Friday, April 26, 2019

The growing threat of business email compromise (BEC), and what you can do about it

The growing threat of business email compromise (BEC), and what you can do about it
BEC is a scam in which hackers target companies that pay their bills through wire transfers. Typically, scammers will impersonate C-suite employees and leverage social engineering techniques to route funds to themselves, resulting in hundreds of thousands in losses. In 2016, the global average for costs faced by a single company was $140,000.
Below are the 5 most common forms of BEC fraud, according to the FBI:
  • The Bogus Invoice- Fraudsters pose as vendors requesting payments to accounts that are owned by them. Such an incident is most common among companies who deal with foreign suppliers.
  • CEO Fraud- As the name implies, cyber criminals will assume the role of an executive and request fund transfers from their finance teams.
  • Account Compromise- In this scenario, employee accounts are hacked and leveraged to request invoice payments from vendors.
  • Attorney Impersonation- Attackers pretend to be lawyers in charge of confidential information and will ask for unusual requests via phone or email. This form of BEC tends to occur toward the end of a business day.
  • Data Theft- Hackers will go after HR and finance employees to gain PII and tax statements of employees, which can be used for future attacks.
What makes BEC so dangerous is that such scams can circumvent traditional security solutions, since they do not contain any malicious links or attachments that can be identified. Some immediate security flags for such tactics are words like ‘request, payment, transfer, or urgent’ in an email subject line, but employee cybersecurity training and awareness remains the most effective solution to preventing BEC.
By at No comments:

Thursday, April 25, 2019

"Why does HIPAA apply to me if I am not in the medical field?"

"Why does HIPAA apply to me if I am not in the medical field?"
HIPAA, the acronym for the Health Insurance Portability and Accountability Act, is a regulation administered by the Department of Health and Human Services.
Most people are aware that hospitals, long-term care facilities, health insurance companies, doctors offices, & the like must comply with both the privacy and security components of HIPAA. However, many people are fuzzy on the fact that other organizations also have to follow a minimum set of security standards under HIPAA.
Any organization who provides services to any of the entities above has to sign what is called a business associate agreement or BAA. This agreement is essentially an attestation that the business associate will exercise due care while handling medical records.
Here are some examples of business associates:
- An outsourced IT firm
- A third-party cybersecurity firm
- A CPA firm who provides accounting services and has access to PHI in the process
Any time a business associate discloses handles or uses PHI, they must comply with HIPAA Security Rule and HIPAA Privacy Rule mandates.
The HIPAA Security Rule requires periodic risk assessments, users to be trained on security best practices, and penetration testing to ensure that the business associate is not adding unnecessary risk to the handling of protected health information.
Essentially, anybody coming in touch with protected health information needs to align their cybersecurity posture with HIPAA requirements.


Net more info.. contact us at 877.860.5831
By at No comments:

Wednesday, April 24, 2019

Robocall Scam is back, to the tune of $40M

In Other News:
Robocall Scam is back, to the tune of $40M
Ever dropped everything you were doing to take a call, only to receive an automated message in a foreign language? You certainly are not alone.
Most of us likely hung up without thinking twice (and without understanding a word that was said). However, a recent slew of Mandarin-based calls has been targeting Chinese Americans, attempting to trick them into thinking that they are in legal trouble with the Chinese government. On Thursday, the FBI revealed it had received more than 350 complaints from victims of the scam, with aggregated losses reaching over $40 million. Dubbed the “Chinese Embassy Scam,” it has amounted to average losses upwards of $164,000 per victim.
Some of us may be wondering how such a scam could be so effective, but it all comes back to the concept of relevance, originality, and impact. By speaking in a familiar language and using phone spoofing to change caller ID tags, cyber criminals can defraud virtually anyone. To fight fire with fire, companies must invest in advanced cybersecurity solutions that are specifically designed to thwart phishing campaigns (like BullPhish ID!)

By at No comments:

Friday, April 19, 2019

Are you Mong the 24%?


By at No comments:

Thursday, April 18, 2019

Are you in the 40%?


By at No comments:

Windows 7 support is ending January 2020

Windows 7 support is ending. As of January 14, 2020 Microsoft will no longer provide security updates or support for PCs running Windows 7.
By at No comments:

What We’re Listening To:

What We’re Listening To:
By at No comments:
Subscribe to: Comments (Atom)