6 Immediate Steps You Should Take If Your Netflix Account is Hacked
Netflix is one of the most popular and well-known streaming services. It has nearly 231 million subscribers around the world. It has been growing steadily for almost a decade.
The platform has become an essential part of many people’s daily entertainment routines. They fire up their devices, log in, and pick right back up on their favorite shows.
Unfortunately, like any online service, Netflix accounts can be vulnerable to hacking. It’s a baked-in risk when you have a service that is only protected by a username and password.
If you experience an account hack, it can be shocking, confusing, and infuriating. You may not know exactly what to do and may react without thinking first. This is a dangerous space to be in because it can cause you to do things that only make things worse.
In this article, we’ll give you the steps to take when you suspect someone has hacked your Netflix account. Let’s first cover how hackers typically operate when deploying an account takeover.
How Does a Netflix Hack Typically Work?
Phishing overload is a problem that hackers take advantage of in these types of breaches. People receive fake emails all the time that spoof brands like Netflix. One common phishing ploy is an email stating, “There has been suspicious activity on your account.” It will include a link to log in to a spoofed site that looks like the brand’s normal login page. This is a classic trick to steal your login credentials.
Hacked Netflix accounts typically go for $12 each on the dark web.
People get numb to these emails because they get so many of them. They tend to tune them out, knowing that clicking on them could be dangerous. Hackers take advantage of this, hoping you’ll ignore the real ones from Netflix that warn you of a suspicious login (theirs!).
They lay low and don’t take any action yet that will lock you out. They wait for you to receive a few more of these emails, so you’ll completely ignore them. Then they attempt a takeover.
Accounts hacks can go in various ways. Here is one typical scenario of a Netflix hack:
- The account owner gets an email about a suspicious login. Often it will be from a different country.
- They may log into their Netflix account to see if there are any unknown devices logged in. Usually, none will show yet. The hacker logs back out. The goal is to get you to check and see that nothing is wrong, and assume the real notice is phishing.
- This same scenario may happen 2-4 more times in the span of a month.
- Once the hacker feels the user is ignoring the Netflix warnings, they’ll make their move.
- They add their credit card to your account. This is so they can call Netflix and give them a method of verification.
- They may increase your subscription plan to a higher level.
- They also usually replace any user profile names on your account with numbers (1, 2, 3, etc.)
- At this point, the account owner will typically receive an email. It will note a change in account information. This could be the account email, password, phone number, etc.
- The hacker is now trying to lock the account owner out of their account.
What Do You Do If Someone Has Hacked Your Netflix Account?
1. Go to the Netflix site & try to log in.
If you suspect a hacked account, visit the Netflix site directly from your browser. Do not go through a link you received via email, DM, or SMS.
See if you can log in using your password. You may be able to if you caught the hacker before they’ve locked you out. If not, then skip to Step 4 below, calling Netflix support.
2. If you can log in, change your password immediately.
If you can log into your account, change the password right away. Ensure it’s a strong password that is at least 10-12 characters in length. It should also include a combination of letters, numbers, and symbols.
Do not use a variation of the breached password. You should not use any part of your old password to create the new one.
3. If you can log in, remove any strange payment methods
If you can still access your account and settings, go to the payment methods area. Often hackers will add another payment card to your account. They use it to verify the account to Netflix support.
Remove any strange payment method that is not yours. But if you remove your own payment card, you will need another way to verify your account with Netflix. So, at this point, you may want to call before you do that.
4. Call Netflix support. (Don’t skip this step)
Everyone’s experience may be different. Some users that have gone through a hack have praised the fast and helpful support from Netflix.
Contact Netflix support whether you have or have not succeeded in logging in. There may be things the hacker has done that you aren’t aware of. They may have changed subscription information.
Let the support representative know you think you’re the victim of an account hack. They’ll walk you through the process of undoing what the hacker has done.
5. Watch your bank statements.
Continue to watch your bank statements for any unusual charges. You should do this after any account hack.
6. Change the password for other accounts that used the same one as your Netflix account.
People often use the same or the nearly same password for several accounts. Make sure to change the password for any accounts that used the one that was just hacked.
Get Help Securing Your Passwords & Accounts
Don’t wait until a hack happens to you. Give us a call today to schedule a chat about our password security solutions.
This Article has been Republished with Permission from The Technology Press.
What Is App Fatigue & Why Is It a Security Issue?
The number of apps and web tools that employees use on a regular basis continues to increase. Most departments have about 40-60 different digital tools that they use. 71% of employees feel they use so many apps that it makes work more complex.
Many of the apps that we use every day have various alerts. We get a “ping” when someone mentions our name on a Teams channel. We get a notification popup that an update is available. We get an alert of errors or security issues.
App fatigue is a very real thing and it’s becoming a cybersecurity problem. The more people get overwhelmed by notifications, the more likely they are to ignore them.
Just think about the various digital alerts that you get. They come in:
- Software apps on your computer
- Web-based SaaS tools
- Websites where you’ve allowed alerts
- Mobile apps and tools
- Email banners
- Text messages
- Team communication tools
Some employees are getting the same notification on two different devices. This just adds to the problem. This leads to many issues that impact productivity and cybersecurity.
Besides alert bombardment, every time the boss introduces a new app, that means a new password. Employees are already juggling about 191 passwords. They use at least 154 of them sometime during the month.
How Does App Fatigue Put Companies at Risk?
Employees Begin Ignoring Updates
When digital alerts interrupt your work, you can feel like you’re always behind. This leads to ignoring small tasks seen as not time-sensitive. Tasks like clicking to install an app update.
Employees overwhelmed with too many app alerts, tend to ignore them. When updates come up, they may quickly click them away. They feel they can’t spare the time right now and aren’t sure how long it will take.
Ignoring app updates on a device is dangerous. Many of those updates include important security patches for found vulnerabilities. When they’re not installed, the device and its network are at a higher risk. It becomes easier to suffer a successful cyberattack.
Employees Reuse Passwords (and They’re Often Weak)
Another security casualty of app fatigue is password security. The more SaaS accounts someone must create, the more likely they are to reuse passwords. It’s estimated that passwords are typically reused 64% of the time.
Credential breach is a key driver of cloud data breaches. Hackers can easily crack weak passwords. The same password used several times leaves many accounts at risk.
Employees May Turn Off Alerts
Some alerts are okay to turn off. For example, do you really need to know every time someone responds to a group thread? Or just when they @name you? But, turning off important security alerts is not good.
There comes a breaking point when one more push notification can push someone over the edge. They may turn off all the alerts they can across all apps. The problem with this is that in the mix of alerts are important ones. Such as an anti-malware app warning about a newly found virus.
What’s the Answer to App Fatigue?
It’s not realistic to just go backward in time before all these apps were around. But you can put a strategy in place that puts people in charge of their tech, and not the other way around.
Streamline Your Business Applications
From both a productivity and security standpoint, fewer apps are better. The fewer apps you have, the less risk. Also, the fewer passwords to remember and notifications to address.
Look at the tools that you use to see where redundancies may be. Many companies are using two or more apps that can do the same function.
Consider using an umbrella platform like Microsoft 365 or Google Workspace. These platforms include several work tools, but users only need a single login to access them.
Have Your IT Team Set up Notifications
It’s difficult for users to know what types of notifications are the most important. Set up their app notifications for them. This ensures they aren’t bombarded yet are still getting the important ones.
Automate Application Updates
A cybersecurity best practice is to automate device and software updates. This takes the process out of employees’ hands. It enhances productivity by removing unnecessary updates from their view.
Automating device updates through a managed services solution improves security. It also mitigates the chance there will be a vulnerable app putting your network at risk.
Open a Two-Way Communication About Alerts
Employees may never turn off an alert because they’re afraid they might get in trouble. Managers may not even realize constant app alert interruptions are hurting productivity.
Communicate with employees and let them know they can communicate with you. Discuss how to use alerts effectively. As well as the best ways to manage alerts for a better and more productive workday.
Need Help Taming Your Cloud App Environment?
Today, it’s easy for cloud tools to get out of hand. Get some help consolidating and optimizing your cloud app environment. Give us a call today.
This Article has been Republished with Permission from The Technology Press.
These Everyday Objects Can Lead to Identity Theft
You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?
Many everyday objects can lead to identity theft. They often get overlooked because people focus on their computers and cloud accounts. It’s important to have strong passwords and use antivirus on your PC. But you also need to be wary of other ways that hackers and thieves can get to your personal data.
Here are six common things that criminals can use to steal your information.
Old Smart Phones
People replace their smartphones about every two and a half years. That’s a lot of old phones laying around containing personal data.
Just think of all the information our mobile phones hold. We have synced connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all nicely stored on one small device.
As chip technology has advanced, smartphones have been able to hold more “stuff.” This means documents and spreadsheets can now be easily stored on them. Along with reams of photos and videos.
A cybercriminal could easily strike data theft gold by finding an old smartphone. They often end up at charity shops or in the trash. Make sure that you properly clean any old phones by erasing all data. You should also dispose of them properly. You shouldn’t just throw electronics away like normal garbage.
Wireless Printers
Most printers are wireless these days. This means they are part of your home or work network. Printing from another room is convenient. But the fact that your printer connects to the internet can leave your data at risk.
Printers can store sensitive documents, such as tax paperwork or contracts. Most people don’t think about printers when putting data security protections in place. This leaves them open to a hack. When this happens, a hacker can get data from the printer. They could also leverage it to breach other devices on the same network.
Protect printers by ensuring you keep their firmware updated. Always install updates as soon as possible. You should also turn it off when you don’t need it. When it’s off it’s not accessible by a hacker.
USB Sticks
Did you ever run across a USB stick laying around? Perhaps you thought you scored a free removable storage device. Or you are a good Samaritan and want to try to return it to the rightful owner. But first, you need to see what’s on it to find them.
You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait. As soon as you plug it into your device, it can infect it.
Old Hard Drives
When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. Computer hard drives can have other personal data stored in system and program files.
Plus, if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.
It’s best to get help from an IT professional to properly erase your computer drive. This will make it safe for disposal, donation, or reuse.
Trash Can
Identity theft criminals aren’t only online. They can also be trolling the neighborhood on trash day. Be careful what you throw out in your trash.
It’s not unusual for garbage to enable identity theft. It can include pre-approved credit card offers that you considered “junk mail.” Your trash can also hold voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.
A shredder can be your best friend in this case. You should shred any documents that contain personal information. Do this before you throw them out. This extra step could save you from a costly incident.
Children’s IoT Devices
Electronic bears, smart kid watches, Wi-Fi-connected Barbies… all toys that hackers love. Mattel’s Hello Barbie was found to enable the theft of personal information. A hacker could also use its microphone to spy on families.
These futuristic toys are often what kids want. Parents might think they’re cool, but don’t consider their data security. After all, these are children’s toys. But that often means they can be easier to hack. Cybercriminals also zero in on these IoT toys, knowing they aren’t going to be as hard to breach.
You should be wary of any new internet-connected devices you bring into your home. That includes toys! Install all firmware updates. Additionally, do your homework to see if a data breach has involved the toy.
Schedule a Home IT Security Audit & Sleep Better at Night
Don’t let the thought of identity theft keep you up at night. Give us a call today and schedule a home IT security audit. You’ll be glad you did.
This Article has been Republished with Permission from The Technology Press.
Is That Really a Text from Your CEO… or Is It a Scam?
Imagine you’re going about your day when suddenly you receive a text from the CEO. The head of the company is asking for your help. They’re out doing customer visits and someone else dropped the ball in providing gift cards. The CEO needs you to buy six $200 gift cards and text the information right away.
The message sender promises to reimburse you before the end of the day. Oh, and by the way, you won’t be able to reach them by phone for the next two hours because they’ll be in meetings. One last thing, this is a high priority. They need those gift cards urgently.
Would this kind of request make you pause and wonder? Or would you quickly pull out your credit card to do as the message asked?
A surprising number of employees fall for this gift card scam. There are also many variations. Such as your boss being stuck without gas or some other dire situation that only you can help with.
This scam can come by text message or via email. What happens is that the unsuspecting employee buys the gift cards. They then send the numbers back. They find out later that the real company CEO wasn’t the one that contacted them. It was a phishing scammer.
The employee is out the cash.
Without proper training, 32.4% of employees are prone to fall for a phishing scam.
Why Do Employees Fall for Phishing Scams?
Though the circumstances may be odd, many employees fall for this gift card scam. Hackers use social engineering tactics. They manipulate emotions to get the employee to follow through on the request.
Some of these social engineering tactics illicit the following:
- The employee is afraid of not doing as asked by a superior
- The employee jumps at the chance to save the day
- The employee doesn’t want to let their company down
- The employee may feel they can advance in their career by helping
The scam’s message is also crafted in a way to get the employee to act without thinking or checking. It includes a sense of urgency. The CEO needs the gift card details right away. Also, the message notes that the CEO will be out of touch for the next few hours. This decreases the chance the employee will try to contact the real CEO to check the validity of the text.
Illinois Woman Scammed Out of More Than $6,000 from a Fake CEO Email
Variations of this scam are prevalent and can lead to significant financial losses. A company isn’t responsible if an employee falls for a scam and purchases gift cards with their own money.
In one example, a woman from Palos Hills, Illinois lost over $6,000. This was after getting an email request from who she thought was her company’s CEO.
The woman received an email purporting to be from her boss and company CEO. It stated that her boss wanted to send gift cards to some selected staff that had gone above and beyond.
The email ended with “Can you help me purchase some gift cards today?” The boss had a reputation for being great to employees, so the email did not seem out of character.
The woman bought the requested gift cards from Target and Best Buy. Then she got another request asking to send a photo of the cards. Again, the wording in the message was very believable and non-threatening. It simply stated, “Can you take a picture, I’m putting this all on a spreadsheet.”
The woman ended up purchasing over $6,500 in gift cards that the scammer then stole. When she saw her boss a little while later, her boss knew nothing about the gift card request. The woman realized she was the victim of a scam.
Tips for Avoiding Costly Phishing Scams
Always Double Check Unusual Requests
Despite what a message might say about being unreachable, check in person or by phone anyhow. If you receive any unusual requests or one relating to money, verify it. Contact the person through other means to make sure it’s legitimate.
Don’t React Emotionally
Scammers often try to get victims to act before they have time to think. Just a few minutes of sitting back and looking at a message objectively is often all that’s needed to realize it’s a scam. Don’t react emotionally, instead ask if this seems real or is it out of the ordinary.
Get a Second Opinion
Ask a colleague, or better yet, your company’s IT service provider, to take look at the message. Getting a second opinion keeps you from reacting right away. It can save you from making a costly judgment error.
Need Help with Employee Phishing Awareness Training?
Phishing keeps getting more sophisticated all the time. Make sure your employee awareness training is up to date. Give us a call today to schedule a training session to shore up your team’s defenses.
This Article has been Republished with Permission from The Technology Press.
6 Ways to Prevent Misconfiguration (the Main Cause of Cloud Breaches)
Misconfiguration of cloud solutions is often overlooked when companies plan cybersecurity strategies. Cloud apps are typically quick and easy to sign up for. The user often assumes that they don’t need to worry about security because it’s handled.
This is an incorrect assumption because cloud security is a shared model. The provider of the solution handles securing the backend infrastructure. But the user is responsible for configuring security settings in their account properly.
The problem with misconfiguration is huge. It’s the number one cause of cloud data breaches. It’s also an unforced error. Misconfiguration means that a company has made a mistake. It hasn’t adequately secured its cloud application.
Perhaps they gave too many employees administrative privileges. Or, they may have neglected to turn on a security function. One that prevented the downloading of cloud files by an unauthorized user.
Misconfiguration covers a wide range of negligent behavior. It all has to do with cloud security settings and practices. A finding in The State of Cloud Security 2021 report shed light on how common this issue is. 45% of organizations experience between 1 and 50 cloud misconfigurations per day.
Some of the main causes of misconfiguration are:
- Lack of adequate oversight and controls
- A team lacking security awareness
- Too many cloud APIs to manage
- No adequate cloud environment monitoring
- Negligent insider behavior
- Not enough expertise in cloud security
Use the tips below to reduce your risk of a cloud data breach and improve cloud security.
Enable Visibility into Your Cloud Infrastructure
Do you know all the different cloud apps employees are using at your business? If not, you’re not alone. It’s estimated that shadow IT use is approximately 10x the size of known cloud use.
When an employee uses a cloud app without authorization, it’s considered “shadow IT.” This is because the app is in the shadows so to speak, outside the purview of the company’s IT team.
How can you protect something you don’t know about? This is why shadow cloud applications are so dangerous. And why they often result in breaches due to misconfiguration.
Gain visibility into your entire cloud environment, so you know what you need to protect. One way you can do this is through a cloud access security application.
Restrict Privileged Accounts
The more privileged accounts you have, the higher the risk of a misconfiguration. There should be very few users that can change security configurations. You don’t want someone that doesn’t know better to accidentally open a vulnerability. Such as removing a cloud storage sharing restriction. It could leave your entire environment a sitting duck for hackers.
Audit privileged accounts in all cloud tools. Then, reduce the number of administrative accounts to a least needed to operate.
Put in Place Automated Security Policies
Automation helps mitigate human error. Automating as many security policies as possible helps prevent cloud security breaches.
For example, if you use a feature like sensitivity labels in Microsoft 365, you can set a “do not copy” policy. It will follow the file through each supported cloud application. Users don’t need to do anything to enable it once you put the policy in place.
Use a Cloud Security Audit Tool (Like Microsoft Secure Score)
How secure is your cloud environment? How many misconfigurations might there be right now? It’s important to know this information so you can correct issues to reduce risk.
Use an auditing tool, like Microsoft Secure Score. You want a tool that can scan your cloud environment and let you know where problems exist. It should also be able to provide recommended remediation steps.
Set Up Alerts for When Configurations Change
Once you get your cloud security settings right, they won’t necessarily stay that way. Several things can cause a change in a security setting without you realizing it. These include:
- An employee with elevated permissions accidentally changes them
- A change caused by an integrated 3rd party plug-in
- Software updates
- A hacker that has compromised a privileged user credential
Be proactive by setting up alerts. You should have an alert for any significant change in your cloud environment. For example, when the setting to force multi-factor authentication gets turned off.
If an alert is set up, then your team knows right away when a change occurs to an important security setting. This allows them to take immediate steps to research and rectify the situation.
Have a Cloud Specialist Check Your Cloud Settings
Business owners, executives, and office managers aren’t cybersecurity experts. No one should expect them to know how to configure the best security for your organization’s needs.
It’s best to have a cloud security specialist from a trusted IT company check your settings. We can help ensure that they’re set up to keep your data protected without restricting your team.
Improve Cloud Security & Lower Your Chances for a Data Breach
Most work is now done in the cloud, and companies store data in these online environments. Don’t leave your company at risk by neglecting misconfiguration. Give us a call today to set up a cloud security assessment.
This Article has been Republished with Permission from The Technology Press.
The Pros & Cons of Tracking Your Employees’ Every Digital Movement
Since the pandemic, employers around the world have needed to change. They’ve had to shift how their employees operate. Remote work is very much here to stay. Organizations and employees can both benefit from the work-from-home and hybrid work revolution.
Cost savings is a driver for supporting remote work. Employee morale and productivity also can be higher when employers grant this flexibility.
A majority of organizations support some type of remote work. Statistics show that:
- 16% of companies are completely remote
- 40% support hybrid office/remote working
- 44% don’t allow employees to work remotely
While there are benefits, there are also challenges to this new environment. Employers worry about the cybersecurity risks of remote teams. Managers can find it more challenging to make sure employees are doing what they should do.
The remote and hybrid work environment has led to the rise of employee monitoring tools. These tools have mixed reviews from employees.
What Is Employee Monitoring Software?
Employee monitoring software tracks digital movements. This can include everything from general clock-in clock-out tracking to taking screenshots of an employee’s computer several times per hour.
Tracking tools like Hubstaff and BambooHR track many activities on a person’s computer. The information is then sent in a daily or weekly report to the company.
Items that these tools can track are:
- Time clock
- Keyboard activity
- Keystrokes
- Mouse activity
- Websites visited
- Screenshots of the desktop
- Apps used and how long in use
The most invasive of tools can even track the sounds and video of the employee. Tracking can be visible, so the employee knows about it or hidden from the employee. It depends on the tool used and the ethical considerations of the employer.
This type of monitoring can benefit an organization worried about “productivity theft.” But it can also alienate good employees and torpedo morale and trust. We’ll go through the pros and cons to weigh before you set up this type of system.
Pros of Activity Monitoring Tools
Helps Managers Understand How Employees Spend Their Day
One feature of many tracking tools is the ability to track time by project. This helps managers understand where employees are prioritizing their time. Knowing how much time employees spend on a project helps with ROI projections.
Reduces Non-Work Activities During Working Hours
One thing that employers worry about with remote employees is that they will waste time. A manager doesn’t want to pay someone only to find out the employee spent half their time on Facebook.
About half of monitored employees spend 3+ hours per day on non-work activities. When employees know that their boss is monitoring their app usage, they’re less likely to goof off.
Can Be an Easy Way to Track Time for Remote Workers
Smaller companies that work with fully remote teams may find tracking tools convenient. Employees or freelancers can track their time at the click of a button. Employers can put an hour-per-week cap on time. They can also manage payments automatically through the app.
Cons of Activity Monitoring Tools
Hurts Employees’ Morale & Productivity
Many employees feel they are put in a cage when monitoring is introduced. Morale can plummet, which takes productivity along with it.
Instead of focusing on work completely, various thoughts go through employees’ minds. Such as, “If I think about this problem too long, is the tracking going to give me a low productivity score?” Or “What happens when I’m on the phone with a customer and not moving my mouse around? Will the tracking make it look like I’m not working?”
Some of the feelings that employees can have when monitored are:
- Betrayed
- No longer trusted
- Loss of company loyalty
- Hurt
- Treated like a number instead of a person
“Activity Monitoring” Doesn’t Mean Productivity
Many of these tracking tools send employees and employers “activity reports.” These reports simply look at keyboard and mouse activity during a specific time.
But what if the employee must solve a workflow issue and needs to use their brain, not the mouse? What if a salesperson is on the phone with a customer, not using their keyboard? Zoom calls bring a similar quandary. If you’re in a Zoom call, your mouse and keyboard aren’t being actively used as they would if you are typing.
Yet, the activity report doesn’t include this information. It will simply give a score of x% based on keyboard and mouse activity. This could make an employer think a worker was goofing off when they were actually working hard.
Costs Organizations Good Employees
Nearly half (47%) of surveyed tech employees stated they would quit if their boss tracked them. Employers implementing monitoring can alienate good employees and make them feel untrusted. They can also feel unappreciated.
When you relegate everyone to a number of keyboard strokes, you constrain creativity. Good employees often stay with companies where they feel appreciated and can grow. Once that’s gone, they’re likely to leave.
Finding a Balance
A few things to think about when finding the right balance between tracking too much or too little are:
- What do you really need to track?
- Should you treat all employees the same?
- What do your employees think about monitoring?
- Are you trying to solve a problem that doesn’t exist?
- What features are unnecessary that you can turn off?
- Is the tool giving you accurate data related to productivity?
Get Expert Advice on the Best Tools for Your Business
Cloud tools are an important part of your business. You should deploy them thoughtfully. Give us a call today to schedule a chat and get valuable advice.
This Article has been Republished with Permission from The Technology Press.
Smart Tips to Stop Money From Being Stolen Through Online Banking
There are a lot of things that have changed since the invention of the internet. One of these is how we bank and access our accounts. You used to have to go into a local bank branch to make deposits and withdrawals. Now, you can take a picture of a check and deposit it from your phone.
Approximately 73% of people around the world use some form of online banking at least once a month. People have never had such convenient account access. But that convenience can come at a cost.
In 2021, account takeover fraud increased by 90%. New account fraud jumped a whopping 109%. As the ease of online banking has increased, so has banking-related cybercrime.
If someone breaches your Facebook account, it can be a real pain. But, if a hacker breaches your bank account, it can be devastating. It can mean significant losses. Losses that you may not be able to recoup from your financial institution.
In this article, we’ll take a look at the mistakes people make that leave their accounts at risk. Then, we’ll go over some important tips on how to keep your bank account better protected.
Mistakes That Allow Criminals to Access Your Account
Not Enabling Two-factor Authentication
Two-factor authentication (2FA) is a simple process that packs a big punch. When you enable this setting in an online account, it requires an extra step to gain access. That step usually consists of receiving a one-time passcode (OTP) by SMS and entering that at login.
Many people make the mistake of leaving this disabled. They either don’t know it’s there or they think it’s too inconvenient. But leaving this setting off makes it much easier for a bad actor to breach your account.
Falling for a Phishing Scam
There are several types of phishing scams that target online banking. Cyber criminals send emails that look like they come from your bank. They’ll even promise incredibly low rates on credit cards.
Other scams can involve warning you of unauthorized account activity. But when you click the link to log in, you’re actually on a fake page. One designed to look just like your normal bank website.
These are just a few ways that scammers can get your online banking login details. Once they have them, they’ll act immediately to get whatever they can.
Using Easy-to-Guess Passwords
If your account password is easy to remember, it’s also often easy to guess. Using weak passwords is a common mistake that enables many cyber criminals.
Some best practices for passwords include:
- Make them at least 10 characters long
- Include at least one number
- Include at least one symbol
- Include at least one upper-case letter
- Don’t make them personal (e.g., don’t use your birthdate, etc.)
Downloading Unsafe Mobile Apps
Banking trojans are often hidden in malicious mobile apps. These apps can look like something as innocent as a task manager. But, once installed, banking trojans seek out any details they can find. They are looking for banking and wallet apps.
Logging Into Online Banking While on Public Wi-Fi
One surefire way to give away your online banking password is to log in while on public Wi-Fi. Hackers hang out on public hot spots and spy on the activity of others. You should never type in a password or other sensitive details when connected to public Wi-Fi.
Tips for Improving Online Banking Security
Turn On Two-Factor Authentication
Enable two-factor authentication in your online banking account. This is also known as multi-factor authentication or two-step verification. According to Microsoft, it can block 99.9% of fraudulent account login attempts.
Set Up Banking Alerts
Time is of the essence when an intruder breaches your account. The faster you can notify your bank of the breach, the better. You could reduce the impact on you by having your account locked down immediately.
Set up banking alerts through your online banking. These can include things like low-balance alerts and login alerts.
Install an Antivirus & DNS Filtering On Your PC & Mobile Device
It’s important to have reliable antivirus software on your PC and mobile device. Many people don’t think about protecting their phones in this way. Yet, they shop online and bank via mobile devices.
It’s also good to use a DNS filter. This is a filter that protects you from going to dangerous phishing sites by blocking them.
Take Phishing Training Classes
Do you know how to identify phishing? Are you up on all the newest scams? You can make yourself less vulnerable by taking some phishing awareness classes. There are many of these for free online. You can also contact us for more personalized training options.
Knowing how to spot phishing via text, email, and phone can help you avoid becoming a scam victim.
Get Help Protecting Your Family from Scams
There are some key digital solutions we can put in place to keep your family safer from online threats. Give us a call today to schedule a chat about online security.
This Article has been Republished with Permission from The Technology Press.
Cool Windows 11 Features That May Make You Love This OS
Microsoft released the Windows 11 operating system (OS) over a year ago. It was largely well-received as stable and user-friendly. The OS is not a large departure from the Windows 10 experience. But it does offer a lot of enhancements over the older environment.
Yet with several improvements and a free upgrade for Windows 10 users, it still lags in adoption. As of November 2022, Windows 10 still owns the lion’s share of Windows PCs. It has a 69.75 percent usage share as compared to 16.13 percent for Windows 11.
People are slowly upgrading to the newer OS. But it’s natural for some to take a wait-and-see stance. They want to make sure it’s worth the time to upgrade. Additionally, no one wants to have to relearn their computer desktop.
The good news is that Windows 11 has a similar workspace feel to its predecessor. But it packs a lot of great productivity and security benefits that Windows 10 lacks.
Here are some of the coolest features in this current Windows OS. After taking a look, you may choose to go ahead and take the plunge into the Windows 11 universe.
Snap Layouts
Most people are working with more than one app open at a time. It’s not unusual to need to reference two different windows while doing side-by-side work. Switching back and forth between apps can be tedious. It’s also time-consuming.
Approximately 68% of app users say that switching between apps costs them at least 30 minutes per day. Trying to size two windows next to each other can also be frustrating. You lose the scroll bar or can’t get to the menu items unless you resize.
Enter snap layouts. This nifty feature in Windows 11 solves the multi-app problem. Simply hover over the maximize icon at the top of any window to get access to a snap layout.
Choose the area you want for the active app, and it will snap into place and allow you to choose apps for the other slots.
Master Search
Need to find a document, website, image, or app quickly? Use the Windows 11 master search. Just click the search icon on your desktop. You’ll get a search bar that will populate results from the entered keyword.
As an added touch, Microsoft populates fun topics into the search bar daily. Learn more about James Webb Space Telescope, Coffee Day, or other fun subjects.
Once you enter your keyword, you can further refine your search. Refine it according to the type of search result you want. (apps, documents, web, etc.).
Clipchamp Video Editor
In the latest Windows 11 update, Microsoft gifted users with a free video editor. The new Clipchamp app makes it easy to edit videos. You don’t need to download any extra software.
Clipchamp has a lot of the features you’d expect to have to pay for. These include templates, effects, video resizing, green screen, and more.
MS Teams Video, Audio & Text Messaging
Video calls have become the norm since the pandemic. But not all video software is easy to use. Most of us have had to wait on someone late to a call because they were struggling with the app.
Windows 11 comes with Microsoft Teams preinstalled. This gives you a simple click-to-call experience. You can easily invite someone to a video or audio call. The person does not need to have a Microsoft account to connect with you. This makes things easy on both sides.
Another great feature of the Teams app in this OS is the fact that you can use it for SMS messaging. Instead of having to drag out your phone, just text someone from your desktop.
Accessibility Features
Windows 11 has some great accessibility features. They’re designed to help ensure everyone can use their computer as they want. Those with disabilities can enjoy these features. As well as those that like the extra flexibility they offer.
Four of the newest accessibility features in the OS include:
- System-wide live captions
- Focus sessions
- Voice access
- More natural voices for Narrator, Windows’ built-in screen reader
Collections in Microsoft Edge
Microsoft Edge is the default browser for Windows. It’s worth checking out if you haven’t yet. Especially because of a feature called “collections.”
If your bookmarked favorites are becoming a mess, you’ll love this Edge capability. If you click the “plus” icon at the top of an Edge browser window, you’ll get the collections panel. Add a collection subject and click to add webpages.
You can see a preview of what you’ve added, and everything is nicely organized. Collections are easy to access and easy to delete when you’re finished with them.
Microsoft Defender SmartScreen
Phishing remains the biggest online security threat. It’s used to enable many forms of cyberattacks, from ransomware to credential theft. A significant number of phishing messages send users to malicious websites. You often don’t know until it’s too late that you’ve landed on a malware-laden site.
Windows 11 includes Microsoft Defender SmartScreen. This app helps protect you from those dangerous phishing sites. The app checks URLs in real-time against a dynamic list of reported phishing sites. It will warn you if a site is potentially dangerous.
Want an Expert to Help with Your Windows 11 Upgrade?
It can be intimidating to upgrade your system’s operating system. Why not get a pro to help? Give us a call today to schedule a chat about a Windows upgrade.
This Article has been Republished with Permission from The Technology Press.
4 Proven Ways to Mitigate the Costs of a Data Breach
No business wants to suffer a data breach. But unfortunately, in today’s environment, it’s difficult to completely avoid them. Approximately 83% of organizations have experienced more than one data breach. (IBM Security 2022 Cost of a Data Breach Report)
These breaches hurt businesses in many ways. First, there is the immediate cost of remediating the breach. Then, there are the lost productivity costs. You can add lost business on top of that, and lost customer trust. A business could also have extensive legal costs associated with a breach.
According to IBM Security’s report, the cost of a data breach climbed again in 2022. The global cost of one breach is now $4.35 million, up 2.6% from last year. If your business is in the U.S., the cost rises to $9.44 million. In Canada, the average data breach costs companies $5.64 million.
Costs for smaller companies tend to be a little lower. But breaches are often more devastating to SMBs. They don’t have the same resources that larger companies do to offset all those costs.
It’s estimated that 60% of small companies go out of business within six months of a cybersecurity breach.
Companies don’t need to resign themselves to the impending doom of a data breach. There are some proven tactics they can take to mitigate the costs. These cybersecurity practices can limit the damage of a cyberattack.
All these findings come from the IBM Security report. They include hard facts on the benefits of bolstering your cybersecurity strategy.
Cybersecurity Tactics to Reduce the Impact of a Breach
Use a Hybrid Cloud Approach
Most organizations use the cloud for data storage and business processes. Researchers found that 45% of all data breaches happen in the cloud. But all cloud strategies are not created equally.
Breaches in the public cloud cost significantly more than those in a hybrid cloud. What is a hybrid cloud? It means that some data and processes are in a public cloud, and some are in a private cloud environment.
What some may find surprising is that using a hybrid cloud approach was also better than a private cloud.
Put in Place an Incident Response Plan & Practice It
You don’t need to be a large enterprise to create an incident response (IR) plan. The IR plan is simply a set of instructions. It’s for employees to follow should any number of cybersecurity incidents occur.
Here is an example. In the case of ransomware, the first step should be disconnecting the infected device. IR plans improve the speed and effectiveness of a response in the face of a security crisis.
Having a practiced incident response plan reduces the cost of a data breach. It lowers it by an average of $2.66 million per incident.
Adopt a Zero Trust Security Approach
Zero trust is a collection of security protocols that work together to fortify a network. An example of a few of these are:
- Multi-factor authentication
- Application safelisting
- Contextual user authentication
Approximately 79% of critical infrastructure organizations haven’t adopted zero trust. Doing so can significantly reduce data breach costs. Organizations that don’t deploy zero trust tactics pay about $1 million more per data breach.
Use Tools with Security AI & Automation
Using the right security tools can make a big difference in the cost incurred during a data breach. Using tools that deploy security AI and automation brought the biggest cost savings.
Data breach expense lowered by 65.2% thanks to security AI and automation solutions. These types of solutions include tools like advanced threat protection (ATP). They can also include applications that hunt out threats and automate the response.
How to Get Started Improving Your Cyber Resilience
Many of these ways to lower data breach costs are simply best practices. You can get started by taking them one at a time and rolling out upgrades to your cybersecurity strategy.
Working with a trusted IT provider, put together a roadmap. Address the “low-hanging fruit” first. Then, move on to longer-term projects.
As an example, “low-hanging fruit” would be putting multi-factor authentication in place. It’s low-cost and easy to put in place. It also significantly reduces the risk of a cloud breach.
A longer-term project might be creating an incident response plan. Then, you would set up a schedule to have your team drill on the plan regularly. During those drills, you could work out any kinks.
Need Help Improving Your Security & Reducing Risk?
Working with a trusted IT partner takes a lot of the security burden off your shoulders. Give us a call today to schedule a chat about a cybersecurity roadmap.
This Article has been Republished with Permission from The Technology Press.
Mobile Malware Has Increased 500% – What Should You Do?
Cybersecurity researchers uncovered an alarming mobile statistic. During the first few months of 2022, mobile malware attacks surged by 500%. This is alarming both in scale and because many people aren’t yet protecting smartphones.
For years, mobile phones have become more powerful. They now do many of the same functions as a computer – just with a much smaller screen. Yet, people tend to secure their computers better than they do their smartphones.
This is a behavior that needs to change. Over 60% of digital fraud now occurs through mobile devices. That makes them highly risky if proper safeguards aren’t followed.
Many of these are the same types of protections you have on your computer. It’s time to start thinking about your smartphone as a mini-computer and keeping it just as secure.
Tips to Improve the Security of Your Smartphone
Use Mobile Anti-malware
Yes, your mobile phone needs antivirus/anti-malware too! Malware can and does infect smartphones and tablets. You need to ensure you have a reliable mobile anti-malware app installed.
And beware of those freebies. Freebies are great when you’re talking about food, but not security apps. Malware is often hidden inside free apps. These apps are ironically supposed to make you more secure.
Don’t Download Apps from Unknown Sources
Only download mobile apps from trusted sources. Do not download outside a main app store. Trusted app stores include places like:
- Apple App Store
- Google Play
- The Microsoft Store
- Amazon Appstore
You also should research the app developer online. Make sure they have a good reputation. Once you download a dangerous app to your phone, it can infect it with malware. That malware can remain behind even if you delete the app later.
Don’t Assume Email is Safe
Many people prefer checking email on their phone rather than PC because it’s so handy. But they have a false sense of security about the safety of emails when viewed on a mobile device.
You can’t assume an email is safe just because you’re not on your computer. Be just as wary about unexpected emails and scam emails masquerading as legitimate.
It’s difficult to hover over a link without clicking when on a smartphone. If you see something questionable and want to check the link, open the email on your PC where you can do that.
Beware of SMS Phishing (aka “Smishing”)
In March of 2022, text spam outpaced robocalls. Unwanted text messages rose by 30%, ten percent higher than robocalls. Many of those spam texts are smishing.
Smishing is the text version of phishing. These texts usually contain malicious links. A hacker can potentially breach your device if you click them. The message may also ask you to text back personal information.
Be on the lookout for text messages that don’t quite make sense. For example, getting a shipping notification when you haven’t ordered anything. Also, beware of texts from unknown sources.
Phishing via text message is a growing concern. It’s also one that most people aren’t aware of yet, so they often get caught in its trap.
Remove Old Apps You No Longer User
Approximately 2.6 million apps haven’t had an update in a year or more. Apps are often abandoned by the developer. This can leave security vulnerabilities on your device. Hackers seek out these types of vulnerabilities to exploit. If they aren’t addressed, then they remain a danger.
Go through your device and remove old applications that you are no longer using. There is no reason to keep them around, potentially leaving your device at risk.
Additionally, look at the time of the last update. If it’s over a year, then you may want to consider replacing that app with something more current. App updates often include security-related items. It’s not good when a year or more goes by without the developer making any type of update to the app.
Keep Your Device Updated
Speaking of updates, you also need to keep your device’s operating system updated. Are you using the current version of Android or iOS? Not installing updates can mean your phone has vulnerabilities. These vulnerabilities allow hackers to breach your data.
Automate updates as possible. If you have a company with several devices, then it’s a good idea to include your phones on a managed IT services plan.
Use a VPN When on Public Wi-Fi
Public Wi-Fi is dangerous. Most people understand that, but many connect to it out of necessity anyhow. You may worry about going over your data plan allotment. Or your mobile carrier reception may be slow. Both cases are reasons people opt to connect to unsecured public hot spots.
You can connect to public Wi-fi with less risk if you use a VPN application. VPNs stand between your device and the internet. They route your data through a secure server. This keeps it away from prying eyes that may be lurking on that public Wi-Fi.
Mobile Security Solutions to Prevent a Data Breach
Don’t wait until your phone is infected with malware to secure it properly. We can help you with automated solutions that protect your device, accounts, and data. Contact us to schedule a consultation.
This Article has been Republished with Permission from The Technology Press.