Safeguarding against Shopping Seasons! TechTalkSMB
Issue #12 | November 2023
Cyber Protection Tips
As the holidays approach, and we get ready to relax with family and friends, it is important to keep our cyber-guards up!
As the digital age continues to redefine our lives, the way we shop has undergone a profound transformation. Gone are the days of waiting in long lines at brick-and-mortar stores; now, we can purchase anything we desire with just a few clicks. The convenience and accessibility of online shopping have made it a go-to choice for many consumers, especially during shopping seasons like Thanksgiving, Christmas, Black Friday, Cyber Monday, and the holiday season. However, this convenience comes with a caveat: the risk of cyber threats. To ensure a safe and secure shopping experience during these shopping seasons, it’s essential to understand and implement effective cyber protection strategies.
Understanding Cyber Threats
Cyber threats come in various forms, and understanding them is the first step in protecting yourself during the shopping season. Here are some common threats to be aware of:
Phishing Attacks: Cybercriminals often use deceptive emails or websites to trick you into revealing personal information, such as credit card details and login credentials.
Malware: Malicious software, such as viruses and spyware, can infect your device, steal your data, or monitor your online activities.
Identity Theft: Cybercriminals can steal your personal information and use it for fraudulent activities, including making unauthorized purchases in your name.
Data Breaches: Retailers and online platforms may experience data breaches, leading to the exposure of customer data, including credit card information.
Online Scams: During shopping seasons, scams like fake discounts, counterfeit products, and fraudulent sellers become more prevalent.
Protecting Yourself During Shopping Seasons
Now that you’re aware of the potential threats, let’s explore some essential cyber protection tips to keep you safe while shopping during peak seasons:
Use Strong, Unique Passwords: Create strong, unique passwords for your online shopping accounts, and consider using a password manager to keep track of them. Avoid using easily guessable passwords, like “123456” or “password.”
Enable Multi-Factor Authentication (MFA): Whenever possible, enable MFA for your online accounts. This adds an extra layer of security by requiring you to provide a second form of verification, such as a code sent to your mobile device.
Keep Software Up-to-Date: Regularly update your operating system, web browser, and antivirus software to protect against known vulnerabilities.
Shop from Trusted Websites: Stick to well-known, reputable online retailers and marketplaces. Avoid shopping on unfamiliar websites, especially if the prices seem too good to be true.
Be Cautious of Emails and Links: Don’t click on suspicious links or download attachments from unknown sources. Verify the legitimacy of emails, especially those requesting sensitive information or financial transactions.
Secure Your Wi-Fi Network: Use a strong and unique password for your home Wi-Fi network, and consider encrypting it with WPA3 for added security. Avoid public Wi-Fi networks for online shopping, as they are often less secure.
Monitor Your Financial Statements: Regularly review your bank and credit card statements for any unauthorized or suspicious transactions. Report any discrepancies immediately.
Check Website Security: Before making a purchase, ensure the website is secure by looking for “https://” in the URL and a padlock icon in the address bar. This indicates a secure, encrypted connection.
Use a Virtual Private Network (VPN): A VPN can help protect your online activities by encrypting your internet connection, making it more difficult for cybercriminals to intercept your data.
Keep your Cyber Guards-Up!
Stay informed about the latest cyber threats and scams. Awareness is one of the best defenses against cyberattacks.
Please feel free to reach out with any feedback or suggestions for future topics. Until next month, stay cyber-secure!
Best regards,
Rachid Elaafer
Professor/Guest Speaker/Columnist/CIO
Cybersecurity TechTalkSMB Newsletter
#cybercrime #cyberattacks #smallbusiness #bostontech #bostonma
Issue #11 | November 2023
Welcome to the November edition of Cybersecurity TechTalkSMB, your trusted source for the latest updates on cybersecurity threats, trends, and best practices. In this issue, we’ll cover recent cyberattacks, emerging threats, and offer insights into protecting your business.
In This Issue
Featured Cyberattack: Ransomware Hits Bank of Canton, Clorox: Cleaning Products, and Las Vegas MGM Resorts and Hotels Sector
Security Best Practices: Securing Remote Work Environments
Expert’s Corner: Live discussion on Cyberattacks 6pm Tuesday the 7th
TechTalkSMB: Weekly News and Tips
- Featured Cyberattack: Ransomware Strikes Financial Institute, Retail, and Hotels Sector
This sector has recently been a prime target for cybercriminals. Multiple incidents have involved infiltration attacks on banks, cleaning products, and hotels, jeopardizing customer data, critical systems, and operations. These attacks highlight the need for robust security measures, timely backups, and user training to prevent and respond to ransomware threats.
- Security Best Practices: Securing Remote Work Environments
As remote work becomes essential in many organizations, ensuring the security of remote work environments is vital. Implementing robust VPNs, multifactor authentication, and secure collaboration tools is essential to protect data and network integrity. Regular security training and awareness programs are also vital to educate remote workers about the latest threats and best practices.
- Expert’s Corner: Go Live @TechTalkSMB Instagram 11/7/2023
We will be live on Tuesday, to discuss and answers from Small Business owners and managers about the evolving threat landscape and the importance of proactive threat intelligence. Mr. Rachid Elaafer valuable insights into threat detection, risk assessment, and the significance of keeping cybersecurity strategies up to date.
- TechTalkSMB: Weekly News and Tips
Learn about ever-changing threat landscape is critical for effective cybersecurity, can help organizations Protect, collect, analyze, and disseminate threat data. In this edition, @TechTalkSMB we highlight top TIPs and their key features to aid small businesses to stay ahead of cyber threats.
Stay Safe in the Digital Realm!
This month’s Cybersecurity @TechTalkSMB. As cyber threat continues to evolve, stay informed and vigilant. Implement the best security practices, keep your systems up to date, and invest in the right tools with the right Managed IT Service Providers, to protect your business.
Please feel free to reach out with any feedback or suggestions for future topics. Until next month, stay cyber-secure!
Best regards,
Rachid Elaafer
Professor/Guest Speaker/Columnist/CIO
Medford.WickedLocal.com
Recent Articles By Rachid Elaafer in The Medford WickedLocal Newspaper
TECH TALK:
Are you under a contract with your IT company or IT guy?
Posted Dec. 5, 2015 at 10:14 AM
MEDFORD
It’s that time of the year where you need to review and evaluate your IT support.
Take the time to read the contract and understand what services are included in your monthly payment and what services are not. Ask your staff if they are happy with the support they are getting from the current IT service provider.
Also, bring in another IT consultant to get a second opinion about your business technology. Computer systems have become essential for any business. Therefore, you need to invest in the right technology and support, you might not realize that your business profit and loss depends largely on right technology to strive.
After your due diligence, you find yourself satisfied and confident that your computer systems in your business are running at its optimal and are secured? Make sure you are getting what you are paying for. Then go ahead and renew that service contract so that you can have a predictable IT budget for your business.
However, if you are not getting the right IT service, then I highly suggest hiring other IT service providers to evaluate your current business technology for improvement, stability and provide you with IT support proposals that support your business growth, and have options to choose from that best fit your business.
On the other hand, if you are already under a contract, chances are you are either paying too much for IT support or paying a low monthly fee and getting charged for services that are needed but are not part of the monthly contract, hidden fee as we call it.
Your monthly support contract should be clear as black and white. It should clearly define the IT services that are covered with details of support like hours and days as well as a list of services it includes.
— Rachid Elaafer is the owner of IT Solutions Provider LLC in Medford Square.
http://medford.wickedlocal.com/article/20151205/NEWS/151208394/0/SEARCH
TECH TALK:
ISP launched public Wi-Fi hotspots from customer’s router
Posted Aug. 16, 2015 at 9:02 AM
MEDFORD
One of the largest Internet service providers launched its project “Public Wi-Fi Hotspots” two years ago. The plan was to create public Wi-Fi hotspots by exploiting its customer’s Internet service in home routers to send separate signal for public Wi-Fi hotspots that extend to neighbors.
The result of this project is to allow your neighbors or any one that can see your home wireless connect to your Wi-Fi without your consent, without needing your wireless password, simply because your Internet Service Provider (ISP) took your Wi-Fi and extended it to anyone within reach of your house.
And I mean anyone! They don’t have to be a customer of your ISP to use your Wi-Fi, its setup for guest access.
Many customers of this ISP don’t know that their router is part of a global project initiated by its Internet Service Provider that started couple years ago and is spreading across the country. The impact of this feature and its results are privacy and speed degradation.
This project “Public Wi-Fi Hotspots” was never clearly disclosed to its current and prospective customers. Paying customers should have been informed and educated about this feature prior to its activation and required full consent by each customer.
According this Internet Service Provider, your Home Public Hotspot that is activated on your Internet service subscription is separate from your private home network.
But some of the questions that haven’t been clearly answered raised these additional questions: Why are they using the customer Internet service subscription to provide free Internet to others? Why can’t they provide the free public hotspots from their towers? Why didn’t they obtain full consent from its customers prior activating this feature on customer’s routers?
Why doesn’t the contract spell out in clear text this new plan? If customers are paying for the service aren’t they entitled to be fully aware of this change and have a say?
The good and bad news: according to the ISP, you can disable this feature, but when some customers tried to do it, they received error messages.
So what’s the good news, you are asking? The good news is that ISP published instructions on how to disable this feature. But — and it’s a BIG but — if you didn’t know that your router was being used to provide free public Wi-Fi hotspots, how do you go about finding out, right?
Instructions to disable the public Wi-Fi hotspot on your router, but it might not work for you
The bigger problem is that some small businesses use this ISP that is intended for home in their office instead of a business class router. If that’s the case, your business might be setup to provide free public Wi-Fi to everyone close by to your office! And that is frightening.
— Rachid Elaafer is the owner of IT Solutions Provider LLC in Medford Square.
http://medford.wickedlocal.com/article/20150816/NEWS/150819996/0/SEARCH
TECH TALK:
Small, Mid-size businesses deserve Fortune 500 level IT support
By Rachid Elaafer
Posted Jul. 25, 2015 at 9:00 AM
MEDFORD
Today, small and mid-size businesses (SMBs) can get the same high level IT services that Fortune 500 companies enjoy — without the high price tag
You already know what you need to do to solve just about any business technology problem you have. The only missing ingredient is taking action.
Your business deserves better, so don’t settle for average or standard IT support.
Most SMBs’ technology investment and budget lack good strategy to drive business production and operation upward. Whether you are running a small or mid-size business, you have the same business needs and challenges as enterprise counterparts.
Your business depends on technology and IT services that enable you to run your day-to-day business operation efficiently. Running a business with a pen and paper are long gone.
You might argue that you can still ran your business without technology. But for how long before your competitors dominate your market, since they are more efficient with their process using the latest technology and solution?
The success of your business depends on strong IT solutions and services that enable unified communication, collaboration and mobility, as well as security and business continuity solutions for backup and disaster recovery.
Today, any business is a target for cyber criminals, and the government is enforcing regulations on business to protect clients and consumer data.
Therefore, if you are ready to take action, you might start by looking at your current IT company or person and ask the following questions:
Do they answer their phone live?
Do you have a clearly defined Service Level Agreement for them?
Do they monitor your network, your critical business application from viruses and hackers?
Do they provide both local and cloud backup services for business continuity?
Do you have one-on-one quarterly or semiannually review of your IT with your IT company?
Do they assist in bringing your business to be compliance with HIPAA, PCI and other regulations?
If you are not feeling the love from your current IT person or company, then it’s time to break up. They say breaking up is hard to do, but if you treat your business as part of your family then you would want someone that loves your business as much as you do, if not more.
— Rachid Elaafer is the owner of IT Solutions Provider LLC in Medford Square.
http://medford.wickedlocal.com/article/20150725/NEWS/150729707/0/SEARCH
TECH TALK:
Growing threats in the 21st century
By Rachid Elaafer
Posted May. 24, 2015 at 4:08 PM
MEDFORD
No one likes to think about bad things that could happen to their business. As long as you aren’t audited or investigated by OCR’s “Office of Civil Rights,” you are OK.
Right? Wrong!
It seems like every other month, we hear about another related data/security breach, Home Depot, Target, Sony, Anthem, P.F Chang, Sally Beauty Supply, Michaels Stores, Goodwill Industries, etc. but breach may have already occurred but have not been divulged.
The recent breaking news is that the government: “House passes Cybersecurity Bill after companies fall victim to data breaches.”
The government is pushing companies to protect and secure clients’ data, some of the security laws, regulations and guidelines are: Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS), Health Information Technology for Economic and Clinical health Act (HITECH) and Children’s Online Privacy Protection Act (COPPA).
Are you ready for this?
The government says : “If a company shares information with the government, it would receive liability protection only if its data undergoes two rounds of washing out personal information…”
But my company doesn’t share information with the government, you’re thinking. Well, you are alone in thinking that, taxpayer.
Let’s hope the government reconstitutes the bill and offers small businesses and private sectors the opportunity for liability protection, otherwise you need to make sure your business is in compliance.
Let’s take Microsoft, for example.
Microsoft officially dropped support on the XP operating system and Office 2003 software suite — and soon Microsoft Server 2003 on July 14, 2015.
That means any computer or server with these software programs installed will be completely exposed to serious hacker and cyber-attacks, aimed at taking control of your network, stealing your personal data, crashing your system and inflicting a host of other business-crippling issues.
It’s such a threat that we are advised by law to upgrade any and all computer systems running XP, Office 2003 and Microsoft Server 2003. Cyber criminals will attack any PC/server or application that is outdated because firewalls and anti-virus software will NOT be sufficient to completely protect the operating system (and your personal or clients information known as ‘data’).
Data is the core of your computer, where we save valuable and confidential documents and files.
Time is running out, if you’re one of the individuals or businesses that still runs Windows XP, Office 2003 and Server 2003.
Here are few good reasons you will want to add “Upgrade to a New Operating System/Microsoft Office” on your “To Do” list:
If you are running these kinds of software or any outdated, not support applications then you are not in compliance and you are vulnerable to data breach.
My favorites quote is “Pay now” to upgrade and protect your business OR “Pay Later” when you are hacked or audited. It’s not a matter of if, it’s when.
Does your business fall under these industries? Then you must act!
Industries and businesses that are affected by some of these rules and regulations:
PCI DSS: Credit card companies, retailers, anyone handling credit card data in their business.
COPPA: Commercial Web sites services aimed at children under 13, and any audience Web sites that collect children information.
HIPAA and HITECH: Health care providers, health plans, health clearinghouses and “business associates,” including business that deal with health related info/records. For example, attorneys and insurance agencies.
— Rachid Elaafer is the owner of IT Solutions Provider LLC in Medford Square.
http://medford.wickedlocal.com/article/20150524/NEWS/150528309/0/SEARCH
TECH TALK:
Hackers, virus developers to abolish computer, mobile device attacks
By Rachid Elaafer
Posted Apr. 18, 2015 at 4:39 PM
MEDFORD
Hackers and virus developers have declared they will abolish computer and mobile device attacks? Wow!
Business owners and computer users no longer should worry about, viruses, spywares and cybercrime damaging or stealing confidential information from their devices.
Since, it’s April…well, April Fools!!!
Seriously, securing your computer is something you should never want to fool around with. At this time of the year, I highly recommend taking a closer look at your computer and mobile security to ensure that you never fall into the hands of hackers, because you neglected to invest in securing your devices.
You may believe the data stored on computer or mobile device is secured or irrelevant to someone to use or try to gain access to. “You don’t know what you don’t know,” I am pretty sure you heard the phrase before. The basic information about you like your name and address is worth money for marketing companies.
Unfortunately, we treat our computers and mobile devices the same way we do with our cars, home appliances, etc. We don’t maintain them on a regular basis or have them checked by professional until it breaks or stops working.
Sometimes we forget to change the oil in our cars until after the due date, but it’s not a big deal, right?
Your system or handheld devices are more important, they contain information about you, your family and your business, whether you realize it or not. When it comes to your computers and mobile devices, you need to have them checked on a regular basis, and yes it cost a little more but identity theft, and not knowing if someone has your info and using it outweighs the cost.
Let’s face it, you either going to “pay now” and have your devices secured and maintained or “pay later” when you have a real problem and most often too late.
What most of us don’t realize is that when your computer or mobile device is infected or hacked, you can certainly have it cleaned up and fixed, BUT what was stolen (the electronic information) from it will not be brought back and worse, you don’t know who has it and where.
Technology has become so complex to develop but so easy to use in the eye of a consumer. Just like medications, the medicines you couldn’t get before without a prescription is readily available now over the counter, but the side effect of using some of the medicines isn’t discovered ‘till years later, when people become ill.
Just to name few: Loss of hearing and eyesight due to high definition graphics, amplified sounds (kids with headsets every day), strong radio waves from Wi-Fi and mobile devices, lack of social skills (101) addiction to cell phones and games. However, the benefits gained are undeniable as well.
Similarly to technology, the cool and advance technology we used see in movies are now in the market, but some of the side effects are still unknown or hasn’t been published. The impact of technology on our social, mental, physical and environmental health can be devastating if we don’t check ourselves.
— Rachid Elaafer is the owner of IT Solutions Provider LLC in Medford Square.
http://medford.wickedlocal.com/article/20150418/NEWS/150418614/0/SEARCH