Ransomware on the rise!

7 Passwords You Should Never Use at Your Small Business - SMALL BIZ AHEAD

https://sba.thehartford.com/managing-risk/7-passwords-you-should-never-use/?cmp=EMC-SC-SBA-13055326&eml=1

7 Passwords You Should Never Use at Your Small Business

Owning a small business means owning data. You're constantly acquiring new information related to your customers, your financial details, and all the vendors and contractors with whom you work.  One cyber criminal, though, one lucky hack, and you've just exposed your business to a major blow. From lost trust among your clients to costly lawsuits for the damage done, protecting your company from data theft is among your most important responsibilities.

A lot of it comes down to one simple choice you make:  passwords.

"Overall, passwords still present the biggest challenge for businesses of all sizes," said Ron Schlecht, founder and managing partner of BTB Security. Businesses hire Schlecht's company to test their digital security for weak spots and, he said, "you can't imagine how many times we still break in to companies because of a bad password."

If you want to avoid weak passwords at your business, start by steering clear of the following list. Read on for seven passwords you should never (ever) use.

Password

Arguably, this is the number-one and most common bad choice. Also prevalent are variations such as P@ssword and P@55w0rd!. These might be easy to remember, but they're also among the first options hackers will try.

QWERTY

Easy-to-guess passwords often take root because they're simple to remember. That's the story with this hacker-friendly option constructed from the sequence of letters at the top left of the typical computer keyboard.

12345

Or, 98765. Or, 4567. You get the picture — no consecutive numbers (and the same goes for sequential letter combinations). You can only count on passwords such as these to expose your business to digital theft.

BusinessName1

If your shop is called Serafina's Weddings, don't set your password as SerafinasWeddings1. That would be a early choice for hackers looking to break into your valuable data.

Business Address

Skip it entirely, when it comes to passwords. Also avoid trying to mash together similar details, such as your street name and street number — i.e. Main215. 

Date of Birth

Thanks to the Internet, it doesn't take much effort to find a person's DOB. Birthdays, birthdates, years of birth — all of them make for readily attainable passwords and are poor choices for your company.

Simple Dictionary Words

Especially if they're related to your business, don't use them. No baseball, football, or soccer for your sporting goods store. No muffler, tire, or spark plug for your auto garage.

 And so, what should you do when it comes to picking a password?

A key approach starts with thinking of a passphrase. Next, substitute letters, characters, and abbreviations for parts of it. For example, my first car was a Honda in 1990 would be easy enough to remember, if that was the case in your life. Now, change it to my1stc@r=honda90.

Steer clear of the not so magnificent seven above, and protect your data with hard-to-guess constructions. With a strong password strategy, you're well on your way to foiling online attacks.

Next Steps:  Are you looking to expand and grow your small business but don't have time to keep up with the latest trends and technology? We've got you covered with the weekly Small Biz Ahead newsletter. Sign up today and start receiving the weekly newsletter chock full of the latest tools and resources to help you run a successful business.

Blog www.3boffice.com

Robert Blake Consultant Bit by Bit Computer Consultants 721 North Fielder Suite B, Arlington TX 76012 t: 877.860.5831 x190 m: 972.365.7010 w: http://www.bitxbit.com e: robert.blake@bitxbit.com

Managing technology and Protecting Data.

                                                           

The long-term consequences of data breaches on consumer trust

In Other News:

The long-term consequences of data breaches on consumer trust

Most news coverage surrounding data breaches will hint at the erosion of customer loyalty, but what does it truly look like? With industries being disrupted at unprecedented rates, companies that are caught in the cross-hairs of highly publicized breaches must face the reality of losing customers to their competitors.

Additionally, an emphasis on post-breach damage control can impede an organization’s marketing and communication efforts to regain trust with their customers. The involvement of legal teams usually results in radio silence that can span months or years, causing brands to gradually diminish from the minds of their audiences.

As cyber-attacks continue to become more commonplace, marketers will begin to assume a role in shaping security efforts. Third-party marketing technologies are rife with vulnerabilities that hackers are waiting to explore, and everyone will be responsible for prioritizing privacy over data management.

https://www.thedrum.com/opinion/2019/01/28/the-effects-data-breaches-consumer-trust-run-deeper-you-think

Cybercrime is More Lucrative Than Drug Trade

Cybercrime is More Lucrative Than Drug TradeAccording to researchers, cybercrime is the world’s fastest growing criminal industry. This may come as a surprise to some, considering cybercrime in this comparison goes head to head with the infamous and profitable illegal drug trade.

Cyber defense spending will increase as well, with the report predicting over $1 trillion in spending on cybersecurity between 2017 and 2021 and keeping the cybersecurity unemployment rate around 0%.
https://cybersecurityventures.com/cybercrime-damages-6-trillion-by-2021/

In Other News:

In Other News:Alarming News A hacker warned an unsuspecting homeowner of his ability to hack the man’s home security system by speaking to him through it. In a circumstance that could only be described as ‘alarming’, a hacker who claimed to be with anonymous told the Arizona man, through the Nest security system he had installed, that he had been hacked. The hacker then listed passwords the man had on other sites. If you have a Nest security system, you may want to consider contacting the manufacturer about this incident.

https://www.usatoday.com/story/tech/2018/12/10/phoenix-man-hacker-broke-talked-nest-security-cam-home/2262816002/

Brazil - Cadastro de Pessoas Físicas Database - BREACH

Brazil -  Cadastro de Pessoas Físicas Databasehttps://cyware.com/news/misconfigured-cloud-server-exposed-taxpayer-id-numbers-of-120-million-brazilians-91298892

Exploit: Exposed database.
Cadastro de Pessoas Físicas (CFP) Database: CFP is a Brazilian national identifying number attributed by the Brazilian Federal Revenue, that must be issued before opening a bank account, creating a business, paying taxes, or getting a loan.

	Risk to Small Business: 1.777= Severe: The breach only contained user’s subscription status, but it is believed that this could be the first part of a more extreme breach. Because the bad actor knows if user’s subscriptions are active, inactive, or paused, they could send out spear-phishing emails about the subscriptions that would trick users into clicking.
	Individual Risk: 1.857= Severe: There is a significant amount of personal information that was exposed during this breach that would be highly useful to a bad actor wishing to engage in a spear phishing campaign.

Customers Impacted: 120 million Brazilians.How it Could Affect Your Customers’ Business:  The personal data of customers was exposed which would be highly damaging for any organization. In many countries, the organization would also face consequences from the government such as fines.ID Agent to the Rescue: ID Agent offers Dark Web ID™ which discovers compromised credentials that could be used to implement a crypto jacking script. Make sure your credentials are safe; for more information go tohttps://www.idagent.com/dark-web/.Risk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.

China - Boomoji

China - Boomoji https://techcrunch.com/2018/12/13/popular-boomoji-app-exposed-millions-contact-lists-location-data/
Exploit: Exposed database.
Boomoji: A Chinese company that makes personalized animated avatar to be sent over text and other various apps.

	Risk to Small Business: 2.111 = Severe: Exposed databases can be very embarrassing for a company because there is no excuse for leaving the database where customer information is stored unsecured. Customers are unlikely to return to the service, and if they do could be hesitant to enter in credit card information or reveal more of their data because they figure it could be at risk as well.
	Individual Risk: 2.111 = Severe: Those affected by this breach are at an increased risk of phishing attacks. This is made a severe risk in this case because the exposed information included the contact books of the users who gave the app permission to access it.

Customers Impacted: Over 5 million users.
How it Could Affect Your Customers’ Business: Not only is the exposed database embarrassing for the organization, but the company lied about the extent of the breach by stating the databases were for testing purposes only. Not being upfront about the breach can result in a further loss of trust in the company by the customer.
ID Agent to the Rescue: Spotlight ID by ID Agent offers comprehensive identity monitoring that can help minimize the fallout from a breach of this type. Learn more: https://www.idagent.com/identity-monitoring-programsRisk Levels:1 - Extreme Risk2 - Severe Risk3 - Moderate Risk*The risk score is calculated using a formula that takes into account a wide range of factors related to the assessed breach.