cybersecurity Archives

5 Easy Ways to Improve Employee Cybersecurity Around the Holidays

by Ilyce Glink | Nov 20, 2024 | For Employees

The holiday season is fast approaching. With it comes an increase in online shopping — which could mean an increase in cybercrime. Online sales are expected to grow by 4.8% this holiday season, according to Salesforce. Cybercriminals will look to exploit the surge in digital transactions. Employee cybersecurity should be a high priority for business owners. A data breach could result in the theft of customer information, financial losses and reputational damage.

All businesses are susceptible to cybercrime. But for companies with remote workforces, the holidays present an additional challenge to ensure employee cybersecurity remains strong.

As of August 2023, over 10% of all workers in the U.S. were entirely remote. An even larger percentage adopted hybrid schedules. This shift in work environments has created new vulnerabilities as remote workers are increasingly targeted by cybercriminals. According to a study by Barracuda Networks, 46% of businesses experienced a cybersecurity incident within the first two months of shifting to remote work.

With increased online shopping and the rise in remote work, business owners must help their employees avoid cybercrime. To protect your business during this high-risk time, here are five easy ways to improve your employees’ cybersecurity around the holidays.

1: Improve employee cybersecurity by educating employees on how to protect card data

When it comes to employee cybersecurity, knowing how scams work is half the battle. Online criminals often use a tactic known as phishing. Phishing scams use fraudulent websites, emails or text messages to steal credit card details or login credentials. According to the Federal Trade Commission, the most effective way to avoid falling victim to these scams is to recognize potential phishing attempts. You want to avoid suspicious links or attachments.

Encourage employees to only use trusted websites when making purchases. They should ensure that the site URLs begin with “https” for secure transactions. Never provide personal or financial information through text or email. Training seminars on recognizing phishing scams or even simple written guides on protecting payment information can help minimize the risk to both the employee and the company and support your employees’ cybersecurity.

2: Use spam filters and security software to avoid phishing scams

Phishing attempts increase during the holidays. This mirrors the uptick in online shopping. It’s critical to put proper tools in place to defend against cybercrime. Bolster employee cybersecurity by using spam filters and advanced security software. These help block malicious emails before they even reach your employees’ inboxes.

Phishing emails are designed to look legitimate, appearing as if they are from trusted sources like retailers or financial institutions. This can make them hard to spot. Spam filters and security software help remove and flag these before they enter your inbox. Train employees to recognize common phishing techniques, such as emails from generic domains like Gmail, Hotmail or Yahoo, that include urgent requests for sensitive information.

3: Advise your employees to use strong passwords and update them regularly.

The simplest way to protect your business from cyber threats is to enforce strong password policies for any important accounts. This strategy is also one of the most effective. Employee cybersecurity improves when employees are required to create complex passwords with at least twelve characters that include a mix of letters, numbers, and special characters.

Additionally, employees should avoid using the same passwords across multiple accounts, as one breach could leave them vulnerable to data leaks from multiple platforms. Updating these passwords regularly can help ensure the privacy of your accounts if they are ever compromised. Password managers can create, store and regularly update strong passwords for you.

4: Establish emergency response procedures in the event of an employee cybersecurity lapse

While it’s important to focus on prevention, these measures may not cover everything and businesses should be prepared to act quickly if a cybersecurity breach does occur to protect employee cybersecurity.

Establishing clear emergency response procedures can help ensure that employees know exactly what to do in the event of a data breach, malware infection or other cyberattack. This should include steps such as immediately disconnecting compromised devices from the company network, contacting your IT team and standardizing protocols for recovering data. According to IBM, creating formal incident responses helped reduce breach costs by half a million US dollars on average.

Employees should check if their device seems sluggish, if their battery is draining too quickly or if their device is making strange noises. All of these factors can indicate their device’s communications are being interfered with. Taking a proactive response by having employees report any suspicious activity, even if they think it’s minor, can help prevent some cybersecurity catastrophes before they spread.

5: Upgrade your employee cybersecurity by investing in cybersecurity tools

Investing in advanced cybersecurity tools such as cyber insurance or educational tools can give your business an extra layer of protection during the holidays. To help your employees’ cybersecurity, look for tools to prioritize security and help diagnose potential email threats. Another option to consider is cyber insurance, which can cover financial losses resulting from data breaches such as legal fees, notification expenses for affected customers, system repairs and even public relations efforts to manage reputational damage.

Cybercriminals are relentlessly innovative in their pursuit of company data as cybercrime costs the world over $10 trillion. The most practical way to avoid adding to that toll is by keeping your employees educated and responsible with their computer usage.

What is Employee Cybersecurity? Plus, 3 Ways to Improve Your Cybersecurity Strategy

by Amirah Ford | Jan 8, 2024 | Blog

What is employee cybersecurity? Plus, 3 ways to improve your cybersecurity strategy. Learn how organizations can improve employee cybersecurity practices through proactive training and hands-on education.

In 2023, employee cybersecurity breaches cost organizations an average of 4.45 million dollars, according to a 2023 report from IBM. What’s more, only 1 in 3 affected organizations were able to spot and report these breaches through internal security procedures. The rest had to be alerted of the breach by a third-party organization — or by the hackers themselves.

Remote work and the rise of AI technology have redefined our digital landscape. Without robust employee cybersecurity measures in place, companies of all sizes find themselves increasingly vulnerable to hackers or ransomware attacks.

Learn more about employee cybersecurity, including how a poor cybersecurity strategy could leave your organization vulnerable to attack.
What is employee cybersecurity? Why does employee cybersecurity matter?

Employees across all industries use some type of technology in their daily operations, from basic communications technology such as email and message systems to industry-specific technology such as medical devices or stock trading software.

Employee cybersecurity is the art of protecting these digital networks, devices, and data from unauthorized access or criminal use. Cyber security strategy may include protecting documents and emails from hackers, frequently checking for software viruses, reporting suspicious emails and more.

For many executive teams, employee cybersecurity is a top-of-mind issue. According to Accenture’s recent CEO survey, almost 3 in 4 CEOs worry about their company’s ability to minimize damage from a cybersecurity attack. And despite companies’ increasingly investing in cybersecurity software, these investments don’t address one of the greatest risks and vulnerabilities: employees, themselves.

Many cybersecurity attacks start with human error, whether it be accidentally downloading a virus or clicking on a phishing link. Employee cybersecurity ensures that workers have the right knowledge, strategy and preventative tools when it comes to spotting and averting cyber attacks.

3 ways to improve employee cybersecurity

1. Upgrade employee passwords with two-factor authentication.

Having a strong, unique password is helpful, but this is only the first layer of password protection. Passwords can be reused, stolen or cracked. So companies have started to double-check employees’ identity with two-factor authentication (also known as multi-factor authentication) as another layer of protection.

With two-factor authentication, after an employee inputs their password, they will be prompted to complete a second step that would be a lot harder for a hacker to fake. Common authentication methods, according to CISA, include using:

Something an employee knows (e.g., a PIN or security question answer)
Something an employee owns (e.g., sending a confirmation text to your phone)
Something an employee is (e.g., fingerprint or face identification)

Adding an extra layer of protection can help prevent unauthorized access to accounts, software and other sensitive data.

2. Educate employees to spot (and avoid) phishing scams.

One of the most common ways that hackers target employees is through phishing scams, which involve the use of fraudulent emails, text messages, phone calls or websites designed to trick users into downloading malware, sharing sensitive or personal data (e.g., Social Security number, login credentials, etc.) and more.

According to IBM, over 40% of cybersecurity attacks use phishing to gain access to company information and data.

Phishing attacks commonly include grammatical and spelling errors, sketchy email addresses, threats of jail time and other unrealistic consequences. By teaching employees how to identify phishing, companies can minimize their vulnerability to hackers and ransomware attacks.

3. Create an online hub for employee cybersecurity resources.

To help employees navigate the ever-changing world of cybersecurity, companies have begun developing employee cybersecurity support hubs. Within these cybersecurity hubs, employees receive consistent reminders to perform software updates, regularly change their passwords and more.

Employee cybersecurity hubs serve as a dedicated resource for all things cybersecurity and IT-related. For instance, cybersecurity and IT hubs may include a hotline number for employees to call with any questions, as well as a reporting system for phishing attempts.

With a clear, consistent place for employees to get cybersecurity support, companies can help increase employees’ cybersecurity awareness and minimize the risk of a harmful breach.

To learn more about Best Money Moves Financial Wellness Platform, let’s schedule a call. Contact us and we’ll reach out to you soon.

5 Ways to Improve Remote Cybersecurity for Your Hybrid Team

by AllyMauch | Oct 12, 2021 | Blog

5 ways to improve remote cybersecurity for your hybrid team. As workforces increasingly pivot to hybrid models, teams need to consider the unique security challenges posed by working from home.

Hybrid work environments, where employees work from home and come to the office, pose unique challenges when it comes to cybersecurity. In a recent survey conducted by OpenVPN, 90 percent of IT workers polled said they believe remote workers are not secure. Over one-third said they have experienced a security incident due to unsecured remote workers.

We’ve outlined five ways you can improve your remote cybersecurity, so you can avoid putting your hybrid team at risk.

1. Set up a secure network.

When you’re in a physical office space, it’s important to have a private, password-protected WiFi network that all employees can use to work. However, when working from home, workers will be using whatever wireless network they have access to remotely. Setting up a virtual private network, or VPN, is one way to add an extra layer of cybersecurity protection. Using a VPN allows people within your company to connect and interact on one, secure private network, regardless of where they are geographically.

2. Encourage multi-factor authentication (MFA).

Multi-Factor authentication, sometimes also called two-factor authentication, is another way to add a layer of security to your work logins. MFA requires the user to present two different credentials from two different categories when logging in to an account. One of the most common examples is entering a unique password and then entering a verification code that is sent via text or third party authentication app. Because the two factors have to be from different categories, two passwords would not qualify as MFA. This system makes it more difficult for hackers to break into users’ accounts and keeps your work network better protected.

3. Invest in email scanning and encryption software.

Scam emails spiked majorly at the start of the COVID pandemic, with IT company Barracuda Networks saying in April 2020 that it had seen a 667 percent increase in phishing emails amid the health crisis. As such, investing in email scanning or filtering software to detect potentially malicious messages could save you in the long run. Such software typically filters inbound and outbound emails to detect whether they classify as phishing, spam, a virus or a suspicious link. Emails also often contain sensitive or confidential data and it’s important to protect that information from any outsiders. You can do this by using a software to encrypt the data attached to emails on your server to prevent any unintended recipients from seeing it.

4. Keep work and personal technology separate.

A recent HP Wolf Security report conducted during the pandemic found that 46 percent of workers now think of their work laptop as a personal device, while 84 percent of IT leaders surveyed were concerned that using work devices for personal tasks has increased their company’s risk of a security breach. Work from home also presents the problem of workers accessing sensitive data from their personal devices, which may not be as secure as company-issued ones. Both of these situations pose a cybersecurity risk, so you may consider instituting a policy for employees to keep their work and personal devices completely separate whenever possible.

5. Commit to ongoing employee training.

One of the most important aspects of improving your cybersecurity is making sure your employees, and everyone who has access to your network, are on board and up to speed on the best practices. This process can include conducting cybersecurity training sessions or simply sending regular reminders about using the VPN, crafting secure passwords, spotting phishing emails and other fraudulent activity or whatever security concerns apply to your unique situation.

If you want to learn more about how Best Money Moves can bring financial wellness to your company, download our whitepapers.

Don’t Fall for a COVID-19 Scam: What to Look For

by Ilyce Glink | Jun 11, 2020 | Blog

Don’t fall for a COVID-19 scam: How scammers are trying to take advantage of people looking for financial help during the pandemic.

With the coronavirus/COVID-19 pandemic sweeping the nation, federal, state and city governments have enacted legislation to help people with their finances. But with these helpful initiatives have come bad actors trying to use the opportunity to steal the identities of people looking for help.

Be on the Lookout for These Scams During the COVID-19 Pandemic:

COVID-19 Scam #1: Stolen Federal Stimulus Payments

Federal stimulus payments have become an easy target for scammers. In April, the Internal Revenue Service debuted a tool to help in distributing funds. Through this portal, eligible persons who did not file taxes in 2018 or 2019 can enter basic identifying information so the government can easily distribute their stimulus payments.

Per IRS guidelines, users have been asked to provide a range of personal information, including:

Full name, current mailing address and an email address
Date of birth and valid Social Security number
Bank account number, type of account and routing number, if you have one
Identity Protection Personal Identification Number (IP PIN) if you received one from the IRS earlier this year
Driver’s license or state-issued ID, if you have one
For each qualifying child: name, Social Security number or Adoption Taxpayer Identification Number (ATIN) and their relationship to you or your spouse

Though helpful for many Americans filling out the form, the limited and basic nature of this information makes it easier for scam artists to claim checks that are not their own. Basic personal information can be stolen in many ways, including through data breaches, fake websites asking for personal information, scam calls and phishing emails.

COVID-19 Scam #2: Scam Artists Impersonating Government Agencies

Knowing the true person behind a phone call or email can be difficult. In fact, the FBI’s Internet Crime Complaint Center (IC3) has reported a rise in fake emails claiming to be from the Centers for Disease Control and Prevention or other organizations offering Coronavirus information.

The FBI warns not to click links or open attachments from senders you do not recognize. By clicking or opening these things, malware can be unlocked, which gives scam artists access to your personal information. They could also lock your computer and demand payment. Criminals are using fake websites claiming to track COVID-19 cases to deliver malware to phones and personal computers.

COVID-19 Scam #3: Delivery Scams

Many people may be unable to pick up items like groceries or necessary medications in person and need them delivered to their door. Ordering from a trusted source online is a safe way to do so, but beware if someone you don’t know well offers to help.

Some scammers offer to purchase and deliver your supplies but never return after taking off with your money. The safest way to make sure you aren’t scammed is to ask a friend or family member for help or to use a trusted delivery service.

COVID-19 Scam #4: Waylaid Donations

There are many charitable organizations that can use your help during this time. But the FBI has noted an increase in phishing emails asking for donations to hospitals and charities, and claiming to have access to fake testing kits, cures or vaccines. As a general rule, don’t click on anything in an email from a person you do not know or recognize.

Before donating money, research the charity. Paying in cash, by gift card or by wiring money should not be done as a means of transaction, as scam artists tend to use these forms to steal. Websites like givewell.org and charitynavigator.org can be used to verify locations. For more information, the Federal Trade Commission’s website provides guidance on avoiding donation scams.

COVID-19 Scam #5: Fake Zoom Invitations

Some people have taken to sending fake Zoom invitations in an attempt to steal passwords. It is important to note how the messages you receive are worded. If someone “demands your presence” or threatens to terminate you if you don’t attend, chances are it’s a scam. Confirm that any video conference invitations you accept are coming from members of your workplace.

If you do open the link in a bogus message, you are generally directed to a website that looks similar to a legitimate Zoom meeting screen but, in reality, is a page designed to get you to input your email password. Carefully review any messages sent from unfamiliar accounts and the webpages of any links you open. Reach out to your employer for clarification if you sense something is suspicious about a Zoom invitation.

COVID-19 Scam #6: Bogus Offers for Vaccinations and Home Test Kits

There is no federally approved vaccine or home test for the Coronavirus, but that hasn’t stopped scammers from peddling fakes. If you think you may have contracted the virus, contact your doctor and ask about testing availability in your area. To help protect your identity, do not share your medical information, Social Security number or health insurance details over the phone.

How to Better Protect Your Identity from COVID-19 Scams

While you can never guarantee that your identity will be fully protected, here are five steps you can take right now to ensure your identity is better protected:

1. Frequently check your savings, checking, credit card and other key financial accounts for unauthorized charges or withdrawals.

Constantly checking the status of your financial accounts is one of the best ways to help protect your identity. Setting aside five minutes every week to review transactions can make a difference in recognizing a threat to your identity early on. For your bank and credit card accounts, sign up for email or text notifications for instant notifications.

2. Contact your bank as soon as you notice any suspicious activity on your account.

Contact your bank the moment you see something of concern in your account. Explain your situation and ask about your options, which may include canceling your active credit or debit cards and being reissued new ones. Talk with your bank or credit card lender for more information on the specific remedies available to you.

3. Frequently change your online passwords to better protect your information from data breaches.

An unintended consequence of using platforms to shop and communicate with friends from home during the pandemic is your personal information is now stored on more platforms than ever. If hackers access these systems, they could obtain your secure information without your knowledge.

To fight this issue, set up strong, unique passwords for each account with more than eight digits and contain upper and lower case letters, numbers and at least one symbol. Set a reminder to change all passwords periodically, whether that’s annually, once every six months or as frequently as you can reasonably manage.

4. Remove personal information from your social media accounts.

The more information scammers can obtain from looking at your social media accounts, the easier it can be for them to steal your identity. Review the privacy settings for your accounts and update them to remove excess information. Keeping your mailing address, email address, phone number and other personally identifying information private significantly reduces the risk that someone will be able to successfully impersonate you.

5. If your identity has been used to cash your stimulus check or apply for unemployment or other benefits, file a dispute with the relevant authorities.

Identify thieves have tended to target people most in need of financial help during the pandemic, according to reports. If you think you have not received the aid you are eligible for because you are a victim of identity theft, contact the relevant local or federal authorities.

It’s a shame people’s identities are being stolen in the middle of a pandemic, but by following these steps, you should steer clear of bad actors trying to take advantage of you.

Related Resources During the COVID-19 Pandemic

Coronavirus/COVID-19: Where to Find Assistance

CARES Act: 4 Key Pieces for You

How Soon Will I Get My Stimulus Check?

COVID-19 Information Center: What to Understand

How COVID-19 Impacts Your Student Loans

National Cybersecurity Awareness Month 2019: What Employers Need to Know

by LizStevens | Oct 2, 2019 | Blog

National Cybersecurity Awareness Month 2019: what employers need to know. If nothing else, these basic cyber risk safeguards should be in place at your organization.

October is National Cybersecurity Awareness Month. According to the Chubb Cyber Claims Index, there has been a 1,215 percent increase in the number of commercial cyber insurance claims over the past decade.

It’s time for the 60 percent of employers who admit they haven’t implemented the most basic cyber safeguards (according to a recent survey by Chubb) to step up and protect their businesses.

What Employers Need to Know for National Cybersecurity Awareness Month 2019

If nothing else, these are the three most basic cybersecurity practices employers should adopt to protect their company from cyber risks:

Hold annual employee cybersecurity trainings (only 33 percent of employers currently do this)
Deploy filters for online content (only 40 percent of employers currently do this)
Leverage social media blocks (only 33 percent of employers currently do this)

While putting these strategies into practice affords some cybersecurity (and some is better than none) it’s important to keep in mind that this is the equivalent of doing the bare minimum. When it comes to minimizing cyber risks and protecting your business, the bare minimum doesn’t cut it.

Defining Major Types of Cyber Risks for National Cybersecurity Awareness Month 2019

When it came to defining cybersecurity terms most Americans were stumped:

Ransomware – a form of malware that restricts access to files unless a ransom is paid. (only 54 percent of employees knew the definition)
Credential stuffing – an attack by cybercriminals to programmatically target a single online user using an email address and multiple password attempts. (only 41 percent of employees knew the definition)
Emotet – a type of malware which is designed to steal financial information and online banking credentials. (only 28 percent of employees knew the definition)
Ryuk – a new strain of ransomware that infects the victim’s main computer systems and hides itself as a legitimate VPN user. (only 26 percent of employees knew the definition)

If an employee can’t define what cyber threats are, how can they spot the red flags for one on the job? This is where an annual employee training can come in handy. According to the report by Chubb,

“As cybercriminals become increasingly sophisticated in their efforts to breach company systems, a general understanding of these common attacks — and how they are enacted — can be extremely valuable. By requiring employees to undergo annual trainings, much of which can be conducted online and limited to an hour, employees may be able to identify breach warning signs before they become full-blown attacks — allowing companies time to potentially intervene before significant losses occur.”

How Much Does a Data Breach Cost?

According to research by IBM, globally, the average total cost of a data breach is $3.92 million. The U.S. has the most expensive data breaches, averaging $8.19 million. Healthcare is the most expensive industry for data breaches, averaging $6.45 million. The average size of a data breach is 25,575 records.

A data breach is only one kind of cyber attack, and all of them come with high costs to protect, identify, respond and remediate. Make the most of National Cybersecurity Awareness Month 2019 and take steps to further safeguard your business from cyber risks.