Don’t Find Out the Hard Way That Yours Is as Well.
- One Social Security Number = $1.00
- DDoS = $7.00 per hour
- A Medical Record = over $50
- Credit Card Data = up to $60
- Bank Account Info = $1,000 or more
- Mobile Malware = $150
- Malware Development = $2500
- Spam = $50 for 500k emails
- Custom Exploits = $100k to $300k
- Facebook Accounts = $1.00 for an account with 15 or more friends.
The 5 Biggest Security Risks Today
- Ransomware There’s been a massive increase in these attacks in 2017. CryptoLocker encrypts all of your data so that you won’t have access. Locker Ransomware locks your computer so you can’t log in. Even if you pay the ransom to get access, we’re finding that folks are being locked out again
- Social Engineering This is where you or an employee are tricked into sharing passwords, bank information, and computer access codes. (When your code is revealed, the criminal secretly installs malware.) The cybercriminal will also look into your email list and can send out a message in your name that has malware attached, so your contacts’ computers will get infected as well.
- Social Media Sites Hackers insert malicious code into ads on Facebook, Twitter and other sites. For example, over 100 million Facebook users had their private information shared illegally when they clicked on a malicious pop-up ad.
- Phishing is a targeted email attack cybercriminals use. Their favorite organizations to attack are financial ones. The odds are good—A campaign of 10 targeted messages has a better than:
- 90% chance of getting a click.
- 8% chance of users clicking on an attachment.
- 8% chance users will fill out a web form.
- 18% chance that users will click a malicious link in an email.
- Public Wi-Fi Hackers emulate a free open Wi-Fi to intercept and steal user IDs and passwords. When this happens, anything you type can be copied and archived by them. Any wireless network name you’ve ever accessed is automatically recorded by the criminal.
What You Can Do to Protect Yourself from Cybercrime
5 Steps You Should Take to Meet Information Security Best Practices.
Step 1: Don’t Fall for Phishing Attacks.
- Don’t assume emails are from someone you know. Always check the “from” email address.
- Beware of messages that:
- Try to solicit your trust or curiosity.
- Contain a link that you must “check out now.”
- Includes a downloadable file like a photo, music, document or pdf file.
- Don’t believe messages that contain a compelling call to action:
- With an immediate need to address a problem that requires you to verify information.
- Urgently asks for your help.
- Prompts you to donate to a charitable cause.
- Indicates you are a “Winner” in a lottery or other contest, or that you’ve inherited money from a deceased relative.
- Be wary of messages that:
- Respond to a question you never asked.
- Create distrust.
- Start a conflict.
- Watch for key flags like:
Ignore Ransomware-Threat Popups that say you’ll be arrested or fined if you don’t follow their instructions. These threats look like they’re from an official like the IRS or FBI. Whatever you do, don’t follow their directives. If you do, they will encrypt all your data and prevent you and your employees from accessing it.
Step 2: Always Backup Your Data
- Maintain at least three copies of everything.
- Store data on at least two types of media.
- Keep a copy of your information in an alternate location.
If you haven’t backed up your data, and you’re attacked, it’s gone forever.
Step 3: Use Secure Passwords.
- Don’t use words found in the dictionary or family names.
- Don’t reuse passwords across accounts.
- Don’t write down your passwords.
- Consider using a Password Manager (e.g., LastPass or 1Password)
- Use password complexity (e.g., P@ssword1).
- Create a unique password for work.
- Change passwords at least quarterly.
- Use passwords with 9+ characters.
- A criminal can crack a 5-character password in 16 minutes.
- It takes 5 hours to crack a 6-character password.
- Three days for a 7-character one
- Four months for eight characters
- 26 years for nine characters
- centuries for 10+ characters
- Turn on Two-Factor Authentication if it’s available.
Step 4: Always Secure Your Passwords
- Never write them down.
- Never send them through email.
- Never include a password in a non-encrypted stored document.
- Never tell anyone your password.
- Never reveal your password over the phone.
- Never hint at the format of your password.
- Never use the “Remember Password” feature of application programs such as Internet Explorer, Portfolio Center or others.
- Never use your corporate or network password on an account over the Internet that doesn’t have a secure login where the internet browser address starts with HTTP:// instead of https:// If the web address begins with https:// your computer is talking to the website in a secure code that no one can eavesdrop on. There should be a small lock next to the address. If not, don’t type in your password.
- Never report any suspicion of your password being broken into to the IT computer security office. If you believe your password may have been breached, you can always change it.
Step 5: Secure Open Wi-Fi with a VPN.
- Don’t go to sites that require your personal information like your username or password.
- Use VPN whenever possible (You can purchase this device at com).
- Limit Access to Sites using Https://.
- Don’t connect if all the Wi-Fi networks you have ever accessed appear as “Available.”
Step 6: Test Your Users
Hire a Reputable IT Company like SSE to:
- Conduct a Social Engineering Test
- Share the Results with Your Staff
- Debrief and Train Your Users
- Test Again each Year!
Don’t risk your data to cybercrime. SSE Network Services Provides Outsourced IT Support for small-to-midsized businesses in the St. Louis Area. We’ll help you keep your data secure. Our Cybersecurity Experts are always here to help. Contact us with any questions you have at: (314) 439 - firstname.lastname@example.org