Common Business Scams and How Your Organization Can Avoid Them

by

Preventing Business Scams Image by Tech Prognosis

Business scams by con artists are not new and seem to be evolving every day. You probably already know about, or have had some experience with, the most common ones – robocalls about winning a prize, computer problems, quick credit fix etc. Sometimes, it is an “invoice” that is supposedly from a business partner.

And in some cases, a business scam can come in the form of debt-collection notices, or dire warnings about an expiring web address, domain name or trademark if you don’t send money immediately.

There have even been reports of business scams involving toner cartridges or other office supplies showing up at offices out of the blue with a bogus bill.

The common thread with all business scams is that they attempt to sow fear, play on greed or plea to the kind-heartedness of people.

According to the Federal Trade Commission (FTC), these business scams by con artists succeed because the criminals are banking on the likelihood that most small and medium-sized businesses, churches, and not-for-profit groups will end up paying the bogus invoices in the mistaken belief they owe money or that it’s simply a misunderstanding.

The devastating aftermath of successful business scams though, is that the savings of many businesses and organizations are plundered before the scam is discovered. And the sad part of it all is that many are never caught thus making the scam industry a multi-billion-dollar enterprise. Research put it at over $50 billion annually.

Read more

Share

Credential Management Vulnerabilities Exposed By Breaches

by

Credential Management BreachThe recent breach of OneLogin is once again shining the spotlight on the safety and sanity of entrusting sensitive data to cloud-based credential management services. OneLogin provides single sign-on for cloud-based applications.

What Is A Credential Management Service?

Credential management services that offer Single Sign-On or SSO are great, but as we are beginning to find out, it could also be a single point of entry to a treasure trove of sensitive data for cyber criminals.

How Does A Credential Management Service Work?

The way credential management services work is that after a user of these Identity and credential management services sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications. It pretty much attempts to save the user the pain and stress of trying to remember numerous passwords, security questions and other hoops people normally have to jump through just to access some online services.

What Is The Problem With Credential Management Services?

While a lot of these services promise secure access to, and a simplified Identity and Access Management (IAM), the recent spate of multiple breaches of LastPass and now OneLogin makes us wonder just how efficient and  secure these credential management services really are. And here is why: a single compromise exposes the credentials of all users, especially if that data theft includes the ability to decrypt encrypted data [thanks to Mark Maunder of Wordfence for that emphasis].

A breach that allows intruders to decrypt customer data could be extremely damaging for affected customers.

The vulnerabilities in credential management services like LastPass were so bad that Tavis Ormandy, a security researcher at Google’s Project Zero wondered if people were “really using this lastpass thing” because he took a quick look and could see “a bunch of obvious critical problems”.

Read more

Share

How Nonprofits And Associations Can Prevent Ransomware Like WannaCry

by

Ransomware Prevention

On Friday May 11, 2017, the world learned just how vulnerable computer networks can be when not fully protected as it experienced a well-coordinated ransomware attack, known as WannaCrypt, or WannaCry.

Note: Ransomware encrypts files and makes them unusable unless payment (ransom) is made within a specified time. Malware and ransomware like WannaCry prey on weaknesses in network security systems due to out-of-date firewalls, operating systems and antivirus programs.

Are You at Risk?

That worldwide attack caused Britain’s National Health Services to cancel surgeries, shut down at least 40 major organizations across more than 99 countries, including a wide array of Russian and Chinese private and public institutions.
By the time the dust settled, this large world-wide cyber-attack, described by Europol as unprecedented in scale, infected more than 230,000 computers in over 150 countries.

Unlike previous ransomware, this attack did not spread by phishing emails, but used a leaked hacking tool or exploit called EternalBlue that was developed by the U.S. National Security Agency (NSA) to spread. The target of the ransomware were computer networks which had not installed recent software security updates (also commonly known as patching).

Read more

Share

Prevent Heat-induced Server Meltdowns From Draining Business Profits

by

Image of a Tech Prognosis umbrella protecting two servers from the heat of the sun to prevent heat-induced server meltdowns.

Could the Dog Days of Summer Be A Threat To Your Business? Prevent Heat-induced Server Meltdowns From Draining Business Profit

Heat-induced server meltdowns are usually a sign that the “dog days” of summer are upon us. Summer months have most business owners looking for ways to keep their company’s sales and profits HOT, while keeping their IT expenses COOL. But if proper attention is not given to the server and network equipment during the summer, all that heat outside can actually bring organization’s growth to a grinding halt and increase your IT expenses significantly.

Why do server meltdowns occur, and what are the costs?

Excessive heat can be a big problem for small to mid-sized business servers, because server that becomes overheated usually costs more in energy, fails more often and is more likely to crash. For most companies, a server crash can mean hours or days of downtime, unproductive employees, HUGE amounts of stress and thousands of dollars in lost opportunity.

How do you prevent server meltdowns?

Read more

Share

7 Critical Cyber Security Measures for Associations

by

Image of two hands attempting to grab a laptop with the words "Cyber Security" and "Password" on the screen

Your Computer Network Is Being Haunted, And Your Membership Association is Under Cyber Security Attacks.

Right now, Cyber Security attacks are being perpetrated by extremely dangerous and well-funded cyber crime rings using sophisticated techniques to hack into thousands of membership associations to steal credentials, credit cards, and other confidential business data with one goal in mind: blackmail the executives of these associations to recover data, and swindle money directly out of their organization’s bank accounts.

This new threat is called CEO Phishing, and it is a real threat. FBI also calls them “Business Email Compromise” (BEC). If you’ve recently received a bogus email supposedly from your Executive Director, Chief Financial Officer, or a member of the board asking for a bank transfer, you just got a taste of this threat.

82,000 NEW malware threats are being released every single day and HALF of the cyber security attacks occurring are aimed at small organizations just like yours. You just don’t hear about it because it’s kept quiet for fear of bad PR, lawsuits and sheer embarrassment.

The National Cyber Security Alliance reports that 1 in 5 small businesses have been victims of cyber security crime in the last year and this number is growing rapidly as businesses continue to move to cloud computing and mobile device, and to store more information online.

The worst part of this is that all the current security tools we pile onto the network are practically useless against these types of cyber security attacks because they target human beings. This is what is popularly known as social engineering attacks.

According to security experts, the most advanced antivirus software, firewall, spam filter, two-factor-authentication, intrusion detection system, secure web application firewall, and data encryption tools will not stop these types of attack.

What can you do?

Read more

Share

Avoid Four Common Business Office Move Mistakes

by

Image of movers and a deilivery truck

A business office Move always present a big pain for those involved, but it doesn’t have to be a horrific, expensive experience. The number one complaint from someone who’s experienced a “bad” move is, “I didn’t know I needed to…” followed closely by “I completely forgot that…” In other words, it’s what you don’t do that makes the move a disaster.

To make your business office move easy and effortless, here are the 4 most common  mistakes to avoid:

Mistake #1 — Not Using A Checklist
One common business office move mistake is not using a checklist. This may seem like a no-brainer to those who manage projects, but project management may not be a forte of someone placed in charge of your move (like an office admin, or the IT guy). Even those who use a list typically fail to make the list detailed enough.

Read more

Share
Share
Share