From the Desk of Paul Meadows:
PANDEMIC + PHISHING = $1M LOSSES FOR LYNCHBURG BUSINESS. Yes, you read that correctly and it really is a local (Central Virginia) story. Part of our “new normal” is remote work, which often creates some barriers for communication. Unfortunately, there are people in the world who recognize this as an opportunity to take advantage of others for a big pay-out. The following is a synopsis of a very sophisticated phishing attack that cost one central Virginia business nearly one million dollars in losses. You’ll want to read this!
Here’s the high-level detail of what happened:
A user receives an email that looks like a link to a shared document in Microsoft OneDrive or Microsoft SharePoint. The user clicks the link which takes them to a log in page that looks almost identical to the Office 365 login page. The user, thinking she is signing into the Microsoft Office page, provides her Microsoft username and password. Nothing seems to happen, and the user seems confused but dismisses the issue. Meanwhile, the bad guys have now captured the credentials for the user. Because the proper security features are not configured, the perpetrators can use the credentials to log into Microsoft Office 365 as a legitimate user. Because they have specifically targeted an executive in the organization, the stolen credentials give the perpetrators administrative rights in the Office 365 portal for the victim organization. Once in, they set up rules so that any emails from the Accounts Payable employee directed to the CEO get automatically forwarded to another external email address without the CEO knowing about it. Then, some fake invoices with ACH information are sent to the AP person seemingly from the CEO’s account. The CEO directs the AP person in these fake emails to pay the attached invoices right away via ACH. The perpetrators have taken the time to register a domain that is almost identical to the domain of the victim organization. The AP person suspects nothing and unknowingly sends payments for the fake invoices via ACH to the bank account of the bad guys. Once that is done, it is VERY difficult to get the money back and perhaps nearly as difficult to get an insurance claim (cyber security or loss of business policy) paid.
This is serious business. The reason this worked is primarily because under normal conditions, the AP person and CEO likely would see each other, at least in passing, on a regular basis. There is a much greater likelihood that under normal working conditions, there would have been some conversation outside of the email communication regarding the invoices. Remember, the CEO did not really send the invoices and would have had no idea what the AP person was talking about if she mentioned it to him. Unfortunately, those conversations that may have occurred prior to COVID-19-induced remote work, never happened. In fact, the AP person made several ACH payments that totaled nearly $1,000,000 before the organization realized what was happening. While this case is being investigated by the FBI and another one that was very similar in Central Virginia was investigated by the Virginia State Police, there is often very little the authorities can do to get the money returned. While it is possible that the victim organization may be able to get their insurance company to pay a Cyber Liability or Business Interruption claim, for many, that will be a long shot as well. Unfortunately, most small businesses won’t survive such losses.
While there was certainly a human element in this, I know for a fact, that there were configurations and safeguards that were unknowingly omitted because it didn’t seem important to take the time or pay the price for a legitimate information security assessment by certified experts. Had those configurations and safeguards been in place, this would have never happened. If the cost of that was $1,000 would it have been worth it? $10,000? Remember…nearly $1,000,000 in losses. Are you rolling the dice with your business’ future by not taking information security seriously enough? Contact us today for more information on how to protect your business’ future from these and other risks!
Employees Are Letting Hackers Into Your Network By Doing These 5 Things … Here Is What You Can Do To Stop It!
Cybercriminals Are Out In Full Force In Today’s Crazy Times — Here’s How To Stop Them
In the past couple of months, just about everyone has been forced to shift priorities. If you’re like many business owners, you are intently focused on pivoting your business to accommodate today’s “new normal.” In fact, you are probably investing so much of your time in trying to retain your customers and generate new cash flow that you barely have time to even think about cyber security.
The problem is that cybercriminals and hackers know there’s no better time to strike than during a global crisis. In fact, they’re probably working overtime to craft new malware while the rest of us are trying to manage how our lives have been turned upside down. While you are so focused on your business, these cyber thugs are finding new ways into your IT network so they can steal data and passwords, compromise your clients’ private information and even demand large ransoms.
Cybercrime is already on the rise and is expected to cause $6 trillion in damages by 2021! But, if history repeats itself, you can bet hackers are already out in full force right now. We’ve already seen how headlines are changing from stories about COVID-19 to accounts of a frenzy of cyber-attacks on corporations and small businesses.
Here are solutions you can implement during these crazy times to help protect your business data, money and productivity:
- Be more suspicious of incoming e-mails.
Because people have been scared, confused and not really focused for a while now, it’s the perfect time for hackers to send e-mails with dangerous malware and viruses. You probably have received a bunch of COVID-19-focused emails. Always carefully inspect the e-mail and make sure you know the sender. There has already been a CDC-gov e-mail address out there that’s not legitimate and has spammed inboxes across the country.
Avoid clicking links in the e-mail unless it’s clear where they go. And you should never download an attachment unless you know who sent it and what it is. Communicate these safeguards to everyone on your team, especially if they are working from home.
- Ensure your work-from-home computers are secure.
Another reason to expect a rise in cyber-attacks during these times is the dramatic increase in employees working from home. Far too many employers won’t think about security as their team starts working at the kitchen table. That’s a dangerous precedent.
First, make sure your employees and contractors are not using their home computers or devices when working. Second, ensure your work-at home computers have a firewall that’s turned on. Finally, your network and data are not truly secure unless your employees utilize a virtual private network (VPN). If you need help in arranging or improving your new work-from-home environment, we would be happy to get your entire team set up. Our goal is always to help your business to thrive with greater cyber security and superior technology that improves efficiency.
- Improve your password strategy.
During crises like this one, your passwords could mean the difference between spending your time working to grow your business and trying to recoup finances and private data that’s been hacked. Make a point now to reevaluate your passwords and direct your team to create stronger passwords.
Also, while it’s so convenient to save your passwords in your web browser, it also lessens your security. Because web browsers simply require their own password or PIN to access saved passwords, a skilled hacker can bypass this hurdle. Once they access your saved passwords, they can steal as much as they want – credit card information, customers’ private data and more!
Instead, you should consider a password manager to keep all of your passwords in one place. These password managers feature robust security.
You, your team and your family have enough to concern yourselves with at the moment. There’s no need to invite in more problems by letting your computer and network security slide during these times.
While this coronavirus scare has negatively affected countless businesses, we are proud to say we are open and continuously servicing our customers. If you need additional security advice or would like to have a consultation to discuss how to keep your data safe or how we can help you work more effectively, simply connect with us today.
Think On The Known, Not Just The New
Neophilia is an obsession with new things simply because they’re new – not necessarily better or improved – or novel. It makes people stand in line overnight for the newest technology release or scour the Internet to find the latest and greatest product, trip or experience.
We often read books and attend seminars to find new things to ponder. Sometimes the influx of new information and ideas is so rapid that we don’t use what we’ve learned or integrate it into our behavior.
So, what if we thought about the important things we’ve learned or responded to questions we already know we should answer? What is known but not recalled or revisited can shape and improve your life.
Think about these knowns:
Things you think you know because somebody told you? Think independently.
Things you don’t visit because they can be frightening? Be courageous.
Things you’ve only thought about superficially? Go deeper.
Things you’d like to do? Dream a little.
Things you’ve stopped doing that used to bring you joy? Revisit them.
Things you need to know? Learn them.
Things related to your values and worldview? Live them.
Things that would improve your health and longevity if you consistently did them? Do them.
The Bible says in Philippians 4:8, “Think on these things,” and then lists known and timeless things – what is right, what is true, what is lovely and what is pure. Nothing new in the list, but everything worth thinking about often and deeply.
Sometimes the known is as valuable – or even more valuable – than the new.
Mark Sanborn, CSP, CPAE, is the President of Sanborn & Associates, Inc., an “idea studio” that seeks to motivate and develop leaders in and outside of business. He’s the best-selling author of books like Fred Factor and The Potential Principle and a noted expert on leadership, team building, customer service and company change. He holds the Certified Speaking Professional designation from the National Speakers Association and is a member of the Speaker Hall of Fame. Check out any of his excellent books, his video series “Team Building: How to Motivate and Manage People” or his website, marksanborn.com, to learn more.
4 Ways To Grow Your Business Without Working Harder
Incentivize Results – According to the Journal of Economic Psychology, people love cash incentives but are often more motivated by specific noncash rewards. It could be time off or lunch for a week. All you have to do is tell your team what results you want, offer a creative incentive and, chances are, those results will be met!
Prioritize Time – Use the “80/20 rule” as a guide. Also known as the Pareto principle, it states that 80% of the effects come from 20% of the causes. Going by this principle, 20% of your time spent on tasks should yield you
80% of the results. If you have to put in more effort to achieve results, reevaluate your approach (or take on fewer projects).
Evaluate Technology – Are you using outdated technology and software? You could be slowing your business down and harming productivity – not to mention putting your business at serious risk of data loss or a data
breach. Look at what you’re using now and compare it to what’s on the market. There have been major improvements, even in the last five years, that can boost productivity like crazy.
Open Communication – Open-door policies go a long way. Have weekly team meetings and a company-wide chat (such as Slack or Google Hangouts). The easier it is for individuals and teams to communicate, the
easier it is for them to collaborate, and that can help things move very smoothly. Inc., Feb. 13, 2020
3 WAYS SUCCESSFUL PEOPLE TURN ADVERSITY INTO SUCCESS
- They say, “Bring it on.” They want adversity. It’s what helps them grow. Without adversity or something pushing back at us, we can stagnate. We need to be challenged!
- They make bold decisions. Successful people make decisions knowing they may be taking on a lot of risk, but if they don’t push ahead, they won’t get the results they want. And if they make the wrong decision, it’s a learning experience.
- They embrace the learning experience. You can’t grow and find success without continuously learning. You have to solve problems and collaborate with others, so when the next challenge comes along, it’s easier for you to adapt. Business Insider, Feb. 13, 2020
USE THESE APPS TO GET MORE DONE EACH DAY
Productivity: Evernote – Take notes, clip info from the web and save select e-mails for quick access and organization.
Time Tracking: RescueTime – It gives you a breakdown of how you use your time on every app and website. It also allows you to set productivity goals. The premium version ($6/month) even lets you block sites during certain times.
Project Management: Asana – Create task lists, prioritize tasks, assign due dates and monitor progress. Asana even integrates with other apps, like Evernote and Google Drive.
Communication: Slack – Communicate with individuals, teams or other specific groups. Everything is saved, so you’ll never lose a key piece of info.
The Simple Dollar, Feb. 3, 2020
This monthly publication provided courtesy of Paul Meadows, President of Integrated Technology Group.
Our Passion:
Helping healthcare professionals focus on their patients.
