During our first quarter webinar entitled “Two Critical Recommendations To Improve Your Firm’s Cyber Defense,” the attendees were given an opportunity to ask questions. In addition to answering the questions below, we also have written several blog articles that elaborate on each subject discussed during our recent webinar. You can find the links to each of the articles at the bottom of this page.
Now, on to the questions asked!
Question 1: If my company or my employees are being monitored on The Dark Web from Optistar or another IT firm, does that potentially raise alerts/concerns on Dark web?
Answer 1: Utilizing a Dark Web monitoring service does not raise any alerts for any companies. This is a passive system and would not work like a credit check type of system.
Question 2: What are best practices if you really need to use public Wi-Fi?
Answer 2: Public WIFI is not a safe option and should be used only as a last resort. There are various security risks inherent with open Wi-Fi systems. With some very simple and free tools, anyone can see any traffic from anyone’s laptop or phone. This traffic can be viewed easily and can see any webpage traffic you are browsing through, and potentially any emails can be scanned and spoofed. Ideally you should always use a VPN service when utilizing a Public Wi-Fi, and to be even more secure, you should employ a firewall service as well. Windows and Mac PCs have a built-in firewall that is a decent resource, but there are many others that can be purchased for even more Security. Ideally, it would be better to use your phone as a personal hotspot to circumvent everything and create a closed and secure connection.
Question 3: Late last year, I had a client call me asking if I had sent them an invoice via email. I hadn’t and I told them to not open/click on the email but what else should I do and what should my company do next? I don’t want to give my clients undue concern but when one client calls, should the assumption be that we were hacked and someone was using our company emails for phishing attempts?
Answer 3: This is a tricky one. It can be easy to spoof a domain and doesn’t necessarily indicate a breach. However, if the person calling in has an original invoice with numbers changed, then yes, there is certainly some kind of data breach and you should have a full systems audit done immediately. If it is a fake invoice, then this is more indicative of a spoof and there are limited options in place. Ideally, it would be best if you had a multi-factor process in place, where a client has a password, or secure portal to utilize for payment methods.
Question 4: I handle Fidelity claims. Title companies are duped into transferring payoff funds to a different bank account (several hundred thousand). The receiving banks release the funds within hours or days. It seems most banks will hold funds for 7-10 days before releasing. How is it that criminals are able to open bank accounts and nobody can trace them? Don’t they have to show ID to open an account?
Answer 4: This is a tough question and there is no straight answer. Banks allow people to create accounts online and these are often done, through shell company accounts or with falsified documents. To make it even worse, this is part of the real reason for identity theft where actual people’s information is stolen, sold for pennies on the dark web. With social security numbers, home address and even stolen bank account information, accounts can be setup with ease. Often times, these accounts are only opened for a short time to receive funds, and then moved to offshore accounts where they cannot be tracked. It is a very real problem and until banks take a more security conscious approach to account monitoring and auditing, it is best to have a multi-factor ACH protocol in place.
Thank you to all of those that attended our CLE accredited webinar! To download the recording of our 1st quarter webinar, click here. We hold webinars each quarter, so be sure to email us at firstname.lastname@example.org if you’d like to be invited to our future events! In addition, if you have any topics you’d like to see in future webinars, just email us at email@example.com!
Check out the articles below related to several of the questions brought up during our recent webinar:
- Should I Use The Public WiFi At Starbucks?
- What Is Multi Factor Authentication?
- Still Your #1 Defense Against Ransomware
- You’ll Be Shocked By The Number Of Employees Clicking On Phishing Emails
- What Is The Dark Web And Why You Should Care
- How To Avoid Becoming The ‘Catch Of The Day’
For more information on Security Awareness Training, Dark Web Monitoring, or any additional business technology solutions, contact us at firstname.lastname@example.org or 1-888-782-7003. Be sure to visit our website to learn more about Optistar.