Stuart Crawford – Page 18 – Ulistic Projects Blog

January 16, 2020

Keeping You Safe from Juice Jacking

Learn about juice jacking and how to prevent you or employees from becoming a victim.

Here’s a new cyber threat to worry about: Juice Jacking. Read on to learn what about juice jacking and how to prevent yourself or employees from becoming a victim.

What Is Juice Jacking?

One common feature of modern smartphones is that the power supply and data stream pass through the same cable. When you plug your phone in to charge, hackers could theoretically access your phone through the same cable and inject malicious code or steal your personal information.

Your USB connector has five pins. However, it only uses one of those five pins to pass-through power for charging. Two additional pins are used for transferring data. So, when you charge, you could also be opening a port for passing data between devices.

We have only seen unconfirmed reports of juice jacking happening in the real world, but engineers have demonstrated how it is possible. In theory, threat actors might hide a device in a public charging station at airports or hotels. It’s a big enough concern that the District Attorney’s office in Los Angeles recently put out a warning to travels to avoid using public USB charging stations.

The FBI put out a warning about a device that’s small enough to fit inside a USB charger that can steal keystrokes from wireless keyboards. Another device hidden inside a USB charging station accesses your video display. It then records a video of everything you do, which might include passwords, accounts numbers, or PINs.

How To Prevent Juice Jacking From Happening to You or Your Employees

We’ve been warning people about the potential danger of using public Wi-Fi stations for years. Hackers can set up Wi-Fi hotspots in coffee shops and other public places then intercept data as it’s sent back and forth to your device. Now you can add public charging stations to the list of potential problems.

This doesn’t mean you shouldn’t use them. You just need to take basic security precautions to stay safe.

Avoid using public USB charging stations or plugging into computers that you aren’t familiar with.
Instead, use an AC power outlet and your own charging device. No data transfer is going to take place when you’re using an AC outlet and your charger.
Consider external batteries, power banks, or wireless charges if you need a charge on the go.

You should also avoid the temptation to plug into a USB charger you find left plugged in somewhere. It may be waiting for you to plug in and infect your device.

For iOS users, you can also use USB Restricted Mode which allows charging but prevents data transfers under certain circumstances. You’ll find it by going to Settings > Face ID & Passcodes (or Touch ID & Passcode) > USB Accessories. For Android users, USB data transfer should be disabled by default. If you want to check to make sure that’s the case, plug in your phone in a safe place, click on the notification and check USB Configuration options.

January 15, 2020

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

What You Can Do to Prevent Cyber Attacks Targeting Employee Data

Threat actors are targeting companies to obtain personal information about employees to use for tax fraud and filing false returns.

Your company stores all sorts of personally-identifiable data about your employees. Birth dates, social security numbers, health information, and bank account numbers are all on the shopping lists for hackers who can sell the information they steal or use it for malicious acts. One of the most sought-after documents by bad guys is tax records and tax forms.

These threat actors use that information to steal identities and file fake tax returns. Tax identity theft is the biggest type of ID theft reported to the Federal Trade Commission (FTC) each year. The FTC estimates the fraud at more than $5 billion annually.

Often, the victims aren’t aware anything has happened until they go to file their personal tax returns. They may try to file electronically, and have it rejected as a duplicate, or get a notice from the IRS saying there’s a problem. By then, the fraudsters are long gone.

How Do Hackers Steal Employee Data?

The most common way your employee data is breached is via phishing emails. Nearly a third of all data breaches and 78% of cyber-attacks started with a phishing email.

Hackers use email as a weapon to gain access to your systems. It may be as simple as sending an email asking employees to update their payroll information. Clicking on a malicious link can send that info to the wrong people. That’s exactly what happened to employees at the University of Kansas who soon found the direct deposit of their paychecks had been re-routed.

Other phishing emails may be targeted at individual employees using a variety of schemes to trick employees into giving up login credentials allowing cybercriminals to have access to company records. Other schemes may install malicious code when clicked and set up backdoors for hackers to access company computer networks. HR employees are also being targeted. A forged email may appear to come from a company executive or a third-party payroll processor asking for verification of information.

In an increasingly mobile society, hackers are gaining access to sensitive data when employees are connecting remotely to company servers without using proper security practices. When employees use public Wi-Fi, for example, they are vulnerable to man-in-the-middle attacks where threat actors intercept data as it’s being transmitted back and forth.

How To Prevent Becoming A Victim

Educating your employees about the dangers of phishing emails is a good place to start. One trillion phishing emails are being sent every year. While your company’s spam filters catch many of them, a significant number can slip through. Employees need to recognize the warning signs and everybody within your organization needs to take precautions to safeguard your data:

Install anti-virus and anti-malware software on all devices
Use strong passwords of 8 or more characters, numbers, and alphanumeric characters. Force changes regularly.
Encrypt all sensitive information
Back up sensitive information to a secure external source
Limit access to employee data with escalating security procedures
Require employees to install security software on all devices that access company data, including personal devices
Use Virtual Private Networks (VPNs) to encrypt data accessed remotely

It’s also important to keep all your software up-to-date. Hackers exploit what’s known as zero-day vulnerabilities in outdated software. These are known security problems that have been patched by the company. If the patches haven’t been applied by those using the software, hackers can exploit this known problem. That’s what happened to credit reporting agency Equifax, which saw hundreds of millions of records stolen when the company had failed to apply patches to known security issues.

Consider A Managed Service Provider

Even the best IT teams can be overwhelmed by managing all the various devices and entry points to their networks. They may not have the expertise needed to stay on top of constantly evolving threats and security practices.

A Managed Service Provider (MSP) can actively monitor a company’s servers, exchange servers, active directory servers, firewalls, routers, switches, and platforms remotely. This ensures software is always up-to-date and breaches are identified immediately.

An MSP will monitor your network traffic and incursion points 24/7 in a cost-effective way. In case there is a cyber-attack, an MSP can be your best weapon in identifying the threat, shutting it down, and building additional security walls to prevent future breaches.

January 7, 2020January 7, 2020

Important Cybersecurity Warning

Have you been following the news lately?

The recent events between the United States and the Islamic Republic of Iran are causing some concerns across the cybersecurity community. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a very important alert focused on Iran’s historic use of cyber offensive activities as retaliation for attacks against their state.

Reclaim Productivity with These Microsoft Excel Secret Shortcuts

25+ Microsoft Excel Shortcuts to Boost Your Productivity

Are you getting your money’s worth out of this productivity tool? Find out how to save insane amounts of time and frustration with these 25 Microsoft Excel Tips

When it comes to processing data, Microsoft Excel is everything to everyone. But because it’s a vast tool, many people never take the time to discover the Excel shortcuts relevant to them.

Obviously, these Excel shortcuts aren’t really secrets. No one’s hiding them from you. But because we don’t learn them, we waste a lot of time in an otherwise very streamlined and powerful productivity tool.

Franklin Covey, the author of the bestseller business classic, 7 Habits of Highly Effective People, said we need to take the time to “sharpen the saw”. Are you working with a dull blade by not using Excel to its fullest? Check out these Excel tips that will instantly sharpen your skills.

Learn Navigating Shortcuts

Ctrl+End moves you to the bottom right-hand corner of your worksheet. Because this stays within the cells in which you currently have data points, shortcuts like this let you quickly move from one side of the sheet to the other. You don’t have to endure the frustration scrolling too far.

Similar navigation shortcuts include:

Ctrl + Home – Go to upper left-hand corner.
Ctrl + Down Arrow – Go to lowest cell in the currently highlighted column.
Ctrl + Up Arrow – Go to the top cell in the current column. But keep in mind that if you have a blank cell in the column, it will stop there whether you’re going up, down, left or right.
Ctrl + Right – Go to the far right of the current row.
Ctrl + Left – Go to the far left in that row. Home key also does this.

Use the Go To Box

In the upper left-hand side of Excel, above your worksheet, you’ll find a Go To box. Simply point and click into the box. Then you can type any coordinates to go directly to a cell. For example, G102. If you’re working with a large sheet, Microsoft Excel tips like this are indispensable.

Keyboard shortcuts will always save time once you know them. But it’s when you’re on devices that have difficulty with point and click systems that you’ll save the most time.

Use F5 or Ctrl + G to pull up the Go To box automatically. Then type, press enter and go.

Use this same shortcut to select ranges of cells.

You can further use Go To Special, which is in the bottom right of the Go to Screen. This takes you directly to cells that meet a particular requirement. For example, if several cells on a spreadsheet should have a formula, this gives you a visual of which cells are missing formulas to help you validate your data.

From here, while the cells are highlighted, you might choose to add special formatting to make your sheet more understandable at a glance.

Highlight Cells Without the Mouse

Once again, your mouse is a terrible way to navigate in Excel. As you try to highlight groups of cells across columns, you inadvertently select other cells and can’t seem to get the right ones selected.

Yes, there are some better ways to select large numbers of cells with Excel shortcuts.

Ctrl+A highlights all cells with data points in them. Press Ctrl + A again to highlight the whole sheet.

Or highlight a specific section with this keyboard-mouse combo. Just start at the top-left cell of the part you want to select. Then Shift + click into lower right cell with the mouse. This highlights everything vertically and horizontally in between those cells.

You can accomplish the same thing without the mouse if needed. Simply move to the starting cell (always top left) for your highlighted area. Then hold the shift key and use the arrows to highlight across a row, down a column or across columns/rows.

You can also keep holding shift and move the arrows until you get it just right. Or use the mouse plus keyboard technique first. Then fine-tune what you select by pressing shift again and then using the arrows.

This is perfect for erasing large sections or formatting areas of your sheet.

But let’s say that the cells you want to highlight aren’t all next to each other. You can still highlight them together. But you will need the mouse for this one. Hold select while clicking the various cells, you’d like to highlight.

Once you’ve highlighted these cells, use Microsoft Keyboard shortcuts like:

Ctrl + B – Bold
Ctrl + I – Italic
Ctrl + U – Underline

And know that even if you’re using Excel on a Mac, you still have similar shortcuts. In most cases, the Command key replaces CTRL.

Improve Cell Data Entry Speed

Data entry is the centerpiece of Excel. But there are definitely some right and wrong ways to do it when treating Excel like the productivity tool it is. Check out these Microsoft Excel tips for faster and more accurate data entry.

Highlight an occupied cell and start typing to replace the data. There’s no need to delete or backspace first. But be careful. You could accidentally erase a cell this way.
Edit more detailed cell data from the formula bar instead of in-place. This is especially effective if you have formatted your sheet to not show all the data in a particular cell because it’s long. Just click the cell and then click into the appropriate place in the text to start typing within that bar.
Use in place editing when small amounts of data in a cell. Simply double click to open the cell for editing.

Excel Shortcuts & More

We’ve only scratched the surface. So practice these 20+ tips and you’ll be eager to learn more. For more ways to increase your individual and corporate productivity, follow our blog.

January 4, 2020

3 Tips Will Help Save Your Computer from Ransomware

Quick Tips to Save Your Computer from Ransomware

Are you struggling to remove vicious ransomware from your computer? These quick tips will help you (safely!) access information on your computer and get back online in no time.

You’ve heard about ransomware attacks, but never thought it could happen to you. That’s the beginning of the story that IT professionals around the world are hearing from users — business users, individuals, schools — there are no “safe spaces” when it comes to the ability of cybercriminals to wreak havoc on your technology. There’s always the option of paying the ransom, but this path is fraught with dangers. If the attacker doesn’t issue you the unlock code for your files, there’s no Better Business Bureau to report them, you lose the money you paid and will still need to work with professionals for ransomware removal. Understanding the three key variants of ransomware is the first step to potentially rescue your computer.

Three Main Variants of Ransomware

Ransomware is often classified into three main types:

Scareware, when a bogus antivirus screen pops up on your computer, letting you know that there are “many issues” and demanding money to remove the detrimental files. This is the easiest variant to resolve.
Lock-screen viruses are a more advanced attack and can be quite frightening. With this type of ransomware, you might be presented with an official-looking screen that you cannot navigate away from with details on sending money securely to remove the lock.
Advanced ransomware physically encrypts your files as well as locking access to them. It can be significantly more challenging to remove this type of ransomware without paying the fine. One example is Ryuk, where data recovery by professionals has only been successful approximately 3% of the time.

PC Rescue and Recovery Tips

While the other sure path to success is to work with a local technical professional to get everything up and running securely, you may be able to run through these tips and release your PC from the hostage situation.

Enter Windows’ Safe Mode and utilize on-demand anti-malware scanning software such as Malwarebytes.
If your anti-malware software isn’t successful, your next option is to attempt to restore to a point in time when your computer was safe and free from infection. You can complete this task by shutting down your PC completely. For Windows 7: Restart your computer, pressing the F8 key repeatedly and then selecting “Repair Your Computer”, log on and select System Restore. For Windows 8, 8.1 or 10: Hold down the Shift key, select Restart which will reboot your computer to the recovery screen. From there, you will select “Troubleshoot” “Advanced Options” “System Restore”.
If your system restore attempt is unsuccessful, your next option is to attempt running anti-malware software from a USB drive or bootable disk. The following trusted vendors have solutions available: Bitdefender, Avast, Kaspersky, Norton and Sophos.

The final step in the recovery process often involves finding your lost files and attempting to restore any additional systems settings that were lost during the process.

Ransomware recovery is a pain at best and very expensive at worst. A strong defense is your best option and installing a strong anti-malware and antivirus software package will help repel the vast majority of attacks before they can take hold. However, the only sure-fire method of ensuring you don’t lose anything in a ransomware attack is to create full and complete external backups. With ransomware attacks surging 77% in 2019, there’s always the possibility that you will never retrieve your priceless memories and private files without a solid backup plan in place.

January 3, 2020

Watch Out! Windows 7 Loses Support in January

Careful – Your Windows 7 Loses Support in January 2020

If you use Windows 7, you need to be aware that Microsoft will end support for your operating system in January 2020. Now is the time to upgrade to Windows 10.

Windows 7 is an operating system that still has plenty of serious fans – in fact, it was only earlier last year that the market share for Windows 10 moved past Windows 7. Considering that Windows 10 was released in 2015, that is saying something. All good things must come to an end, though, and Windows 7 is no exception. Microsoft is ending support for Windows 7 in January of 2020, which means that it will become much more difficult to keep the OS up and running moving forward. And a recent announcement from Microsoft has let Windows 7 users know that they are going to be seeing bigger, full-screen pop-ups to warn them of the upcoming end of life of the operating system.

Microsoft is Magnifying it’s Warnings about End of Windows 7 Support

All through 2019, Microsoft has been telling Windows 7 users that the support for their operating system was going to end in 2020. Of course, if you are using Windows 7, you may have missed the warnings or just decided to think about them later – after all, a year is a long time. But the end is really around the corner now.

The official end of support for Windows 7 is January 14, 2020. The day after, on the 15^th, you will no longer be able to get support from Microsoft if something goes wrong with your operating system. That is why the prompts telling you that Windows 7 support is going to end are getting a lot bigger and more obnoxious. Microsoft is going to push full-screen pop-ups telling you that “your Windows 7 PC is out of support”.

You don’t have to keep looking at the notifications if you don’t want to. You can ask Windows to remind you later or to never remind you again. You can also choose to ‘learn more’, which will take you to an information page about what loss of support means and give you the option to upgrade to Windows 10.

What Does “Loss of Support” Mean?

There are several things that will happen when support ends for your Windows 7 operating system, including:

Loss of tech support. Right now, if something goes wrong with your Windows 7, you can contact Microsoft and get somebody to help you with the problem. They can run you through troubleshooting steps and try to get things going again. But when support ends, you won’t have the option of contacting Microsoft about it. They will tell you that they no longer support your operating system.
No more software updates. Microsoft is always working to improve their operating systems – at least the ones they currently support. But once they stop support, they stop putting resources into improving an OS. That means there will be no more updates to make Windows 7 secure and stable.
Loss of security. There are always people out there looking to compromise Windows operating systems, even ones as old as Windows 7. When you lose support for your OS, it means that Microsoft will no longer be trying to identify threats and upgrade your OS to defend against those threats.
Loss of compatibility. This is the biggest problem for most people with unsupported operating systems. You may be ok with being less secure and not getting the latest and greatest improvements, but you are unlikely to be happy when your favorite software stops working with your version of Windows. Over time, the thing you can use your computer for will become fewer and fewer as software moves beyond your OS.

Fortunately, getting support for your OS is easy enough – you just have to upgrade to Windows 10.

December 26, 2019

Juice Jacking: The Next Cyberattack

Juice Jacking is another creative way that cyber attackers are accessing your data. Learn more about the concept and how to prevent it.

The public must be on guard for any cyberattack that comes their way; however, attackers are creative and are constantly innovating towards the next type of cyber-attack to catch unsuspecting people. Most recently, the concept of “Juice Jacking” has made its way into public attention.

Juice Jacking is a type of attack that uses a charging port, infected cable, or portable battery to access available data on a connected device such as a smartphone or a laptop. Once a device has been infected, attackers can export your data, steal passwords and other personal information, or lock your device entirely making it unusable.

How Juice Jacking works

A conventional USB cable is not only useful for charging your device, but its primary use is to transfer information from one device to another. As soon as a device is connected to a USB outlet, this allows attackers access to devices.

We have all heard of identity thieves putting on card-reading devices, skimmers, or camera on ATMs and other card readers such as at a gas station pump, but attackers are also able to change out USB hardware for another USB port that allows them access to any who connect to the port. Typically, we see threats to our devices in public such as hotels, public kiosks, and airports.

Juice Jacking and Travel

For those people who travel regularly, they rely on the public charging kiosks to keep them connected to family, loved ones, and work while out and about. But USB public charging stations are a prime target for those people seeking to steal and use your personal information.

Attackers can use not only a public kiosk as a way to gain access to your devices, but they can also use an infected cable. Beware to not use cables that are found already plugged into charging stations or you could already have one in your possession as a free gift. It is very easy to mask a cable to look like a brand name item, and most people believe that cables are not capable of holding information maliciously.

Another method to get victims to connect to a power source is to infect portable batteries, and with the rise of shared or rented portable batteries that you can purchase in airports, it has become easier for attackers to gain their victim’s data and move on to the next airport, making pinpointing the problem harder for those trying to stop the attacks.

Preventing Juice Jacking

The easiest way to prevent Juice Jacking is to plug your devices in via your power adapter that normally comes with your device. Another option is to carry your own power bank. A personal power bank can hold enough power for several recharges. Finally, a product that has been developed to combat the threat of Juice Jacking is a USB data blocker, a small adapter that you attach to the end of the USB cable you would like to use that prevents the transfer of data.

December 21, 2019

Getting Professional Data Analysis without Hiring Professional Data Analysts

Learn how AI helps businesses analyze customer provided data and IoT implementation important for growth, customer loyalty, and greater profitability.

There is so much data available to your business but getting a proper read on its importance an investment in costly data scientists. Learn ways technological advances, such as AI, helps your business synthesize data and provide your IT team with the information needed to create apps and other solutions at a lower cost.

The Internet of Things (IoT) is at the forefront of the data analysis performed by businesses. According to a recent article appearing in Forbes.com, data centers used to house the billions of bytes of data businesses collect, along with business analytics are growing at a compound annual growth rate of 50 percent between the years 2017 – 2021. The market value of IoT in 2017 was $235 billion and expected to more than double to $520 billion by 2021.

What does this mean for you and your business? All those valuable bits and bytes you collect from your customers is useless if you do not have a team in place that can help you make sense of it and use it to grow your business. This typically means hiring a staff of professional data scientists who, according to the U.S. Bureau of Labor Statistics (BLS), earned a median pay in 2018 of $118,370 or $56.91 an hour. That is a huge investment in labor which may be better spent instead on AI developed approaches to data analysis and app development.

Leveraging AI to Produce Professional Data Analysis

Professional data scientists cost you nearly $60 per hour while computer programmers with less education and the skills necessary to write and test computer code and develop apps based on your data earn about $40 an hour (median pay of $84,280 according to BLS). AI gives you the ability to hire programmers over scientists, who can help you properly analyze and utilize your data. Here’s how: AI has involved in one of the few technological advances capable of passing the Turing test.

If you are not familiar with the Turing test, it is the ability of a machine to demonstrate human-like intelligence and provide responses indistinguishable from human responses. That this phenomenon has finally happened for the first time in 2014 (64 years after the test was developed in 1950 by British mathematician Alan Turing, noted for breaking German code during World War II) means AI has become the leading driver for businesses looking to bring sense and order to data and quickly create consumer-driven apps to further engage customers and increase revenue.

Why AI over Human Analysis?

Without giving away to fears about machines taking over ala Stanley Kubrick’s HAL 9000 in the movie “2001: A Space Odyssey,” business should come to quickly recognize that machine learning and AI are useful technologies, important in reducing human labor costs and providing a way to integrate IoT into your business.

Hiring programmers who can seize upon the results of AI analysis comes at a savings of about $35,000 per scientist needed to perform the role artificial intelligence does. This alone gives you a compelling business reason to consider the advantage of leveraging AI over traditional human analysis performed by professional data scientists. As companies move slowly toward IoT implementation, you have the opportunity to be on the forefront and beat your competitors to the punch, enabling you to chart uncharted territories and seize important market share!

December 15, 2019

Prevent Hackers from Stealing Your VoiP and Costing You Money

Prevent Hackers from Stealing Your VoiP and Costing You Money

Best ways to prevent your business from losing money because of hackers stealing your VoIP service.

In 2017, telecom fraud amounted to $29.2 billion in losses to organizations and carriers, according to No Jitter. One form of telecom fraud is theft of service, which is obtaining service through an individual or company without payment. VoIP is much more prone to theft of service than traditional telephony services. Service can be stolen through hackers stealing user names, passwords, and other account information. Hackers also can introduce malware into the system to more easily enable theft. Unfortunately, the Federal Communications Commission has not issued any regulations on VoIP fraud, which means that businesses are still liable for any hacked calls. Fortunately, businesses can take some precautions to prevent theft.

Protect Passwords

When businesses buy a new phone, they should always change the password from the factory settings. Some phones use different passwords for the phone interface and web interface. In this case, unique passwords should be used for each interface. Passwords should be made secure by changing them every six months and requiring at least 12 characters including upper and lower case letters, symbols and numbers. Businesses also should regularly update the admin portal password for the VoIP provider.

Limit Physical Access

VoiP phones and other instruments should be kept in a locked space to prevent unauthorized access. The environment of the space should be maintained within the limits set by the equipment manufacturer. Secure access panels to the air conditioning and power.

Build Security in Layers

To prevent attacks and service theft, an organization should plan its VoIP system as carefully as it does its data network. One way is to plan security in layers.

The first layer of security is preventing intrusions on the network. To secure the network, use VoIP-aware firewalls and shut down ports at any sign of malicious behavior, according to Tech Target.
The second layer of security is phone authentication. The phone will not be authorized to the network or to the IP PBX unless a mutual certificate exchange or a certificate and dongle architecture have authenticated it, according to Tech Target.
The third layer involves encryption or authentication between the media and various channels. This means media gateways, ALGs, firewalls and NAT devices, and SBCs, according to Tech Target.
Finally, the fourth layer is user authentication. Only users authenticated via a user name and password or token device or mutual swap should be allowed to make or receive phone calls, according to Tech Target.

Disable International Calling

Most hackers go after the more expensive international phone numbers. Businesses that don’t need to regularly make international calls can disable international calling, using an international calling card when necessary. If regular international calling is required, businesses should carefully check invoices to be sure all calls made are legitimate.

December 14, 2019

Hackers Access CEO Email to Steal Company Money

BEC Scam Helps Hackers Steal Over $46M from Company

How fast could your company lose $46M? BEC Scams do it in minutes. Find out how criminals hack CEO emails to earn themselves a huge payday at your expense.

Sometimes criminals hide in the shadows and sometimes they hide behind technology, waiting, ready to strike at the most vulnerable. You know this, so you’ve invested in employee education. Employees are aware of common cybersecurity threats and email scams. But the BEC scam turns everything on its head.

It does so by hijacking the CEO’s most important business communication tool, email.

What Is a BEC Scam?

A cybersecurity-aware employee would always check to see where an email is coming from if that email asks them to do something like send millions to a strange account. But what if that email looks like it comes from you?

A Business Email Compromise (BEC) scam is conducted via your CEO’s own business email account. The hackers monitor your email for days or months undetected before sending an email from you to one or more of your employees, asking them to do something like:

Wire money from the company accounts
Share their login to company programs

If an employee got an email from you, would they question it? In a modern workplace, you’ve built a team around you who would ask “why”. But what if the person receiving the email is not in your trusted circle?

Scammers often target those who report to them, and don’t know you as well, instead.

Hackers take it a step further. They use automation tools found on your email account to instantly identify and delete any emails questioning your instructions or warning you that you’ve been hacked.

Real World BEC Attacks

This attack isn’t uncommon and the results are costly. Here are just a few medium-sized businesses that paid the price.

Xoom Corporation – BEC scammers emailed an employee from the CEO’s account and convinced them to wire $30M to a business overseas under the disguise of a business deal
Scoular Corporation – Employees wired an undisclosed amount to China for a fake acquisition deal. The email said, “We need the company to be funded properly and to show sufficient strength to the Chinese… I will not forget your professionalism in this deal, and I will show you my appreciation very shortly.”
Ubiquiti Networks – This San Jose company’s employee wired $46M at the “CEO’s” instruction. They were only able to recover $8M.

How to Protect Your Company from BEC Cybersecurity Threats

First of all, know that the CEO may not be the only target. It could be the CFO, CMO or even middle management.

They often attack companies using Office 365, which is relatively easy to breach if extra precautions aren’t taken. They gain access to your email via simple tricks like getting you to share your password on a spoofed 365 website.

Deploy education and technology to both prevent someone hacking a CEO email and to quickly identify when you or someone in the company has been compromised. This might include:

Powerful spam filters
Monitoring software
Malware protection and firewall
Security awareness training
Other customized solutions to maximize security

Above all, stay informed. Follow our blog to learn more about keeping your company safe from very real and sneaky cybersecurity threats like these.