Author Archives: Hailey Carlson

Social Media Security—Are Hackers Able to Steal Your Information?

Social Media Security—Are Hackers Able to Steal Your Information?

Over 75% of US adults use some sort of social media—it’s a great way to keep in touch with friends, family, and even stay up-to-date on breaking news and the latest celebrity gossip. Many of us have accounts across several platforms, such as Facebook, Twitter, and Instagram, making it that much easier for us to keep in contact with people across the globe in a variety of ways.

With all of these connections, however, it is not only easier for us to see what our loved ones are up to, but it also centralizes all of our data for hackers, making it that much easier for them to steal our personal information to use for their own malicious gain. These cyber criminals are able to hack into individuals’ or business’ accounts and some have even been able to hit the majority of users on a single platform at once. With hackers so focused on attacking any and every one that they possibly can, it is important to educate yourself on the types of threats that these cyber criminals pose as well as to learn how to better protect your accounts against potential attack.

How They Do ItWith the recent data breaches of LinkedIn, Tumblr, and the biggest of all (oddly enough) Myspace—consisting of 427,484,128 passwords and 360,213,024 email addresses from both active and dormant accounts (making it the biggest social media data breach to date), social media security has become a hot topic and the question at the top of everyone’s minds is, “Am I next?” While hackers seem to be fairly random in whom they target, there are ways to strengthen your own personal security for your online social networking accounts. Not only should you be prepared against massive platform data breaches, but targeted attacks on individual accounts as well.

While these data breaches are able to target millions of people at once, the most common social media cyber-security crimes are directed attacks on individuals, and are primarily done via sophisticated online phishing.  Hackers hack into existing accounts or create secondary accounts of individuals and pretend to be them—going as far as to steal pictures, birthdays, and ‘liking’ the same pages the victim likes. Then, these criminals add friends and family of the victim, posing as him or her and then making odd requests such as needing cash immediately in order to help them out of a tight spot. It is the modern version of the Nigerian prince scheme, only more people fall for it because it appears to be an actual loved one in trouble. With hackers becoming more creative and shifty, it is growing to be more and more challenging to protect against these threats, and all the more important to protect your social media accounts.

Ways to Protect Against AttackI originally titled this article “Are Hackers Trying to Steal Your Information?”—but the answer to that is always ‘yes.’ Hackers are consistently looking for ways to steal and corrupt as much information as they possibly can. The proper question is, “Is it easy for them to do so?” While there is no silver bullet when it comes to cyber-security, especially regarding social media, here are a few ways to make it harder for these cyber criminals to get your personal information:

  • Use different, stronger passwords—By making your passwords longer and more complex, as well as using a different password for every account you have, you can reduce your chances of being hacked significantly. Even if your information from one site was compromised, for example in a data breach, by having different passwords for your other social platforms, you reduce your risk of having more information exposed, which aids in your overall cyber-security. Facebook CEO, Mark Zuckerberg, had to learn this the hard way when his Pinterest and Twitter accounts were hacked after the LinkedIn breach provided hackers with his login information, including passwords, which were not only weak, and therefore easily hackable, but he used the same one for both sites. Thankfully he didn’t have the same password for his Facebook account, but it just goes to show you that no one is safe from attack if they use the same, easy-to-crack password for every social media site.

 

  • Two-factor authentication—otherwise known as two-step verification, requires users to login not only by entering their password online, but a second, unique verification code sent via text. When there are multiple security steps necessary to sign on to social media, it is harder for these hackers to get to your valuable information. This has proven to be one of the most vital steps in protecting social media accounts; Facebook, Google, and Twitter are currently utilizing this technology, and hopefully more catch on soon (Since their data breach, LinkedIn has implemented this feature as well and encourages its users to take advantage of it).

 

  • Do not add people you don’t know—While this may seem obvious to some, many people add ‘friends’ online all the time who they have never even heard of before. With people hacking into the accounts of people you actually know and pretending to be them in order to extort something out of you or another loved one already, why increase your chances of phishing and hacking by adding a complete stranger?

 

  • Be wary of suspicious messages and posts—Many hackers utilize vulnerable accounts to hack into in order to send friends and family members messages either asking for money or some other odd request. If you receive a message like this from someone you know, contact them in a way other than social media to see if it is really them, especially if the message looks like something out of the ordinary.

 

  • Don’t have sensitive information on your accounts—Most social media platforms give you the option to make certain information private, even from people you know and accept online as ‘friends’ and doing so can really help you strengthen your cyber-security; sensitive information such as your home address or cell phone number can be dangerous to have readily available on social media because it acts as an open door to finding other information about you that could potentially be used by cyber criminals to steal your identity.

There is no surefire way to guarantee your social media accounts won’t be hacked—hackers are working every day to find new ways to get your information. By taking multiple precautionary steps, however, you can make it harder for hackers to get to your information and the information of your loved ones.

—Hailey Carlson, Marketing Intern 6/13/2016

Gone Phishing: Who’s really on the other end of the line?

Gone Phishing: Who’s really on the other end of the line?

Phishing

Email, social media, smartphones, and other electronic communication are now the norm for communicating across and between businesses of any size. You may even be a part of a company so big that you email back-and-forth with people on a daily basis whom you’ve only met a few times in passing. Or you may be contacting multiple potential clients for your start-up business, many of which you have never met before at companies you’ve barely heard of. If you see that an email is from someone who appears to be an employee at your business or a good potential client, you click on it so as to build and maintain positive relationships with them and help them with whatever it is that they may need. But how do you know if that email is actually from Jim in Accounting or Jane at your strong lead’s firm and not a hacker posing as him or her? When it is really the hackers and not the genuine people you think it is, this is called phishing.

Phishing is a tricky cyber threat—able to stump 20% of employees at J. P. Morgan when the company sent out a fake phishing email—but what is it exactly? Phishing is when impostors pose as reliable entities, such as banks, universities, or other well-known companies, via electronic communication, to solicit personal information which they can then use to steal people’s identities or infect their computers with malware. Phishing is growing at a rapid rate with many other cyber crimes; not even halfway into 2016, there have already been 36 companies that have fallen victim to phishing email attacks where the hackers were in search of employees’ personally identifiable information (PII) to aid the hackers in identity theft. Arguably just as vicious as going after people’s PII, these hackers have begun to steal funds from companies primarily through a form of phishing known as whaling.

 

Whaling, the new Phishing

Whaling, a form of phishing usually synonymous with the term spear phishing, is when hackers target executives for their phishing attacks; either emailing them directly or posing as these high-ranking members to send mass emails to employees (and in turn successfully infecting all employee’s computers who open the malware-ridden emails), in order to gain access to valuable information like financial numbers, wire transfers, and employee information.  A Mimecast survey conducted late last year found that 55% of businesses across the globe had experienced an increase in whaling attacks over the previous twelve months.

Whaling has been in the news recently for having hit Mattel, the producer of such toys as Barbie and Hot Wheels, with a malicious $3 million transfer of money to a hacker based out of the Bank of Wenzhou in China. Cyber criminals posed as a legitimate member of the Mattel executive board—the newly-instated CEO, Christopher Sinclair—to trick finance employees into transferring the sum to their malevolent bank accounts. In order to transfer money, Mattel requires two executives to sign off on the transfer so as to help reduce financial-related risks, one of which being the CEO. When the unnamed financial executive saw what he thought was the CEO’s approval, he assumed the transfer was legitimate and transferred the funds to the Bank of Wenzhou, unknowingly completing the hacker’s mission.

Thankfully, this event happened on a Chinese banking holiday, meaning that the funds were held up and Mattel was able to recover the wrongfully transferred funds almost immediately after finding out about the issue. Though this is good news for the toy-producing giant, most companies do not always have such lucky timing when cyber crimes strike. This is why knowledge and education are crucial defenses on the cybersecurity front. If employees know how to identify suspicious communications, then it is less likely that the company will be subject to phishing and whaling attacks.

 

How to identify a suspicious message

The primary goal in combating phishing and whaling attacks is to make sure that harmful traffic to employees is stopped without hindering the good traffic of current and new clients as well as other reliable entities. The best way to handle a phishing email scam is to prevent it from happening in the first place; employee training on how to identify a fraudulent email is an extremely important step in ensuring workplace cybersecurity, and there are a few telltale signs that indicate whether or not an electronic communication is a scam:

Links- The best way for a hacker to access your information is by making you come to him. Many links in suspicious emails can be verified by hovering your mouse over it; if the link is taking you to an .exe file for example, do not click on it, as these have been known to be the source of various malicious software in other cyber crime situations.

Threats- When there is a threat in an email, such as forcefully taking down an account or being fined if you do not take instant action, this is usually an indicator of phishing. This can come in the form of both email and phone solicitation and threats are easily identifiable by the request of immediate action or otherwise facing the hacker’s consequences.

Posing as a popular company- Seeing a familiar logo or name on an email or other electronic communication can give you a false sense of security that what you are receiving is a legitimate connection from an accredited company. An indicator that a message is phishing is when the hacker includes the company title in a way that is slightly different from the actual company name (i.e. Twitter Co. instead of Twitter Inc.). Also, if you regularly get emails from a reliable company and you receive one that looks different than usual, this is a sign that it may be a phishing scam.

Spelling errors- If there are clear spelling errors throughout the email, it is obvious that this email was not carefully looked over by a member of an authentic company and is likely phishing. This not only includes spelling and grammatical errors, but also when key parts of an email, such as the subject line or a signature, are missing or strangely worded.

If you believe an electronic communication to be malicious or suspicious, do not open it, delete it, and report the incident to your IT department. For small businesses that may not have an IT department or think that cybersecurity is out of reach for your company’s budget, please go to www.axiomcyber.com to learn more about our affordable managed cybersecurity solutions and how we can help your business get and stay secure.

The Healthcare Industry is Undeniably Vulnerable to Ransomware Attacks

The Healthcare Industry is Undeniably Vulnerable to Ransomware Attacks

HEALTHCARE DATA BREACHES

Recently it has become obvious that we are all vulnerable to attacks by anonymous people on the internet who wish to hack into our lives and steal our private information for their own personal gain if we do not take the proper measures to protect ourselves. Hospitals and other healthcare facilities are goldmines for hackers looking to steal hundreds of people’s information at once. You would think that with all of this sensitive information in their files, hospitals would be highly concerned about the protection and security of this data. However, the Healthcare industry has become one of the most hard-hit industries when it comes to cyber security due primarily to the heavy amount of data breaches that have plagued the industry in recent years.

Data breaches have skyrocketed over the past six years, especially in the Healthcare industry, and things are looking worse, making us more susceptible to breaches of our own personal medical information—and we’re not the only ones who are afraid. In just one year, Healthcare professionals have grown 13 percent more worried about attacks on their databases; and with 59 percent fearing that the existing budgets set in place for protection against these kinds of incidents are insufficient, it is obvious that the Healthcare industry is struggling to keep up with the changing world of cyber security.

According to the sixth annual Benchmark Study on Privacy & Security of Healthcare Data conducted by Ponemon Institute, 89 percent of Healthcare providers fell victim to multiple data breaches over the past two years and one-third of providers were subject to anywhere from 2-5 breaches. Approximately 50 percent of these breaches were due to a mix of employee negligence, third-party snafus, as well as stolen electronics. When the study was conducted six years ago, the majority of data breaches were caused by these issues; however it is clear that today, responsible for the remaining half of these breaches, the number one cause of Healthcare data breaches is cybercrime.

RANSOMWARE

One of the fastest growing, most devastating of these cybercrimes is ransomware and the Healthcare industry has taken more than its fair share of the brunt of this issue just this year. A few months ago, ransomware was found to be the cause of two Healthcare networks to be forced to take their systems offline, for fear of the issue spreading. Prime Healthcare Management, Inc. in California and Methodist Hospital of Kentucky were in a state of crisis when their networks were compromised by ransomware. While it seems that Prime was able to detect and handle the situation prior to any protected health information (PHI) being made vulnerable, Methodist was not so lucky. Reports say that they paid $17,000 as a ransom to regain access to their PHI files, while insiders claim that the amount paid could be significantly higher. This is one of the worst situations you could be in when dealing with ransomware, second only to your business being shut down. Prevention is a much better defense than reaction or negotiation with criminals.

Axiom can aid in these preventative measures due to its proprietary ransomware algorithm built into their Sentry firewall that would have been able to block these ransomware communication protocols at the firewall before criminals could have encrypted the PHI files. This would have saved Methodist Hospital of Kentucky thousands of dollars in ransom paid to criminals as well as their patients’ peace of mind.

HIPAA COMPLIANCE

When these Healthcare providers wish to combat ransomware, it is important for them to be aware of their HIPAA compliance. HIPAA HITECH requires that you have a disaster recovery plan and adequate backups, so HIPAA regulations have been a hot topic of discussion during this spike in Healthcare breaches. While some influential figures have questioned whether or not these breaches caused by ransomware are protected under HIPAA, it is conclusive that the industry is in dire need of revamping their approach to cybersecurity.

Axiom is able to help businesses in the Healthcare industry feel at ease by acting as their HIPAA Compliance Partner through providing them with professional and technical product services that include a HIPAA Security Assessment, Gap Analysis, Preparation and Certification as well as VOIP and 24-hour technical support.

If you’d like to find out more about what Axiom Cyber Solutions can do for you in regards to HIPAA compliance and protecting your business from cyber threats, please visit www.axiomcyber.com.