Online Security – Best practices to protect your small business from internet threats

No one is excused from cyberattacks. Even your small business could fall victim to one attack or another. With all the important sensitive data you have involving your clients and staffs; the repercussion of a breach can be serious and frightening. For this reason, it is necessary to take precaution, establish rules and measures to use against attacks over the internet.

Here are some of the most important steps every small business should be taking to protect themselves from cyberattacks.

  • There are a number of ways files can be lost unexpectedly, this is why it is important to frequently backup data. Save it in a secured remote location in case anything goes badly wrong with your computer.
  • Choose the best security software that can:

– catch viruses and Trojan horse programs

– control spam that may contain malicious code or links

– detect financial hacking techniques

Many security software are available on the market. Make sure to install it on every PC and server running and up-to-date.

  • Protect your network with a firewall to control internet traffic coming into and flowing out. You need to use a firewall whenever you go online to provide protection from unsafe internet sources.
  • Implementing a strong password is the easiest and simplest way you can do to strengthen your protection. You should definitely avoid using your personal data in creating a password and consider setting a password protection policy where you can make user passwords expire after a certain number of days.
  • Computers and electronic devices must contain passwords and stored and lock in a safe place. They contain highly sensitive data, thus, securing them is a must. In addition, limit the people who have access to records and ensure that they understand the sensitivity of the data they work with and their role to make it safe and secure.
  • Stored paper receipts with personal and financial information shouldn’t be kept for a long time in your cabinet if it is no longer needed. Buy a paper shredder and shred those papers instead.
  • Do not underestimate the importance of physical security. Get a surveillance camera and an alarm system to protect your personnel, hardware, and data from physical actions and events that may cause severe loss or damage to your business.
  • Establishing IT security policies is essential to a company’s health. It must contain rules and measures that target the prevention and elimination of the common kinds of internet attacks that may threaten the company. Make sure that your employees will understand and follow each guideline and you yourself should set a good example to everyone else in the business.

Cyber Security – How to Minimize the Risk of Becoming a Victim of Identity Theft

The technology today provides new ways for cybercriminals to steal personal and financial informations to commit fraud. As authorities continue to create and improve cybercrime fighting tactics, the methods used by criminals to steal identities evolve over time as well. Below are some ways to defend yourself against attacks.

  1. Many people have many different online accounts which use the same one, two or three passwords. This is the common mistake for many people as it makes them more vulnerable to cyberattacks. Do not use obvious passwords that can be easily guessed by cybercriminals and frequently change your passwords on each account.
  2. Cybercriminals will definitely send emails pretending that they are from the bank and will require you to input your personal and financial details in one of their bogus websites. If this happens, ignore the message. If the email truly bothers you, call your bank instead.
  3. Frequently check your financial reports for unquestionable transactions. Contact your bank immediately if you found one.
  4. Shred your documents by using a paper shredder before dumping them all in the trash. Cybercriminals might obtain important information if you don’t properly dispose those receipts and bank statements you have.
  5. Request for a compilation of all your credit transactions. Examine those credit reports for wrong details and quickly report it to your bank if there’s any.
  6. If you notice questionable transactions on your account then file a “Fraud Alert”. A fraud alert can make it harder for identity thieves to open more accounts in your name because it will require verifying your identity first before it issues credit.
  7. Do not bring your Social Security card outside if it isn’t necessary. Unexpected things may happen, it is better left at home.
  8. Identity thieves can make a way to recover all your deleted files from a formatted hard drive, so it is better to completely remove data on hard drives using different ways available on the market.

The Top Cyber Security Risks in Asia-Pacific In 2017


Cybercriminals will continue to innovate through ransomware

The malware business is a business like any other: cyber threat groups compete and innovate, with the most successful growing and spreading rapidly. Given the success of ransomware in 2016, we will see a continuation of ransomware attacks – with new innovations emerging and propagating, according to whichever attracts most payment.

2016 saw real innovation in the ransomware market, with a particularly interesting recent variant called ‘Popcorn Time’ that allows the victim’s files to be decrypted for free if they can infect two other people.

Commoditized versions of ransomware will, however, be a less pervasive threat for large corporations, as they gradually improve the management of this threat and their ability to mitigate it. Rather, criminals will target high-value assets using more sophisticated and innovative ransomware variants, and will develop additional functionality to seek out more lucrative individual targets within organizations, to enhance the chance of victims paying ransoms. Criminals will extort victims not only by threatening to deny access to data, but also by threatening to publish sensitive data.

Website defacements will be old school – website ransoms will be the new tactic

One specific kind of attack we expect to grow is website ransomware, where the contents of websites are targeted. This trend started emerging in Asia last year:

  • In November, several websites were found to be compromised and their web contents encrypted by a ransomware variant called JapanLocker. Control Risks’ research into this variant reveals that it was developed by a hacker known as Shor7cut, a member of the Indonesian Defacer Tersakiti group. This group is well known in the Indonesian hacking community and has more than 22,000 members.
  • In October, several Pakistani government websites were compromised and their contents encrypted by the CTB-Locker ransomware. The hackers, believed to be from the Indian group known as Hell Shield Hackers, used this method to retaliate after Pakistani hackers breached nearly 7,000 Indian websites.
  • In March, a ransomware variant known as KimcilWare was spotted targeting websites running the Magento eCommerce platform. This variant is thought to have been developed in Indonesia.
  • Also in March, Kaspersky Lab detected more than 70 servers, located in ten countries, compromised by the CTB-Locker ransomware. Most of the victims were from the US; this shows how threat actors in Asia Pacific are taking successful tools from other regions, adapting them, and applying them in their own region.

Such attack techniques will continue to emerge and evolve in 2017. We foresee further ransomware variants of this kind being developed by threat actors in Asia Pacific, and used for cyber activist and cybercriminal activities in the region.

Online Security – Hidden Money Revelations

Of many interesting articles this week the one that caught my attention the most was about how to hide 400 million dollars. Written almost as if it were a mystery story, it tracks how an estranged husband sought to salt money away in international banks such that his wife would have no access in a divorce. As described in the article, the husband and the wife are not the kind of people with whom I would want to spend my time. They made money in fraudulent schemes, many of them played out on the internet. But liking or not liking them was not the intriguing point.  It was the revelation within the story that shell companies and trusts designed to hide money — much of it either generated illegally or being held to avoid legalities — hold a purported 21 TRILLION of the world’s financial wealth. 21 TRILLION USD.

That is a staggering amount of money hidden away for purposes of keeping one step ahead of tax bills, blinkered business partners, or an estranged spouse. This sum undoubtedly includes money acquired through criminal activity.  That is also an enormous percentage of the world’s wealth to be sequestered away from the active markets. In Adam Smith’s view of the world, that money would otherwise be available to generate new wealth, to grow economies, to pull scores of people out of poverty, or to keep existing working and middle classes from sinking back into want.  No wonder many developed countries in Europe, Asia and the United States have been relatively stagnant for some time now.  No wonder it is so difficult to penetrate endemic, destructive poverty in Central and South America, Africa, many parts of Asia and even within the United States and Canada.  Wealth exists, but it is not in circulation. This article implies that it is sitting still in some remote bank in the Cook Islands as the result of nefarious activities abetted by legal tricks.

The issues surrounding global internet governance parallel these implications. First, international governance to bring the principles of justice to bear on either global banking or the internet does not exist. Second, the dark interstices of this ungoverned territory create a haven for illegality and fraud. Third, about the only means of penetration into this world is through intermediaries, for example lawyers and financiers, on-shore banks that assist in holdings and transmission. Lawyers afraid of losing their license, credit card companies and legitimate banks that avoid legal action or bad publicity, accounting firms that make an honest living often act as check points from perpetrator to ungoverned cash. But to the tune of 21 trillion dollars and the intractable challenge of cyber insecurity on the internet, intermediaries may not be good enough to stem the tide of layers and layers of illegality.

Where neither moral compass nor legal constraint exist, human nature’s darker side lurks. That dark side lends itself to unchecked violence and dehumanization that often lies within the illegal processes of generating much of this hidden wealth. Knowing that you can safely hide ill-begotten money encourages brutal behaviors played out in drugs and addiction, sexual slavery, extortion, theft and fraud. Moreover, these activities are not separate from global economics. From perpetration to prosecution, those activities create enormous inefficiencies within rational society. They also impose aching burdens on people who live by the rules.

I have no pat answers to these problems, but I feel strongly that they are vital questions. And the relationship between and among crime, global banks and the internet is more than an interesting insight about parallel tracks. Insofar as the internet facilitates crime, disorder and debasement, we must include its properties in our assessment as how to assert justice.  The medium, curiously, is also the message.


Security and Risk Online – Online scams cost Christmas shoppers over £10m last year


The festive period is a time for giving gifts, eating mince pies and spending quality time with your loved ones. However, unfortunately, police warn it’s also “prime time” for fraudsters as Christmas shoppers were fleeced of more than £10 million in online scams last year.

As huge numbers of bargain-hunters prepare to log on on Black Friday, officers highlighted the growing trend for criminals to use social media to target potential victims with apparently attractive deals.

One victim lost £86,000 when they tried to purchase a boat from a fraudster on eBay, police said.

Some 12,142 people said they had been bitten by online shopping fraud during the last Christmas period – with 133 saying they had been defrauded on Black Friday and another 115 falling victim on Cyber Monday.

City of London Police, who run the national reporting centre Action Fraud, are launching an awareness campaign aimed at helping shoppers avoid being conned.

Commander Chris Greany, the National Co-ordinator for Economic Crime, said: “Christmas is prime time for fraudsters to take advantage of the British public.

“During the festive season people rush to buy the presents they have been asking for; however, fraudsters see this period of generosity as an opportunity to strike and steal money from unsuspecting victims.

“Our campaign is designed to give individuals up-to-date advice that will keep them one step ahead of the criminals that target UK shoppers from all over the globe. Everyone deserves a crime-free Christmas so make sure it’s the criminals that are left short-changed this festive period.”

Young people are increasingly being approached on social media channels by fraudsters who offer seemingly great Christmas shopping deals, according to the police force.

It said that last year more people than ever reported that they had been initially approached on Instagram, with a 67% increase compared with the year before.

Analysis of Action Fraud reports from last Christmas showed that items such as home electricals, mobile phones and jewellery were the most common items which fraudsters offered to victims.

Separate research published earlier this week found that nearly a third of online shoppers may be tempted to put themselves at risk of fraud during the frenzy to grab a Christmas bargain.

Criminals use scam emails, fake ads on social media or internet searches promising heavy discounts for desirable goods to trick people into visiting fake websites and entering their card details. Once fraudsters harvest this information, they use victims’ details to go on shopping sprees.

So make sure you’re careful when online shopping, to make sure that your Christmas isn’t anything less than happy.