Browse > Home /

Small Business Tips to Protect Your Bank Accounts

 

Imagine for a moment. You’re sitting at your desk enjoying a second cup of morning coffee. Then, your phone rings. It’s a call from your bank to discuss possible fraud. Your bank is concerned about possible suspicious activity with your accounts, and wants to make sure you’re not a victim.

Actually, the nightmarish threat happens each weekday. Attacks by cybercriminals are skyrocketing, according to the American Bankers Association. The association represents the $14-trillion banking industry.

“Small businesses are a growing target for account takeover,” said Frank Keating, president and CEO of the American Bankers Association (ABA). “Yet, a strong partnership with your financial institution will give you the tools needed to shield yourself from this attack.”

Criminals are transferring money from accounts by stealing sensitive information. Banks have a term for it – corporate account takeover.

How? The lawbreakers use variety of tools – online social networks, malicious software and phony e-mails. Their goal is to get login credentials. That’s how they gain access to small business accounts.

“We’re far more effective at combating account takeover when we combine resources than going at it alone, added Mr. Keating. “Talk with your banker about the tools your business and bank can use together to minimize this threat.”

Tips to protect bank accounts

To prevent your accounts from being taken over by cybercriminals, the ABA provides four tips:

  • Protect your online environment. It is important to protect your cyber environment just as you would your physical location. Do not use unprotected internet connections. Encrypt sensitive data and keep updated anti-virus and anti-spyware protection on your computers. Change passwords from the default to something complex, including at point-of-sale terminals.
  • Partner with your bank for payment authentication. Talk to your banker about services that offer call backs, device authentication, multi-person approval processes, batch limits and other tools that help protect you from unauthorized transactions.
  • Pay attention to suspicious activity and react quickly. Put your employees on alert. Look out for strange network activity, do not open suspicious emails and never share account information. If you suspect a problem, disconnect the compromised computer from your network and contact your banker. Keep records of what happened.
  • Understand your responsibilities and liabilities. The account agreement with your financial institution will detail what commercially reasonable security measures are required in your business. It is critical that you understand and implement the security safeguards in the agreement. If you don’t, you could be liable for losses resulting from a takeover. Talk to your banker if you have any questions about your responsibilities.

From the Coach’s Corner, here are related articles:

“He who does not prevent a crime when he can, encourages it.”
-Lucius Annaeus Seneca

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share
Filed Under: Finance, Tech
Tagged: , , , , , , ,

DNSChanger Prompts 7 Reminders about Staying Web Safe

 

July 9, 2012

The massive scare over the DNSChanger is yet another reminder to be diligent to keep your computer safe. According to the FBI, an Estonia group was able to surreptitiously capture at least $14 million by replacing advertisements on computers of unsuspecting Internet users with their phony ads.

About 50,000 U.S. computers among 250,000 systems worldwide were believed infected with the Trojan. Most of the damage was in the U.S., Germany, Great Britain, India and Italy.

The FBI warned about the issue for months after shutting down the Estonia ring closing the DNSChanger system, which eliminated Internet service on those computers. In fact, a few months earlier the FBI said Internet criminals pose a bigger threat than terrorists.

Such cybercrime, means the dangerous implications are many, especially for businesspeople and individuals who use online banking. Of course, it’s important to guard against criminals who want to steal your money by accessing your personal information.

At first, it was only big bank customers being attacked. Now, cybercriminals have victimized credit unions and their members.

Reminders to stay safe:

Links – Don’t ever click on a link allegedly emailed to you by your financial institution. Never respond. That means not forwarding your credit and debit card numbers, user ID or passwords. Criminals, or phishers, will direct you instead their site that looks like your bank’s Web site. That’s how they grab your sensitive information.

So, if you want to logon to your bank, simply type the bank’s address in your URL. Look for the “https” designation and the padlock icon in your browser. You should be nervous if a popup appears. Sign out right away.

Start clean – Because search engines save the pages you visit to make for faster surfing, delete all activity via your control panel. In other words, clear out your cache. Especially, if you use Windows, make sure your browser has a fresh security update. Make sure your antivirus software downloads the latest security update, and then run a full-system scan.

Don’t allow your browser to save your user names and passwords. Malware can easily find it.

WIFI – Never use a public terminal or WIFI for sensitive information. Be very careful if you live in an urban area where your WIFI can be accessed by others.

Private, not public – If for financial or other logistical reasons away from your home or office and you have no other choice – use a portable operating system. Use a Linux-based OSes flash drive, such as open source Ubuntu to create a disc. It can be converted to a startup disc for a mobile Ubuntu.

Use bank’s on-screen keyboard – If you use your bank’s computer terminal, it’s best to use the on-screen keyboard. That will insure your password can’t be stolen by others using this machine.

Passwords – Create strong passwords. It’s best to use a random selection of letters and numbers. Don’t store your user IDs and passwords on your computer. Change them regularly.

Mobile banking – Don’t succumb to your bank’s propaganda about mobile banking. Why?

See these three columns:

  1. Identity fraud is escalating in smartphones and social media
  2. Androids have security issues, too
  3. Our mobile-banking warnings about Sscurity prove prophetic

From the Coach’s Corner, here are other tips:

Has Security Bloom Fallen off the Rose for Macs?

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft – Study.

Security Precautions to Take Following Citibank’s Second Reported Online Breach

Why Many Healthcare Workers Are Responsible for Alarming Trend: Medical ID Theft

Lesson about Passwords after Theft of 16,000+ UCLA Patient Records

“Cyber terrorism could also become more attractive as the real and virtual worlds become more closely coupled, with automobiles, appliances, and other devices attached to the Internet.”

 

-Dorothy Denning

__________

Columnist Terry Corbell is a business-performance consultant and profit professional. Click here to see his management services (many are available online). For a complimentary chat about your business situation or to schedule Terry Corbell as a speaker, why don’t you contact him today?

 

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , ,

More Cybercrime Serves as Warning to Take Defensive Precautions

 

Updated Sept. 20, 2012

Cybercrime is only getting worse.

From both sides of the Atlantic Ocean, here are two examples:

In New York, six Estonians and one Russian were charged by authorities with cybercrimes on a massive scale. Victims include the National Aeronautics and Space Administration, other government agencies, businesses and 500,000 people. 

In the U.K., 13 people were sentenced to jail terms over their use of malware in banking fraud totaling 2.9 million British pounds, or $4.6 million. Hundreds of people were victimized. 

These stories are another lesson to take cybercrime seriously.

For best practices in thwarting cybercriminals, I always turn to nationally recognized security expert, Dr. Stan Stahl, of Citadel Information Group in Los Angeles.

His tips:

  1. Keep systems patched with the latest updates. (His security blog, Weekend Vulnerability and Patch Report, lists major updates for software typically found in small offices and home computers.)
  2. Run up-to-date anti-virus anti-malware software – or what is even better, a strong intrusion detection and prevention solution.
  3. Use strong passwords for access to sites with sensitive information. Password length is more important than randomness; size matters. ‘2HelloPepper#’ is a much stronger password than “Ab$%16vF” plus it’s a lot easier to remember.

“Be extremely sensitive to social engineering attacks,” Dr. Stahl adds. “Don’t open email attachments or click on links in emails unless the email is from someone you know and is expected.”

For more of Dr. Stahl’s insights, visit his Web site.

(Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are more security strategies:

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”

-Chris Pirillo

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

 

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , , , , , , , ,

Most Small Businesses Make You Vulnerable to Credit Card Fraud, ID Theft

 

A whopping 79 percent of companies in the U.S. and U.K. experienced Web-borne attacks in 2012, according to data released in 2013. These incidents continue to represent a significant threat to corporate brands.

Results from a Web security study show that almost all of the Web security administrators agreed that Web browsing is a serious malware risk to their companies. Despite the obvious awareness of the risks, only 56 percent of participants said they had implemented Web security protection and more than half of companies without Web security had Web sites compromised.

Another study discloses a disturbing trend – nearly four out of five small companies are storing unsecured data about their customers. That’s an indictment of such businesses, and is alarming news for consumers about their vulnerability to credit card fraud and identity theft.

The 2011 study was conducted by the National Cyber Security Alliance (NCSA).

“How can this be,” you ask?

Nationally known security expert Dr. Stan Stahl, of Citadel Information Group in Los Angeles, knows why.

“Citadel works with small business leaders every day and – based on our experience – the reason small businesses don’t take cybercrime seriously is that they see it primarily as something their IT people are managing, not yet realizing the critical importance of their own leadership,” says Dr. Stahl.

“This includes establishing clear policies and standards for information use, explicitly assigning cyber security management responsibility to a member of the senior management team, providing cyber security awareness training and education to all information users, and ensuring that IT personnel are effectively managing the security of the IT infrastructure,” he adds.

The alarming results in the study first came to my attention after reading Small Businesses Don’t Take Cybersecurity Seriously, which was mentioned in Dr. Stahl’s security blog.

Hopefully, your business is not one of the businesses cited in the study. Cybercrime has become a global nightmare. My question for companies about Cyber Security: Is Your Business Prepared with Precautions and Response Philosophy? 

For NCSA’s tips for small business security, read this post. 

“Seventy-nine percent of businesses are storing consumer information when they don’t need it. It’s not protected. It’s not secure,” Verizon spokesperson Andrea Woroch was quoted in a published report.

For consumers, Verizon offers these tips:

Watch the people swiping your credit or debit card.

“You don’t want to blame or suspect everyone’s trying to steal your information, but there are people who will and are trying to copy your credit card information with extra swipes,” says Ms. Woroch.

Take extra care when you buy on the Internet.

“Don’t mark that little check box that says ‘to store for future purchases.’ you don’t want that organization, that business, that Internet website to hold any of that information,” explains Ms. Woroch.

Consider alternatives to using your credit card, such as gift cards.

Carefully study your billing statements.

“Lots of consumers overlook little charges that are being made on their statement and that’s how people are continually able to trick them and deceive them and steal them and take extra money out of their accounts,” adds Ms. Woroch.

Resource link: Dr. Stahl’s Web site.

(Note: Dr. Stahl is a fellow member of Consultants West, www.consultantswest.com, a roundtable of veteran consultants in the Los Angeles area.)

From the Coach’s Corner, here are additional cybersecurity tips:

“Being good is good business.”

-Anita Roddick

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , , , , , , ,

11 Travel Tips – Save Money, Prevent against Cyber Theft, Fraud

 

Updated May 5, 2013

The most vulnerable travelers are businesspeople. That’s because they have to use Internet and e-mail. They’re in danger expressly from vulnerabilities, such as from wirelessly- accessible passports to using WIFI.

To save you from aggravation and money, here are 11 quick tips:

  1. There are no free meals. The adage is applicable to offerings that appear too good to be true. If you get a unique travel offer, do your due diligence. Review the scam alerts at Web sites, such as www.419legal.org. It wouldn’t hurt to check the site of the airline trade organization, International Air Transport Association, www.iata.org.
  2. Watch for offers from fakes. Cybercriminals are prevalent in the travel industry, and are publishing sites that look like the real, well-known companies.
  3. Don’t use social media to chat about your travel plans. Don’t alert criminals. Your home-front and business will be vulnerable.
  4. Cautions about debit and credit cards. Unlike debit cards, credit cards protect against fraud and theft. Better yet, before you travel obtain a no-foreign transaction fee card, be sure to alert your credit card company about your trip. Just in case you might need help on your trip, get the credit-card issuers’ number that you can telephone collect when you’re overseas. Actually, before you travel click here for related financial precautions.
  5. Guard against currency conversion surprises. Don’t sign any checks or receipts that aren’t shown in the local currency. Overseas merchants sometimes try to manipulate travelers – they provide their prices in U.S. currency, not their local currency.
  6. Be prepared to utilize your passport when making a purchase. Reputable foreign merchants don’t trust your credit card unless you have acceptable identification. That’s because U.S. credit cards have the old-fashioned magnetic stripe on the back. European credit cards use the chip-and-pin system, which is a modern fraud-security system.
  7. Use your own computer. For data security and privacy, never use public computers.
  8. Forget WIFI. Don’t use WIFI. It’s not just a matter of cybercriminals viewing your computers. They’re establishing fake access points, which can give them an entrée to your important files and data. If you have to use a computer, hook your computer to your smartphone’s service or try MIFI.
  9. Protect your e-passport. They have RFID chips containing your personal information. Cybercriminals can view your information even though you can’t see them. So use an RFID blocking passport.
  10. Bluetooth has vulnerabilities. So turn it off.
  11. Think twice about using in-flight mobile phone and SMS services. They’re just as risky as a WIFI hotspot.

Use these tips to help insure you enjoy your trip and to transact some good business.

From the Coach’s Corner, here’s a site with helpful research information http://globaledge.msu.edu/.

 If you don’t know where you are going, any road will lead you there.

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share
Filed Under: Finance, Planning, Tech
Tagged: , , , , , , ,

Epsilon’s Security Flaw Threatens Millions of Businesses, Consumers

 

April 4, 2011

 

Epsilon, a major email marketing company, annually forwards 40 billion messages. The firm purports to be the leading op-in marketing company with some 2,500 corporate customers. Its branding slogan is “Marketing as Usual. Not a Chance.”

Epsilon reportedly emails customers for some pretty big players, including Capitol One, Citibank, Disney, Home Shopping Network, JP Morgan Chase, Kroger, and TiVo.

As expected, Epsilon has an attractive Web site, www.epsilon.com. It touts all kinds of cutting-edge services. The site creates a favorable first impression.

But in my recent visit to the site, an important element was also missing – an unfortunate omen, if you will. You see, appearances in business are important, especially first-impressions about IT security. However, Epsilon has failed to adequately reassure its site’s visitors that it provides cutting-edge security. In today’s IT environment, that’s more than just a gaffe. It suggests a catastrophe of monumental proportions waiting to happen.

Unfortunately, such a security breakdown has already occurred. Indeed, on April 1, 2011, an ominous press release appeared on the company’s Web site. Unfortunately, it was not an April Fool’s joke.

Epsilon published this terse announcement:

Epsilon Notifies Clients of Unauthorized Entry into Email System

IRVING, TEXAS – April 1, 2011 - On March 30th, an incident was detected where a subset of Epsilon clients’ customer data were exposed by an unauthorized entry into Epsilon’s email system. The information that was obtained was limited to email addresses and/or customer names only. A rigorous assessment determined that no other personal identifiable information associated with those names was at risk. A full investigation is currently underway.

Epsilon’s notice didn’t please me. You see, the cybercriminals were already at work. Several days prior to the press-release posting on March 30, I became aware that something was amiss – phishing scams trying to entice businesses and consumers to take advantage of so-called offers.

Afterward, Threatpost reported that some of Epsilon’s customers in-turn warned their customers — here’s the warning from Disney Destinations to its customers:

“We have been informed by one of our email service providers, Epsilon, that your email address was exposed by an unauthorized entry into that provider’s computer system.  We regret that this incident has occurred and any inconvenience this incident may cause you.  We take your privacy very seriously, and we will continue to work diligently to protect your personal information,” the statement says.

“We want to assure you that your email address was the only personal information we have regarding you that was compromised in this incident. As a result of this incident, it is possible that you may receive spam email messages, emails that contain links containing computer viruses or other types of computer malware, or emails that seek to deceive you into providing personal or credit card information.”

The two salient lessons from this security debacle:

  1. Epsilon and other companies that provide IT services need to make security more of a priority.
  2. Businesspeople and consumers need to stay alert to the dangers lurking on the Internet, and IT in general.

In conclusion, what are the solutions for this situation and to prevent more occurrences? My longtime go-to security expert is Dr. Stan Stahl of Citadel Information Group in Los Angeles. Here’s what he had to say in What You Really Need to Know to Stay Web Safe.

Further, noteworthy management lessons have evolved from the alleged data-management program at Epsilon. Obviously, Epsilon’s data management is an oxymoron. It is not managed properly. Here are Management Lessons from Epsilon’s Email-Breach Scandal.

From the Coach’s Corner, Dr. Stahl’s insights were also quoted in this business portal’s all-time most-read column: Using Starbucks’ WIFI? Security Pro Issues Warning and Security Checklist.

Dr. Stahl’s Web site: www.citadel-information.com.

His blog: www.citadel-information.com/blog.

(Note: Dr. Stahl is a valued friend and colleague. This relationship stems from our membership in Consultants West, www.consultantswest.com, a roundtable of some of the nation’s most-trusted consultants and authors.)

Bookmark and Share
Filed Under: Marketing/Sales, Tech
Tagged: , , , , , , , , , , , , , , , , ,

Are You Insured for Cyber Theft?

 

Aug. 30, 2010

On a regular basis, cybercriminals are creating hardship for businesses and consumers. A post by blogger Brian Krebs caught my eye – a Texas company is struggling to get its bank to pay for a $50,000 cyber theft.

“Attorneys for Dallas-based Hi-Line Supply Inc. recently convinced a state court to require depositions from officials at Community Bank, Inc. of Rockwall, Texas,” wrote Mr. Krebs. “Hi-Line requested the sworn statements to learn more about what the bank knew in the time surrounding Aug. 20, 2009, when crooks broke into the company’s online bank accounts and transferred roughly $50,000 to four individuals across the country who had no prior business with Hi-Line.”

Ostensibly, the comments in the deposition are locked up, but the lawyers maintain the bank is guilty of security incompetence and a lawsuit might be the next step.

Mr. Krebs quoted an attorney:

 “In the event Community Bank refuses to resolve this matter, now that we have uncovered some of the information obtained by virtue of the court’s order, Hi-Line intends to assert claims for misrepresentation, violations of the Texas Deceptive Trade Practices Act, fraud, and breach of warranties, among other things,” said Michael Lyons, a partner with the Dallas law firm Deans Lyons.

The fraud apparently began on Aug. 20 last year when Hi-Line processed its $25,000 payroll, according to Gary Evans, the firm’s president.

“After Hi-Line submitted that batch of payments to its bank, the unknown intruders attempted two more transfers of nearly identical amounts on Friday and the following Monday, Aug. 24,” explained Mr. Krebs. “Evans said he had trouble logging in to his account on Thursday and had the bank reset his password, but the fraudulent transactions hadn’t showed up on his account at that time. He said he took that Friday off as he always does, and when he tried again to log in after returning to work on Monday, he again found the bank’s site would not accept his password.”

Then, Mr. Evans sensed trouble.

“When I finally got the bank to reset my password and got into my account, I noticed the duplicate payroll batches and said ‘Why are you all pulling my payroll out three times?’” Mr. Krebs quoted Mr. Evans about his recollection of how he came to realize his firm had been robbed. “At the time, as I was resetting my password, I had to scroll through the bank’s online customer agreement, which basically said the bank is not responsible for any fraud. I should have known at that point that they were not going to take any responsibility for this at all.”

Mr. Evans maintains the bank should have taken notice.

“Evans said the bank should have detected that something was amiss, and not just because of the unusual and repeated payroll batches,” wrote Mr. Krebs. “He said the crooks accessed his account from five different Internet addresses with locations that were nowhere near Texas, including from computers located more than 1,300 miles away, in Washington, D.C. and Maryland.”

The blogger says Community Bank did not respond to his request for a comment, but its deposition claims the cybercriminals “had infiltrated Evans’ computer with a virus and used it to steal his online banking credentials, which included a user name, password, PIN and several challenge/response questions.”

Mr. Krebs indicated the thieves pulled it off with the unknowing help of what are called money mules.

“Among those lured into the scam was Josh Enlow, a 28-year-old gas station attendant in Phoenix,” he wrote. “Enlow said he was hired by an entity calling itself The Total Group Co., which initially contacted him in an e-mail stating it had found his resume on a job search Web site, and would he be interested in an ‘accounts payable’ position?”

Reported, Mr. Enlow received several fund deposits and was asked to forward the money.

“He then wired the money to individuals in Eastern Europe as instructed, he said,” Wrote Mr. Krebs.

“If the customer wants the bank to reimburse it for fraud losses, it’s up to the customer to prove that the bank’s security procedures are not commercially reasonable…” says IT security expert Dr. Stan Stahl. “The result, all too often, is that the customer has little choice but to sue the bank.”

But Dr. Stahl says there are reasons for such victims to hope:

“There’s a very good chance the bank’s procedure’s fail the test of commercial reasonableness,” writes Dr. Stahl. “

But he adds the burden of proving a bank is at-fault is “huge.”

He says one solution is cyber theft insurance.

My counsel is due diligence by a top-notch security adviser, and to make sure you really know your bank.

From the Coach’s Corner, Dr. Stahl’s security blog: http://citadelonsecurity.blogspot.com/.

Bookmark and Share
Filed Under: Tech
Tagged: , , , , ,

Is It Time to Educate CEOs about Threats from Cybercrime?

 

Updated Jan. 3, 2012

The movement to persuade senior executives on cyber-security dangers is slowly growing.

Indeed, two business professors – University of Virginia’s Tim Laseter and Dartmouth’s Eric Johnson – argue there’s “A Better Way to Battle Malware.” They successfully argue in the lengthy article that senior executives could implement production quality controls to conquer cyber security issues.

Indeed, there’s plenty of evidence that cybercriminal activity is flourishing. Every week we see the headlines about newly discovered sinistere events. But USA Today first reported in 2010 that many CEOs have been unaware about the dangers to their firms when it comes to Internet security.

Eighty-one percent of information-technology professionals believed that their companies’ senior managers still do not comprehend the need to take proactive steps to ward off security threats.

That’s according to a study of nearly 591 of IT pros. It was conducted by the Ponemon Institute for NetWitness. Not only did it involve opinions about CEOs, the same fears were attributed to a lack of understanding by government agencies.

In addition to the 81 percent concerning senior executives, the study reports other red flags:

  • 83 percent indicated their organization has been a recent target of advanced threats
  • 41 percent said they were frequently attacked

So, it’s time to check with go-to security expert Dr. Stan Stahl. Is it really possible that senior executives don’t fully comprehend IT security dangers?

“Our experience confirms the validity of these statistics,” believes Dr. Stahl. “The cybercrime problem is only going to get worse as more and more small and medium size businesses fall victim to online bank fraud.”

Commenting in his blog, Dr. Stahl is a widely known pioneer and consultant in security and the prevention of identity theft. He is the expert on Federal Trade Commission rules under the Gramm Leach Bliley Act governing non-public personal information by financial institutions. He is also president of the Los Angeles chapter of the Information Systems Security Association, a nonprofit, international organization of information-security professionals and practitioners.

“The biggest challenge we see is helping the men and women who have to dedicate resources (people or money) understand (1) why they need to improve the security of their information systems, (2) the basic steps involved in improving systems security, and (3) the ancillary competitive benefits they can get from improved information systems security management,” he writes.

Indeed, the study also indicates 44 percent of attacks result in the theft of confidential information, and 45 percent of the cyber strikes result specifically in the “theft of intellectual property.”

“It’s to meet this challenge that we in the Los Angeles Chapter of the Information Systems Security Association (ISSA-LA) have embarked on an aggressive Community Outreach Program”, writes Dr Stahl. “Our objective is nothing less than to raise information security awareness.”

Of course, the association has local chapters in multiple cities; see www.issa.org.

Yes, it’s disappointing to know that senior executives are still in the dark. But IT pros can solve this problem. Here’s more: How CIOs Can Get More Respect in the C-Suite.

From the Coach’s Corner, this portal’s Tech section contains many Biz Coach articles on cybersecurity with solutions from Dr. Stahl. (Note: I’m very familiar with Dr. Stahl’s expertise as we’re both members of Consultants West, www.consultantswest.com.)

For more on Dr. Stahl, see his Web site and his blog.

“Distrust and caution are the parents of security.”
-Benjamin Franklin

 __________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry.

 

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , , , , , , ,

Antivirus Company Names Most-Perilous Internet Cities

 

Updated March 23, 2010

In cyber-crime, Seattle has earned a distinction it’d rather not have – the No.1 riskiest online city. That’s according to Norton from Symantec. The antivirus company teamed up with research firm, Sperling’s BestPlaces, to determine the locales the deem the most-susceptible to Internet crime.

Maybe they are and maybe they’re not. A leading cyber-security expert, Dr. Stan Stahl, questions the data.

“While some of the factors used in assessing ‘risk’ would seem to appropriate, my bottom line was expressed best by G.K. Chesterton: ‘It’s not that they don’t know the answer. It’s that they don’t even know the question’,” says Dr. Stahl, a noted Internet security expert in Los Angeles (www.citadel-information.com).

A Norton press release states its list of cities was developed as a result of the cyber-attack data compiled by Norton and other factors. The top five: Seattle, Boston, Washington, D.C., San Francisco, and Raleigh.

The Norton data criterion includes these six categories:

1. The cyber-crimes data from Symantec Security Response:

  • Number of malicious attacks
  • Number of potential malware infections
  • Number of spam zombies
  • Number of bot infected computers
  • Level of Internet access

2. Expenditures on computer hardware and software

3. Wireless hotspots

4. Broadband connectivity

5. Internet usage

6. Online purchases

Missing from this list, Dr. Stahl says, are things that would serve to mitigate risk, such as:

  • Number of information systems security professionals in the city
  • Average number of information security professionals per 1,000 computers and per company
  • Percentage of computers who connect to hotspots using a VPN (virtual private network).
  • Percentage of companies ISO27001 certified (ISO refers to international organization standardization)
  • Numbers of CISSPs (certified information systems security professionals), CISMs (Certified Information Security Managers), etc.
  • Percentage of businesses/homes with professionally managed firewalls

“By itself, expenditures may mean little or nothing since one large supercomputer can cost the same as zillions of P and actually lower risk,” explains Dr. Stahl. “There’s also the question of what ‘risk’ means when applied to a city, as opposed to an individual or an organization.”

So, it’s a question of what he calls “meaningful mathematics,” – everything is relative.

“My risk goes up or down as the total number of bot infected or spam zombie computers goes up or down; it doesn’t really matter if they happen to be in my own town or somewhere else [more or less true, but not quite since a bot net or spam zombie in Africa poses less of a risk than a bot net in America],” he adds. “In this situation, my risk is my risk; it doesn’t meaningfully transfer to my city.”

Norton’s list of the alleged most-vulnerable cities:

1. Seattle

2. Boston

3. Washington, D.C  

4. San Francisco

5. Raleigh

6. Atlanta

7. Minneapolis

8. Denver

9. Austin

10. Portland

11. Honolulu

12. Charlotte

13. Las Vegas

14. San Diego

15. Colorado Springs

16. Sacramento 

17. Pittsburg

18. Oakland

19. Nashville-Davidson

20. San Jose

21. Columbus

22. Dallas

23. Kansas City

24. New York

25. Indianapolis

26. Albuquerque

27. Miami

28. Omaha

29. Virginia Beach

30. Los Angeles

31. Cincinnati

32. Houston

33. St. Louis

34. Phoenix

35. Chicago

36. Baltimore

37. Oklahoma City

38. Philadelphia

39. Jacksonville

40. Tulsa

41. San Antonio

42. Milwaukee

43. Cleveland

44. Tucson

45. Long Beach

46. Fort Worth

47. Fresno

48. Memphis

49. El Paso

50. Detroit

Again, based on the expertise of Dr. Stahl, if you live in one of the listed cities, you don’t necessarily have to worry. My thanks to him – he’s been very gracious with his analysis for many years.

From the Coach’s Corner, here are recent Biz Coach columns featuring his expert opinions:

His security blog: http://citadelonsecurity.blogspot.com/

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , , , ,

How to Protect Yourself from the Internet Crime Wave

 

Updated – Sept. 29, 2012

At least 19 major banks have been hit by cyber attacks, according to a rash of published reports this month. A typical headline, “Cyber Attacks on US Banks Expose Computer Vulnerability, appeared in Businessweek.

But this isn’t a new security scare. For Citibank customers and millions of other consumers who enjoy the convenience of online banking, a headline was alarming. The Wall Street Journal headline: “FBI Probes Hack at Citibank – Russian Cyber Gang Suspected of Stealing Tens of Millions; Bank Denies Breach.”

The article on December 22, 2009 was the last we’ve seen about the Citibank situation. The reported multimillion dollar loss – a public relations nightmare for Citibank – has been hushed up.

Many online security experts say online fraud is skyrocketing and there are FBI warnings about online fraud and related scams.

Such cybersecurity experts also cite another alarming trend – increasing sophistication in the methods used by cybercriminals.

About three weeks after the Citibank report, online-banking warnings were issued by the American Bankers Association and FBI (“Cybercrooks stalk small businesses that bank online”). The warnings followed a wave of cybercrime afflicting small businesses, public-sector agencies, churches, schools, and other non-profits.

Cybercrime methods

Many crooks are using what are called “banking Trojans.” Here was a typical case: “New Trojan Intercepts Online Banking Information – PC World.”

A cybersecurity expert, Dr. Stan Stahl, developed a plot line in another cybercrime issue, which is applicable to the banking scams.

“The plot line isn’t with Citibank but related to the recent web attack on Twitter that redirected users to the ‘Iranian Cyber Army.’ This same type of attack – stealing the UserID/password of Twitter DNS administrator and then changing the DNS to point to the Iranian Cyber Army – could be used to create a “cybercriminal-in-the-middle” attack against an eCommerce site,” he said.

Dr. Stahl further explained the cybercriminal is then able to steal a consumer’s sensitive credit-card information and seize control of the victim’s computer.

He is a widely known pioneer in security and the prevention of identity theft. He is the expert on Federal Trade Commission rules under the Gramm Leach Bliley Act governing non-public personal information by financial institutions. He is also president of the Los Angeles chapter of the Information Systems Security Association, a nonprofit, international organization of information security professionals and practitioners.

“I feel the banks must bear a significant share of the responsibility because they have the knowledge of what’s happening yet, in my experience and based on what I’ve been told by people in law enforcement, they are not working the problem with their customers nor are they supporting law enforcement by sharing what they know,” said Dr. Stahl. “They strike me as wanting to pretend this isn’t a problem.”

It’s true insurance companies reimburse victims of cybercrime. But cybercrime is expensive.

A client once hired Dr. Stahl to investigate a $1 million loss from an online banking theft, and I reported the details in this column, “5 Safety Measures to Thwart Mounting Social-Network Attacks.” He says it resulted in an expensive legal struggle.

“The lawsuit I’m involved in, for example, is between two insurance companies; both will lose dollars regardless of how the suit turns out,” Dr. Stahl explained. “If the insurance companies made bank cooperation with law enforcement a policy requirement, we’d get a lot more cooperation and the insurance companies would have fewer claims to pay.”

He is also assertive in explaining his perspective on the Internet-security issue, Google vs. China.

“There is little in the Google story that the information security community didn’t already know except for the specific vulnerabilities that were exploited,” he said. “What is new – and important – is that now the world knows. For our business, it’s just one more example we can point to of how unsafe the internet is. Plus, because it’s Google, the cybercrime has been deconstructed more thoroughly than usual. Kudos to Google.”

Smartphone dangers

Despite what banks claim, mobile banking is dangerous. (See: Our Mobile-Banking Warnings about Security Prove Prophetic)

A published report, “BBC News – Cybercriminals revive old scams to target smartphones,” confirmed the specter about threats against mobile phones.

The BBC smartphone report prompts this question from Dr Stahl: “How long will it take until this type of malware is used to steal online bank credentials?”

Personal online security tips

Here are some of his tips to enhance your personal online security:

  • Review all privacy and policy information.
  • Use unique and hard to guess login information.
  • Protect your computer.
  • Check your account balance regularly.
  • Pay using credit cards.
  • Do not access your account from public locations.
  • Verify email correspondence from bank.
  • If your account is compromised, take swift action.

Online management controls

For your company’s management controls:

  • Don’t allow your employees to use your computers in social networking.
  • Establish a list of allowable web-sites.
  • Closely monitor your bank account.
  • Train employees in social engineering awareness.
  • Change the mindset of your managers and employees – if something seems odd, say no and call for Internet security.
  • Strengthen your defenses.

Oh, don’t forget the danger in opening and responding to e-mails – to avoid cyber criminals from phishing — a tactic to get you to reveal sensitive information.

(Note: I know Dr. Stahl well as a trusted expert, and I’ve interviewed him on multiple occasions. He and I are members of a roundtable of veteran consultants, Consultants West, www.consultantswest.com.)

Resource links:

From the Coach’s Corner, if you’re a cyber victim, contact a noted security expert and authorities (How to Report E-Scams and Hoaxes to the FBI).

Related security articles:

“Phishing is a major problem because there really is no patch for human stupidity.”

-Mike Danseglio

__________

Author Terry Corbell has written innumerable online business-enhancement articles, and is a business-performance consultant and profit professional. Click here to see his management services. For a complimentary chat about your business situation or to schedule him as a speaker, consultant or author, please contact Terry. 

 

Bookmark and Share
Filed Under: Tech
Tagged: , , , , , , , , ,

Next Page »

Biz Coach Terry Corbell – the business-performance consultant – provides Proven Solutions for Maximum Profits.

Switch to our mobile site