now browsing by category
Hackers are constantly throwing in new and clever phishing attacks that threaten email users’ security. KnowBe4, one of the top security attentiveness and simulated phishing platform contributors recently issued the top 10 phishing email subject lines from this year’s second quarter. Please note, the attacks used most often contain email subject lines that relate to a user’s passwords and security warnings.
An estimated 1 out of 3 people will open a phishing email each day. This tricky way of gathering people’s personal and financial information is getting bigger, despite all the warnings from technology experts.
What is Phishing?
Phishing is a technique that hackers practice to steal personal information, like credit card info or login authorizations. The hacker replicates an existing login page from an online service such as Dropbox, Apple, Gmail or your financial institution. This made-up website holds a code that delivers all the personal data you submit directly to the hacker. To lure you to the bogus website, hackers send a believable email to you. Quite often, the email sent to you will ask you to log in to your bank account because your bank has exposed a transaction that you did not authorize.
Hackers can make these emails look and sound real and their exploits have been very successful. They often use fear. The email will make it sound like you need to take action NOW! So without really checking, the victim clicks the bad link and continues to the bogus landing page where they give the cyber thief their log-in and password information.
Why is Phishing a Concern?
It is reported that consumers, businesses, and organizations will lose an estimated $9 billion in 2018 globally. With so much personal information tied to finances now shared online, hackers use phishing in order to illegally steal your money.
The Anti-Phishing Working Group (APWG) latest quarterly release reported:
- Over 11,000 phishing domains were created in the last quarter alone.
- The number of phishing sites rose 46% over the previous quarter.
- The practice of using SSL certificates on phishing sites continues to rise to lure users into believing a site is legitimate.
Is Phishing Just a Risk for Personal Users?
Because they store a lot of files in the cloud, Phishing is also a risk for all kinds of companies: Digital design companies, financial institutions, security companies, etc. According to hackmageddon.com, there were 868 reported company security breaches or cyber-attacks in 2017.
What do Hackers need to be successful?
There are generally three things hackers do to gain access to your information:
- Build an email account to send emails
- Buy a domain and set up a fake website
- Think of a tech company that is used often to mask itself as a legit website (Dropbox, Amazon, eBay, etc.)
What Can I Do to Avoid Phishing?
It has become increasingly difficult to guard yourself against phishing. As hard as Apple, Google, and other tech companies have worked to filter them out, hackers are always devising new ways to phish. However, here are some tips on spotting phishing emails:
- Try to avoid clicking on buttons and/or links in emails.
- Begin using password managers. A password manager aids the user in creating and retrieving complex passwords and storing the passwords in an encrypted database. Therefore, if hackers get one of your passwords, they can’t use it on any of your other accounts.
- Don’t put total faith in the green lock icon in your address bar. This only ensures that it is a private channel but does not inform you about who you’re communicating with.
- Allow 2FA (two-factor authentication). Two-factor verification is an extra layer of safekeeping otherwise known as “multi-factor authentication.” 2FA requires a password and username, and also something that only the user knows (mother’s maiden name) or has (passcode texted to another device, such as a cell phone).
- Be extra cautious if the browser plugin of your password manager doesn’t show your login credentials automatically.
- Be quick to report suspicious emails to your friends and colleagues. Organizations who make it easy for their employees to report attacks will see a significant decrease in cyber-attacks. The quicker an IT department can respond to a threat, it will minimize the threat potential damage inflicted on people.
Ironically, the trend for most of these phishing emails are warnings about security alerts.
Here are the top 10 from Q2:
- Password Check Required Immediately (15 percent).
- Security Alert (12 percent).
- Change of Password Required Immediately (11 percent).
- A Delivery Attempt was made (10 percent).
- Urgent press release to all employees (10 percent).
- De-activation of  in Process (10 percent).
- Revised Vacation & Sick Time Policy (9 percent).
- UPS Label Delivery, 1ZBE312TNY00015011 (9 percent).
- Staff Review 2017 (7 percent).
- Company Policies-Updates to our Fraternization Policy (7 percent).
By: Julie Kastner, Phoenix Technology
Are you really protecting your digital information? You’ve likely heard of an SSL certificate. But do you know what it is or why it is important? I’d venture a guess that like most people you rarely give it a thought.
Almost a year ago to the day, there was a post entitled, “The Cost of Public Wi-Fi“. That post contained some tips on how to protect your data. Most people understand the importance of protecting passwords and logins. Many know not to use a public Wi-Fi but let’s face it many of us do. Starbucks, airport lounges, and even your local grocery store all provide wi-fi and a public password. Maybe you even think that your account will never be hacked.
Who actually remembers that your email is data and contains lots of information about you, your company, and your family? It can be the gateway to your digital information. The first post provided a few tips on how to reduce your risk when using a public Wi-Fi. One of the tips said, “check your email application to make sure that is using SSL”. SSL – what’s that? Where is it? Do you have it? How do you know?
What is an SSL Certificate and Why Should You Care” is an article written by Bill Hess, the founder of Pixel Privacy. It provides some great information that answers all of those questions and more. I hope you find the article both informative and useful.
Every private practice health care provider has had to weigh and measure whether a cloud-based or server-based software solution is right for their practice. As your practice grows, it is good business to assess whether your initial decision is still the right one.
A few months ago, one of our clients found themselves in the path of a raging fire. Fortunately, they had made the decision to be cloud-based. Initially, they had to access patient notes via a tablet and then utilized a temporary office to see patients. They never missed a beat. All of the patient care data was completely backed-up and accessible from anywhere they were.
Cloud-based servers can be an attractive solution for many reasons.
- They provide on-going and instantaneous back-up systems;
- The back-up sites are in multiple locations throughout the United States so redundancy is in place;
- The responsibility and cost to maintain the cloud-based servers are not an expense the practice must bear;
- You do not have to worry about upgrading or maintaining the servers; and
- You save money because you do not need IT staff/contractors to manage, maintain or troubleshoot the servers.
Yet, there are those who feel a server-based solution is best for them because:
- They maintain direct control;
- They feel that troubleshooting response time is faster with in-house servers and contracted IT staff; and
- Despite the associated costs there is a level of trust in server-based over cloud-based.
Regardless of the solution you choose or have chosen for your practice it is important that you have a technology disaster plan. No one plans on a disaster. Most of us have never and will never experience one. But, if there is one will you be able to access your patients’ records, refill prescriptions and DME orders and keep your practice going? So, whether it is an extended power outage, hurricane, fire, earthquake, tornado or a flood you need to be prepared. Is your data backed up off-site and out of your geographic area? Will you be able to access the patient data if you have to practice in another location? Could you function if all you had was an iPad or tablet?
Assess your situation and make changes as you deem appropriate. Don’t wait until it is too late.