Managed Solutions » Cybercrime

Why all businesses should consider SEC Cyber Security Guidance

Joe Hackman — Mon, 17 Oct 2011 11:30:30 +0000

Image compliments of Sandia Labs (Creative Commons)

Last week the SEC released a Disclosure Guidance Document on Cyber Security. The document was a direct response to the dependence on digital technologies and the increased risks associated with Cyber Security. While the SEC guidance was aimed at publicly traded companies, the information in and the existence of the document should raise eyebrows at any business.

An ounce of prevention truly is worth a pound of cure

The document contained extensive guidance for organizations including before, during and after a cyber security incident. Perhaps the most interesting suggestion in this particular document is the call to disclose risk:

Registrants should disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky.

This is something all businesses should be asking themselves, not based on guidance from the SEC or specific directives such as HIPAA but rather because it is the right thing to do. We as businesses are stewards of our clients critical information. In many cases prevention is less expensive than we might think and much less expensive than the liability associated with a failure to prevent a cyber security event.

In response to the extraordinary role that Cyber Security has played in our modern connected world Managed Solutions introduced a program called Secure Enterprise in 2002 to assist businesses with protecting critical enterprises of any size. You can join the conversation about Cyber Security on our Facebook page.

Dr. Dan wants to buy Real Estate (Phishing)

Joe Hackman — Thu, 12 Aug 2010 15:40:29 +0000

We’re paid to be paranoid here at Managed Solutions. When this message arrived in my inbox today it was a rarity. Rare because it is one of very few phishing Emails that have bypassed my anti-spam mechanisms. Phishing is a process by which a criminal pretends to be a legitimate entity in an effort to gain passwords, identity, bank account or other private data. Here is the text of the message:

I am interested in purchasing a private residence in your country or in any country you are well-acquainted with.

The Property must be located in a well-reserved,serene,secure and highly-hygienic environment because I am most particular about the safety and sound health of my family.
I wish to make this transaction with you in a very secret and confidential manner due to my position as a cabinet minister here in my country Ghana.

Therefore,upon response from you I will connect you with my agent here whom I trust so much to represent my interest in this purchase.franciskweme2007@[hidden].com
Thank you and accept my kindest regards,

Dr. dan

Want to complete this article?

What issues do you see with the text of this message and why would I assume that it is a Phishing Email? Complete this story via comment and we’ll feature your comment as a part of the article and link back to your website.

We have a winner, David Schur completed the article via this comment on Facebook:

David Schur – I’ll take a shot Joe.
1) does not address you by name. Nobody will buy your house, or send you millions of dollars without knowing who the heck you are
2) Total lack of pii. If this was legit, they would know your address, which is the relevant pii in this case. My bank or cc includes the last 4 digits of my account to let me know the email is real.
3) Typo’s…when will the phishers learn that simply hiring a native english speaker to proofread would make a difference (maybe there is ba business opportunity here)
4) simple common sense…to good to be true = false…100% of the time

This won’t work for a real hack…but luckily phishers these days never invest in data that connects your email to any meaningful form of pii…luckily axiom 4 will ALLWAYS be true

Joe’s comment – I really like David’s rule #4, I think Phishers best tool is exploiting people’s greed. Also David had no desire to have a link back to anywhere so I asked him what Charity he likes, here is his response:

“American Red Cross…when bad stuff happens they get my money…then I can safely and with good conscience ignore the inevitable scam charity emails” – David Schur

Can you stump our experts? Free tech support on our Facebook Page.

Joe Hackman — Fri, 12 Feb 2010 22:16:51 +0000

Do you have a tech support question that you’ve been wanting to ask but don’t want to pay? See if you can stump our experts via our Fan Page on Facebook.

Adware Firm Pays $3 Million In Settlement

Joe Hackman — Sun, 26 Nov 2006 04:10:25 +0000

Reuters reported on 11/3/2006 that Internet Advertising firm Zango, Inc. agreed to pay $3 million to the U.S. government to settle allegations that it’s pop-up ad software was secretly installed on millions of unsuspecting users personal computers.

This is a huge blow to the perpetrators of a crime that has up to this point been quite difficult to prosecute. While difficult to estimate there is no doubt that the impact of adware world-wide is in the billions of dollars. This resulting from lost productivity, expenses to remove the programs and system resources. Considering all the fiscal expenses, the biggest victim is the privacy of internet users. Adware often tracks users web habits and funnels users to websites selling products or services that are related to those habits. In some cases, such as the Zango case, popups deploy on the affected users PC’s forcing them to close the windows manually and making it difficult for them to efficiently use their computer.

This is some of the best news in the fight against Adware in recent history. Hopefully the government will continue to prosecute the perpetrators of these crimes and expand their capabilities to tackle some of the tougher issues like SPAM, Viruses and Malware. For now this is a good start.

Is Your Email Secure?

Joe Hackman — Tue, 02 Mar 2004 04:37:09 +0000

There has recently been a rise in the frequency and quality of many internet scams, including “phishing” scams. Phishing scams typically involve “casting out” a mass email spam that appears to be reputable companies requesting information from their clients. The idea being that a few people will fall for the scam, allowing the scammers to use the identity of the individuals who “took the bait” to obtain resources illegally using the victims credit card numbers, bank accounts, etc. There are a tremendous amount of articles on the web about these scams, and plenty of resources to help with the specific issues, the focus of this article is not to address the specific scams but instead to talk about email security issues and common misconceptions. A list of resources will be provided at the end of the article for interested parties who desire more information.

One of the most common misconceptions in the world of email, is that email is a secure means of communication. In most cases this is not true. The typical email setup affords a user very little privacy or security. A good rule of thumb is, don’t type or send anything via email that you wouldn’t want made public, because it could quite easily end up just that. To address this problem, there are alternative ways to transmit your message text and attachments securely. These technologies involve encrypting the contents of the message and any attachments and only allowing the message to be decrypted by the legitimate recipient. Businesses may also opt to utilize systems that allow for the sharing of files in a repository that includes authentication and encrypts all the data using secure protocols. These systems are ideal solutions for companies that have users and clients in multiple locations. A real world example of a system like this is one where clients upload their confidential files using a login and password provided by the vendor to the repository. Then the vendor receives an alert with a link to the file that they can then download via a secure connection from that repository. The data in turn never travels on the unsecured network without being encrypted, protecting its contents from potential snoops that may be operating in its path.

In closing, if we as businesses and individuals educate ourselves and take precautions to secure our private information. We will keep our data private, and discourage all the would be snoops from using the data against us or for their own gain.

Resource Links:
Internet Fraud Watch – Information Center
US Secret Service – Financial Crimes Division
Social Security Online – Identity Theft And Your Social Security Number
Reducing the Risk of Identity Theft
Internet ScamBusters