Stay Safe While Shopping Online This Holiday Season

Thanksgiving is not just a time to feast with family and friends any longer as Black Friday has poured over into the holiday preceding it, with some stores opening their doors for shopping as early as 3pm on Thursday, when most of us want to be eating some pumpkin pie. While Black Friday shoppers have already waited in lines overnight, approximately 50% of people are doing some part, if not all, of their Christmas shopping online, and this year it is expected that 13.3% more people will participate in online shopping than ever before. With Cyber Monday coming up on November 28th, there are sure to be millions of consumers purchasing gifts for their loved ones for the holiday season, but as the number of people shopping via the Internet grows, there comes an almost equal increase of cyber attacks as well.

While there are many cyber-crimes out there this time of year including phishing email scams and ransomware attempts, there are many precautions you can take in order to help prevent your information from being stolen. Here are some tips, some of which are also included in a previous Axiom blog post written by Shannon Wilkinson, on how to stay safe while shopping this holiday season:

1) Use credit cards instead of debit cards

We all remember the credit card hack that hit Target in 2013, and while it was detrimental to many shoppers of the massive chain, it did highlight the importance of being secure in your payment method. One very common recommendation I’ve seen to help avoid against significant financial distress if your information were to be compromised in a similar attack is to use your credit card. If your credit card data is used for something malicious without your knowledge, it’s easier to resolve issues with a credit card company than with your bank, so avoid using debit cards as much as you can. When in doubt, cash is always the safest bet.

If you do use one of your cards, take advantage of the possible updates you can receive, that way you can stay up to date on all of your account’s financial activity.

2) Be wary of ‘too good to be true’ deals, they probably are

A common tactic used by cyber-criminals is to lure you to their nefarious websites with deals that appear to be too good to be true. While most of us are aware of this, it is important to keep this in mind during the holiday season when searching for that one gift your loved one just can’t live without. If a deal seems too good to be true or you haven’t seen or heard of it being advertised elsewhere, it is likely, and unfortunately, a scam.

3) Only shop at retailers you know

By only purchasing items from retailers whose brands you recognize, such as Amazon or Best Buy, you can lessen the chance of your data being involved in a scam, as these big name stores likely have better cyber defenses that of less recognizable companies.

No matter which site you use, look for the secure ‘https’ and a lock symbol next to the link in your web browser, as these indicate that any purchase transacted on a particular website is secure. If you do deviate from known websites, take some time to research the validity of these sites to protect your information.

4) Do not give out any extra information

When signing up for a rewards card to add to your holiday shopping savings or giving your information to be entered to win a grand prize, never give out more information than is necessary. No company needs your social security number or other extremely personal information, so if they request it, do not provide it to them.

5) Keep your devices up-to-date

The first step to making sure that you are secure is to make sure that both your mobile (Phones, Tablets, etc) and computer are up-to-date with the latest patches to the operating systems and security software.

6) Be educated on cyber-crimes

Quite possibly the biggest cyber-crime that affects people around this time of year is phishing. Many people, especially after buying something from an online vendor, receive an malicious email. In these cases, customers might receive an email stating that their payment did not go through and their information needs to be re-entered in order to process the order. This is often times a cyber-criminal trying to get you to enter in your credit card information directly to their database. If you receive such an email, contact the company directly to find out if there is actually a legitimate issue with your order and to notify them of the scheme. This and many other fictitious emails have been flooding inboxes recently, so as consumers, we must be hyper-vigilant in protecting our data.

7) Stay updated on current threats

The best way to avoid a scam is to be knowledgeable about current cyber crimes threatening consumers such as yourself. A simple Google News search of ‘current holiday cyber attacks’ can keep you in the loop as to which scams you need to look out for. Likewise, if you find that you are the victim of a cyber crime, tell someone who can do something about it, such as the company who appears to be sending you legitimate information of their fake counterpart, in order to prevent others from being targeted. We are our best resources in the fight against online shopping criminals

While this season may be hectic at times, it is meant to be a time of happiness; avoiding malicious cyber attacks is extremely important in keeping your season full of cheer. Take these precautions to stay safe and if you feel unsure about a website or an email, trust your gut and don’t use that site.

Hailey Carlson | Axiom Cyber Solutions | 11/25/2016

‘Tis the Season – The Season for Phishing

‘Tis the Season – The Season for Phishing

Christmas is coming early for phishing scam artists. The day after Halloween, my Inbox started filling up with alerts that I had won a $50 Amazon/Walmart/Costco Gift Card, packages I didn’t order began arriving from UPS/FedEx, LinkedIn change requests, and an assortment of other fanciful clickbait just begging to be clicked on.

Phishing Email from LinkedIn. Look at the From Email Address, Look at the Link (Linked-lower-case L-n), Hovering over the link shows a completely different website address too
Phishing Email from LinkedIn. Look at the From Email Address, Look at the Link (Linked-lower-case L-n), Hovering over the link shows a completely different website address too

Many of us are smart enough not to be fooled into clicking on phishing emails but a recent survey found that those of us who know the dangers of phishing still can’t properly identify  50% of phishing emails that are sent.

Even though surrounded by cyber-security day-in and day-out, one of our employees recently fell for a phishing scam for iTunes credentials. It wasn’t until their credentials failed to log them into the “iTunes” site and someone connected to their iCloud account that it dawned on them that they had been taken by a scam. Scammers are good and the reason why we continue to get emails from Nigerian princes and Nelson Mandela’s wife is that people still fall for the scams and cyber-criminals continue to make a profit.

Hackers are gaining easy access to money, user credentials, and healthcare data through a variety of different phishing scams. And they are sending out an estimated 8 million emails a week. The City of El Paso had $3.2 million diverted through a whaling scam that sent legitimate vendor funds to the incorrect accounts. Bayside Healthcare potentially revealed the health records of 13,000 patients by having one of its employees fall for a phishing scheme.

There is one simple step that everyone can take to defend themselves against phishing attempts:  Hover over links in emails to see what site you are being directed to. Or even better yet, go directly to the vendor (Amazon, FedEx, banks, etc) to see if the offer or information is legit.

Podesta Phishing
The phishing email link that got John Podesta

Clicking on links directly from emails, even if they appear to be legit, carries risk. The email that lead to the hack of John Podesta’s email came from a site that had an address that looked like it was part of the Google Domain but really was not.

Often I see emails that appear to be from banks with an odd misspelling (bankfoamerica.com or  welllsfargo.com– Did you catch the problem?). Scammers have also been getting better at using proper English and grammar by hiring copywriters to make their emails more difficult to detect.

For business owners, implement a system of checks-and-balances for sending funds to vendors or distributing sensitive employee information. Encourage your employees to question unusual and urgent requests for wiring money, even it comes from the highest levels of the company because fraudsters are posing as the CEO, CFO, or HR Director to try to trick your employees.

Scammers take advantage of the whatever season it may be for soliciting for information. During tax season, they pretend to be the CEO or HR Director looking for employee W-2s. During the Christmas season, they send great sounding offers for gift cards and surprises from some of our favorite online stores to elicit information. So as the holiday shopping season is upon us, buyer beware… and buyer be wary. Scammers are out to get you and they are getting cleverer every day.

Women in IT: Empowering Innovation

Women in IT: Empowering Innovation

Throughout history, women have been fighting for the ability to pursue their dreams and a major part in this pursuit has been the fight to be able to participate in the workforce. Women started heavily joining the workforce during 1954-1980; Currently, 57% of adult women are a part of the labor force, and that number continues to grow. While this shows great progress for women determined to have careers, the mathematical and technical industries are still heavily male-dominated.

One industry that many are aware of this gender gap is I.T., with women only making up a mere 26% of the available positions. This statistic is surprising because the cyber-world itself is struggling to fill positions with qualified individuals. By 2020, it is predicted that there will be 1.4 million jobs available in computing-related fields, however, U.S. graduates are on track to fill only 29% of those jobs, with women filling just 3%. Though this may seem disheartening, major companies like Apple, Google, and Microsoft are actively working to promote increases diversity in companies, as they recognize that the majority of workers in technology are white males. Studies show that hiring women in IT roles is beneficial to businesses, as tech companies with women in leadership positions have a 34% higher return on investment than their counterparts. This, coupled with the fact that 35% of young people interested in STEM (Science, Technology, Engineering, and Math) careers are girls, with that number growing increasingly each year, shows that there is hope for more women being a part of the future of technology.

shannon-wilkinson_las-vegas-woman-magazine-coverAxiom Cyber Solutions President, Shannon Wilkinson, is featured on the cover of the latest issue of Las Vegas Woman Magazine as being a woman of importance in the Las Vegas community, as a business owner, woman in IT, and as an example of a successful woman (read the full cover story here). In honor of her being both featured on the cover of Las Vegas Woman, as well as being an influential woman in IT, we decided to delve a little deeper into her experience in the technology world, what has aided in her success, and what she has to say to women with a similar career goal in mind.

How did you get into the IT field?

“The first time I used a computer was when I was in 5th grade and it was the beginning of my attraction to technology. My classroom received a donation of a computer and we were allowed to skip recess to use the computer and I spent many an afternoon waiting my turn to use the computer. Later in life, in college as I started to think about what I wanted to do as a career when I graduated, I realized that my idea of being a lawyer probably was not right for me and I should do something that I’ve always loved because I am a firm believer in the phrase “if you find a job you love, you’ll never work another day in your life” and the rest is history!”

 

What motivates you?

“I like to solve problems through the use of technology. America’s businesses are under constant attack by cybercriminals but for many, cybersecurity is a difficult and expensive endeavor. Through Axiom’s automated, intelligent, and innovative Threat Protection Platform that sits behind our firewalls, we are able to extend cybersecurity protection to all businesses that is easy to use and affordable.”

Do you find that you are treated the same as men in the industry?

“I personally have never felt any difference from being a female in the technology field. I’ve never accepted the idea that I couldn’t be successful in the technology field because I was female. I didn’t let the fact that I struggle with math due to numlexia (dyslexia of numbers) stop me from pursing a university degree that required advanced mathematics because that meant giving up on myself and my dreams.”

What woman/women inspire(s) you?

“Both my mom and step-mom (who I just call Mom as well) both have inspired me throughout my childhood and adult life. By watching them dedicate their lives to their careers, I gained a respect for hard-work and witnessed the power of confidence in self. It is through seeing them be successful in life that I learned that there is nothing that can hold me back except myself. I had to believe in me before anyone else would.

If I had to pick a historical figure, I would pick Eleanor Roosevelt as one of my favorite quotes comes from her. “No one can make you feel inferior without your permission.” Again, that speaks to me about having confidence and trust in yourself.”

What is your favorite part about your job?

“I enjoy trying to find new ways to solve old problems so in short, the innovation. Our ransomware algorithm arose out of a company discussion about how to help stop the rising flood of ransomware attacks that were crippling businesses. We knew that there had to be a better way to stop ransomware and it took about two days but we came up with a way to stop ransomware from activating through an algorithm that lives in each of our devices.”

What advice do you have to young women considering a career in an IT-related field?

“Don’t play into the nay-sayers that will tell you that your gender will somehow prevent you from being wildly successful. Believe in yourself and your abilities. If something is hard, work at it harder. Never give up on yourself.”

As you can see, Shannon Wilkinson and women such as herself can do anything they set their minds to, both within the IT world and beyond. Though statistics on women in technology may be intimidating, it is clear that with the right attitude, determination, and perseverance, your gender nor any other factor will stand in the way of your success. If you’re interested  in learning more about cybersecurity and what it takes to be in the field, please visit https://axiomcyber.com/.

Hailey R. Carlson | Axiom Cyber Solutions | 11/18/2016

IoT DDoS: Disrupting the Internet, One Device at a Time

IoT DDoS: Disrupting the Internet, One Device at a Time

The Internet of Things, a network of physical devices embedded with technology that enables them to collect and exchange data via the Internet, is one of technology’s most incredible advancements because it has been able to bring together millions of ‘smart devices’ in order to help us with things in our daily lives through items such as kitchen appliances, cameras, and cars. However, like many things that are connected to the Internet, these devices can have their helpful technology used for evil. IoT has been the vehicle for many cyber-crimes such as data breaches and ransomware, but more recently, IoT has been in the news for having fueled multiple distributed denial of service (DDoS) attacks.

A DDoS attack occurs when an Internet circuit is flooded with so much Internet traffic, referred to as “packets,” that the Internet becomes jammed and then stops, similar to traffic build-up on a busy interstate that eventually leads to a bumper-to-bumper standstill. Though this is usually done by a cyber-criminal taking over compromised computers referred to as “zombies” which are then used to send ‘bad traffic’ to the victim’s site, there is a new wave of this type of attack being fueled by IoT devices.

IoT-fueled DDoS attacks

One of the most noteworthy of these IoT DDoS attacks affected Domain Name System (DNS) provider, Dyn. On Friday, October 21st, Dyn, the DNS provider for major websites including Twitter, Netflix, Reddit, and Spotify, was attacked by one of the largest DDoS attacks to date. This takedown was facilitated by hundreds of thousands of hacked IoT devices from Web cams to routers. Similar to a common DDoS attack, once hijacked, these Internet-enabled devices are mobilized together to target all of their Web page requests at one target, in this case, it happened to be Dyn. This caused chaos and outrage on the Internet primarily because the websites it impacted, like Twitter and Reddit, have a massive amount of daily users. Though this is the most widely-known IoT-fueled DDoS attack so far, these attacks continue to occur at an alarming rate.

As recent as this morning, there have been reports on at least five Russian banks being hit by IoT-enabled DDoS attacks. Similar to the Dyn attack, unsecured IoT devices were used without owner knowledge and then colonized to target these banks and their websites. Kaspersky Lab has come out to say that the main cause of this attack was due to the fact that many of these devices were left with their default passwords, meaning that once a hacker got into one standard device, he gained access to all of them. This and a few other simple security steps could help us to be better protected against IoT-fueled DDoS attacks.

How to protect against IoT-fueled DDoS attacks

Many people found that in cases such as the Dyn DDoS attack, their IoT-enabled devices were being used in the attack without their consent or knowledge, and this is largely due to a lack of IoT device security. Here are some things you can do in order to help try and prevent your devices being used in the next IoT-fueled DDoS attack:

  • Turn off remote access to your devices when not in use, if possible–When at all possible, turn off remote access to your IoT devices. By leaving a device active while not in use leaves it extremely vulnerable to use in an attack similar to that against Dyn DNS.
  • Change all device passwords from the default–As mentioned above about the recent Russian bank attack, this is another simple step that can be taken in order to make it that much harder for attackers to gain access to your devices. Change your passwords to something hard to guess rather than leaving them vulnerable by using the same, basic passwords that came installed on your devices when you bought them. This is likely the same password used on similar devices, and using such passwords make these devices easier to hack.
  • Update your systems early and often–Stay on top of your system updates so that your network is well-protected. Activate fully automatic updates if it is hard for you to remember to update frequently, this way, you will never be behind in securing your devices.

Stay Secure, America

Axiom Cyber Solutions has been selected as one of the 20 Most Promising DDoS Solutions of 2016 for being able to mitigate the most amount of DDoS attack in a single 1U appliance by CIOReview Magazine. To learn more about our DDoS mitigation services and how you can secure your business by staying ahead of cyber-attacks, please contact us at https://axiomcyber.com or by phone at 1 (800) 519-5070 today!

Hailey R. Carlson | Axiom Cyber Solutions | 11/11/2016

The 2016 Presidential Candidates & Their Views on Cybersecurity

The 2016 Presidential Candidates & Their Views on Cybersecurity

No matter which side you might fall on, we all can agree that this has been by far one of the most interesting political seasons to say the least.

As chaotic and controversial as this election has been though, it is all finally dwindling down next Tuesday, November 8th, as we will finally find out who will be our next President of the United States. This election is one of the most important yet and it will surely go down in history as one that has been the basis for many discussions and disputes in the homes of Americans. Among the many issues discussed, cybersecurity has been a major talking point at many of this year’s debates and campaign rallies. Millennials have even weighed in saying that a candidate’s position on cybersecurity is an important issue to them.

Being a technology-related topic, this is one of the newer issues that candidates must weigh in on that has not been involved in many previous elections. Because of this, many people may have questions surrounding this topic. To help answer some of these questions, below is more information on each of the candidates’ views on cybersecurity as well as their plans of attack, should they be elected.

Hillary Clinton

801556209

Former Secretary of State and 2016 Democratic Presidential candidate, Hillary Rodham Clinton, encompasses her cybersecurity plan under her more broad national security goals. Clinton focuses her plan on combating what she claims to be foreign threats from countries including China and Russia, though she recognizes that there are domestic threats as well. She sees that cybersecurity will be of great importance if she were to be elected, saying, “[Cybersecurity is] one of the most important challenges the next president is going to face…” Clinton promises to stay ahead of cyber-threats, saying, “Our country will outpace this rapidly changing threat, maintain strong protections against unwarranted government or corporate surveillance, and ensure American companies are the most competitive in the world.” Clinton has outlined a few preliminary steps that would be crucial to her cybersecurity plans, and consequently, her overall nation security plan as well:

 

  1. Promote cybersecurity by building upon the U.S. Cybersecurity National Action Plan and upgrading government-wide cybersecurity.
  2. Safeguard the free flow of information across borders to find alignment in national data privacy laws and protect data flows between countries.
  3. Protect online privacy and security through bringing together cybersecurity and public safety communities to work together on solutions that address law enforcement needs while preserving individual privacy and security.

 

Donald Trump

801556188

Well-known business man and former television producer/host turned politician, Donald J. Trump, is the 2016 Republican Presidential nominee. Similar to his Democratic rival, he believes that the threat of cybersecurity is not only real, but needs to be dealt with swiftly and with extreme precision. His overall view on the issue is well summarized when he says, “The scope of our cybersecurity problem is enormous. Our government, our businesses, our trade secrets and our citizens’ most sensitive information are all facing constant cyber-attacks.” During a campaign event in early October, Trump said that if he did become President, “…improving cybersecurity will be an immediate and top priority for my administration.” Though the candidates both agree that cybersecurity is a major threat, like most things, Donald Trump has a different view on how to handle it than Hillary Clinton:

 

  1. Order an immediate review of all U.S. cyber defenses and vulnerabilities by a Cyber Review Team of individuals from the military, law enforcement, and the private sector and have this Review Team provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats.
  2. Establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on various cyber-attacks.
  3. Instruct the U.S. Department of Justice to create Joint Task Forces throughout the U.S. to coordinate Federal, State, and local law enforcement responses to cyber threats.
  4. Develop the offensive cyber capabilities needed to deter attacks by state and non-state actors and, if necessary, to respond appropriately to attack.

Third-Party Candidates

The third party candidates also competing to become POTUS this year include Libertarian candidate, Gary Johnson, and Green party candidate, Jill Stein. Though the two have not participated in the televised Presidential debates, they each have a stance on cybersecurity. Johnson claims that he would have as little federal government control on the Internet as possible, having “criticized the Patriot Act and cybersecurity legislation for allowing the government access into the lives of private citizens.” Jill Stein says that were she elected, she would plan to negotiate an international treaty banning cyberwarfare with the nation’s overall security in mind.

Go Vote!

vote-counts

Regardless of your stance in this political race, make sure that you exercise your right to vote! No matter which issues matter most to you, Americans throughout history have fought for us all to have the freedom to participate in this political process, and it is extremely important for each individual to go out and vote in this election in order to have his or her voice heard!

As Franklin D. Roosevelt once said, “Nobody will ever deprive the American people of the right to vote except the American people themselves and the only way they could do this is by not voting.”

 

Hailey R. Carlson | Axiom Cyber Solutions | 11/03/2016

Image source (pre-edit)