Technology Information & News

New Whaling Schemes: CEO Fraud Continues to Grow

CEO Fraud

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas. While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel. It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time. Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds. Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media. This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization. You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office. According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Effects of A Data Breach on Small Business

Data Breach Small Business

The information that no business owner or technology director wants to hear: there’s been a data breach. These chilling words can put your brain into overdrive, trying to triage the problem before you even know the full extent of the problem. What will be the impact on customers? On staff? On vendors? Is this simply a temporary bump in the road, or will your business never truly recover? How you’re able to react and your level of preparedness will be the deciding factors in the level of devastation that a data breach can wreak on your business. A recent report from TechBeacon shows that it takes an average of 191 days — over six months — for companies to even identify a breach, much less begin remediation on the road to recovery. Even more frightening, with as many as 7 in 10 of all organizations in the U.S. suffered some sort of data breach over the past several years, with the average breach costing upwards of $3.6 million.

What Are the Immediate Impacts of a Data Breach?

Once you find that your organization has been the target of a cyber attack, your technology team and external vendor partners immediately create a plan of attack. This could include everything from launching an effort to stop the vulnerability that allowed the breach to ensure that your data is restored from external backups as needed. Each of these steps can take time away from your daily operations, while also negatively impacting your overall customer service, manufacturing, eCommerce and staff productivity in general. Plus, there are the additional costs associated with external consultants who are working quickly (and expensively!) to restore your operations and data access. There are also expansive regulatory issues to handle such as technical investigations and regulatory filings about the breach and impact on the public. You can quantify these costs with a little work, but there are some hidden costs that lurk behind the scenes in an extensive data breach. Organizations are reporting thousands of hours required by forensic analysts who are attempting to put together the true nature of the breach.

Loss of Data = Loss of Reputation and Loss of Business

Your customers trust you to be a secure citadel for their sensitive personal, health and financial information. How can you explain to the public that data breaches happen every day? Customers are much less likely to be understanding of your business challenges when they’re personally affected by a data breach. You need to have a plan in place to respond to data breaches urgently, transparently and with empathy, or you could lose a significant amount of business due to lack of consumer confidence in your organization. Finally, you’ll need to put a communication plan in place that includes informing all of your stakeholders about the data breach and how it could affect them. These costs and the time required to get your business back to full operations may make it sound appealing to consider cyber insurance.

Should I Invest in Cyber Insurance?

Just as with other business risks, it makes sense to protect against known threats such as fire, flooding — and cyberattacks. Unfortunately, cyber insurance can be incredibly confusing and there are no guarantees that the expensive investment you make in insurance will cover the specific incidents that could occur at your organization. Even comparing different benefits and offerings can be extremely complex and off-putting for business owners. Instead of buying this questionable insurance, many small to mid-size businesses are instead investing in cybersecurity solutions and comprehensive backup and data recovery strategies.

How Can I Protect My Business From a Cyberattack?

If you don’t have a plan in place to handle data breaches or other cyberattacks, it is never too late to get started! With an average cost per record of $148, according to the 2018 Cost of Data Breach Study, a little prevention against a cyberattack can pay major dividends in the future. Are you confident that your organization has all the safeguards and protective mechanisms in place to maintain adequate security or quickly discover a breach in the event of a cyberattack? A comprehensive cybersecurity solution provides you with a high level of protection that includes:

  • Active monitoring and reporting
  • Vulnerability assessments and remediation
  • Intrusion detection
  • Behavioral monitoring
  • Compliance reporting
  • Agile integration with internal platforms
  • Asset discovery
  • IT and business user training
  • Best practices and process recommendations
  • Extensive backup and disaster recovery planning

When you fail to plan for a cyberattack, you’re essentially planning to fail! In today’s world, it’s rarely a question of if your business will be targeted and more a question of when.

What Are the Benefits of Active Monitoring?

Working with a partner who offers active monitoring of your systems means you have a cybersecurity professional on your side at all times. Someone who is familiar with the footprint left behind by intrusions, and intimately knows the steps required to heal the breach and regain secure control of your systems. Your technology services partner should invest in ongoing education and recommend an aggressive security posture to protect your business. With active monitoring, you may still experience a cyberattack, but you may be able to limit the intrusion to certain systems or records — effectively saving as much of your data as possible through quick action in executing a pre-defined strategy.

As you can see, the effects of a data breach can be far-reaching and extremely expensive. It’s crucial that your business is fully prepared for any eventuality, and that includes an extensive data breach. The faster you’re able to identify the breach and heal it, the better your chances are for long-term business viability. Your technology services partner can provide you with customized recommendations to help protect your business from this pervasive problem.

13 Effects That You Can Apply to the Apple Messages App

Apple Message App

Back in 2018, Apple once again upgraded the iMessage app to include new messaging effects. Apple added these effects to enhance the messaging experience for iOS users. There are 13 different effects that you can use to add an attractive feature to your messages when using iOS 12 or later on an iPhone or an iPad. The bubble effects will also show up on iMessage for Mac.

Let’s look at the special effects that you can apply in the Apple Messages App.

How to Access the iMessage Effects

First, with messages open, enter some text. Type an easy message such as “Hello”. Then, force-press the blue arrow to the right. The effects screen appears. The effects screen is divided into categories that are posted at the top of the screen:

  1. Bubble effects
  2. Screen effects

Bubble Effects

There are four bubble effects:

  1. Slam: Stamps the bubble down and makes the entire screen ripple
  2. Loud: A giant bubble that shakes then settles
  3. Gentle: A tiny bubble that subtly slips into place
  4. Invisible ink: Covers the bubble in an animated blur  the blur disappears once you swipe the message.

Screen Effects

There are nine screen effects:

  1. Echo: The Echo duplicates text that floods the screen of the recipient.
  2. Spotlight: The incoming message is highlighted by a spotlight.
  3. Balloons: Ascending balloons burst onto the recipient’s screen.
  4. Confetti: Multi-color confetti sprays down from the top of the screen.
  5. Love: An expanding heart pops out of the message.
  6. Lasers: Lasers with sound effects shoot from one of the screen to the next.
  7. Fireworks: Multi-color fireworks explode from the center of the screen.
  8. Shooting stars: A starburst shoots from the left on the screen, blowing up as it reaches the right side of the screen.
  9. Celebration: Fireworks and other celebratory effects spread out across the screen.

Once you’ve decided which effect you want to apply, touch the blue upward arrow to send your message with the effect. You can also press the ‘X’ to return to the message screen.

By adding these effects, you can enhance your iMessage experience.

Instagram Users: Fake Copyright Infringement Notices

There’s a new scam targeting highly-trafficked Instagram accounts, and anyone with several thousand followers on their account — including businesses and clients — are fair game to the fraudsters. The scheme masquerades as a false claim of copyright infringement, according to Kaspersky Labs, who first noticed the new way influential and popular users are being cajoled into giving up their credentials to attackers.

Fake Instagram

How can you tell if your company or a client is in the crosshairs? The first sign of attack comes in the form of an official-looking email, seemingly from the team at Instagram.

“Your account will be permanently deleted for copyright infringement,” the email threatens. Tripwire reports in a recent article that the scam then requires action in the next 24-48 hours that involves “addressing the claim” and “verifying credentials.” This is where the user is required to type in the account’s password, which hands over the keys to the social media account to the attackers. It doesn’t end there, though — Tripwire warns that an “email verification” is required in addition to the credentials verification, where the user is asked to choose their email provider and give up the username and password for that login as well.

Kaspersky warns the false emails from Instagram are extremely similar to actual Instagram addresses. They include “mail@theinstagram.team” or “info@theinstagram.team.” Protecting your business or your clients from giving up the information in the first place is paramount — once the information is handed over, scammers can then demand ransom to return the account, spread malicious content across the page, and of course, change the information required to assert control over the account, like passwords and security questions. Tripwire encourages managers of popular Instagram accounts to enable two-factor authentication to make it significantly more difficult for attackers to gain access to the account. Kaspersky advises staying up-to-date on best practices, like avoiding suspicious links and only logging into Instagram through the official app.

Bill Gates Reveals Top 5 Healthcare Technologies for 2019

Bill Gates Top 5 Medical Tech 2019

After literally changing the world through technology, what does a retired billionaire Microsoft co-founder do for an encore? If his name is Bill Gates, he changes the world yet again. This time, Gates is exploring advanced cutting-edge technology to find healthcare solutions for the world’s most pressing issues. Serving as guest curator for the annual “10 Breakthrough Technologies” list published by MIT Technology Review, Gates revealed his top picks for 2019 – five of which happen to be healthcare technologies.

In introducing the list, Gates explains his choices and expresses optimism for how we can invent the future. “We’re still far from a world where everyone everywhere lives to old age in perfect health, and it’s going to take a lot of innovation to get us there,” he writes. “For now, though, the innovations driving change are a mix of things that extend life and things that make it better. My picks reflect both. Each one gives me a different reason to be optimistic for the future, and I hope they inspire you, too.”

Here are the top five healthcare technologies for 2019, as curated by philanthropist Bill Gates on his quest to change the world through innovative solutions.

1. Customized Cancer Vaccines

Things are getting personal in the world of cancer care and treatment. In a collaboration between German startup BioNTech and the biotech behemoth Genentech, researchers are conducting clinical trials with technology that customizes cancer vaccines for each individual. The approach attacks only cancerous cells rather than healthy ones using mRNA-based therapies, taking into account the patient’s genetic profile and specifics of the personal diagnosis.

2. Predicting and Preventing Premature Birth

Considering the millions of mothers giving birth to premature babies every year, Stanford University bioengineer Stephen Quake decided to do something about it. He has developed a genetic blood test that can identify which women are likely to deliver a premature baby, thereby increasing the likelihood of effective care and prevention. The test works by detecting fluctuations in specific genes related to premature births. Quake states that quick and easy test costs only about $10.

3. Ingestible Gut Probe for Easy Disease Screening

Harvard Medical School professor Guillermo Tearney, MD, PhD, who is also a pathologist at Massachusetts General Hospital, has created a swallowable gut probe that can capture images and screen for diseases such as environmental enteric dysfunction. The condition inhibits the absorption of nutrients, which adversely affects children in developing countries who are susceptible to malnourishment. According to the MIT Technology Review, the device has the potential to replace endoscopes and anesthesia, which can be cost-prohibitive for many people.

4. Wearable ECG Device for Everyday Use

Wearable devices such as the Series 4 Apple Watch are receiving advanced ECG technology that aims to equal heart monitoring done in a traditional physician’s office. The goal is to detect arrhythmia sooner and thereby reduce the potential for a heart attack.

5. Voice-enabled AI Assistants in Health Care

Artificial intelligence systems with voice-enabled technology, such as Alexa from Amazon and Siri by Apple, are being configured for HIPAA-compliant use in clinical patient care. Hospitals and clinics will be able to utilize the devices for things such as post-surgery care, checking blood pressure and increasing efficiency.

Why Is ITSM Important For Local Business?

ITSM

With today’s businesses moving a large portion of their information technology operations to the cloud, having holistic IT services management is more important than ever before. Making this shift provides organizations with an unprecedented level of flexibility, and cloud solutions are generally more affordable. However, you may find that you’re introducing a greater level of complexity as you bring on additional integrations and cloud-based solutions. Having a trusted IT services management partner allows you to focus on the core growth of your business while shifting the bulk of responsibility for IT operations to your services management team. See how making this move helps local businesses thrive.

What is ITSM?

Information Technology Services Management (ITSM) goes by a variety of different titles. You may hear this referred to as managed services, IT outsourcing, IT consulting and more — but it all boils down to finding a partner with the technical expertise to support your organization’s IT operations. Internal IT teams often retain responsibility for setting strategy and oversight, while the more tedious daily processes and larger integrations are moved offsite to your partner’s teams. This allows you access to a broader team of professionals with expertise in a variety of different platforms, infrastructure setups and methodologies.

How Does ITSM Help My Local Business?

As businesses grow, their technical challenges become increasingly complex and are often more than one or two IT professionals can handle internally. Working with an IT services management organization allows you to reduce inefficiencies in your business and reduce the workload on key technical staff. You’ll find enhanced operational efficiency and reduced operating costs, along with a vastly improved customer experience for your internal users and customers. With an external review of your software implementations, you are likely to enjoy enhanced access control and governance of your crucial business systems. Your IT services management professionals are also able to help bring consistency to your process and automate them whenever possible. You’ll find that your teams are able to collaborate more fluidly — both internally and with your customers or vendors.

What Types of Services Does an ITSM Offer?

The wide scope of the landscape — where there are thousands of solutions for each IT project — simply requires knowledge that is too broad for a single, small team. ITSM helps your local business by helping weed through some less-than-ideal solutions to find exactly the options that are right for your business.

This could include providing a range of platforms and services:

  • Cloud-based storage
  • Backup and disaster recovery procedures
  • Antivirus and anti-malware solutions
  • Office 365 and productivity software licensing and implementation
  • Active monitoring of your network for data breaches
  • Remediation and resolution management
  • Help Desk support
  • Software Integrations
  • Universal control dashboards
  • Threat assessments and staff training
  • WiFi and endpoint management

These are only a few of the solutions that a full-service ITSM partner can provide for your organization.

Will an ITSM Team Understand My Business?

Sure, it might take your technology professionals a bit to get up to speed on your specific core competencies and the challenges that your organization offers, but these individuals are accustomed to working with a variety of organizations and will quickly learn what makes your business unique. Plus, they’re able to leverage all of their knowledge of past engagements to help see what works, what doesn’t — and how to make the most out of the teams that are available. Your IT services management team will look across the organization at people, processes and technology in order to help visualize your work and understand where changes can be made to wasteful processes.

If your organization is embarking on a digital transformation project — or even if you’re simply trying to get your technology team out of the weeds with daily help desk requests — ITSM offers some true benefits for your business. You can increase the agility and responsiveness of your business while ensuring that daily business processes are interrupted as little as possible. See how ITSM concepts can help provide the cement that you need between your business and technology teams to lead your organization into the future.