Experience IT Consulting St. Louis Business Depend On. Call (314) 439-4700

The 5 Biggest Cyber Security Risks Today

7 Ways to Protect Your Business from These Malicious Threats.

Your data is valuable to you.  However, did you know that it’s also valuable to cyber criminals?  What’s your data worth?  You may think there’s nothing that cyber criminals would want.  But you’d be surprised:

  • One Social Security Number = $1.00
  • DDoS  = $7.00 per hour
  • A Medical Record = over $50
  • Credit Card Data = up to $60
  • Bank Account Info = $1,000 or more
  • Mobile Malware = $150
  • Malware Development = $2500
  • Spam = $50 for 500k emails
  • Custom Exploits = $100k to $300k
  • Facebook Accounts = $1.00 for an account with 15 or more friends.

The cybercrime market is now at nearly $1 Trillion per year.  Hackers can make big money from your stolen data.  Be aware that your business is a potential target.  You must protect it 

The 5 Most Common Cybersecurity Risks

  1. Ransomware is now a higher probability for your business than a hardware failure.  There’s been a huge increase in these attacks in 2017. Crypto Ransomware encrypts your personal data and files to prevent access. Locker Ransomware locks your computer so you can’t login. If an employee clicks a malicious link, and they have access to your files, all of your data is at risk.  Even if you pay the ransom to get access, we’re finding that folks are being locked out again.  Backup is critical so you always have a copy of your data.
  2. Social Engineering Social engineering works to exploit the trust of your employees. Your employees get an email from a “friend” or “colleague” and can be tricked into sharing passwords, bank information, or computer access codes. Then the criminal secretly installs malware on their computer. The cybercriminal will also look into their email list and can send out a message in your business/employee name that has malware attached, so your contacts’ computers will get infected as well when they believe you’ve sent them a valid link.
  3. Social Media Sites Hackers insert malicious code into ads on social-media sites like Facebook, Twitter and other sites. These ads come from all over the world. For example, over 100 million Facebook users had their private information shared illegally when they clicked on a malicious pop-up ad. It was then published on Pirate Bay, the world’s largest file-sharing website.
  4. Phishing is a targeted email attack. Cybercriminals are increasingly using targeted email attacks against people in financial organizations. The odds are good that they’ll succeed—A campaign of 10 targeted messages has a better than:
  • 90% chance of getting a click.
  • 8% chance of users clicking on an attachment.
  • 8% chance users will fill out a web form.
  • 18% chance that users will click a malicious link in an email.

Believe it or not, even CEO’s get spoofed and share usernames and passwords. 

  1. Public Wi-Fi Hackers emulate a free open Wi-Fi to intercept and steal user IDs and passwords (e.g., when you log on to a wireless network at Starbucks, MacDonald, Panera Bread, etc.). They emulate their Wi-Fi. When this happens, anything you type can be copied and archived by them. Any wireless network name you’ve ever accessed is recorded by the criminal.

7 Ways to Protect Your Business from Cybercrime.

  1. Prevent Phishing Attempts

Don’t assume an email is from someone you know. Always check the “From” email address to verify that it’s valid. Beware of messages that:

  • Try to solicit your trust or curiosity.
  • Contain a link that you must “check out now.”
  • Contain a downloadable file like a photo, music, document or pdf file.

Be wary of messages that contain a compelling call to action:

  • With an immediate need to address a problem that requires you to verify information.
  • Urgently asks for your help.
  • Asks you to donate to a charitable cause.
  • Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.

Don’t answer of messages that:

  • Respond to a question you never asked.
  • Create distrust.
  • Start a conflict

Watch for things like:

  • Misspellings
  • Typos

Ignore Ransomware-Threat Popups that say you’ll be arrested or fined if you don’t follow their instructions.

  • These threats look like they’re from an official like the IRS or FBI.
  • Whatever you do, don’t follow their directives. If you do, they will encrypt all your data and prevent you and your employees from accessing it.
  1. Always Backup Your Data. If you haven’t backed up your data, and you’re attacked, it’s gone forever.
  • Maintain at least 3 copies of everything.
  • Store data on at least two types of media.
  • Keep a copy of your data in an alternate location.
  1. Use Secure Passwords.
  • Don’t use words found in the dictionary or family names.
  • Don’t reuse passwords across accounts.
  • Don’t write down your passwords.
  • Consider using a Password Manager (e.g., LastPass or 1Password)
  • Use password complexity (e.g., P@ssword1).
  • Create a unique password for work.
  • Change passwords at least quarterly.
  • Use passwords with 9+ characters.
    • A criminal can crack a 5-character password in 16 minutes.
    • It takes 5 hours to crack a 6-character password.
    • 3 days for a 7-character one
    • 4 months for 8 characters
    • 26 years for 9 characters
    • centuries for 10+ characters
  • Turn on Two-Factor Authentication if it’s available.
  1. Keep Your Passwords Secure.
  • Never write them down.
  • Never send them through email.
  • Never include a password in a non-encrypted stored document.
  • Never tell anyone your password.
  • Never reveal your password over the phone.
  • Never hint at the format of your password.
  • Never use the “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
  • Never use your corporate or network password on an account over the Internet that doesn’t have a secure login where the web browser address starts with http:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.
  • Never report any suspicion of your password being broken into to the IT computer security office. If you believe your password may have been breached, you can always change it.
  • Remember—Change your passwords often.
  1. Secure Open Wi-Fi with a VPN.
  • Don’t go to sites that require your personal information like your username or password.
  • Use VPN whenever possible (You can purchase this device at: com).
  • Limit Access to Sites using https://.
  • Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available.”
  1. Test Your Users to See How They React to a Malicious Email.
  2. Hire a Reputable IT Company like SSE to:
  • Conduct a Social Engineering Test
  • Share the Results with Your Staff
  • Debrief and Train Your Users
  • Test Again each Year! 

SSE Network Services will help you keep your data secure. Contact us for a complimentary review of your data security environment. (314) 439 -_4700 info@sseinc.com

Written by Gregory Thorton on June 2nd, 2017.

  • 1835 Lackland Hill Parkway,
    St. Louis, MO 63146

  • (314) 439 - _ 4700

Google Analytics Alternative