-Passivity-People leave it to the financial institutions to do everything and are not proactive enough. 45% have taken no protective measures.
-Reluctance to use safer technology-66% of customers surveyed say they fear that their information will be stolen, yet they are generally reluctant to use digital wallets.
-Misplaced priorities-Corporate executives form security plans, but fail to update them in a timely manner.
-Ignorance-Even the biggest companies aren’t aware of the nature of the cyber threats against them.
In the face of these facts, it is clear that industry must take the initiative to protect consumers. People are not adapting except to sometimes succumb to cash-only paranoia, which is wholly unnecessary. Moreover, even as some recognize that sitting out on the advantages of the tech-savvy financial ecosystem is not a solution, they take half measures to ensure security. That kind of strategy doesn’t win.
It then falls to banks to ensure that their customers’ information is not stolen. Four steps they take to proactively anticipate cyber attacks are to
-Detect-Predict whether an action is potentially theft before losses occur.
-Respond-Apply insights in real time to prevent or interrupt suspicious activity.
-Investigate-Execute inquiries with data analysis and state-of-the-art case management.
-Discover-Analyze reams of data quickly to identify patterns of financial crimes and fraud.
Contact us to learn more about cyber security and how we can help.