IT Security Tip #33: Physical security matters!

In a recent incident reported in US news, an office secretary unknowingly gave some of her law firm’s most private data to a gentleman who had bought a Comcast Cable polo shirt off eBay. He dressed in khakis with a tool belt, and told the secretary he was there to audit their cable modem specifications and take pictures of the install for quality assurance. She had no reason to suspect he was part of a now-extinct hacker ring who would gain access to a business’s private network by going inside the office and noting the configuration details and passwords for their firewalls and cable modems. In some cases, they actually built a secure VPN private backdoor they later used to steal data. If someone dressed up in a utility-provider uniform, would you let them in?

Ask for identification and who they have spoken with about the service they are performing, and be gracefully suspicious, as they say in the South. Keep any company policies about how visitors are allowed in the building, if such policies exist. If those kinds of policies don’t exist, work to define them. We can help, if needed – but this is a real problem your office needs to address.

 

IT Security Tip #34: Don’t send your private information to anyone!

We’re seeing a new variant of an old scam. Here’s what happens: a secretary gets an e-mail from her boss – who is traveling – to please send him, as soon as possible, scanned copies of all the W2s the company issued at the end of January. The message appears to come from her manager, including having what looks like his actual e-mail address when she looks at in Outlook. She gets suspicious – she has just talked to her boss on the phone that morning, and he never mentioned needing that information. Before she collects the W2 PDFs that are on the HR drive, she decides to text her boss and check on it. Great catch! The boss never requested that information. Had she not been proactive and instead just completed the task assigned to her, she would have given a scammer all of the confidential information that is on a federal W2 form for every employee in her firm! The scammer likely would have used the information to commit identity theft and/or file false returns next year to claim the refund.

Always be vigilant and proactive – it’s better to be suspicious and double-check everything when dealing with confidential information. Try to provide that detail in an encrypted e-mail, or at minimum with a password on the files (and don’t include the password in the body of the e-mail!). The few extra minutes it takes could save months of heartache for all of your employees.

 

IT Security Tip #35: This will SHOCK you about bank fraud on business accounts

Did you know your COMPANY’S bank account doesn’t enjoy the same protections as a personal bank account? For example, if a hacker takes money from your business account, the bank is NOT responsible for getting your money back. (Don’t believe me? Go ask your bank what their policy is on refunding you money stolen from your account!) Many people think FDIC protects you from fraud; it doesn’t. It protects you from bank insolvency, NOT fraud.

Quick Tip: Set up e-mail alerts on your account so you are notified any time money is withdrawn from your account. The FASTER you catch fraudulent activity, the better your chances are of keeping your money. If you contact the bank IMMEDIATELY, you have a very high probability of foiling a hacker’s attack.