Dark Web, How Does it Impact Small Businesses?

November 9, 2018/in Blog, Cybersecurity, Data Protection, Information Security, IT Security, Network Security /by Export

Dark Web is a term that has surfaced in recent years in connection to cybercrime and cyber security. Identity theft is an unfortunate occurrence that is all too familiar with most business owners, but do those individuals know where the compromised data will end up? Often, these business owners are unaware of the virtual marketplace where stolen data is purchased and sold by cybercriminals; a place known as the Dark Web. An article on Lexology explores what the Dark Web is, what information is available for purchase there and how it impacts small businesses.

What is the Dark Web?

The Dark Web, which is not accessible through traditional search engines is often associated with a place used for illegal criminal activity. While cybercriminals tend to use the Dark Web as a place to buy and sell stolen information, there are also sites within it that do not engage in criminal activity. For many, the most appealing aspect of the Dark Web is its anonymity.

What is for sale on the Dark Web?

Information sold on the Dark Web varies, and includes items such as stolen credit cards, stolen account information from financial institutions, forged real-estate documents, stolen credentials and compromised medical records. Even more alarming, the Dark Web contains subcategories allowing a criminal to search for a specific brand of credit card as well a specific location associated with that card. Not only can these criminals find individual stolen items on the Dark Web, but in some cases, entire “wallets” of compromised information are available for purchase, containing items such as a driver’s license, social security number, birth certificate and credit card information.

What is stolen personal information used for?

When stolen information is obtained by criminals, it can be used for countless activities like securing credit, mortgages, loans and tax refunds. It is also possible that a criminal could create a “synthetic identity” using stolen information and combining it with fictitious information, thus creating a new, difficult to discover identity.

Why are stolen credentials so valuable?

Stolen user names and passwords are becoming increasing popular among cybercriminals, but why? Identity thieves will often hire “account checkers” who take stolen credentials and attempt to break into various accounts across the web using those user names and passwords. The idea here is that many individuals have poor password practices and are using the same user name and password across various accounts, including business account such as banking and eCommerce. If the “account checker” is successful, the identity thief suddenly has access to multiple accounts, in some cases allowing them the opportunity to open additional accounts across financial and business-horizons.

Why should small businesses be concerned about the Dark Web?

Since the Dark Web is a marketplace for stolen data, most personal information stolen from small businesses will end up there, creating major cause for concern. With the media so often publicizing large- scale corporate data breaches, small businesses often think they are not a target for cybercriminals, however that is not the case. Cybercriminals are far less concerned about the size of a business than they are with how vulnerable their target is. Small businesses often lack resources to effectively mitigate the risks of a cyberattack, making them a prime target for identity theft as well as other cybercrime.

At a recent Federal Trade Commission (FTC) conference, privacy specialists noted that information available for purchase on the Dark Web was up to twenty times more likely to come from a company who suffered a data breach that was not reported to the media. The FTC also announced at the conference that the majority of breaches investigated by the U.S. Secret Service involved small businesses rather than large corporations.

How can you reduce the risk for your small business?

To reduce the risks of a cybercriminal gaining access to your company’s information/network, you must ensure you have proper security measures in place. The FTC has a webpage that can assist with security options for businesses of any size. In addition, it is crucial that your employees are properly trained on security, including appropriate password practices. There is also talk of a government-led cyberthreat sharing program which would help enhance security across all industries by sharing cyberthreat data.

Staying Ahead of Cyber Attacks

August 4, 2016/in Data Protection, Information Security /by Export

Technology is a giant juggernaut ameba growing and evolving at an exponential and unstoppable rate. Trying to keep up with just everyday tech can be overwhelming. What iPhone number are we on now? And what exactly is a ChromeBook, anyway? Keeping up with the Joneses is one thing; staying up to date with and ahead of cyber attacks is a monster all its own. It seems like every week another company makes national headlines for falling victim to a cyber attack. Yours doesn’t have to be one of them.

Stay Proactive

Cybercriminals are always learning, adapting, and evolving new ways of cracking cybersecurity. Staying proactive with your approach to cybersecurity is the first step towards getting ahead of potential cyber attacks. Fortunately, Cognoscape can help you take an active approach to security. We can help you create a Technology Roadmap to plan for the future and stay ahead of whatever those pesky hackers think of next. We can help train you and your employees on how you can strengthen your daily workflow and what precautions you can be taking with each email and keystroke.

Use the Buddy System

If the Joker stepped into your server room and started tinkering around, you wouldn’t go in there alone. You would light up the bat-signal to call Batman. Don’t face cyber attacks alone. Buddy up with a Cognoscape consultant. Our consultants have years of experience staying up to date and ahead of the technology driving cyber attacks. You will be able to focus on the core of your business, while we race ahead of the latest cybercriminal technology to protect your company’s most precious digital assets. Your consultant will be there by your side to help create a custom strategy on how to best fend off and recover from whatever comes your way.

Don’t risk your company’s future by tackling your network security alone. Contact us today to start putting together your Technology Roadmap.

Hacker is infiltrating a business’s network system from a remote location

Brief History of Information Technology Security

April 7, 2016/in Data Backup, Data Protection, Information Security, IT Security /by Cognoscape

People are fiercely driven by ‘what is going to happen’ rather than ‘what has happened’. Due to the growing concern of intellectual property vulnerability, people have begun to investigate further into the past. By understanding the history of technology security you might be able to safeguard against potential threats. Information technology security protects sensitive assets and property through the use of technology processes and training. High concerns that stem directly from information security are protection of confidentiality, integrity, and availability.

“The more you know about the past, the better prepared you are for the future.” -Theodore Roosevelt

The Early Years

Despite the efforts of the “CIA Triad” (or more commonly known as the Parkerian Hexad) on confidentiality/control, information integrity, authenticity, availability, and utility, they were not able to guard against all threats. Early mainframes used by the military were connected to phone lines called ARPANET (precedent to today’s internet), which allowed integration of information between government data centers. A special ARPA squadron began to determine additional steps for better security by studying the unsecure points between the data centers and the public. Their studies jump started the first few precautions focused on mainframe operating systems. MIT, Bell Labs, and General Electric were the first pioneers to build multiple security levels and passwords into their mainframes.

The Boom of Hacking

Computer system hacking began in 1970’s with the boom of emerging telecommunication technology. Ready to ‘stick it to the man’, a group of hackers found a way to infiltrate the telephone and computer networks in order to make free long distance calls. Also known as “phreakers”, these groups were pioneers for organized crime against unsecured networks. After Ian Murphy’s crime of stealing information from military computers in 1986, the Computer Fraud and Abuse Act was created. The Emergency Response Team was created to alert computer users of network security issues after Robert Morris unleashed the Morris Worm to thousands of defenseless computers.

The Growing Concern

Although public use of the Internet is barely 20 years old, malicious Internet activity has turned into a major criminal enterprise for over a decade. Businesses are now under attack by big threats that can leave them defenseless and exposed. Growing concern for the safety of personal/business information comes from the accelerated worldwide use of electronic data and the heavy amount of business conducted over the internet. With this expedited advancement and expansion, more and more people are putting their personal information online, making them vulnerable for an attack. In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.”

We recognize that monitoring technology activities are important to continue to protect the safety and security of your business. If you have any questions or concerns about your technology contact Cognoscape today.

Brief-History-of-Information-Technology-Security

IT Security and its Evolution

March 3, 2016/1 Comment/in Information Security, Technology /by Cognoscape

Technology has advanced thanks to the hard work and innovation of many people over several decades throughout history. Although information technology – the application of any computers and software to process, store, retrieve, and transmit electronic data – is a major part of our lives today, there was a simpler time before the revolutionary spark of digitization. Few predicted how significant information technology and IT security would become in our lives and the way we conduct business. Here is an overview of the development of IT security throughout history.

1970s

The 1970s marked a time in information technology history that saw an emergence in the exploration of microcomputers. At this time, Steve Jobs and Steve Wozniak – pioneers of the personal computer revolution – met and eventually collaborated on what would become Apple computers. The first modern day hackers also appeared during this time and invented a way to circumvent phone systems to make free calls – a practice that later become known as “phreaking.” It was this decade that witnessed the convergence of technology and commerce. Computers, video games, cars, and space exploration are only a few of the many technologies which developed and improved tremendously within these ten years.

1980s

There are a surprising number of tech gadgets from the 80s that define life as we know it today. The first IBM personal computer, called “Acorn,” was introduced using Microsoft’s MS-DOS operating system. Sears & Roebuck and Computerland sold the machines, and this was when the term PC was popularized.

Apple invented “Lisa,” the first personal computer to offer a GUI (graphical user interface), with features like a drop-down menu and icons in a machine aimed at individual business users. In 1985, Microsoft announced Windows in response to Apple’s GUI. This decade subsequently brought about the era of malware, with the first computer virus for MS-DOS called “Brian.”

1990s

Mosaic, known as the original web browser accredited to popularizing the World Wide Web, was released. By allowing users with little to no technical expertise to browse the online realm, this fueled a period of massive growth of the Internet as well as the community of online users. The 1990s also brought upon the dawn of the modern IT security industry. AOL suffered through the first real phishing attacks as hackers began stealing users’ credentials. Tim Berners-Lee, a researcher at a high-energy physics lab in Geneva, invented HyperText Markup Language (HTML) – giving rise to the World Wide Web.

In 1997, Microsoft invested $150 million in Apple – which was struggling at the time – ending Apple’s court case against Microsoft in which it alleged that Microsoft copied the “look and feel” of its operating system.

The 2000s and Beyond

The 21st Century saw a swarm of new computer viruses, such as ILOVEYOU, spread fervently across the Internet, taking advantage of security holes in software made by Microsoft and other major tech companies. Adware and spyware entered the scene with programs such as Conducent and CometCursor. In 2003, the amount of data created surpassed the amount of all information created in the rest of human history combined. The Internet became so central to commerce that opportunities for hackers grew exponentially.

In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.” In 2015, Apple released the Apple Watch while Microsoft released Windows 10.

4 Signs that You’re Out of PCI Compliance

February 4, 2016/in Data Protection, Encryption, Information Security, PCI Compliance /by Cognoscape

Compliance with the standards set by the Payment Card Industry (PCI) Security Standards Council can be cumbersome and flat out difficult. And the punishment for non-compliance can be stiff penalties and fines – or even worse, non-compliance could allow a hacker or data thief to get into your company’s systems and steal critical data from you or your customers. To avoid these unsavory outcomes, it is best to make sure that your business gets PCI compliant and maintain that compliance status. It is critical that you know if your company is PCI compliant so that you can keep your business protected from fines and hackers alike. Here are some of the ways that you can know if your business is not compliant. If any of these signs describe your business, then it is time to make a change and get back into compliance.

You Store Cardholder Data

Storing cardholder data means that you have highly sensitive information that can be stolen on your systems. To maintain PCI compliance, you should not save or store any cardholder data, whether in digital or written form. To avoid storing cardholder data, you can use a card reader, POS terminal, or a payment processor that doesn’t retain that information. That way, you don’t have to think about protecting or encrypting that data on your systems.

You Don’t Have A Separate Network For Payment Processing

PCI compliance can put extra pressure and security measures on your network. That’s why it is a good idea to have a separate system for your regular business connection just for payment processing. This is especially relevant if you are using IP-based credit card terminals.

You Don’t Automatically Log Customers Out

When your customers log in and make a purchase, they might be doing so on a public computer or at a public kiosk. When they leave that computer, they might forget to log out, allowing another person to stumble upon their open session and make unauthorized purchases. Make sure that you avoid these kinds of scenarios by automatically logging your users out of their sessions after a set period. If for example, users are automatically logged out after five minutes being idle, you have a significantly higher chance of stopping unauthorized purchases.

Your Employees Don’t Have Unique Login Information

To be PCI compliant, all of your employees need to have their unique login information for sensitive systems. That way, if there an issue, you know which employee was responsible.

Three Most Important Facts About Regulatory Compliance

January 7, 2016/in Information Security /by Cognoscape

When it comes to regulatory compliance, even the most enthusiastic managers can quickly get bored. It’s not hard to see why—regulatory compliance can be a long and frustrating process if you are trying to stay compliant without any professional help. Because regulatory compliance is so complex, it can be difficult to understand some of the legal concepts behind the process. That’s why we’ve broken down the three most important facts, so that you can easily know what’s vital to your business without having to pore over dozens of policy documents or looking through legalese.

You Need Physical and Digital Security Policies

Sure, digital security policies get all of the press. And they are absolutely critical to your company’s regulatory compliance, as well as your long term success. But you need physical security policies too. You need to specific which employees are allowed physical access to particular facilities. This includes guests and vendors too—you have to be able to know who is able to access server rooms and other rooms that house critical IT infrastructure. These policies breed accountability. In order to uphold these physical security policies, you can use key codes, badges, or other ways to regulate access.

Compliance Issues Must Be Relayed To Employees

Because regulatory compliance issues are so complex, it can be difficult to make them seem relevant and purposeful to employees. But if your regulatory compliance efforts are to succeed, you must let your employees know the importance of compliance and train them to make sure that they are up to date. The best way to do this isn’t to throw complex legalese at them, but to use simpler terms. Compliance isn’t always black and white, there are always grey areas, and your employees need to know what is expected of them when they encounter a grey area.

There Are Hidden Benefits To Compliance

Often, it is assumed that there are no benefits to regulatory compliance other than avoiding fines and penalties. That isn’t true. There are hidden benefits to compliance that your business can take advantage of. Compliant businesses are more up to date on industry trends, and generally have more streamlined employee processes, where employees know what the appropriate decisions are. Compliance can improve standardization across your business, which can ultimately result in greater efficiency as well. Businesses that are compliant tend to have greater transparency, with workers at all levels—from the top down—more aware of what is expected of them.

Take Advantage of A Network Security Specialist for Your Business

October 9, 2015/in Featured, Information Security /by Cognoscape

The more our society becomes dependent on technology, the more we see an increase in data breaches, cyber crimes, and leaking of sensitive information. This is why the government and businesses of all sizes are focusing more of their efforts on network security. When it comes to keeping your information safe, you can’t go at it alone. Network security specialists are in high demand for assisting companies with their online safety needs. Below we discuss the importance of working with a network security specialist to keep your business secure and information safe.

Role of a Network Security Specialist

Your network security specialist is in charge of safeguarding your computer system and protecting it from threats. Threats may be external or internal in nature, but some of the biggest threats to network security generally come from outside sources. The network security specialist will install firewalls and programs that issue alerts when there is an attempt to infiltrate the system. Network security specialists are constantly updating their level of knowledge to keep up with the growing technology industry.

Advantages of Hiring a Network Security Specialist

Having a network security specialist in your arsenal of weapons to combat hackers has many advantages, including:

Protection of Company Data

Part of the job of a network security specialist is to constantly monitor the flow of information within the network, prevent unauthorized users from accessing sensitive data, and check on bandwidth usage. This data may be pertaining to customers when dealing with companies like banks or other large corporations. Information such as phone numbers, account numbers, credit card numbers, addresses, and emails can become exposed. Government agencies will have information that pertains to internal communications and secret operations, posing as threats to national security. A network security specialist is vital to the safety of these organizations’ information.

Setting IT Infrastructure Usage Rules

A network security specialist is one who is in charge of designing and implementing security protocols within a computer network. This involves having control over the data that users have access to and setting up password authentications and firewalls. The specialist is able to block access to particular websites as well as prevent the installation and usage of certain applications that may pose a threat to the network infrastructure. With a network security specialist on board, they will be able to catch employees violating company computer policies and notify their manager.

Custom Security for Your Network

Your network security specialist will sit down with you and create a plan that is specific to your business’s needs. There is no “one-size-fits-all” model for any company and should never be offered to clients. Your custom network security plan will help your business grow much quicker by eliminating potential technology roadblocks that pop up. If you do not have a network security specialist working with your organization, you run the risk of losing customers to security breaches.

We want to be your network security specialist! Contact us today and we will discuss the best path for your company to follow when it comes to data and network security.

Benefits of Network Security

May 14, 2015/in Data Protection, Information Security /by Cognoscape

You’ve spent countless hours, days, months, maybe even years building your business…what if everything you had worked for was ruined because of a security breach? All it takes is one bad security breach and you’re out of business. This is why your company needs CognoSecurity. Let’s look at the benefits of network security.

Reduced Stress

With CognoSecurity you will never lose sleep over stressing about your business’ security. We will handle everything so that you don’t have to. Now you have more time to focus on making your business even more successful, because you know it’s safe with CognoSecurity.

Decreased Risk

Think about all of the risks you’re taking without having your business protected by network security. Are you willing to risk your business’ reputation? What about your data? Or even your entire company? If not, you need network security to make sure none of these things are put at risk.

Disaster Recovery

Unexpected things happen – that’s just life. But wouldn’t it be nice to be prepared for the unexpected? Well, with CognoSecurity you can be. When disaster strikes, CognoSecurity will help your business recover quickly, whether you’ve suffered a security breach, natural disaster, or anything else that might happen.

Increased Productivity

When you aren’t stressing over network security issues and security breaches, you and your employees can focus on the business’ success. You’ll become more productive and you’ll also save your hardware and software from any potential harm caused by security breaches.

Ready to protect your business from harm? Let’s talk today about your business’ security needs.

Don’t get caught by this holiday email scam!

December 4, 2014/1 Comment/in Data Protection, Events, Information Security, Virus and Malware /by Cognoscape

The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources.

The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers, then turns the infected machine into a botnet relay allowing spam messages to be passed through it.

Malcovery reports that in December 2013, spammers used ASProx to deliver fear in the form of a Failed Delivery email from CostCo, BestBuy, or WalMart. Malcovery analysts identified more than 600 hijacked websites that were used as relays to prevent detection by causing the spammed links to point to websites that had been “white listed” until the very day of the attack. People responded because the email told them their Christmas gift shipment had been delayed and the only way to get a refund was by clicking the (infected) link.

This year the scammers are getting even craftier and their tactics have changed. Fake order confirmation emails appeared after cyber Monday with titles like “Thank you for your confirmation,” “Order Confirmation,” “Thank you for buying from [company name],” “Acknowledgement of Order,” and “Order Status.”. The email content now targets people’s greed by saying that a delivery (that they didn’t order) is waiting for them:

“We are happy to inform you that our online store HomeDepot.com has an order whose recipient details match yours. The order could be received in any Local Store of HomeDepot.com within the period of 5 days. Open this LINK to see full information about your order.”

Opening the link infects the victim’s machine.

Another trend is with hijacked credit card numbers. Instead of charging several hundred dollars on a single credit card – which is immediately noticed and blocked – online thieves are now content to charge several thousand people $20 – $30 each, which is less likely to be noticed by either the bank or the victim.

Cognoscape is committed to your security

There are a few simple rules to follow whenever you open your inbox:

Ask yourself: Were you expecting this email?
Check the sender’s address – hover over the address to verify the sender
Check the link address – hover over the link to read the address it is sending you to. Does the domain name look valid?
Learn to spot fake domain addresses
If you have any concerns DO NOT click the link, instead type the address into your browser and access the information from there
Review your credit card statement regularly for fraudulent transactions
Remember scammers target people’s greed – if it sounds too good to be true, it probably is!

Would you like to learn these techniques and have them taught to your colleagues? Cognoscape are now providing a series of lunch and learn presentations to avoid phishing scams and keep you safe from these attacks. Fill in the “Request a Consultation” form to the right of this blog post if you would like more details.

Don’t forget your friends need to know about this too – please share this post!

Top 5 Reasons You Need Network Security At Work

October 2, 2014/in Data Protection, Information Security, Uncategorized /by Cognoscape

Conducting day to day business can be consuming and stressful. Making sure that your company network is secure does not always rank number one on your list of things to do. There are so many things that need to be tended to! Here are the top 5 reasons why network security should be your top priority:

1. First and foremost, without network security at work your livelihood is at stake. As a business owner, most of your important documentation and records are stored on a computer. Leaving your network unprotected means that at any time your system could be infiltrated by unwanted viruses, trojans or even worse – malicious hackers who could obtain and distribute personal information.

2. Not only can your vital company information can be compromised, your identity could be stolen and used. Different types of computer viruses and trojans do different things. If a virus relays information to a third party your identity could be used by that person or worse. It could be sold to other people.

3. If losing your identity isn’t bad enough, it can get worse. Without network security you could unknowingly provide internet predators with your customer’s information. This means that your reputation as a company is at stake. Any business owner would agree that a good reputation is your best asset and a bad reputation could mean your demise.

4. By having a good network security system in place, you will be saving money in the long run. Companies that are constantly putting out fires and spending unnecessary money to fix problems as they occur. Each time they pick up the phone to call an IT specialist money flies out the door. By being proactive you will keep your budget minimal.

5. Using network security guarantees that you will be successful in your endeavors. By protecting your assets you will be able to focus on what you do best. Safeguarding your network allows others to trust in your ability to conduct business and do what is best for everyone.

Network security at work is beneficial in many ways. It helps you to save money. It also offers security to your team of employees and customers. Network security prevents unexpected problems. In conjunction with these benefits, network security is necessary to safeguard your personal information and that of your affiliates. Without network security your business could be in serious jeopardy.