Corporate Privacy In Today’s Environment

We have received a lot of requests for this and it’s a scorcher.

“How do I protect my corporate privacy this day in age?”

Let’s Get Right to the Answer: You Can’t

At least not easily.

What do we mean? Quite simply this, every company in every country cooperates with the government of that country. From China, to France, UK, Russia and even the United States all get a vast majority of cooperation of those companies. Apple, Google, Microsoft and hundreds more provide all the information the government requests.

If You Really Need to Protect Your Corporate Privacy…

Firewall

Easily, FIRST THING, get a GREAT firewall, not some cheap firewall or an open source one. Why? It has been proven in the past that governmental agencies penetrated many open source projects and implemented changes which benefited them at penetrated the product. Such examples are TrueCrypt project and Lavabit. We recommend Sophos Firewalls.

SSL & VPN

Investing in a fantastic SSL certificate for security. For their VPN security, monitoring and deployment it is a no brainer for businesses.

Antivirus & Cloud Management

Antivirus, Trend Micro Worry Free Business which allows for cloud controlled management, and easy to deploy endpoints.

Desktop Encryption

As for desktop protect physically, we recommend Trend Micro Desktop Encryption.

These are just some of the cyber security suite we can install and maintain for you. If your interested in more ways managed IT can support your business and its corporate privacy, contact Triton Technologies today.

Phishing: STOP Posting Your Personnel’s Contact Information!

Please, please stop.

In marketing, it is great to give your business a personal face: a close contact or a person to call when things go wrong. That is great, but it causes a tremendous security headache in I.T. when you paint that target.

What are we talking about? A common scam known as phishing.

Phishing Targeting You and Your Staff

The way this scam works is a hacker scans your website for contact information. They find a CFO, CEO, a bookkeeper or someone in authority in the company and dig up EVERYTHING they can about them. The do what is known as a “full dox” on the person. That includes information related to their personal lives, charity and so forth.

Laying the Trap

Some time later a person who does payments and who is profiled on the website received this kind of email:

“From: [email protected]

To: [email protected]

Hey, Sarah, I am in NYC at the charity event we talked about and I need you to wire $15,000 to this charity’s bank account. Thanks, Steven.”

Pretty straight forward huh? Steven is away at a charity event, and he sent Sarah a request for a donation to a charity he was at, and everyone was expecting…. BUT IT ISN’T REAL.

Let’s Break It Down

  1. The email address it was sent from was from a common service, usually gmail, hotmail or yahoo. Untraceable or unenforceable. The respond to address may match the companies address, but anyone in email management will tell you that you can easily spoof someone else.
  2. Since Steven made it public he was going to be at an event the hackers used that timeline to strike and send a fake email to the book keeper in the company.
  3. Bank account transfers are tough to reverse and even if you found out where the destination was, the jurisdiction of the united states may not apply.

This can easily result in millions of dollars lost over a period of time or a big one all at once.

Phishing Happens More Than You Think

Companies have been fooled by this type of scam A LOT! A prime example is our main wireless supplier, Ubiquiti. In 2014 the company lost NEARLY 50 MILLION dollars when a mid-level book keeper received an email to transfer many small sums of money to a bank in China. By the time the error was discovered, it was MONTHS later and the thieves have made off with almost all the money.

All they had to do was read the website, build a dox and send an email.

So for your companies safety, DO NOT put your contact information for your employees on your webpage. Just general departments like [email protected], [email protected], [email protected] or [email protected] instead of individuals names. This will extremely reduce the amount of data hackers can get from your website and help protect your money from theft. Contact us for more best practices and how to look out for phishing and other common cyber scams.