What You Should Know About Data Privacy – And How to Get Started

Managed IT Services for Law Firms
Managed IT Services for Law Firms

What You Should Know About Data Privacy – And How to Get Started

Data privacy is an issue of significant concern in the digital age, in large part because data breaches keep occurring, revealing the personal data of millions of people worldwide. Even one isolated breach can have profound consequences. Individuals may be subjected to identity theft or blackmail, while companies might run the risk of financial losses as well as harm to the public, investors, and customer trust.

It can be difficult to balance the need to utilize personal data for business purposes against an individual’s right to data privacy. In this article, we’ll explore the significance of data privacy, how it relates to data protection, which compliance regulations are centered around data privacy protection, and what you should be aware of when implementing a data privacy policy.

What You Should Know About Data Privacy – And How To Get Started

What Is Data Privacy, And Which Data Is Involved?

Data privacy, also referred to as information privacy, centers around how data should be gathered, stored, controlled, and shared with any third parties, along with complying with all applicable privacy laws.

To properly characterize data privacy, it’s helpful to specify precisely what is going to be protected. Several types of data that are customarily regarded as sensitive, both by the general public and by legal mandates, include:

  • Personally Identifiable Information (PII):  Data that could be utilized to identify, reach out to, or track down an individual, or to differentiate one person from another.
  • Personal Health Information (PHI):  Medical history, insurance information, and other private data accumulated by healthcare providers and could possibly be connected to a particular person.
  • Personally Identifiable Financial Information (PIFI):  Credit card numbers, bank account details, or other data regarding a person’s finances.
  • Student Records:  An individual’s grades, transcripts, class schedules, billing details, and other academic records.

More generally, in its “Guide to Protecting the Confidentiality of Personally Identifiable Information,” the National Institute of Standards and Technology (NIST) offers the following examples of information that might be considered PII:

  • Name: Full name, maiden name, mother’s maiden name, or alias personal identification numbers, such as social security number (SSN), passport number, patient ID number, or a financial account or credit card number.
  • Address Information:  Street address or email address.
  • Personal Characteristics: Photographic images (particularly of the face or another distinctive characteristic), X-rays, fingerprints, or other biometric images or template data (e.g., retinal scans, voice signature, facial geometry, etc.).
  • Information About an Individual That’s Linked or Linkable to One of the Above: Date and/or place of birth; race; religion; activities; geographical indicators; and employment, education, financial, or medical information.
What You Should Know About Data Privacy – And How To Get Started

Which Data Is Not Subject to Data Privacy Concerns?

There are two main categories of data that aren’t subject to data privacy concerns:

  • Non-Sensitive PII: Information that is already in the public record, such as a phone book or online directory.
  • Non-Personally Identifiable Information: Data that can’t be used to identify an individual. Examples include device IDs and cookies. (Note: Some privacy laws consider cookies to be personal data, since they can leave traces that could be used in conjunction with other identifiers to reveal a person’s identity.)
How Can Manufacturing Companies Benefit from Managed IT Services?

Personal Data Protection and Privacy Regulations

Data breaches continue to make the news all too regularly, and the public realizes they’re gradually losing control over their confidential information. Industry research demonstrates that 71% of Americans occasionally or frequently worry about their personal data getting hacked, and that 8 in 10 U.S. adults are concerned about businesses’ ability to protect their financial and personal information.

In light of escalating public concerns, governments are tirelessly working to establish and improve privacy data protection laws. Indeed, the need to confront modern privacy issues and safeguard data privacy rights is a worldwide trend. The EU’s General Data Protection Regulation (GDPR) is the most noteworthy law, but a number of nations – including Brazil, India, and New Zealand – have instituted new privacy regulations or reinforced existing regulations to govern how personal data can be collected, maintained, used, disclosed, and disseminated.

Currently, there are a number of prominent U.S. federal privacy laws in effect which obstruct companies from improper transmission of personal data, each designed to address particular types of data. These include:

  • Health Insurance Portability and Accountability Act (HIPAA) / Health Information Technology for Economic and Clinical Health Act (HITECH): Intended to secure personal health information.
  • Gramm-Leach-Bliley Act (GLBA): Limited to financial information.
  • Children’s Online Privacy Protection Act (COPPA): Protects children’s privacy by enabling parents to manage what information is collected.
  • Family Educational Rights and Privacy Act (FERPA): Safeguards students’ personal information.
  • Fair Credit Reporting Act (FCRA): Regulates the collection and use of consumer information.

 

Shadow IT: How Your Company’s Data Is Silently Being Leaked Online

Data Protection vs. Privacy Protection

Data privacy is closely connected to data protection. Both share the same goal: shielding sensitive data from breaches, cyberattacks, and unintentional or deliberate data loss. Whereas data privacy focuses on guidelines for how organizations may gather, store, and process confidential information, data protection concentrates on the security controls that take into account the confidentiality, integrity, and accessibility of information. Furthermore, data protection typically involves protecting not only personal information but other all-important data as well, including trade secrets and financial information.

Strictly speaking, data protection demands enacting policies, controls, and procedures to uphold data privacy guidelines, such as the following standards outlined in the ISO/IEC 29100 framework

  • Accountability
  • Accuracy and Quality
  • Collection Limitation
  • Consent and Choice
  • Data Minimization
  • Individual Participation and Access
  • Information Security
  • Openness, Transparency, and Notice
  • Privacy Compliance
  • Purpose Legitimacy and Specification
  • Use, Retention, and Disclosure Limitation
What You Should Know About Data Privacy – And How To Get Started

How to Get Started with Data Privacy Protection

Merely putting into action one or more data security technologies doesn’t assure that you will bring about total data privacy. Rather, when framing your data privacy protection policies, make sure to observe these best practices:

12 Benefits of VoIP for Small Businesses

Know Your Data

It’s imperative to understand exactly what information is being gathered, how it’s being used, and whether it’s being hawked to or shared with third parties. Since various types of PII and their manifestations are unequal in value and some personal data can become sensitive in certain circumstances, you must classify your data by way of a quality data discovery and classification solution.

6 Indicators That You Need to Overhaul Your Data Recovery Plan

Take Control of Your Data Stores and Backups

Be sure not to retain personal data without a clear purpose. Establish retention policies and moderate personal data in line with its value and risk.

What You Should Know About Data Privacy – And How To Get Started

Manage and Control Risk

Data privacy protection has to incorporate periodic risk assessment. Rather than creating a framework from the ground up, you can implement one that’s already well-established, such as the NIST risk assessment framework defined in Special Publication SP 800-30.

What You Should Know About Data Privacy – And How To Get Started

Hold Periodic Training Sessions for Users

Ensure that employees are familiar with the subtleties of data privacy and security. Clarify privacy basics from the outset, specifying which devices can be employed when working with sensitive data and how this data may be transmitted and shared. Occasionally, it’s appropriate to advise personnel that they aren’t permitted to alter other people’s records, whether out of curiosity or for personal reasons, nor are they at liberty to take proprietary data with them when they part ways with the organization.

Social Media Data Breaches: Reducing the Risk

Final Thoughts

In times past, individuals’ personal data could be gathered discreetly and shared freely – but those days are gone. Now, any organization that collects and utilizes financial, health, and other personal information must manage that data with regards to its privacy.

By applying the best practices detailed above, your organization can establish a baseline privacy structure for becoming a conscientious and principled steward of personal data.

If you need help implementing a data privacy protection plan, DataGroup Technologies can help! Give us a call at 252.329.1382 today!

Related Posts

7 Steps to Securing Your Business Website

7 Steps to Securing Your Business Website
8 Tips for Strengthening Your Cybersecurity

7 Steps To Securing Your Business Website

by Cody McBride

Maybe you’re getting ready to launch your small business website, but you’re concerned that your site will be vulnerable to cyberattacks. Or perhaps your website has been live for some time now, but your company’s data was recently compromised by a hacker, and you want to avoid dealing with the same situation in the future.

If you’re concerned about whether or not your company’s website is truly secure, the best first step is to consult with a trusted IT service provider. But even with support from IT experts, understanding a few basic cybersecurity principles is crucial if you’re operating your business in the digital space. Here are a few strategies that small business owners can apply in order to keep their websites secure.

7 Steps to Securing Your Business Website

Hire Expert Support

 If you’re new to the world of cybersecurity, you may not know where to begin when it comes to keeping your website safe from hackers and cyberattacks. But you don’t have to figure it all out on your own through trial and error. For instance, if you’re developing custom applications for internal use that will be integrated with your website, you can hire a software developer who can install appropriate security protections. In addition, you can work with a cybersecurity expert if you need further guidance.

You can even keep security at the forefront when you start developing your website. By hiring a WordPress developer with a proven background in cybersecurity, you can rest assured that your website will include features specifically intended to protect your company and your customers. If you’re not sure what to look for when hiring a developer, you can check out their portfolio and case studies from their work with previous clients.

Business Email Compromise Attacks – Managed IT Services vs. In-House IT Specialists

Educate Your Team

 Chances are, you’re not the only person at your company who accesses your website from the backend. If your employees also have access to internal functions for your website, you will need to spend some time educating them on cybersecurity. Virtu recommends implementing and enforcing a strong password policy that requires employees to create long, complex passwords and change them every three months. You can also task a web administrator with creating strict access policies for different functions and train your employees to recognize phishing attempts. And should you ever update the security protections for your website with the help of an IT support provider, hold an additional training session with your employees to make sure they’re in the know.

Are You Protected Against Business Email Compromise Attacks?

Install SSL

 If you’re unfamiliar with Secure Sockets Layer (SSL) certificates, it’s important to learn a bit more about why your website needs this certification. Sucuri states that setting up an SSL certificate enables your website to use an HTTPS protocol for secure information transfers. This ensures that data like credit card information and other personally identifiable information from contact forms stays protected. If your website lacks this certification, you cannot guarantee to your customers that you are making every effort to keep their information safe. You can add an SSL certification to your website simply by seeking out a hosting service that offers this option for free.

7 Steps to Securing Your Business Website

Use Anti-Malware Software

 By installing anti-malware software for your website, you can protect your business from viruses. Today, it’s all too easy to accidentally download malware, and doing so can cause all kinds of problems for your company. You might get locked out of your website or expose your customers to security risks. You can research different versions of anti-malware software and find an option that suits your needs and budget.

Business Email Compromise Attacks – Managed IT Services vs. In-House IT Specialists

Run Software Updates

 When your hosting provider prompts you to update your software, you do not want to push this task to the backburner. Outdated software may have lackluster security protections. On the other hand, newer software will likely include features that make it easier to secure your website. Furthermore, updating your software will give you access to new functions that enable you to modernize your website and run it efficiently. Perhaps you’ve been putting off a software update for a while, but it’s a good idea to take care of this as soon as you have the chance.

Are You Protected Against Business Email Compromise Attacks?

Back Up Your Data

 If your website is compromised, your data could be corrupted or even erased. This would be a frustrating situation for any small business owner. But since no cybersecurity protections can completely prevent attacks, it’s a good idea to back up your website’s data, just in case. You may be able to do this by using a cloud solution or by storing your data with hardware. Should a hacker ever gain access to your website, you can at least rest assured that you will not lose access to your own data, and you will be able to get your website back up and running.

7 Steps to Securing Your Business Website

Be Aware of Scams

Unfortunately, it’s quite common for hackers to run scams targeted at business websites. And even people who are relatively tech-savvy can easily fall victim to these scams. That’s why it’s important to read up on common scams that are aimed at business websites and talk to your employees about the tactics that these scammers use. For example, if you ever get an email claiming that it is allegedly from your web hosting provider that contains a link, double-check the email address and consider calling your provider to confirm that they sent it to you. Otherwise, clicking the link could enable a hacker to gain access to your website.

Today, the internet makes it easier than ever to run your own business – but this low barrier to entry has also introduced new risks, like dealing with cybersecurity threats. However, your website does not have to be susceptible to cyberattacks. With these tips, you’ll be able to ensure the safety of your business website and keep your data private.

8 Tips for Strengthening Your Cybersecurity

Final Thoughts

Interested in learning more about DataGroup Technologies’ IT services? We’re here for you! Find out how choosing us as your IT partner will provide the support you need to gain a competitive edge in your industry. Reach out to us at 252.329.1382 today or drop us a line here to schedule a quick 15-minute discovery call with our team.

*********************************

Guest blogger Cody McBride’s love for computers stems from high school when he built his own computer. Today he is a trained IT technician and knows how the inner workings of computers can be confusing to most. He is the creator of TechDeck.info where he offers easy-to-understand, tech-related advice and troubleshooting tips.

Related Posts

Don’t Let Your Employees Become Your Biggest Vulnerability!

Don’t Let Your Employees Become Your Biggest Vulnerability!
Are You Protected Against Business Email Compromise Attacks?

Don’t Let Your Employees Become Your Biggest Vulnerability

A couple of years ago, TechRepublic ran a story with the following headline: “Employees Are Almost As Dangerous to Business As Hackers and Cybercriminals.” From the perspective of the business, you might think that’s simply inaccurate. Your company strives to hire the best people it can find – people who are good at their jobs and would never dream of putting their own employer at risk.

And yet, many employees do – and it’s almost always unintentional. Your employees aren’t thinking of ways to compromise your network or trying to put malware or ransomware on company computers, but it happens. One Kaspersky study found that 52% of businesses recognize that their employees are “their biggest weakness in IT security.” 

Where does this weakness come from? It stems from several different things and varies from business to business – but a big chunk of it comes down to employee behavior.

Don’t Let Your Employees Become Your Biggest Vulnerability!

Human Error

We all make mistakes. Unfortunately, some mistakes can have serious consequences. Here’s an example: an employee receives an e-mail from their boss. The boss wants the employee to buy several gift cards and then send the gift card codes to them as soon as possible. The message may say, “I trust you with this,” and work to build urgency within the employee.

The problem is that it’s fake. A scammer is using an e-mail address similar to what the manager, supervisor, or other company leader might use. It’s a phishing scam, and it works. While it doesn’t necessarily compromise your IT security internally, it showcases gaps in employee knowledge. 

Another common example, also through email, is for cybercriminals to send files or links that install malware on company computers. The criminals once again disguise the email as a legitimate message from someone within the company, a vendor, a bank, or another company the employee may be familiar with. 

It’s that familiarity that can trip up employees. All criminals have to do is add a sense of urgency, and the employee may click the link without giving more thought.

Don’t Let Your Employees Become Your Biggest Vulnerability!

Carelessness

This happens when an employee clicks a link without thinking. It could be because the employee doesn’t have training to identify fraudulent e-mails or the company might not have a comprehensive IT security policy in place. 

Another form of carelessness is unsafe browsing habits. When employees browse the web – whether it’s for research or anything related to their job or for personal use – they should always do so in the safest way possible. Tell employees to avoid navigating to “bad” websites and to not click any link they can’t verify (such as ads). 

Bad websites are fairly subjective, but one thing any web user should look for is the presence of “https” at the beginning of any web address. The “s” tells you the site is secure. If that “s” is not there, the website lacks proper security. If you input sensitive data into that website – such as your name, e-mail address, contact information, or financial information – you cannot verify the security of that information, and it may end up in the hands of cybercriminals. 

Another example of carelessness is poor password management. It’s common for people to use simple passwords and to reuse those same passwords across multiple websites. If your employees are doing this, it can put your business at a huge risk. If hackers get ahold of any of those passwords, who knows what they might be able to access. A strict password policy is a must for every business.

Don’t Let Your Employees Become Your Biggest Vulnerability!

Turn Weakness Into Strength

The best way to overcome the human weakness in your IT security is education. An IT security policy is a good start, but it must be enforced and understood. Employees need to know what behaviors are unacceptable, but they also need to be aware of the threats that exist. They need resources they can count on as threats arise so that they can be dealt with properly. Working with a trusted managed services provider or IT services firm may be the answer – they can help you lay the foundation to turn this weakness into a strength.

Common Myths About the Cloud – DEBUNKED!

Final Thoughts

DataGroup Technologies provides businesses of all sizes with security awareness and best practices training. Our goal is to make sure that your staff can identify threats and remain proactive. Knowledge is power, and well-informed employees can serve as a human firewall for your organization. For more information about our security awareness training solutions, please call us at 252.329.1382 or drop us a line here!

Related Posts

8 Tips for Strengthening Your Cybersecurity

8 Tips for Strengthening Your Cybersecurity
8 Tips for Strengthening Your Cybersecurity

Computer Security Day: 8 Tips to Bolster Your Business’s Cybersecurity

In 1988, the Association for Computer Security established the first Computer Security Day to raise awareness about cybersecurity issues. Computer Security Day encourages people to take ownership of their online presence and identity. Taking the time to review computer security best practices can help individuals and organizations avoid compromised data and other unwanted scenarios.

In celebration of this day, here are 8 tips for bolstering your computer security:

8 Tips for Strengthening Your Cybersecurity

1) Update Passwords on All Your Devices

Take the time to change the passwords on all your online accounts. This is something that should be done on a regular basis anyway, but if you’ve neglected to do so recently, today is as good a time as any.

Avoid using the same passwords across multiple accounts and devices. Reusing the same or similar passwords over a period of time can put you at greater risk of being hacked. Ideally, you should create a different password for each account that you use on your various devices.

It probably goes without saying, but it’s never a good idea to share your passwords with others, even people that you trust. You can’t know for sure that they will keep your credentials as secure as you would yourself.

8 Tips for Strengthening Your Cybersecurity

2) Create and Use Strong Passwords

When it comes to password security, length matters. Passwords that are 6 characters or fewer are much easier to hack, particularly if they consist of only lowercase letters. To strengthen your password, create a complex, unique mixture of upper and lowercase letters, symbols, and numbers that is at least 9 characters in length.

A password manager can help generate unique passwords for each of your online accounts. At the same time, this useful tool can save all your passwords in one convenient location, so you don’t have to remember them each time. You can also take advantage of Password Checkup, a Google Chrome extension that warns you when it detects you using compromised, duplicate, or weak passwords. As another option, consider using the tool How Secure Is My Password to test the strength and “hackability” of your passwords.

8 Tips for Strengthening Your Cybersecurity

3) Keep Your Software and Hardware Up-to-Date

Make sure that all software – for your operating systems, browsers, programs, applications, etc. – is updated with the latest versions available. When you’re all set with that, it’s time to update your protection software, including spyware, antivirus, and antimalware software. Run a security scan not only on your computers, but on your smartphones and tablets as well. Mobile devices are as much at risk, if not more so, than your desktops or laptops.

It’s crucial to check on the status of your hardware as well. Outdated hardware may not support recent software security upgrades, and also responds slower to cyberattacks, in the event that one should occur. Better to be safe than sorry and upgrade your hardware while everything is smooth sailing.

8 Tips for Strengthening Your Cybersecurity

4) Encrypt and Back Up Your Data

Keep your data secure and confidential – whether it’s being stored or in transit – by encrypting it. Encryption uses complex algorithms to scramble your data and make it unreadable, ensuring that only an authorized person can access the data.

Create a backup copy of all your sensitive data on a portable storage device – such as an external USB or hard drive – and store it in a safe place. Alternatively, you could upload your backed-up data to a cloud-based storage solution such as Google Drive. It’s important to keep your data backups up-to-date and test them periodically.

8 Tips for Strengthening Your Cybersecurity

5) Implement Multi-Factor Authentication

Many online platforms now allow you to enable multi-factor authentication in order to keep your accounts more secure. Multi-factor authentication offers an additional layer of protection by helping to verify that it’s actually you who’s trying to access your account and not an unauthorized user.

8 Tips for Strengthening Your Cybersecurity

6) Be on the Lookout for Social Engineering Attacks

Social engineering attacks are difficult to counteract, as they’re specifically designed to take advantage of natural human characteristics, such as curiosity, respect for authority, and people’s desire to help their friends. Anytime you receive a suspicious email, it should be treated as such. Take a moment to think about where the communication originates from; don’t just trust it blindly.

Often, social engineering depends on a sense of urgency. Attackers hope that targets won’t think too hard about what’s going on. Thinking twice before taking any action can prevent most social engineering attacks and expose them for what they are – frauds.

8 Tips for Strengthening Your Cybersecurity

7) Don’t Leave Your Devices
Unattended

Despite what you may think, locking your office is not enough. If you use a laptop or desktop computer at work, you should always power it down at night. Additionally, whenever you leave your office for the day, you need to lock up your memory keys, hard drives, and anything else that has sensitive data on it.

8 Tips for Strengthening Your Cybersecurity

8) Educate Your Employees About Cybersecurity Awareness

Cybercriminals are specifically targeting your employees when they send out phishing emails in attempting to steal information. Through training and awareness, you can help your employees better recognize fraudulent emails when they encounter them. In so doing, you can significantly reduce the risk of your employees surrendering sensitive data to those who would deliberately misuse it.

Onboarding training and continuous updates help create a human firewall between your company’s information and security threats. Employees need to understand that cybersecurity is every bit as much their concern as it is the concern of your technology experts.

DataGroup Technologies offers a wide variety of cybersecurity solutions to help protect your business against cyberthreats like malware, phishing, ransomware, man-in-the-middle attacks, social engineering, and distributed denial-of-service attacks. Are your company’s data and that of its customers fully protected? How can you be sure? Partner with us and we can help safeguard your business against all these and more! Call us today at 252.329.1382 or drop us a line here.

Related Posts

How to Secure Your Business Website in 2022

How To Secure Your Business Website In 2022
How To Secure Your Business Website In 2022

How To Secure Your Business Website In 2022

If you have a booming business website that’s raking in profits and helping you establish your brand, that’s great! However, you still need to make sure your site is protected from hackers and trolls who might want to tarnish your image. To ensure continued success and prevent bad actors from appropriating your intellectual property, follow these tips to help better secure your business website.

Are You Protected Against Business Email Compromise Attacks?

What Is Business Email Compromise?

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Business Email Compromise Attacks – Managed IT Services vs. In-House IT Specialists

How to Protect Your Business Against BEC Attacks

In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.

  • Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
  • Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
  • Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
  • Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
  • Enable settings on employees’ computers to allow full email extensions to be viewed.
  • Monitor your personal financial accounts routinely for irregularities, such as missing deposits.
Are You Protected Against Business Email Compromise Attacks?

What to Do If You or Your Company Should Fall Victim to a BEC Attack

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Are You Protected Against Business Email Compromise Attacks?

What to Do If You or Your Company Should Fall Victim to a BEC Attack

Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.

These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us here to find out more about how we can help #SimplifyIT for your business!

Related Posts

Are You Protected Against Business Email Compromise Attacks?

Are You Protected Against Business Email Compromise Attacks?
Are You Protected Against Business Email Compromise Attacks?

Are You Protected Against Business Email Compromise Attacks?

On May 4th, 2022, the FBI published a public service announcement updating its warnings about the continuing threat of business email compromise, also known as CEO fraud. It’s a problem that has reached staggering proportions. Between June 2016 and December 2021, the FBI quantified 241,206 domestic and international incidents of business email compromise. The exposed dollar loss – including both actual and attempted losses – was more than $43 billion!

Are You Protected Against Business Email Compromise Attacks?

What Is Business Email Compromise?

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Business Email Compromise Attacks – Managed IT Services vs. In-House IT Specialists

How to Protect Your Business Against BEC Attacks

In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.

  • Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
  • Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
  • Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
  • Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
  • Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
  • Enable settings on employees’ computers to allow full email extensions to be viewed.
  • Monitor your personal financial accounts routinely for irregularities, such as missing deposits.
Are You Protected Against Business Email Compromise Attacks?

What to Do If You or Your Company Should Fall Victim to a BEC Attack

According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”

Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.

However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.

Are You Protected Against Business Email Compromise Attacks?

Final Thoughts

Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.

These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.

DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us to find out more about how we can help #SimplifyIT!

Related Posts