If you have Google’s Chrome browser installed on your computers, please make sure to update it asap to version 78.0.3904.87 or later (latest as of today is 78.0.3904.97) as there are two security vulnerabilities in older versions that have active exploits in the wild. Google doesn’t talk too much in detail about exploits, but Kaspersky has a decent write up if you’d like more details, https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/

 How can you tell if you need to update?

To check, open up Chrome, click on the three vertical dots in the upper right corner of the browser (“Customize and control Google Chrome”), and select Help → About Google Chrome. If the number you see is 78.0.3904.87 or higher, everything is in order. You may see a red up arrow in that right corner, indicating an update is ready to be installed. You will have to close Chrome for the updates to take effect.

RealTime clients don’t have to worry about this as we update Chrome and most other third party applications automatically as part of your managed technology services.

As you might imagine, RealTime fields a fair amount of questions regarding cybersecurity that range from, “How can we be better protected?” to “I’m scared that we might be hit like that local place just was”. As part of answering this real need for our clients, RealTime is now offering an end-user training program as part of our Identity Shield Services.

However, if you are not a client (yet) or you would like to try this on your own, then you can train on some of the basics of cybersecurity awareness just by spending a little bit of time on YouTube. This is not intended to replace formalized training, but these videos can help you address the most likely threats that the average person encounters just because they use the internet and email in the course of doing their job. These tips are excellent for anyone who just wants to reduce their risks online.

[I’ve watched all of these videos and the links are current as of November 2019. They are each under four minutes and are well worth your time.]

Best single tip that I can provide to help you avoid being hooked by phishing: Microsoft, Google, Apple, Verizon, Bank of America, SSA, IRS, and thousands of legitimate businesses just like them will NEVER, ever, send an email to you asking you to confirm your password.

SUGGESTED LINKS TO YOUTUBE LEARNING

Phishing explained with some education, by SANS

 https://www.youtube.com/watch?v=5RHeJAEdiEc

How to spot a phishing email, report by Fortune Magazine

 https://www.youtube.com/watch?v=jfnA7UmlZkE 
The best tip in this video: If the email looks suspicious, it probably is…

If you only watch one video, make it this one!

An excellent video spotting phishing scams that is well worth the almost 4 minutes of your time. Loaded with realistic examples and tips
 https://www.youtube.com/watch?v=0GwWTjz6txU 
BEST TIP: Think before you click.

Office 365 phishing attack types with some examples (this is not a video)

 https://betanews.com/2019/04/03/office-365-phishing-attacks/ 
Note that these threats are not unique to  Office 365 email – we’ve seen attempts against all web based email systems. Just more confirmation that if something asks you to confirm credentials, or enter your logon info to access an attachment – be wary!

Tech support scam, by USAGov

https://www.youtube.com/watch?v=UGBLjPKSUeU 

If you have older parents who use email and the internet, please ask them to watch this video! I have helped too many older, and not so older people, who have been scammed in this way, including my own parents more than once.  

Spot a bad URL or Link, by Symantec

https://www.youtube.com/watch?v=YIeS7sJ_Llw

Better passwords, Local CBS news report

 https://www.youtube.com/watch?v=oakITDBYElw

Better password management using a password manager.

This post explains LastPass, but all the password manager applications work pretty much the same
https://lifehacker.com/the-beginners-guide-to-setting-up-lastpass-1785424440 

One important detail – you want to be sure that whatever application you use has their security act together and stores the passwords properly.

Mobile device security from SANS Security Awareness

 https://youtu.be/WEfWFA4xdd4

Large corporations have the resources to invest heavily in the most sophisticated security strategies and successfully stop most cybercrime attempts. A typical large enterprise may have over twenty inhouse IT dedicated employees ensuring that every device connecting to their network is adequately protected.

In comparison, Small Businesses (SMBs) have neither the money nor the manpower of large enterprises and can’t afford the same level of security. Very few SMBs have full-time IT dedicated personnel on hand to run routine security checks. Even those who do have in-house IT support often find that their internal resources are too bogged down with other tasks to properly address security upkeep.

SMBS ARE NOT “TOO SMALL TO MATTER”

Since most cybercrimes affecting smaller businesses go unreported by the media, there is no sense of urgency by SMBs to prepare for cyber attacks. Too many SMBs mistakenly view their operations and data as trivial to hackers. They feel that large online retailers, global banks, and government entities are much more attractive targets for hackers.

The goals and methods of cyber attackers are evolving and will continue to evolve. The era of one “big heist” for hackers is over. Cybercriminals today often prefer to infiltrate the data of many small businesses at once, stealing from victims in tiny increments over time so as to not set off an immediate alarm. This method takes advantage of those SMBs who are especially lax with their security processes and may not even realize there has been a security breach for days or sometimes even weeks.

SMBS - THE ACCESS RAMP TO BIGGER & BETTER DATA

Many breaches are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

SMBs, however, are often the inroad to larger better-protected entities. They are often sub-contracted as a vendor, supplier, or service provider to a larger organization. This makes SMBs an attractive entry point for raiding the data of a larger company. Since larger enterprises have more sophisticated security processes in place to thwart cyber attacks, SMBs often unknowingly become a Trojan horse used by hackers to gain backdoor access to a bigger company’s data. There is malware specifically designed to use a SMBs website as a means to crack the database of a larger business partner.

For this reason, many potential clients or business partners may ask for specifics on how their data will be safeguarded before they sign an agreement. Some may require an independent security audit be conducted. They may also ask SMBs to fill out a legally binding questionnaire pertaining to their security practices.

Moving forward, a SMB that is unable to prove they’re on top of their infrastructure’s security will likely lose out on potentially significant deals and business relationships. More large enterprises are being careful to vet any business partners they’re entrusting their data.

TO STAY SECURE A GOOD DEFENSE IS THE BEST OFFENSE

SMBs must understand that the time has come to get serious with their security.

Cybercrime is only one cause of compromised data. There are 3 primary causes of breached security at businesses according to the Symantec Global Cost of a Data Breach study. Only 37% are attributed to malicious attacks. The remaining 64% are human error and technology errors.

Data breaches aren’t always about bad people doing bad things. Many are the result of good employees making mistakes or of technology failure. SMBs don’t necessarily need a large budget or dozens of employees to adequately protect sensitive data. A secure environment is possible even on a SMBs budget.

REALTIME CAN PUT TOGETHER A GREAT DEFENSE FOR YOUR BUSINESS

Contact RealTime now to discuss a great defense for your business. Email us here or call us at (334) 678-1417.