Blog

Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, and Bel Air.

Maryland Business Owners Urged to Take Security Seriously This Holiday Season

Maryland Business Owners Urged to Take Security Seriously This Holiday Season

Most people have become pretty accustomed to hearing about the importance of cybersecurity when shopping online during the holidays—whether or not they heed the advice given from the experts is an entirely different story—but business owners and managers need to be aware of other threats that tend to peak during this time of year.

Personal Cybersecurity is Connected to Professional Cybersecurity

You know the phrase “a chain is only as strong as its weakest link?” This applies to cybersecurity. If one person within your organization opens themselves up for risk, there is an increased likelihood that your organization is that much more susceptible to attack. 

One might think—well, how does someone with bad cybersecurity hygiene at home affect my business? Why should I, the business owner, be a loud advocate for employees to be secure online at home, on their own personal devices?

Everything is connected.

Let’s say that Bob is one of your employees. Poor Bob was trying to get Taylor Swift concert tickets for his twin daughters. In fact, you’re a great boss, you knew Bob and his daughters were Swifties, and made sure there was a little extra in Bob’s Christmas bonus to make sure this could happen.

Unfortunately, Bob was too late to purchase Taylor Swift tickets from the normal outlets, and instead found someone selling them second-hand somewhere else on the Internet. The price wasn’t scalped, and it wasn’t too good to be true, so Bob figured he was in the clear.

Whether or not Bob actually received legitimate T-Swizzle tickets is actually besides the point. The fact that Bob used a second-hand website to purchase the tickets is also besides the point. What Bob did wrong was use the same password on the account that he uses for work. 

If the Taylor Swift concert ticket vendor, or any other site that Bob uses, gets breached, that password becomes public knowledge. Any other information that Bob provided to that site could also be made available. Suddenly, Bob’s personally identifiable information is out in the open. The first thing a cybercriminal is going to do with that information is to try to see what other accounts they can get into. Bank accounts, email accounts, business accounts—anything where there might be a potential payoff.

There are plenty of other tactics they can use to bridge the gap as well—have your security policies at your business been absolutely ironclad over the last several years? When the pandemic hit, was there a little bit of frantic struggle as everyone got acclimated to working from home? Have you, or other people in your organization made decisions that may have brushed aside security best practices in order to meet some goal a little faster?

It happens. It’s not ideal, but it happens.

Security Pitfalls Maryland Businesses Need to Watch Out For

These days, establishing a secure network is pretty cut-and-dry. Don’t get us wrong, it’s complicated, but once it’s done, you usually only have to keep it monitored and audited every so often. The point is, cybercriminals know that they usually aren’t going to get in the old-fashioned way, so most threats these days utilize some form of social engineering. The only way to ensure that your business is protected is by providing training and education to those you work with. Here are the top things to be aware of:

Email Phishing

Phishing is by far the most common security threat, and it is also the broadest type of attack. Email phishing attacks can often slip through spam filters and other security measures, and they tend to look like very legitimate emails. Phishing attacks have a wide variety of goals; some contain malicious attachments, while others encourage users to click on a link to log into an account to fix some sort of problem. 

We’re being vague here, because we could spend hours going over the hundreds of ways scammers can use phishing emails to steal information and cause havoc.

Employees need to simply be skeptical when an email is urging them to take action quickly. It could be legitimate, or it could be a scam. There is no singular way to tell, other than reaching out to the sender over the phone or some other method (other than email) and getting confirmation that it’s real. That being said, here are some tell-tale signs that everyone should be checking before they click or download something from an email:

  • Look for obvious misspellings and grammatical errors, even if the email looks legitimate otherwise.
  • Check to see where the email is coming from, does the sender email match your contact? (Please note that email addresses can be spoofed, so even if it’s the right email address, it could still be a scam).
  • If there is an attachment, were you expecting one? Don’t download something unless you were expecting it.
  • Hover over any links to see where they are taking you. Look for misspellings, odd-looking URLs, and anything else that might seem suspicious.

We’ve shared this guide a few times before, but it’s worth doing it again:

Carefully hover (don’t click!) over links and see if they go to a legitimate URL. If the email is from PayPal, a link should lead back to paypal.com or accounts.paypal.com. If there is anything strange between “paypal” and the “.com’” then something is suspicious. There should also be a forward slash (/) after the .com. If the URL was something like paypal.com.mailru382.co/something, then you are being spoofed. Everyone handles their domains a little differently, but use this as a general rule of thumb:

  1. paypal.com - Safe
  2. paypal.com/activatecard - Safe
  3. business.paypal.com - Safe
  4. business.paypal.com/retail - Safe
  5. paypal.com.activatecard.net - Suspicious! (notice the dot immediately after PayPal’s domain name)
  6. paypal.com.activatecard.net/secure - Suspicious!
  7. paypal.com/activatecard/tinyurl.com/retail - Suspicious! Don’t trust dots after the domain!

Remember, these tricks are designed to be subtle and easy to miss! Pay close attention to what you are clicking on!

SMS and Phone Scams

Similar to email phishing, SMS scams, or smishing is when a scammer tries to trick a user via text message. Usually, these types of scams try to get users to click on a link or send some sensitive information like a password. 

Treat urgent, unexpected text messages like this with caution. Even if it looks like your bank, or your PayPal account, or some other really important online account warning you about a problem, don’t panic. Don’t click on the link you are sent either. Instead, log into the account like you normally would, from your browser, and see if you can figure out if the text was legitimate or not.

Unsecure Public Wi-Fi

When traveling this holiday season, you will probably run across public Wi-Fi hotspots. Whether at airports, coffee shops, or even hotels, the free Internet might seem like a very nice perk, but it comes with some risk.

When you join a network, even one that is secured with a password, there is a pretty good chance that others on that network can scope out what you are doing. If you log into your email, social media, or any other account, someone else could swipe your password. If you join someone’s personal Wi-Fi hotspot, they could be granted even more access than that.

If you are going to do anything on public Wi-Fi, you should enable your Virtual Private Network (VPN). A lot of devices have built-in VPN software that should be able to do the trick, but there are a few flavors of VPNs that you should be aware of.

Typical consumer-based VPNs (like ExpressVPN, NordVPN, Surfshark, and others) are geared towards privacy. These types of services are designed to encrypt data that is sent and received, and process all internet information to their own secure server. Basically, they connect your device to their data center, and their data center takes everything you send and receive from the internet and sends it to your device. The encryption prevents nearby snoopers from gathering your information, and as long as you trust running everything you do through this third-party platform, they are generally secure. 

Your business wouldn’t typically use this type of VPN, however. For your office, a business-based VPN funnels all that traffic through YOUR office network instead of some third-party server. When doing anything that involves work data, everyone in the company should always connect to the work VPN. Technically, you can use it for simple web browsing too—when you are at the airport looking up your boarding pass or checking on your front doorbell camera, your office VPN should work just fine in a pinch, just keep in mind that all of that data is being routed through your company network. 

Either way, you should avoid joining a public Wi-Fi network, including those at hotels and other lodging, because you never know what is lurking there to spy on the network traffic. Turning on a VPN before you connect is the way to go.

Lost or Stolen Devices

When it comes to traveling, there’s always a slight risk of leaving something behind. You could misplace your smartphone or tablet in the Uber, have a bag go missing at the airport, or worse, have a device get stolen from you.

Obviously you want to avoid this, but things can happen. When it does happen, there are some important measures to take immediately.

Track Down Your Lost Device
Obviously, if you can, try to track down your device. For Apple devices, you can log into your iCloud account and go to Find My Phone to try to track down your device. Android users, log into your Google account and look for Find My Phone. Keep in mind, your phone’s location services will need to be enabled, and you would have needed to set up this capability before losing your device.

For Windows devices, you can enable a similar feature in advance, and sometimes antivirus software and other security software have their own versions of this too.

Contact the Authorities
If your device is stolen, you’ll want to report it right away. While there isn’t a high probability that you’ll see it again, you never know. On top of that, you’ll want to file a police report to cover any insurance claims.

You’ll also want to inform your company or IT provider immediately. It’s likely that your IT department can at least remotely wipe the device if it is a work device, or if it has access to work-related services, such as email.

Losing a device with sensitive data on it is very dangerous. Suddenly, all that information is in someone else’s hands, and we’re not just talking about your photo roll. If you had access to social media, bank accounts, your Google/Apple accounts, and others, then you’ll want to change your passwords immediately. Plus, consider that your smartphone has access to your 2FA, so you’ll want to contact your carrier immediately too, so the device stops getting text messages.

Stay Safe This Holiday Season

Everyone here at Dresner Group would like to wish everyone a safe, enjoyable, and relaxing holiday season. We hope that it sets up a positive and profitable new year for you and yours!

If you want to do some quick prep before taking off for the holidays, and make sure your business and devices are properly set up, give us a call at (410) 531-6727.

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Many Businesses are Adopting Passwordless Authenti...
Tip of the Week: How to See Your Current Spreadshe...
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, 05 November 2024

Captcha Image

Client Service Login

Latest News & Events

Annual Channel Futures MSP 501 Identifies Best of the Best in the Managed Services Industry Dresner Group has been named as one of the world’s top-performing managed service providers in the prestigious 2024 Channel Futures MSP 501 rankings. The Chan...

Contact Us

Learn more about what Dresner Group can do for your business.

Copyright Dresner Group. All Rights Reserved.