How Retail Cybersecurity Can Adapt to the 2021 New Normal

The retail industry, having learned to co-exist with a global pandemic, saw significant changes in 2020. Foremost among them is a major shift to the eCommerce channel. For those smaller retailers new to eCommerce technology, shopping and payment apps, and work-from-home technology, retail cybersecurity challenges have become much more of a concern for 2021. 2021 Cybersecurity Threats Trustwave’s 2020 Global Security Report found that 24% of all cyberattacks targeted retailers, the most of any industry. Alarmingly, the new normal of eCommerce and work from home (for back office staff) makes retail even more of a target than it was a…

READ MORE

Engage a Personal Cyber Security Trainer for the New Year

In our previous post, we listed three common cyber security threats with security best practices and cyber-security solutions that simplify your life while reducing the risk of an energy-draining security breach. Again, we encourage you to engage your personal cyber security trainer to improve your security health for the new year. Until you attend that life-changing meeting, here are three more common cyber security threats you face with security best practices and solutions to help keep you in shape. Remote Employee Threats As remote work multiplies employee locations, your workforce will be less and less protected by your network security…

READ MORE

Schedule a Workout Session with a Business Cyber Security Coach

Your day starts with an energy bar and a three-mile run. But on your laptop awaits a long list of business cyber security notifications that require your immediate attention. You rush to get through the alerts before others sign in and you’re swamped with the usual fire drills. And that project you’ve been trying to get to for the last five weeks? Well, it’s just going to have to wait for another day. Wouldn’t it be great if you could get this all into shape through a workout session with an expert business cyber security coach? Someone who could run…

READ MORE

Fight Double Extortion Ransomware Threat with Essential Security

Late in 2019, a new cyber security threat emerged. Criminals used ransomware to attack Allied Universal. In a twist now known as double extortion, the bad actors first extracted sensitive information before encrypting company data. Then they insisted that Allied pay a stiff ransom to avoid seeing sensitive data leaked publicly. Throughout 2020, other attackers have followed suit. To convince organizations to pay a ransom, criminals threaten to publish or sell the stolen data. To prove their point, they post samples of the data on their websites. Thus, the tactic effectively combines ransomware with data breach. And it places organizations…

READ MORE

Ransomware Payments Sanctions Avoided with Risk-based Compliance Program

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an advisory to highlight the sanctions risks of ransomware payments. The advisory warns companies and others that ransomware payments to cyber criminals on OFAC’s blocked persons lists and those covered by embargoes are prohibited. Violators of OFAC regulations face financial sanctions that may be reduced if they meet certain conditions. “Under the Enforcement Guidelines… the existence, nature, and adequacy of a sanctions compliance program is a factor that OFAC may consider when determining an appropriate enforcement response,” the OFAC notice reads. “Now more than ever, preventative…

READ MORE

How to spot a business email compromise scam

Business email compromise (BEC) scams are on the rise. They target business owners and high-level employees in order to defraud a company, its customers, or its partners. In this type of scam, an attacker will pretend to be a trusted entity by spoofing a company email account. Then, they trick employees into revealing sensitive information or performing wire transfers. Types of BEC Scams There are different types of BEC scams. However, all these threats usually target employees with access to company finances, in an attempt to trick them into transferring money or revealing sensitive data. BEC scams include: false invoice…

READ MORE

7 bizarre security analogies about preventing ransomware hacks

7 bizarre security analogies about preventing ransomware hacks. Ransomware is the worst. Attacks grew 250 percent last year, and 26.2 percent of those targets were businesses. Even worse, one in six businesses that paid the ransom still didn’t get their data back. WannaCry alone affected over 400,000 machines, and let’s not even get started about ExPetr—the wipervirus formerly known as Petya—or October’s Bad Rabbit. And even though you’ve already implemented as many “new” and “innovative” strategies as you can, you still can’t sleep at night. First, the good news: Some script kiddies are switching to cryptocurrency mining. Fewer new strains were discovered last year than expected, and…

READ MORE

What NOT to do after a data breach

What NOT to do after a data breach Breathe deep, reduce anxiety, and avoid these 9 things It’s an IT department’s worst nightmare: Your business has been hacked by a third party that has accessed your sensitive, confidential data. And often, by the time you discover it, a breach is well underway: US companies take an average of 221 days to detect a breach, according to a 2018 study. So what do you do? Well, it turns out that knowing what not to do is just as important—because, even with the best of intentions, your team could accidentally make the…

READ MORE

How to Succeed at Company-Wide Security Awareness Training

A recent survey by Security Magazine indicated that eighty percent of companies experienced at least one cybersecurity incident over the previous year. Firewalls and antivirus alone will not protect essential information from attack. Organizations must mitigate the human error factor with targeted, relevant security awareness training for every employee, including executives. Security awareness training teaches employees how to recognize and reduce cyber security risks. All too often, employees at all levels fail to realize how their own behavior opens the door to attack. Likewise, they may not understand and follow best practices to protect both the organization and customer data….

READ MORE

MSPs Empower Remote Work with Flexible Solutions

By summertime, nearly half of the U.S. workforce reported working from home full-time. Even after the pandemic, many employees will continue to work remotely at least part-time. Managed services providers (MSPs) help make that possible. By providing increased security, cloud services and collaboration tools, MSPs empower remote work. Long before 2020, work-at-home numbers began a steady climb. Remote work benefits businesses by reducing overhead costs and allowing hiring managers to seek talent without regard to location. On the other hand, workers benefit from increased flexibility, often reporting greater productivity when they work from home. At the same time, remote work…

READ MORE