I.T., Blog Todd Swartzman I.T., Blog Todd Swartzman

5 Steps To Prevent Cybercrime

You may believe that cybercrime only happens to large corporations or big businesses. However, Scott Augenbaum, retired FBI special supervisory agent, found that there are four commonalities of instances with victims. To help keep yourself off the victim list, here are five simple steps to help prevent cybercrime in your personal life and your business.

You may believe that cybercrime only happens to large corporations or big businesses. However, Scott Augenbaum, retired FBI special supervisory agent, found that there are four commonalities of instances with victims. To help keep yourself off the victim list, here are five simple steps to help prevent cybercrime in your personal life and your business.

Photo by Andrea Piacquadio: https://www.pexels.com/photo/smiling-formal-male-with-laptop-chatting-via-phone-3760263/

5 STEPS TO PREVENT CYBERCRIME

  1. STOP USING THE SAME PASSWORD FOR EVERYTHING

    If you do nothing else, stop using the same password for everything, or for more than one thing. Using the same password for different accounts just hands over your password to the bad guys. Fact: Compromised credentials are used in more than 40% of data breaches. Almost all of those credentials came from other hacks where the criminals pulled down huge lists of usernames, usually email addresses, and passwords. If you use the same password for LinkedIn and your business email, and Mr. and Mrs. Criminal got a copy of the LinkedIn user database (and this has happened multiple times)… now they have access to your email. Yes, it’s that simple. Read this article from LastPass for more details on the risks: https://blog.lastpass.com/2021/09/breaking-the-cycle-of-password-reuse/

  2. ENABLE MULTI-FACTOR AUTHENTICATION (MFA) ON AS MANY ACCOUNTS AS POSSIBLE

    Enable MFA on as many accounts as possible, especially your business email account. According to Microsoft, 99.9% of BEC, Business Email Compromise instances would have been prevented if MFA was in use. The majority of cases we have been involved with didn’t have MFA enabled. It’s such a simple precaution and acts as a safety net for your passwords that do leak out.

  3. LEARN TO RECOGNIZE PHISHING AND SOCIAL ENGINEERING SCAMS

    Educating yourself and your business on these most common threats will really decrease the risk of falling victim to a phishing email. All data breach events were the result of one of two things: (A) Someone did something they should not have done, such as clicking that link in the phishing email, or using the same password multiple places, or (B) Someone didn’t do something they should have, such as updating software to close a vulnerability.

  4. USE A PASSWORD MANAGER

    Supporting bullet point #1, use a password manager to handle all of your good, secure, unique passwords.

  5. GET CYBER INSURANCE FOR YOUR BUSINESS

    Get an appropriate Cyber Insurance policy for your business. Every business should have coverage because you never know what can happen.

WILL THESE TIPS WORK?

I will guarantee you this: If you take this advice and diligently follow these 5 strategies, you will greatly reduce your risks of falling victim to all manner of cybercrime in your business or personal lives.

IS THIS ALL I NEED TO DO TO PROTECT MYSELF OR MY BUSINESS?

No. But without these foundational security strategies in place, spending all manner of money on fancy cyber tools, BCP/DR services, Intrusion Detection Systems and all the fancy buzzwords in the cyber security space, won’t yield the results you expect.

 LEADING CAUSE OF CYBERCRIME

Every single breach that RealTime has been consulted on was the result of failings in these subjects. The highest leading cause of cybercrime was successful phishing attempts which provide criminals access to their business data and communications. The second leading cause was poor password hygiene, usually in the form of using the same passwords everywhere.

 What are four things victims of cybercrime have in common? Read now!

Read More
I.T., Blog Todd Swartzman I.T., Blog Todd Swartzman

DON’T FREAK OUT - JUST use MFA

Are you a business who is looking at a cyber insurance policy and just not ready to commit? Or, perhaps you haven’t renewed your cyber insurance policy recently? Read on, because this article is written just for you…

Requirements to get a policy are real! If you apply for a policy (or renew your policy) the following are hard requirements you need to have in place if you want to be covered. Don’t risk getting a ‘no’ from your insurance provider, be prepared starting with Multi Factor Authentication (MFA).

Cyber Insurance Prep for 2022

Are you a business who is looking at a cyber insurance policy and just not ready to commit?

Or, perhaps you haven’t renewed your cyber insurance policy recently?

Read on, because this article is written just for you…

RATES ARE GOING UP

No surprise that rates are going up especially since we’ve been seeing SMB rates for cyber insurance rise as much as 100% or more. The reason this is happening is because some insurers are taking unacceptable losses and are raising rates accordingly. Other insurers are not renewing or offering new cyber insurance policies going forward. A few are “pausing” writing new policies, probably trying to decide if they can weather the storm. 

MFA TO HELP AVOID COVERAGE REJECTION

Requirements to get a policy are real! If you apply for a policy (or renew your policy) the following are hard requirements you need to have in place if you want to be covered. Don’t risk getting a ‘no’ from your insurance provider, be prepared starting with Multi Factor Authentication (MFA).

MFA is required for the following:

  1. Microsoft 365 or other Hosted email services

  2. VPN users

  3. When enabling your Remote Desktop Protocol

WHY DO THEY REQUIRE MFA?

The above three areas are where most cyber incidents being which is why insurers will not cover your business if you won’t take these very basic (and often no cost) precautions. These days, not following this type of guidance is akin to inviting the bad guys in. Your business is NOT too small for the bad guys. They have an automated process which makes everyone a target, large or small.

WANT TO HEAR SOMETHING SCARY?

We received notice from our dark web monitor just yesterday that a client account was up for sale due to a phishing scam – this person’s email account credentials were up for sale and it was a current password! I logged in using the info the bad guys had, and lo and behold, someone from Russia was logged into the account too. Yikes! There was a 99.9% chance that this would not have happened if MFA was in use.

 

ON AVERAGE, 1.2 MILLION MICROSOFT
ACCOUNTS ARE COMPROMISED MONTHLY.


WHEW! CHECKLIST

1.     Enable MFA for everyone using Microsoft 365, G-Suite, etc. and enforce this.

2.     If you allow direct RDP access to computers and servers in your office, you really need to turn this off and pick a more secure method of remote access.

3.     If you use VPN’s for remote access, enforce MFA usage.

4.     Train your folks to recognize social engineering attempts and phishing (the most common form of social engineering we see) attempts along with clear guidance on what they should do when (not if) they encounter these situations.

5.     Shore up your password policies. Require long, unique credentials for everything, backed up by MFA where possible. No password reuse either – it’s just inviting problems. Then, use a password manager to easily keep up with your good, unique passwords.

 


References

https://www.zdnet.com/article/microsoft-99-9-of-compromised-accounts-did-not-use-multi-factor-authentication/ 

https://www.insurancebusinessmag.com/us/news/cyber/preparing-for-cyber-insurance-2022-renewals-319072.aspx

 

Read More