May A Force Field Be With You

“That won’t happen to me” is something many business owners say when discussing cyber-scams and the need for adequate protections for their business, but these days it’s getting to be a really, really stupid statement that you definitely don’t want your clients, employees and banker to hear.

Generative AI (artificial intelligence) tools are allowing scammers to produce deep fakes to defraud their targets. Earlier this year, Clive Kabatznik, an investor in Florida, called his local Bank of America representative to discuss a big money transfer he was planning to make.

Immediately after this legitimate call, a scammer called the bank back using an AI-generated deepfake voice of “Clive” to convince the banker to transfer the money to another account. Fortunately, the banker was suspicious enough that no money was transferred, but not everyone is as lucky.

According to a report titled The Artificial Imposter by McAfee, a well-established cyber security firm, 77% of AI voice scams were successful in securing money from their target. Even scarier, AI tools can clone a voice from just three seconds of audio.

A UK-based energy firm’s CEO was the victim of a voice scam when he thought he was talking to his boss, the CEO of the parent company based in Germany. The voice on the other end of the line instructed him to send the equivalent of $233,000 to a Hungarian supplier. The voice was so convincing, down to the slight German accent, that the CEO complied without hesitation. By the time they realized what had happened, the money had already been transferred to Mexico and distributed to other locations that weren’t traceable. 

But big businesses aren’t the only ones targeted.

Jennifer DeStefano, a mother of a 15-year-old daughter, recounted during a US Senate hearing her terrifying encounter with an AI scammer who used the voice of her daughter to attempt to convince her that the girl had been kidnapped. Fortunately, her daughter was in her bed sleeping at the time, and Jennifer was able to realize it was a scam. Many others aren’t as lucky as Jennifer and are getting scammed by AI voices of grandchildren, children and other loved ones who “urgently need money.”

This approach is still so new that there’s no comprehensive accounting of how often it’s happening, but the CEO of Pindrop, a security company that monitors audio traffic for many of the largest US banks, said he had seen a jump in its prevalence this year – and in the sophistication of scammers’ voice-fraud attempts. Another large voice-authentication vendor, Nuance, saw its first successful deepfake attack on a financial services client late last year.

With the rapid advancement of AI technology and its wider availability as costs come down, coupled with the broad availability of recordings of people’s voices on TikTok, Facebook, Instagram and YouTube, the perfect conditions have been created for voice-related AI scams.

What do you need to do to protect yourself?

For starters, share this article to make sure your staff is aware of these types of scams. Next, instruct them to ALWAYS check with you via a text message or other means BEFORE transferring money. If you’re not a business owner, you can do the same with your family, using a code word or other means of verifying the caller’s legitimacy.

Also, check the caller ID. If it’s something you don’t recognize, or it’s a blocked number, that’s a BIG red flag that it’s a scam. Even if it sounds like them on the other end of the line, hang up and call their phone direct or the place they’re supposed to be (school, office, etc.).

If the person calling has on-fire urgency and wants money wire-transferred or a Bitcoin payment, that’s another huge red flag. Real emergencies don’t come with highly skeptical payment demands.  

In business, you’ve clawed and climbed your way to the top, dodging all sorts of pitfalls and predators that have tried to make you their meal. Such threats are everywhere, and the higher you climb, the more you’ll find hiding behind every tree, every rock and every step. No matter how small and insignificant you might think you are, you ARE a target for someone, and being casual about cyber security and the threats they pose is an absolute surefire way to be robbed.

If you don’t want this to happen to you, click here to request a free Cyber Security Risk Assessment to see just how protected your organization is against known predators. If you haven’t had an independent third party conduct this audit in the last 6 months, you’re due.

It’s completely free and confidential, without obligation. Voice scams are just the latest in a tsunami of threats aimed at small business owners, with the most susceptible being the ones who never “check the locks” to ensure their current IT company is doing what they should. Claim your complimentary Risk Assessment today.

Why Cyber Security Compliance Doesn’t Belong In The IT Department’s Hands

What if you discovered that all of the hard work, investments and time you’ve put into growing your business is at risk due to a failure of your outsourced IT company, or possibly even your well-meaning (but overburdened) IT department? If you were exposed to that level of risk, wouldn’t you want someone to tell you about it?

This article is that wake-up call.

Over the last several years, the risks associated with cyber security attacks have grown in magnitude. They are no longer a low-probability hazard that will result in a minor inconvenience. Businesses of all sizes and types are getting hacked and losing hundreds of thousands of dollars, or even multiple millions, in addition to suffering significant reputational damage and loss of customer goodwill. For some, it’s a business-ending event. For nearly everyone else, it’s a significant financial disaster that can negatively impact profits and revenue for years.

Yet too many CEOs and small business owners are still abdicating critical decisions regarding risk tolerance and compliance policies to their IT company or IT department when these decisions no longer belong there.

For example, let’s suppose you have an employee who refuses to comply with strict data security and password policies and continually fails cyber security awareness training, putting your company at risk for a cyber-attack and compliance violation. Should your IT manager or IT company fire this employee? Reprimand them? Is it even their IT department’s job to manage employee behavior with company data and devices? If you say yes, the question is, when was the last time you met with them to specifically address this issue and direct them on how to monitor and manage it? Likely never – or once, a very long time ago.

Therein lies the problem. Most CEOs would agree that it’s not up to the IT department to make that call, yet many of these same CEOs leave it entirely up to the IT department (or outsourced IT company) to handle the situation and make decisions about what is allowed, what isn’t, how much risk they want to take, etc.

Worse yet, many CEOs aren’t even aware that they SHOULD have such policies in place to ensure your company isn’t compromised or at risk – and it’s not necessarily your IT person’s job to determine what should or shouldn’t be allowed. That’s your job as the CEO.

As another example, many companies have invested in cyber liability, ransomware or crime insurance policies to provide financial relief in the event of a cyber-attack and cover the exorbitant legal, IT and related costs that result when such an event occurs. Yet our experience shows that most insurance agents and brokers do not understand and cannot convey to the CEOs they are selling a policy to the IT requirements needed to secure a policy. Therefore, they never advise their client to make sure they get with their IT provider or internal IT to ENSURE the right protocols are in place, or risk having coverage denied for failure to comply with the requirements in the policy they just sold them.

When a cyber event occurs and the claim gets denied, whose fault is it? The insurance agent for not warning you? Your IT department or company for not putting in place protocols they weren’t even briefed on? Ultimately, it’s on you, which is why you as the CEO must make sure that decisions impacting the risk to your organization are informed ones, not decisions made by default.

Of course, a great IT company will bring these issues to your attention and offer guidance, but most are just keeping the “lights” on and the systems up, NOT consulting their clients on enterprise risk and legal compliance.

If you want to make sure your organization is actually prepared for and protected from the aftermath of a cyber-attack, click here to schedule a private consultation with one of our advisors about your concerns. It’s free of charge and may be extremely eye-opening for you.

Something that I found VERY interesting and VERY true.

If you manage people – ask yourself which side of this you find yourself on. If you’re on the right side, reflect and look for what you can do to move to the left side.

Managing people is tough. But, a good leader can move mountains with a highly motivated team……

College-Age Kids Are A Prime Target For Cybercriminals – Make Sure Your Students Are Safe At School

College has changed since many of us were students. Years ago, we’d be shuffling from class to class, holding a single notebook and a pencil for scribbling down notes. There wasn’t as big a risk of photos or data being stolen online.

That’s no longer the case. Students today have at least one – usually two or three – devices readily available. The scary part is, most college-age students think of themselves as tech-savvy “digital natives”; however, a study by Atlas VPN showed that Gen-Zers and millennials are the age groups most likely to fall for phishing scams.

In fact, according to the National Cybersecurity Alliance, 20% of Gen-Zers have had their identity stolen at least once.

Here are just a few of the terrifying ways cybercriminals attack this young crowd:

• Unpaid tuition notifications – scammers will send fake e-mails to students claiming they owe a certain amount of money or it’ll affect their enrollment.
• Fake financial aid, grant or scholarship websites that, when clicked, either steal their information or install malware on their computer.
• Fake Wi-Fi accounts set up by hackers in public places to steal passwords and private data when their device connects.
• Social media scams used to gather private information to either hack accounts or set up new ones.
• Hacking phones or social media accounts to steal photos and blackmail students into payment so they don’t release them publicly.

Sadly, the list goes on and on!

How can kids raised on technology fall for so many scams? Here are just a few of the big reasons why:

• Hackers know most students aren’t properly educated on cyberthreats because they’ve always worked on computers that were secured by the school or their parents.

• They grew up using social media and feel comfortable divulging private information about themselves (that thieves can harvest and later use to initiate an attack).
• This is a big one – they have no or very little credit, giving cyberscammers a smoother path to opening accounts in their name.
• They have multiple connected devices like phones, laptops, tablets and watches that give criminals more avenues to attack.
• College kids are distracted. They’re focused on school and making friends, and NOT cyber security, making it easy to let a cybercriminal slip by undetected until it’s too late.

What can you do?

We have robust cyber security solutions and 24-hour monitoring to protect the businesses that we work with and can even recommend at-home security software, but what about when your kids go off to school, away from your watchful eye?

You certainly can’t pack up and camp out at college to make sure they’re following cyber security best practices. But you can make sure they know what to look out for and give them the tools and resources to stay as safe as possible.

Here are 14 actions your child can take to prevent being a victim of cybercrime when they’re off at college:

1. Invest in strong, trusted virus and spyware protection and run scans once a week.
2. Never click “Remind Me Tomorrow” when a phone or computer wants to update. Turn on automatic updates when possible.

3. Keep all browsers, extensions and operating systems updated.
4. Back up the computer to the cloud regularly to avoid losing data if there is an attack.
5. Do not visit or enter credit card information on websites that aren’t secure (HTTPS:// only!).
6. Don’t connect to public Wi-Fi. Use a personal hotspot or VPN when on the go.
7. Beware of phishing scams. Do not click links or open attachments in e-mails, especially from unknown senders. Google websites and search instead of clicking links.
8. Use strong, unique passwords and use a password manager.
9. Regularly delete cookies. These can create “loopholes” for hackers to get into a network.
10. Only install software and apps from trusted sources.
11. Use multifactor authentication.
12. Lock all devices and don’t share passwords, even with your new best friend.
13. Cover all webcams – there are stickers for purchase online, but tape and paper will work.
14. Register devices with the school in the event they are stolen.

Run through this list with your children! When students leave for college, cyber security is not a priority for them, but unfortunately, if they’re targeted it could negatively impact their lives at a time when they’re just getting started.

Cyber security takes just a few minutes of conscious effort but is a critical lesson to learn in this age when nearly everything we do involves technology. The risks of cybercrime will only continue to grow.

If your organization could benefit from cyber security training similar to this but more in-depth for employees, so they know the risks and best practices of cyber security, we can help. Start with a completely FREE Cybersecurity Risk Assessment by clicking here.