Cybersecurity

Tag Archives

stratecta - ransomware security

Overcoming The False Hope of a Ransomware Attack (Part 1)

Every modern business deals with a certain amount of technology. From tech companies that consist internally of nothing but professionals at computers to minimally technical industries that still rely on databases and business software to keep everything running smoothly, the need for a secure network and backups of archived business data is universal. When your data is in danger and it looks like there’s a chance of recovering anything that has been lost, most companies will jump through flaming hoops for any either planned or, worse, unplanned recovery method. That is exactly why ransomware is so terrible. The hope of getting your files back after a disaster is often more powerful than the fear of losing them in the first place.

While you may think that your files are being held hostage, your disaster recovery plan is much more reliable than any hacker’s “promise” that you’ll see your files again.

Malware Has Always Wiped Files

To understand the innovation of ransomware, it may help to have a better grasp on the history of malware as a whole. Ransomware is just one of the most recent innovations in a long chain of malicious, invasive software. In fact, while there has been a significant rise in the ability of malware to actually do something like steal credit card numbers or extortion, malware has traditionally been almost completely pointlessly evil. Worms have roamed the web since before the internet unification seeking out vulnerable systems and often infected websites are simply left up to hurt anyone who comes across them.

When an infection is successful, whether it was targeted or random, the malware’s goal is simply to cause pain. Spamware makes your system unusable with constant pop-ups, spyware steals your login information and uses it for fraud or more spam, and many forms of malware despite the name will simply explore your files, deleting or corrupting them as it goes. Hackers have always deleted files for fun and there’s no reason to assume that they’re going to stop now just because they’ve also figured out how to make a little side cash.

What Ransomware Does

When ransomware gets onto your computer, it’s first act is usually to lurk around for a while. During this time, it may finish installing itself, spread from the first computer into the local network, and map all your files. These processes usually happen quietly using background resources and the delay often masks the true infection point, whether it as a bad website, a phishing email, or an actual hacker security breach in which the ransomware was placed on your computer. Continue reading

win the crown

5 Techniques to Help Dealership Staff Improve Cyber-Security (Part 2)

Welcome back to the second half of our two-part article on how to help your dealership staff become an important part of the cyber-security effort. They are responsible for handling reams of customer personal information and protecting the financial interests of every client who comes through your doors. This means keeping account information safe, even from people who claim to be the friends and family of your customers. Last time we talked about line of sight on staff computer screens and the reasons why personal data is so vital to protect. Let’s pick up on access to employee computers.

3) No Customer Access to Employee Computers

There are two kinds of computers in a dealership, those set aside for customers to manage their finances and buy insurance on, and those that employees use to sell cars and manage customer accounts. If it can possibly be helped, do not let customers use employee computers. These have software, data access, and possibly saved log-in information that could give customers access to information and actions they should not have.

Worse than accidentally letting a customer access your control software is the fact that not all hackers live in Russia. There are plenty right here in the states and they will absolutely take an opportunity to ‘phish themselves’ on your machine, quickly pop in a malware-riddled USB device, or find a way to email themselves data on your system. If a customer is allowed to use an employee computer, watch them very closely and do not, under any circumstances, allow outside data devices to be plugged into a dealership computer.

4) Never Open Email Attachments

Speaking of phishing, the current leading form of hacking and social engineering all tied into one. Phishing occurs when a hacker sends a false email with an infected attachment. The email either appears to be from a friend or coworker or it can pose as a message from a concerned “customer”. There are many different phishing strategies ranging from convincing the victim that the attachment is an important work document to thinking it’s a funny cat picture. The only thing in common is that the hacker must convince a staff member to click their infected link in order to spread the malware. Continue reading

security

5 Techniques to Help Dealership Staff Improve Cyber-Security (Part 1)

Car dealerships have everything that hackers and scam artists love. You deal with high-value items and handle large amounts of money. You deal with people’s banks directly and process stacks of personal information that could be used for identity theft. You process payment information like debit and credit cards and cars are a favorite way to blow through stolen money or ruin the life of someone whose identity has been stolen. To a hacker, a car dealership looks like a playground which means that it’s your job as the honest professionals trying to run a business to protect yourself, your customers, and your staff members from the inevitable attacks.

Cyber-Security and Social Engineering

However, having a strong firewall, encryption, and virus-scanning software isn’t enough anymore to stop the really determined cyber-criminals. The new name of the game is social engineering, using deception and false human connection to lure staff members into making a critical mistake. Sometimes, the scam isn’t even to get malware onto your computer, but rather to steal information directly from the employee themselves, tricking them into giving away important personal or account information about a customer or performing an action that they shouldn’t. In order to keep your employees safe, it’s vital that they are fully trained in data protection on every possible level.

1) Protect Line-of-Sight

Start by explaining that hackers aren’t the only criminals. People can and will come in under false pretenses, hoping to get a look at someone else’s account information. Guests claiming to be the spouses, friends, and family members of your customers may ask to check on information, then try to get a look at something else while the account is up on the staff member’s screen. There are several reasons why someone might want a peek at another person’s car dealership information including looking for financial information, an identity to steal, or stalking.

Because you can’t know who is scamming right off the bat, you are obliged to be helpful and go along with any reasonable requests but be very careful about line of sight. Never show someone another customer’s information and if your office door isn’t closed, don’t turn your monitor around at all just in case someone sees something from across the hall. Be aware of windows, people walking behind you, and reflective surfaces. Yes, scammers and stalkers get that devious to steal personal information.

2) Never Answer Personal Questions

People will come in person, call you on the phone, and send you emails asking for information about accounts, cars, services, and customers. Naturally, the vast majority of these contacts will be business-as-usual but every staff member needs to be on their guard for the one call in two hundred that is loaded and dangerous. To be ready even if you don’t see a scam call coming, never ever give out personal information on customers or your fellow employees. Continue reading

stratecta

The Complete Digital Transformation Checklist – Is Your Company Up to Speed? (Part 2)

Welcome back to our complete digital transformation checklist. Last time we covered the importance of starting with a website including a live chat feature, the inevitability of a mobile app, and why every modern company can and should have a CMS. We ended the article by promising more acronyms and as we hate to disappoint, let’s start today with the EMS.

4) Industry-Specific EMS – Enterprise Management Software

The term EMS stands for enterprise management software and this acronym is, in fact, incredibly vague. The kind of software you need to run your business depends on your industry and size but believe us, at this point there is a fast and capable EMS for almost every industry on the planet from field services to finance management. Look into software built specifically for your industry and consider streamlining the vast majority of your procedures. EMS’s can offer inventory tracking solutions, connect to your CRM for improved customer relations across the board, and are usually built to address concerns unique to the industry like specific safety inspections, appointment scheduling, and so on.

5) VOIP – Internet Phones for Everyone

If you are still paying a telco company for wired office phones and costly cell phone plans, it’s time to join the rest of the online community in internet-based phone services instead. VOIP has come a long way since Skype for individual users introduced the population at large to the idea in the first place. There are now VOIP companies that cater exclusively to businesses and call centers and the flexibility is amazing. Not only can you scale a VOIP plan to any size of team or company, you can also access numbers from anywhere including mobile devices simply by logging into an online platform.

6) AI-Assisted Data Analysis

Data analysis, once one of the most tedious chores of any sales, research, or IT team, can now be handled almost 100% by self-learning computer programs. The power of large-scale data analysis and AI intuition can cut the time you spend on data analysis down to a fraction while multiplying the available results data your teams have to work with. The fact of the matter is that computers are both better and faster at skimming data and drawing trend charts.

7) IoT Devices and Sensors

IoT (Internet of Things) is the latest craze in business technology and it looks like it’s here to stay. The concept behind IoT devices is simply that they are wifi-enabled and can be controlled from a Smart Home hub or a mobile device from anywhere in range of the wifi network. Businesses are using IoT security cameras for wireless access to their security footage. IoT lights that can be remotely switched off and a programmable IoT thermostat┬ácan work together to significantly reduce your power bills. Plus, employees are delighted by almost all IoT gadgets like, say, an IoT coffee pot that can start brewing before anyone physically gets to the break room. Continue reading