Back to Newsletter Archive

Having trouble seeing this email. View it online.
Sword & Shield - Intelligent Security
Security Solutions for Peace of MindNovember 2016
Beginning Your Secure Future
Holiday Shopping Safety Series
SHOPPING VIA CREDIT CARDS AND E-COMMERCE

It's that time of year again: stores closing for a couple of hours (if at all) on Thanksgiving while others are completely closed. Black Friday is creeping into Thursday and cutting into turkey overload time. Starbucks has the peppermint syrup for our frappuccinos, lattes, and mocha drinks. Families are shopping for the best deals for the perfect gifts for their loved ones. Christmas (and Santa Claus) is coming.

Because the cash flow is on the rise, the activity of cyber criminals is increasing as well. The purpose of this blog series is to educate you about how to be safe through this season including Black Friday, Small Business Saturday, and Cyber Monday. While I try to be thorough, I cannot possibly cover everything, but I try.

Analysis
With the rise of online retailers, and conventional, brick and mortar retailers having online presences, the Internet continues to cement itself as a viable way to save money. In addition, the Internet is a place of glee, danger, savings, and mischief. Because cyber crooks know that people are ready and willing to spend money online, they are ramping up their campaigns and strategies to trick consumers into giving up their payment card information or to make bogus purchases.

The sections below provide anecdotal scenarios of the attacks you may encounter that targets your credit card information:

Insecure Websites
Insecure websites are not quite as malicious as some of the other online threats in that the sites, themselves, are not exactly what you need to worry about. The site may be legitimate or it may not be (see the Hoax Website section below), but you need to worry about the traffic youre passing to the website.

As a point to begin the discussion, an insecure website is a very subjective term. In this context, I am referring to those lacking an SSL Certificate and the ability to verify and encrypt the connection. This is not always the case, as attackers are also able to obtain SSL Certificates. Other examples include bad coding, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and issues with the underlying database allowing attackers to obtain or manipulate any or all information contained within it.

Read the story

See also:
Holiday Scams and Hoaxes
The CyberSecurity State of the Mid-Sized Company is Risky Business
If your company employees 250 or more people a year and earns more than $10 million a year in revenue, your cybersecurity concerns are far different than your neighborhood shop with 20 employees and a significantly smaller budget.

Mid-sized businesses are often tucked away in the small-to-mid-sized business (SMB) category because, frankly, the federal government doesnt formally recognize a mid-sized category.

However, if your company posts between $10 million and $1 billion, according to the Ohio State Universitys National Center for the Middle Market, then youre a mid-sized company, and mitigating your cybersecurity challenges is more complicated.

According to the Ponemon 2016 State of CyberSecurity in SMBs report, 62 percent of SMBs say they are not effective at mitigating risks, vulnerabilities and attacks across their enterprise and they cite their biggest problem as not having the personnel to do so. Budget constraints and insufficient enabling of security technologies are also barriers to a stronger cybersecurity posture.

This is troubling in light of new studies that show cybercriminals view the mid-sized business as their sweet spot because they have the resources these thieves like to target, but not enough people and know-how to address it.

In addition, mid-sized businesses have a much harder time recovering from attacks than the big boys. Target, Home Depot and eBay, for example, have all recovered from the massive cyberattacks that besieged their enterprise, but 60 percent of smaller businesses that fall victim to cybercrime go out of business within six months because they can spend up to $50,000 recovering from each breach.

Read more

See also:
Mid-Sized Business Can Efficiently Improve their CyberSecurity with a vSCC