HOME

June 1st, 2016

Fake login screens overlay the original banking one and are triggered when the application is launched and closes after the user fills their personal data. Image from a report by Security Week, 3/10/16.

We work hard to keep you abreast of all the latest ways hackers and digital robbers are trying to steal your identity and your money. The latest is APP-alling in our opinion.

Sitting innocently on Google Play are about a dozen apps imitating banking and payment apps, and designed to get you to download them. The mobile banking applications targeted by the malware include those from Commonwealth Bank and Wells Fargo. The issue of hacker apps isn’t new (at least in tech years). The issue is that Android consumers generally expect Google Play to be a safe location to download apps from, making them that much more dangerous.

According to the Huffington Post, “Google does scan apps for security concerns before making them available to users, but bad actors have found ways to worm around the checks.”

Further complicating data security for Android consumers, ITWire reports that Android’s recent API modifications to allow adware may have allowed malware to sneak in. According to the report, “These threats function by learning what application is operating in the foreground, pushing it to the background, and then pushing a fake lookalike screen to the foreground. This screen looks like a banking application and is used to steal victims’ information.”

Even if the malware slips through, it still needs the consumer to give it permission to take over. Hackers intentionally use information and brands familiar to individual consumers to lower their shield just enough to sneak in. This Trojan Horse approach to manipulating human nature is called “social engineering,” and it’s well worth reading our recent blog, “Social Engineering: Bad People Tricking Good People,” to fully understand how integral it is to data security susceptibility.

One of the most consistent ways to spot a bad app (or email) is spelling errors, bad grammar, etc. If something doesn’t look right – or if your gut tells you something is off – don’t download the app and don’t give an app permission to access your data.

As always, we will continue to monitor the tech news for the latest tricks so that you’re educated on what to look for. At Sinu, we want you to be well educated because all the walls in the world won’t protect you if you open the door to the wrong person by accident.

For more information about how to keep your data safe, download our whitepaper: Oh, the Humanity! The Role People Play in Data Security.

Topic Articles
June 1st, 2016

Easier search function for iOS raises privacy concerns

Google just released a new keyboard for iOS devices that may well revolutionize an endless chain of events involved in iPhone web searching by keeping the search function right within the keyboard itself. They call it the Gboard and it holds promise.

Whether one is searching for the address of a restaurant, or a “You’re Awesome” GIF, Gboard allows the user to search from within the keyboard without leaving the app itself.

For instance, if you are texting back and forth to someone and a question comes up that requires searching from the browser (i.e., where to go to lunch with a customer). With Gboard you no longer have to switch to the browser app, search, copy the info you were looking for, then go back to the text app to paste the information to send. (See the short video that explains the Gboard.)

One drawback is that Apple does not allow third-party keyboards to access the microphone, which means users can search the web from their keyboard, just not with their voice. A quick switch of the Gboard back to the keyboard fixes this.

Critics also note that Gboard reverts back to the regular keyboard frequently. This is particularly frustrating when going from one text conversation to another, especially since the Google Swype function works remarkably better than the traditional keyboard.

Another serious concern is privacy and data security. A recent MacWorld report, “Google’s Gboard doesn’t send your keystrokes, but it does leak chicken and noodles” does a good job of outlining the debate. Top of the list: Are we sending too much information to the search giant?

However, TechCrunch reports, “Of course, allowing Google to become deeply integrated with your keyboard raises some questions around data retention and privacy. The app allows you to clear your search history and your personal dictionary, but this presumably only affects the locally installed app. (We’ve asked Google to clarify its data retention policies, and are waiting to hear back.)”

Apple Insider reports: “Perhaps predicting the backlash that would come with the release of a system keyboard from the world’s largest collector of personal information, Google is quick to point out that it will collect only “anonymous statistics” in order to “diagnose problems when the app crashes and…know which features are used most often.”

Apple offers a frank description of the risk of using any third party keyboard when you enable Allow Full Access. However, it is always a good practice not to use a third-party keyboard to type in sensitive information on your device and to be wary of open Wi-Fi networks. (For more information about Wi-Fi security, see “How to protect your data when using public Wi-Fi.“)

Topic Articles
May 31st, 2016

2016May31_BusinessValue_ANot long ago, uploading a video to the internet was still a new and novel concept, but now we have access to multiple services for live video streaming. Most of these are free and offer great opportunities for increasing your visibility with little to no investment. Let’s take a look at 6 different ways you can utilize live internet video to increase your business value.

Business Introduction/Behind the scenes

If your company is new or suffering from low visibility, one of the best things you can do is give customers direct access to your staff and your product. A great use of live video is to take viewers on an office tour, show them how a product is made or even broadcast your business’s launch event.

Make sure to invite as many viewers as you can, but remember that most live broadcasts can be saved and viewed later. This is a video you’ll likely want to keep available after it’s finished.

Ask Me Anything (AMA)

Depending on your product or service, you may be getting a lot of conceptual questions about innovative ways to use it, what direction the company is heading and so forth. There’s no better way to address these questions than to do so in a personal and unscripted AMA segment.

If there’s a good turnout make sure to keep questions and answers moving in relevant and interesting directions. There’s nothing wrong with updating everyone on what you had for breakfast, but addressing service bugs or product feature requests is going to be a lot more beneficial for wider audiences.

How-to

Whether it’s a soon-to-be-released product or simply rehashing an existing one that’s getting lots of support requests, there’s no better way to guide customers through a ‘how to’ process than step-by-step, face-to-face.

Not only does this help to show existing clients the best way to use your product or service, it also allows potential consumers to see both your product and your customer service philosophy in action. Saving these videos can be invaluable as you continue to get questions on the product or service outlined in these videos -- it’s an easy way to build a video reference library for sales and support.

Webinar

Although all of the previous uses can be categorized as ‘customer service’, there’s no reason you can’t simply open a help desk broadcast and invite viewers to join with their support questions. If you advertise this as a customer service broadcast and steer clear of any conversations that deal with non-support related questions, you may be able to tackle more than one client’s questions at a time and no one can ever complain that contacting your support line is frustrating or tedious.

Announcements

All of the live broadcast services are deeply integrated with social media. Whether it’s Twitter or Facebook, post updates about an upcoming announcement along with a scheduled time and take the chance to make your product or service announcement far more interesting and personal than a press release or faceless status update.

Text based announcements and pre-recorded videos severely limit how you address the ‘fine-print’ questions from customers. Think of this as a chance to hold your own personal press briefing and address questions after your scripted announcement.

Promotions

In the same vein as live announcements, use social media to promise a special promotion to anyone who tunes in to a live broadcast. Before it begins, create different thresholds for how big the promotion will be depending on participation. Once you begin, check how many viewers you have to decide whether to augment or reduce the scope of what you want offer. In addition to being a more dynamic method for releasing promotions, it will create motivation among your customers to interact more directly with your company.

Socialmediatoday reports that Facebook users spend three times longer watching live broadcasts than pre-recorded video. Combine that with Facebook’s announcement that live videos are more likely to be promoted to the top of news feeds and you’d be crazy not to utilize live broadcasts.

However, there are a handful of different services to use for live video broadcasting and deciding which one is the best for you can depend on a lot of different variables. Call us with any of your questions and we’ll be happy to assist you in adding value to your business with today’s best live video services.

Published with permission from TechAdvisory.org. Source.

Topic business
May 20th, 2016

2016May20_BusinessContinuity_AJust because your IT provider has a plethora of awards and certifications under its belt doesn't mean that you can blindly hand over your business’s future to them. Often times, there are some aspects in your business continuity plan that tend to be overlooked by your provider. We have rounded up some of these issues that could appear when you enact your business continuity plans.

Over-optimistic testing

The initial testing attempt is usually the most important as it’s when IT service providers can pinpoint possible weak points in the recovery plan. However, what usually happens is a full transfer of system and accompanying operations to the backup site. This makes it difficult to look at specific points of backup with too many factors flowing in all at the same time.

Insufficient remote user licenses

A remote user license is given by service providers to businesses so that when a disaster strikes, employees can log in to a remote desktop software. However, the number of licenses a provider has may be limited. In some cases, more employees will need to have access to the remote desktop software than a provider’s license can allow.

Lost digital IDs

When a disaster strikes, employees will usually need their digital IDs so they can log in to the provider’s remote system while their own system at the office is being restored. However, digital IDs are tied to an employee’s desktop and when a desktop is being backed up, they are not automatically saved. So when an employee goes back to using their ‘ready and restored’ desktop, they are unable to access the system with their previous digital ID.

Absence of communications strategy

IT service providers will use email to notify and communicate with business owners and their employees when a disaster happens. However, this form of communication may not always be reliable in certain cases such as the Internet being cut off or with spam intrusions. There are third-party notification systems available, but they are quite expensive and some providers sell them as a pricey add-on service.

Backups that require labored validation

After a system has been restored, IT technicians and business owners need to check whether the restoration is thorough and complete. This validation becomes a waste of time and effort when the log reports come in a manner that is not easy to compare. This usually happens when IT service providers utilize backup applications that do not come with their own log modules, and have to be acquired separately.

These are just some of the many reasons why business continuity plans fail. It is important for business owners to be involved with any process that pertains to their IT infrastructure. Just because you believe something works doesn’t necessarily mean that it works correctly or effectively. If you have questions regarding your business continuity plan, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Topic business
May 17th, 2016

2016May17_Security_AImageMagick, one of the internet’s most widely used image processing services, is susceptible to attacks that may put your site at a huge risk of exploitation, according to recent reports. The discovery of this vulnerability means attackers could potentially steal your site’s data, or corrupt it entirely. Let’s take a look at what your SMB should be doing to protect itself from this security flaw.

What is ImageMagick?

ImageMagick is a tool that allows sites to easily crop, resize, and store images uploaded by third parties. Vendors continue to improve user interfaces and experiences by consolidating functions into all-in-one packages, which means administrators are becoming increasingly unaware of what specific services they are actually utilizing. ImageMagick is deeply integrated into countless web services and many webmasters may not even be aware they are using this unsafe software.

How can an image make my site vulnerable?

Recently, it was discovered that images can be uploaded that force ImageMagick into executing commands and permitting attackers to remotely insert harmful code into vulnerable sites. Images are actually made up of complex code that is translated into photos, icons, etc. Different file extensions use what are called “Magic Numbers” to define their file types. Manipulating these numbers allows attackers to exploit a flaw in ImageMagick. The service scans the uploaded file, and attempts to decode the source information whenever it detects the file is not what it claims to be. Scanning that code and attempting to rectify the file misappropriation can then trigger whatever was hidden inside the image and result in remote command of your site.

How should I protect my site?

ImageMagick has admitted knowledge of the security flaw and promised to release a patch very soon. Until then, experts advise implementing multiple workarounds to keep your systems safe. However, if you're not well acquainted with your web server and its code, then it's wise to consult an expert instead of attempting these changes on your own.

For those who are familiar, follow these steps. The first is to temporarily incorporate lines of code that preemptively block attackers from exploiting these holes. Those lines of code, and where to insert them, can be found here.

The next step is double checking that any image files utilizing the ImageMagick service aren’t hiding any harmful information. This can be accomplished by opening an image file with a text editor, and checking for a specific set of letters and numbers at the beginning of the text that define what type it is. The list of these “Magic Numbers” can be found here, and will reveal if an image is hiding its true purpose.

Ideally, administrators will halt all image processing via ImageMagick until a patch is released from the developers.

Data security is one of the most crucial aspects of any SMB, however, keeping up with the constant flow of security exploits and patches can be overwhelming for administrators of any ability level. Why not contact us to learn more about keeping your network secure and protected from exploits like this one?

Published with permission from TechAdvisory.org. Source.

Topic Security
May 13th, 2016

2016May13_SocialMedia_AAre your tweets not getting enough exposure? With so many other social media campaigns out there, it can be tricky to get the attention of followers in Twitter. While posting regularly and writing bold headlines are important in grabbing the audience’s attention, there are other Twitter tactics that you should be employing in order to get the most retweets. Listed below are just a few ways to maximize your company’s reach over Twitter.

Schedule your tweets

There is absolutely no point in tweeting out any content if your audience isn’t even awake for it. That’s why it’s important for you to tweet at the right time to get the most retweets. Usually people won’t be retweeting in the morning and are more likely to retweet around 2pm to 6pm EST. However, if your followers live in different time zones and countries, the time you should be tweeting may vary. Twitter tools like Tweriod track down the geographical distribution of your audience and pinpoints the optimal time you should be tweeting to get the most retweets.

Use links

The next time you tweet out something, try embedding a link in your post. Whether it’s news, sports or celebrity updates, people will put some effort in keeping up-to-date with their interests. Studies have also shown that links to instructional posts get the most amount of retweets as well. The problem is, 140 characters is not enough content for your followers. So by satisfying your audience’s curiosity, you motivate them to pay you back by sharing your tweet out to their friends.

Ask for retweets

This is perhaps the most obvious tactic to get some retweets. Using call to action phrases such as “please retweet” significantly increases your chances of a retweet. Of course, you probably aren’t the only one asking for retweets. Adding something to sweeten deal, like a prize for one lucky person who retweets you, gives people incentive to do so.

Use visuals

Intriguing images can inspire retweets. Images are a great way to convey a lot of information in a short amount of time, and social media users love that. Some have found that, using colorful images and infographics in their tweets significantly increased their engagement rates and found that more followers were retweeting their content. It’s probably because there’s just more content to engage with other than a witty 140 character thought.

Use retweetable words

Research has shown that some words are more retweetable than others. Words like you, twitter, please, retweet, post, blog, social, free, media, help are the top 10 most retweetable words. However common-use words in any conversation such as “lol, haha, work, sleep or watching” are less likely to get retweeted. Unless you’re someone incredibly famous, it’s best to avoid using conversation filler words and stick to the buzz words that encourage people to share your tweets out to everyone they know.

Use quotes

Quotes express a lot in one simple line, making it perfect for any Twitter posts. Depending on your audience, a thoughtful quote can really move their fingers to click that retweet button. The next time you’re running out of ideas for tweets, dig up some good quotes relevant to your topic to get those retweets going. However, don’t continuously plug in quotes into your tweets. The trick is to do it occasionally, so you don’t risk people tuning out of your tweets.

#Hashtag

You’ll notice that the more popular tweets tend to have at least one hashtag. Using hashtags on keywords helps categorize your tweets with similar ones, giving your posts a bit more reach and, hopefully, more retweets. Just make sure you don’t overdo it as #thiscanbequiteannoying.

We get that small business may find it tough getting their name discovered among so many social media accounts. But if you consider some or all of these Twitter tactics, you have a better chance of getting more eyes on your tweets. If you want to learn more about useful Twitter tactics to increase your exposure and engagement, give us a call today.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
May 3rd, 2016

2016May3_BusinessIntelligence_AFrom free information products such as ebooks to brochures and email campaigns, today’s marketers have a wealth of tools and tactics at their disposal. While content marketing and social media garner most of the attention in the marketing world, it’s easy to forget about tried and true techniques that are as effective today as they were twenty years ago. Recent data supports that one age-old sales tool in particular is still incredibly effective today, and even beats out some newer marketing tactics. What is it? Let’s take a look.

What is one thing every consumer has in common? They all love to save money. This is why the marketing technique of offering coupons is still as effective today as it was decades ago. Shocked? Don’t believe this is true? Well, let’s explore some statistics.

A recent report by Valassis, a large marketing firm that serves clients across the globe, provided some enlightening information on the effectiveness of coupons. Here’s what they discovered in terms of how coupons influence consumers.

  • 82% of all consumers are more likely to buy from a brand they wouldn’t normally because of a coupon
  • 85% are influenced to try a new product because of a coupon
  • 84% are more likely to switch brands because of the weekly specials on offer
  • 24% choose to shop at another brand’s store over their preferred because of better advertised bargains
This same report also uncovers some interesting data about brand loyalists, revealing that 78% are more likely to buy from a brand they wouldn’t normally patronize, due to a coupon. While this number is surprising close to the amount of total consumers influenced by coupons (as mentioned in the first bullet point above) this next bit of data may come as more of a surprise: 43% of brand loyalists have a more positive view of a company that offers coupons over those who don’t.

While this recent report goes a long way to revealing the benefits of coupons, how do they compare to another common marketing offer used today: free information products?

The appeal of coupons over information products

According to one marketing firm based in Waterford, Connecticut, a coupon was chosen 9 out of 10 times over an ebook when offered simultaneously. This raises an interesting question: why would a coupon be more effective than a free ebook or other information product? Let’s look at some common psychology triggers at play here.

Broad appeal - simply put, coupons have mass appeal. While information products are likely to be seen as more valuable to those with a higher education, a coupon can appeal to all income brackets - from the very wealthy to the very poor.

Instant value - to gain results from an information product requires a time investment and action. For example, if a customer receives a free 30 page ebook that explains how to get the best discounts on electronic equipment, he or she needs to read the book and then take action (and possibly create a plan) to gain the rewards of that time investment. Many consumers would rather spend their time doing something else, but a coupon on the other hand offers immediate value. Simply hand it over to the service provider, and you save money instantly. What’s not to love about that?

Uniqueness - the online marketplace is flooded with free information products. While they’re still an effective tool to gain a prospect’s email address, far fewer businesses offer coupons on their website, especially in the small business sector. By offering a coupon, you provide a free offer that immediately separates you from the pack.

The point here is that just because a marketing tool is popular doesn't mean it’s the most effective. This is why we encourage you to review data and statistics before implementing any marketing technique in your business. It can save you a whole lot of time and also make your business stand out.

Want more valuable business information that can help you connect better with your customers? Curious to learn how IT can help collect data more easily? Call us today to find out more.

Published with permission from TechAdvisory.org. Source.

Topic business
May 3rd, 2016


Photo from report by Sports Business Daily, “Biometric technology speeding entry at ballpark gates,” 11/16/15.

Whether it’s convenience-oriented apps, electronic tolls, or even pre-ordering your latte at Starbucks, consumers are seeking solutions that moves them through their day faster and easier. People want to think as little as possible about basic tasks, and companies are leapfrogging through technology to be that “frictionless” solution.

In many cases, this is creating unexpected “friction” in the area of privacy. Creating a seamless system often requires giving up elements of privacy. For example, if someone makes a payment by Paypal, consumers usually opt to store their credit card information in the cloud with Paypal to make it easier. More and more, people are making decisions to give up their personal information so long as the benefit is a more efficient lifestyle.

But the New York City-based company, CLEAR, is taking the lead on closing the gap between convenience and security at airports through biometrics. For an annual membership fee of $179, CLEAR members get their own line at participating airports (13 to date) with a 30-second verification using biometric identification that clears the current bottlenecks facing most travelers.

Anyone who has checked their watch while standing in line knows just how stressful it can be to be powerless to move the line faster. CLEAR claims you can get through security in less than five minutes, because of their exclusive “CLEARlanes” at airport security checkpoints. You skip the line and go straight to screening.

The benefits of using biometric identification to enhance security and convenience goes beyond airports for CLEAR. In the wake of increased terrorist threats, security screening are being used to protect attendees at high-profile events. Major League Baseball (MLB) began requiring fans to go through metal detectors last year, and, in response, CLEAR Sports launched in four stadiums – including Yankee Stadium – allowing fans to skip the security lines and get to their seats faster.

Security screening is just the beginning according to CLEAR CEO, Caryn Seidman-Becker, who sees a future where you can even buy a hotdog with your fingerprint. CNBC reported, “While Seidman-Becker sees congestion at airports as a clear opportunity, she wants to push biometric identification even further. The company is testing a pilot program in San Jose, California, where members show up at the airport, put their fingers on the CLEAR machine to prove their identity and their boarding pass immediately comes up.”

Biometric identification is not new. The iPhone 5S unveiled its TouchID fingerprint authentication technology back in September 2013 and many companies are beginning to integrate similar technology. ABI Research predicts that by 2021, the biometrics market will reach $30 billion as the industry shifts toward consumer electronics and banking. For enterprising companies who use technology to build bridges between physical and data security, this means a horizon of market opportunities. For consumers, it means technology will continue to reduce the time it takes to accomplish basic tasks while promising to boost the security of those actions.

“In the [conflict] between providing a great buying experience and making sure that this is really secure, biometrics is the way to provide higher security but also a better experience – it’s a win-win,” Intelligent Environments CTO Clayton Locke told TechWeekEurope.

Topic Articles
May 3rd, 2016


U.S. Office of Personnel Management computers were breached last year using a social engineering scam. Photo from New York Times report, “Hacking of Government Computers Exposed 21.5 Million People,” 7/9/15

Social engineering is the psychological manipulation of people into performing actions or divulging confidential or sensitive data for the purpose of fraud and/or system access. It is often difficult to identify the attacker because it is just one layer in a sophisticated hacking scheme.

Whenever someone has information about us, we are more likely to trust them. One type of social engineering scheme, referred to as “spear phishing,” uses an email sent to a particular person inside an organization and tailored to appear as though it had come from a contractor, bank or other trustworthy source. Instead, such emails contain a link which, when clicked on, lead to malware that is downloaded onto the person’s computer or device. From there the remote access tool – or RAT – is employed to hunt through the computer network or even infect other people’s computers. Approximately 70% of cyber-attacks on businesses involved social engineering.

Social engineering really hit the radar screen in 2013, when Target customers found out that information was stolen from 40 million credit and debit cards. Investigators suspect the attackers initially gained access to Target’s network using credentials obtained from a HVAC subcontractor via a phishing email that included the Citadel Trojan. Target has worked for 3 years to settle the financial damages caused by the breach which is estimated at $162 million (after insurance reimbursements). The lesson learned in this case is to require better security from third-party contractors and limit the network access those parties are provided.

One of the most shocking data breaches in the past year affected the U.S. Office of Personnel Management. Personal information for about 21.5 million people was stolen, including Social Security numbers and some fingerprints. The New York Times reports that “every person given a government background check for the last 15 years was probably affected” and “hackers stole ‘sensitive information,’ including addresses, health and financial history, and other private details.”

While social engineering schemes are difficult to prevent entirely, there are a number of steps you can take help avoid these types of attacks:

  • Create a culture of security in your organization. Educate your employees and implement a data security policy.
  • Be sure that all your system patches are up-to-date. (Sinu does this automatically for its customers.)
  • Use the best anti-virus software. While anti-virus software cannot eliminate social engineering schemes, it can help mitigate its effects and that of other malware. (Sinu monitors the market closely to adopt new security products as technology evolves.)
  • Reduce and control local admin rights.
  • Commit to strong passwords. Change passwords every six months and use two factor authentication whenever possible. (See Sinu blog for more detailed information on creating strong passwords.)
  • Learn to identify spoof emails. (See our blog on this topic.)

Whether it is through malicious emails or fraudulent phone calls, social media has made social engineering easier. From finding out your work history on LinkedIn to knowing the names of your friends and family on Facebook, it is easier for hackers to use details from your personal life to gain your trust. The key is to be diligent and train yourself and your employees what to look for and how to avoid situations that put your valuable data at risk.

For more information about data security, download our brief, Oh the humanity: The role people play in data security.

Topic Articles
April 28th, 2016

2016Apr28_Security_AKnow thy enemy. When it comes to hackers, most business owners get hung up on the technical and mechanical details of a cyber attack forgetting another important aspect: motive. Why are they attacking people and organizations in the first place? And who are they targeting? By answering these questions you’ll have a better understanding of what resources need the most protection in your business.

Script Kiddies

When it comes to skill level, Script Kiddies are at the bottom of the totem pole and often use scripts or other automated tools they did not write themselves - hence the name. With only an elementary level of technical knowhow, Script Kiddies usually don’t cause much damage...usually. The Script Kiddy virus known as the Love Bug which sent out an email with the subject-line “I LOVE YOU” fooled millions of people, including some in the Pentagon, in the early 2000’s. The virus reportedly caused around 10 billion in lost productivity and digital damage.

So who is a Script Kiddie? Most of the time they’re simply bored youth looking for a thrill or notoriety. Many never evolve into a full-time hacker, and instead just use their skills as a hobby. Oddly enough, many Script Kiddies find a career later on working in the security industry.

Hacktivist

If you’ve heard of Anonymous, LulzSec or AntiSec, then you’re familiar with Hacktivists. These groups are made up of members of varying skill levels, all the way from Script Kiddies to some of the most talented hackers in the world. Their mission is largely politically motivated as they aim to embarrass their targets or disrupt their operations, whether that be a business or government body. Two of the most common ways they attack their target are by stealing sensitive information and exposing it or denial of service (DDoS) where a server is overloaded till it finally crashes.

As a small or medium-sized business owner you are not necessarily immune to Hacktivist disruption. If your business or a company you’re associated/partnered with participates or provides services that can be seen as unethical, such as Ashley Madison (who fell victim of a major Hacktivist attack last year), then you too may be targeted by Hacktivists.

Cyber Criminals

Often talked about in the media and well-known by most SMBs, cyber criminals are after one thing: money. Their targets run the gamut, including everyone from individuals to small businesses to large enterprises and banks. But what do these targets usually have in common? They either have a very valuable resource to steal or their security is easy to exploit...or a combination of both of these. Cyber criminals can attack in a number of ways including using social engineering to trick users into providing sensitive information, infecting an organization/individual with ransomware or another form or malware, or exploiting weaknesses in a network.

Insiders

Perhaps the scariest type of hackers are the ones that lurk within your own organization. Insiders are made up of disgruntled employees, whistleblowers or contractors. Oftentimes their mission is payback; they want to right a wrong they believe a company has perpetrated toward them, so they’ll steal sensitive documents or try to disrupt the organization somehow. Edward Snowden is a prime example of an insider who hacked his own organization - the US government.

Now that you know what motivates your enemy, you’ll hopefully have a bit of an idea as to whether or not you’re a target. To learn more about how to secure your business from these types of hackers, get in touch with our experts today.

Published with permission from TechAdvisory.org. Source.

Topic Security