A recent report from Check Point Research revealed a shocking statistic: the Microsoft-owned business platform LinkedIn is impersonated in nearly half of all phishing attacks globally.

The Threat Landscape on LinkedIn

One common tactic scammers use is targeting individuals seeking new job opportunities. Emails like “You have 1 new invitation” or “Your profile has been viewed by 63 people” can appear authentic but must be scrutinized. Always verify the sender’s email address to ensure it’s genuinely from LinkedIn. Impersonators send emails that look identical to real ones, with links to fake LinkedIn pages designed to steal your information once you enter it.

Another tactic involves cybercriminals creating fake profiles to message users about job opportunities. Once engaged, they may ask for an upfront payment to process your application (which you’ll never see again) or direct you to a form that is actually a phishing link in disguise.

LinkedIn’s Security Features

LinkedIn is aware of these issues and is developing advanced security features to protect its users. Here are four current security features you should use:

1. Suspicious Message Warnings: LinkedIn’s technology can detect messages that attempt to take you off the platform or are potentially inappropriate, sending you a warning notification.
2. Profile Verification: This feature allows you to verify your profile’s authenticity by submitting an additional form of ID, earning a verification badge on your profile. This badge helps others know you are who you say you are, making it harder for scammers who frequently shut down fake profiles to stay hidden.
3. Profile Information: This feature helps you assess the credibility of a person’s profile before responding to messages, accepting connection requests, or trusting offers. By clicking “More” on a profile and selecting “About this profile,” you can see details such as:
   • When the profile was created
   • When it was last updated
   • Whether the member has verified a phone number
   • Whether the member has a work email associated with their account
4. AI-Generated Profile Picture Detection: Scammers use AI to generate realistic profile pictures for fake profiles. LinkedIn’s research showed users generally couldn’t distinguish between real and synthetically generated faces. To combat this, LinkedIn partnered with academia to develop and deploy advanced detection features that identify and shut down profiles using AI-generated images before they cause harm.

Stay Secure on LinkedIn

LinkedIn is an excellent resource for finding jobs, employees, and clients, but it’s important to stay secure. LinkedIn’s security features are just the first line of defense. If someone in your organization falls for a scam and clicks a malicious link, would your internal security solutions be robust enough to protect your network?

We can help you find out. We offer a FREE Security Risk Assessment to help you determine if your network is vulnerable to any type of attack. To book yours, call us at 214-550-0550 or click here to book now.

Summer is a popular time for business owners and employees to step out of the office and enjoy a well-deserved vacation. Despite setting their “out of office” email responder, many people still check in on work while traveling. Unfortunately, studies show that working outside the office, whether it’s a quick check-in on vacation, connecting to the Internet at a local coffee shop, or business travelers on work trips, can lead to significant cybersecurity issues. If you or your employees plan to answer urgent emails from the airport or access network documents in a hotel lobby, it’s crucial to maintain strong cybersecurity practices to avoid exposing the company’s network to nearby hackers.

In this blog post, we’ll cover essential cybersecurity best practices to follow before and during any trip to keep your network secure from hackers.

Why Cybersecurity Matters While Traveling

Cybersecurity might not be at the top of your vacation checklist, but ignoring it can turn your dream getaway into a nightmare. Cybercriminals know summer is prime time to attack because people are more likely to let their guard down while on vacation. Most vacationers focus on enjoying their time off rather than following cybersecurity best practices, making them easy targets for hackers.

To minimize the risk of a cyberattack while traveling, here are a few best practices to cover with anyone on your team who might connect to the Internet while on vacation.

Before You Go:

1. Back Up Your Data: If your device gets lost or damaged, you’ll want a copy of your data available to restore.
2. Update Your Software: Ensure your operating system, web browsers, and apps are updated to the latest versions. Outdated software can compromise your device’s defense against malware.
3. Protect Your Devices: Always lock your device using a PIN, passcode, fingerprint, or facial recognition. If you leave your device unattended and someone tries to access it, they will have full access to your private information if it’s not locked.
4. Enable “Find My Phone”: This feature allows you to locate your device if you lose it and remotely wipe data or disable the device if it falls into the wrong hands.

While Traveling:

1. Use a Virtual Private Network (VPN): A VPN encrypts your Internet connection, ensuring your data is secure even when using public WiFi networks. Set up a VPN on your devices before you leave and use it whenever you access the Internet.
2. Avoid Public WiFi: Public WiFi can be a hotspot for cybercriminal activity. Avoid unprotected networks whenever possible. (Yes, that means no checking your email on the beach unless you have a VPN!)
3. Manage Location Services: Location tools are useful for navigation but can also expose your location to criminals. Turn off location services when not in use and limit how you share your location on social media.
4. Enable Multifactor Authentication (MFA): MFA adds an extra layer of security to your accounts by requiring a second verification form, such as a text message code, authenticator code, or fingerprint scan. Enable this feature for all accounts containing sensitive information before leaving home.
5. Disable Auto-Connect Features: Some devices automatically seek and connect to available wireless networks. These features can give cybercriminals access to your devices if you connect to the wrong network. Disable this option so you only connect to wireless and Bluetooth networks you know and trust.

Conclusion

You should be able to relax on vacation. Taking these simple precautions can help keep your devices secure so you can enjoy your time off without worrying about cyber issues when you return to work.

However, these steps aren’t foolproof. To truly ensure your company’s cybersecurity measures are up to standard, it’s important to work with a professional IT team that can monitor your network 24/7, patch vulnerabilities as they arise, and alert you if something seems suspicious.

To help you prepare for your vacation and have peace of mind knowing your business is secure while you or your employees work remotely, call us at 214-550-0550 or click here to schedule a FREE IT Security Risk Assessment with our cybersecurity experts today. We’ll evaluate your current cybersecurity solutions, identify potential vulnerabilities, and help you implement a strategic security plan to keep your company safe.

In an interview, Steve Wozniak reflected on what he would have done differently if he had been at the helm of Apple instead of Steve Jobs. While he admitted he would have been kinder to people, he also speculated that under his leadership, Apple might never have launched the Macintosh.

Steve Jobs, infamous for his ruthless demeanor and insatiable pursuit of perfection, cultivated a work environment fraught with tension and pressure. Despite his abrasive nature, Jobs managed to forge Apple into one of the world’s most renowned brands. However, his leadership style drove away many talented individuals who found his approach intolerable.

While adopting a cutthroat attitude like Jobs may not be necessary for most small business owners, standing up for oneself is crucial. Too often, individuals tolerate mistreatment from various sources, be it employees, vendors, or clients.

In popular culture, characters like Tony from The Sopranos resonate with audiences because of their unwavering confidence and assertiveness. While not condoning Tony’s negative traits, the appeal lies in his ability to stand up for himself and command respect.

This principle extends to business security. Failing to assert boundaries and protect your organization can leave you vulnerable to exploitation, particularly by cybercriminals seeking to capitalize on your hard work. Safeguarding your business requires a Tony Soprano-level of vigilance and decisiveness in identifying and neutralizing threats before they wreak havoc.

By prioritizing cybersecurity measures and remaining vigilant, you can shield your business from malicious actors intent on causing harm. Neglecting these precautions can jeopardize everything you’ve worked tirelessly to build.

To fortify your defenses and ensure your business remains secure, consider scheduling a 10-Minute Discovery Call with our team of experts for a free IT Risk Assessment. This evaluation will uncover any vulnerabilities within your network and provide a roadmap for bolstering your security posture.

Don’t wait until it’s too late. Take proactive steps to safeguard your business and focus on propelling it forward with confidence. Book your call NOW or contact us at 214-550-0550 to take the first step towards a more secure future.

AT&T, the largest telecommunications company in the United States, recently disclosed a concerning discovery: a dataset for sale on the “dark web” containing information of approximately 7.6 million current and 65.4 million former AT&T account holders, totaling around 73 million affected accounts.

The released data includes passcodes (PIN numbers) and Social Security numbers dating back to 2019 or earlier, but does not encompass personal financial data or call history. However, it may include email and mailing addresses, phone numbers, and birthdates.

In response, AT&T has notified all customers via email or mail to reset their passcodes. It’s crucial for AT&T customers to scrutinize any password-change requests, ensuring they originate from AT&T to thwart potential cybercriminals attempting to exploit the breach by sending deceptive emails with malicious links. If in doubt, contact AT&T support directly for assistance in resetting passcodes.

The origin of the breach remains uncertain, with investigations underway to determine whether it stemmed from AT&T or one of its vendors. AT&T is deploying computer forensics specialists to uncover the root cause and is tasked with eradicating any malware from its customer account system while maintaining service for unaffected customers. However, addressing this issue entails substantial expenses, including investigation costs, legal fees, and potential lawsuits.

At Mirrored Storage, we emphasize proactive cybersecurity measures as a fundamental strategy. While no system is impervious to attacks, robust security measures significantly reduce the risk of breaches. Dealing with the aftermath of a cyber-attack far outweighs the cost of prevention.

If you’re concerned about your organization’s security, we offer a complimentary Security Assessment conducted by our team of cybersecurity experts. This assessment examines your network for vulnerabilities that hackers could exploit and provides recommendations for enhancing security measures, including collaboration with third-party vendors to fortify data protection.

Hackers employ various tactics to infiltrate networks, but as a CEO, your priority is fortifying defenses. We’re committed to assisting you in safeguarding your organization. Schedule your Security Risk Assessment with our cybersecurity experts by clicking here or contacting our office at 214-550-0550. Protecting your data integrity and security is our top priority.

Another day, another cyber-attack! In early April, Omni Hotels & Resorts was the victim of a cyber-attack that brought down the entire IT system and led to a company-wide outage. The organization took immediate action and brought the entire network offline to isolate the issue, protect its data and prevent further damage from occurring. Unfortunately, this process heavily impacted the hotel’s operations and day-to-day functions, such as managing reservations, unlocking hotel room doors manually and using point-of-sale (POS) systems in restaurants and shops within the hotel. Some estimates expect this attack to cost the Omni over a million dollars. While unconfirmed by the hotel, several sources speculate that the type of cyber-attack was a ransomware attack similar to what happened to MGM in Las Vegas several months ago.

I was at an Omni Hotel for a conference in Nashville when this was going on. If I wanted to park I had to have exact change CASH or port somewhere else. If I wanted to eat there they said the card would be held and charged “sometime next week”. I can’t imaging the lost revenue, damaged reputation, lose of confidence, etc. they had that week and with customer of the over-term.

While most customers were aware of the inconveniences of the Omni outage, many weren’t aware of the dangers associated with cyber-attacks. When a network is compromised, unless you have high-grade tools to protect you, every device you connect to is put at risk. When you’re traveling, it’s important to treat everything like a risk to ensure your safety. In today’s article, we’re sharing a couple of tips to keep you safe when you’re on the road for work or even on vacation this summer.

1. Don’t connect to the public Wi-Fi in the hotel. Truthfully, this also applies to coffee shops, airport lounges, etc. If a network is compromised and you connect to it, you could be giving hackers access to your devices.
2. Turn off the auto-connect feature. Even if you don’t actively connect to the hotel’s Wi-Fi, if a hacker has set up a fake Wi-Fi network and your device auto-connects to it, that could be a big problem. Shut the feature off and only manually connect to sources you trust.
3. Use your phone’s hotspot. Instead of connecting to public Wi-Fi, most cell phones come equipped with a hotspot that allows your other devices to connect to your phone’s internet. If not, one call to your wireless provider can often add this feature.

These tips will help protect you, but if you travel for work or have employees who travel for work, it’s important that all work devices have professional-grade cybersecurity tools installed on them. You don’t want to send your sales team to a hotel-hosted trade show, and instead of bringing back a list of leads, they bring back malware that could shut down your company altogether.

There is one final lesson in this terrible incident that all SERVICE AREA business owners need to understand: No matter the size of the company, you can still be the victim of a cyber-attack. The Omni chain, which boasts over 50 properties nationwide, would likely have a large budget to defend itself from cyber-attacks and yet still fall victim to hackers. No system is 100% impenetrable, but small business owners who don’t have any security measures in place are putting a big red target on their backs.

If you don’t have a cybersecurity system in place, or if you do and someone else is managing it but you’d like a second opinion, we offer a FREE Security Risk Assessment. This assessment will go over every area of your network to identify if and where you are vulnerable to an attack and propose solutions to fix it.

Click here to book your Security Risk Assessment with one of our cybersecurity experts, or call our office at 214-550-0550.

Are you planning on buying gifts for the special women in your life for Mother’s Day? If you shop online, there are a few ways to do it SAFELY. During the holidays, cybercriminals ramp up various scams to capitalize on innocent people looking for gifts online. These scams range from fake offers to sham giveaways, all with the goal of stealing your money and information. Times and technology have changed drastically in just the last year, meaning what kept you safe before is no longer enough. In today’s article, we’ll share the best way to pay for your online purchases, the common scams to look out for and the top online shopping best practices to keep you safe.

How To Make Online Purchases Safely

Should you use your debit card to buy online? No! Debit cards are linked directly to your bank account. If you make a bad purchase online, it can be very difficult to get your money back once you’ve alerted your bank. To avoid headaches, hours on the phone arguing with customer support, losing money and, if things escalate enough, legal fees, use your credit card or a third-party payment system instead.

Credit cards have extensive fraud monitoring systems, which can often catch discrepancies as they occur. These companies use statistical analysis and machine learning to track and analyze your transactions to quickly identify suspicious activity, allowing you to dispute the purchases and avoid being charged.

Some credit card companies, like Capital One, go a step further to keep you secure by offering virtual credit cards. These cards provide you with a random 16-digit number, a three-digit CVV and an expiration date that you can use for online or even in-store purchases. While these DO connect to your real accounts, retailers are unable to see your actual card details, keeping your information secure. Bonus: These can be “turned off” at any time, eliminating the hassle of canceling unneeded subscriptions without going through the merchant.

Third-party tools like PayPal are also a great option because no personal information is exchanged with the seller. The company you’re purchasing from does not receive your financial or banking information, keeping your data secure.

Online Shopping Best Practices

Using a credit card, virtual card or third-party payment tool is a great start, but it isn’t the only proactive step you should be taking to stay safe online. If you’re making purchases online, make sure you’re also:

Shopping from real websites – Cybercriminals will set up fake websites that look exactly like big-name websites. Go to the REAL website and search for the item you’re looking for.

Avoid too-good-to-be-true offers – If it sounds like a scam, it’s probably a scam! If you’re interested, go to the website and look up the deal to see if it exists.

Do NOT click on promo links in e-mails – Cybercriminals will set up spoof e-mails mirroring your favorite brands. When you click on the offer links, they can infect your network.

Use a VPN – This hides your location and web browsing information from snoopers.

Don’t save your information – Password tools are trying to make your life easier by saving your payment information, but they make you more vulnerable to having it swiped.

Use unique logins for loyalty accounts – Using the same e-mail and password combo for all your loyalty accounts means that if one is compromised, a smart hacker could break into all of them, and some will have your payment information available.

Set up alerts – Go into your banking system and enable notifications. You can request to be notified when any purchases or purchases over a certain amount are made, so you can quickly report any suspicious activity.

Cybercriminals will use any method they can to steal your information and money. To stay safe, you must take a proactive approach to protecting your financial information. This is equally true for your business. If hackers are willing to put this much effort into stealing money for low-dollar purchases, imagine what they would do to access your company accounts. Your customer data, employee information, trade secrets and more can be worth millions to them.

If you’re not sure if your company is as secure as it should be or you just want to get a second set of eyes on your system to make sure there aren’t any holes in your security, we’ll perform a FREE Network Security Assessment for you. We’ll go through our multi-step security checklist and let you know if and where cybercriminals can get into your network.

Click here to book your FREE Network Security Assessment now or call our office at 214-550-0550.

In today’s hyperconnected world, cybersecurity is a critical concern for individuals and organizations alike. However, as the digital landscape evolves, so do the myths and misconceptions surrounding cybersecurity. If you want to be protected, you have to understand what the real threats are and how you could be unknowingly overlooking them every single day. In this article, we will debunk 5 common cybersecurity myths to help you stay informed and protected as you take your business into 2024.

Myth 1: “I’m too small to be a target.”

One of the most dangerous cybersecurity myths is the belief that cybercriminals only target large organizations. In reality, cyber-attacks do not discriminate by size. Small businesses, start-ups and individuals are as susceptible to cyberthreats as larger enterprises. Cybercriminals often target smaller entities precisely because they may lack robust cybersecurity measures, making them easier prey. To stay safe, everyone should prioritize cybersecurity, regardless of their size or scale.

Myth 2: “Antivirus software is enough.”

Antivirus software is an essential component of cybersecurity, but it is not a silver bullet. Many people mistakenly believe that installing antivirus software on their devices is sufficient to protect them from all cyberthreats. While antivirus software can help detect and prevent known malware, it cannot stand up against sophisticated attacks or social engineering tactics. To enhance your protection, combine antivirus software with other security measures, such as firewalls, regular software updates and user education.

Myth 3: “Strong passwords are invulnerable.”

A strong password is undoubtedly an integral part of cybersecurity, but it is not foolproof. Some believe that creating complex passwords guarantees their accounts’ safety. However, even strong passwords can be compromised through various means, including phishing attacks, keyloggers and data breaches. To bolster your security, enable multifactor authentication (MFA) whenever possible, which adds an additional layer of protection beyond your password.

Myth 4: “Cybersecurity is solely an IT department’s responsibility.”

Another common misconception is that cybersecurity is exclusively the responsibility of an organization’s IT department. While IT professionals are crucial in securing digital environments, cybersecurity is a group effort. Everyone within an organization, from employees to management, should be aware of cybersecurity best practices and adhere to them. In fact, human error is a leading cause of data breaches, so fostering a culture of cybersecurity awareness is essential.

Myth 5: “My data is safe in the cloud.”

With the increasing use of cloud services, some individuals believe that storing data in the cloud is inherently secure. However, the safety of your data in the cloud depends on various factors, including the provider’s security measures and your own practices. Cloud providers typically implement robust security, but users must still manage their data securely, including setting strong access controls, regularly updating passwords and encrypting sensitive information. It’s a shared responsibility.

Cybersecurity is something you must take seriously heading into the New Year. Cyberthreats continuously evolve, and believing in these misconceptions can leave individuals and organizations vulnerable to attacks. It’s essential to stay informed, maintain a proactive stance and invest in cybersecurity measures to protect your digital assets. Remember that cybersecurity is a collective effort and everyone has a role to play in ensuring online safety. By debunking these myths and embracing a holistic approach to cybersecurity, you can better protect your digital life and business.

To start off the New Year in a secure position, get a completely free, no-obligation security risk assessment from our team. We’ll review everything you have in place and give you a full report explaining where you’re vulnerable and what you need to do to fix it. Even if you already have an IT team supporting you, a second set of eyes never hurts when it comes to your security. Book an up to 30-minute discovery call with our team here – link.

Recently, the CEO of a very successful marketing firm had their Facebook account hacked. In just a weekend, the hackers were able to run over $250,000 worth of ads for their online gambling site via their account and removed the rightful owner as the admin, causing the firm’s entire Facebook account to be shut down.

Not only are they uninsured for this type of fraud, but they were shocked to discover that Facebook, as well as their bank and credit card company, was NOT responsible for replacing the funds. Facebook’s “resolution” was that there was no fraud committed on their account because the hacker used their legitimate login credentials, and Facebook is not responsible for ensuring you keep your own personal credentials safe and confidential. Further, they didn’t have the specific type of cybercrime or fraud insurance needed to cover the losses, so they’re eating 100% of the costs.

Not only are they out $250K, but they also have to start over building their audiences on Facebook again, which took years to build. This entire fiasco is going to easily cost them half a million dollars when it’s all totaled.

In another incident, another firm logged into their account to find all of their ads were paused. Initially, they thought it was a glitch on Facebook, until they realized someone had hacked into their account, paused all of their legitimate ads and set up 20 NEW ads to their weight-loss spam site with a budget of $143,000 per day, or $2.8 million total.

Due to their spending limits, the hackers wouldn’t have charged $2.8 million; however, due to the high budgets set, Facebook’s algorithms started running the ads fast and furious. As they were pausing campaigns, the hackers were enabling them again in real time. After a frantic “Whac-A-Mole” game, they discovered the account that was compromised and removed it.

The compromised account was a legitimate user of the account who had THEIR account hacked. Because of this, Facebook wouldn’t replace the lost funds, and their account got shut down, with all campaigns deleted. Fortunately, these guys caught the hack early and acted fast, limiting their damages to roughly $4,000, but their account was unable to run ads for 2 weeks, causing them to lose revenue. They estimate their total damages to be somewhere in the $40,000 to $50,000 range.

When many people hear these true stories (with the name of the companies withheld to protect their privacy), they adamantly believe someone besides them should step up and take responsibility, covering the losses. “It wasn’t OUR fault!” they say. However, the simple reality is this: if you allow your Facebook account – or any other online account – to be hacked due to weak or reused passwords, no multifactor authentication (MFA) turned on, improper e-mail security or malware infecting your devices due to inadequate cyber security, it is 100% YOUR FAULT when a hacker compromises your account.

Facebook is just one of the cloud applications many businesses use that can be hacked, but any business running any type of cloud application, including those that adamantly verify they are secure, CAN BE HACKED with the right credentials. Facebook’s security did not cause their account to be compromised – it was the failure of one employee.

The BEST way to handle this is to NOT get hacked in the first place. Here’s what you need to do to protect yourself:

• Share this article to make sure your staff is aware of these types of scams. Cybercriminals’ #1 advantage is still hubris; businesses and most people in general insist that “nobody would want to hack me” and therefore aren’t extremely cautious with cyberprotections.
  
  
• Make sure you create strong, unique passwords for EACH application you and your team log into. Use a good password management tool such as <<XXXXX>> to manage this, but remember IT MUST BE USED IN ORDER TO WORK. For example, don’t allow employees to store passwords in Chrome and bypass the password management system.
  
  
• Minimize the number of people logging into any account. If someone needs access, give them that access and then remove them as a user ASAP immediately after. The more users you have on a cloud application, the greater the chances are of a breach.
  
  
• Make sure all devices that touch your network are secure. Keylogger malware can live on a device to steal all of your data and credentials.

If you want to ensure your organization is truly secure, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.