CRYPTOJACKING: How to Protect Yourself from Cyber Crime

With the rapid rise of cryptocurrency, comes the rapid rise of cryptojacking – a form of cybercrime which entails an unauthorized use of the processing power of a person’s computer, tablet, mobile phone, or other device, to mine for cryptocurrency on behalf of the hacker. Essentially, cryptojacking allows hackers to make free money by gaining access to someone else’s device with just a few lines of code.

The reason why cryptojacking is attractive to hackers is because mining for cryptocurrency is an expensive process that requires a lot of resources, such as costly computer equipment and extensive use of electricity, which brings about higher bills. In addition to that, the more machines hackers get access to, the faster they mine and create coins.

There are two types of cryptomining attacks:

  1. Cryptojacking: mining via compromised websites
  2. Malware-based cryptomining: mining via a malware on a device

How does cryptojacking work?

Cryptojacking occurs when a person’s browser is used to mine cryptocurrencies without their consent. Since hackers don’t have to use malware, browser-based attacks are much easier compared to other forms of cryptomining. By infecting a single web server, hackers can subject all visitors of the websites hosted on that server to cryptojacking.

Here’s how cryptojacking happens:

  1. The hacker compromises a website with a cryptomining script, which can be included in the website, a third party ad loaded by the website, an extension or browser plugin, as well as a pop-up window
  2. The user visits a compromised website, and the cryptomining script starts working
  3. The user, thus, starts unknowingly mining cryptocurrency for the hacker
  4. The hacker receives cryptocurrency

What happens to the device used for cryptojacking?

While the cryptojacking script is running, the user will notice a very high graphics card and/or CPU usage level. The device will start overheating and running slower than usual, and the battery levels will drain faster.

How to know if your device is being used for cryptojacking?

Check the Windows Task Manager on a Windows device and/or the Macintosh Activity Monitor on an Apple device, and review if there’s a substantial increase in CPU usage.

How to defend yourself against cryptojacking?

Fortunately, cryptojacking can be managed fairly easily. Here are some tips on how to protect yourself from this cryptomining form of cybercrime:

  1. Use an ad-blocker
  2. Only use browser extensions and plugins that are distributed by a trusted app store such as Google Play. In addition, check your browser extensions regularly, and remove/disable the ones that you don’t use
  3. If you notice that your device is heating up, restart the web browser
  4. Disable JavaScript and only allow trusted websites to run it
  5. If you’re concerned about how malware could be compromising your businesses’s sensitive information, give us a call today! We’ll walk you through the solutions that we provide so you can be confident in your company’s security.

Data Privacy Laws: Why You Should Care

Considering the amount of personal information being shared all over the Internet on a daily basis, it comes as no surprise that Data Privacy Laws are becoming the fastest growing and most interesting part of law these days. As people share sensitive, personal information every minute of every day, the concerns about the nature of use of that information by businesses and services grow exponentially, causing a need for updates and changes to existing privacy laws both in the US and abroad.

Privacy laws used to be stricter for industries such as finance and health, but today all businesses face data protection regulations, and should take the steps necessary to be compliant with current, as well as future requirements. Moreover, businesses could face huge fines if they don’t protect the privacy of people whose information they’re collecting.

It is a known fact that businesses collect an immense amount of data on anyone that visits and uses their websites. That data can include names, addresses, phone numbers, social security numbers, data about physical appearance, information on education, work history, salary, tax ID, medical data, location data, as well as call history, messages, and much more. The problem with this is that businesses don’t stop at just collecting the data, but often fail to protect what’s collected, and sometimes even abuse the sensitive information gathered over the years. For example, a lot of businesses sell users’ data to third parties.

Regulating misuse of personal information, protecting the consumers, and imposing fines, is at the core of Data Privacy Laws, the most famous being EU’s GDRP. The GDRP gives people the right to be informed about the type of data that’s being collected about them, how it’s being used by the businesses, how long it’s going to be stored, where it’s going to be shared, and more. It also gives people the right to request and access the personal data that’s being collected, the right to request a deletion of the data, the right to limit how the data is used, the right to object to certain use of data, and the right to be informed about automated decisions that affect their data.

In the US, the crucial Data Privacy Laws that businesses have to be aware of are:

HIPAA (Health Information Privacy and Portability Act) which safeguards patients’ personal health information.

GLBA (Gramm-leach-Bliley Act) which safeguards consumers’ financial data.

CCPA (California Consumer Privacy Act), which comes into effect on January 1, 2020, gives people the right to control how companies collect and use their personal data. 

Here in Ohio, most business owners should be familiar with the Ohio Data Protection Act. The law was passed August 3, 2018 as a means of protecting both businesses and consumers from data breaches. While it is voluntary for businesses to participate, it incentivizes business owners to create and maintain a cyber security program. This program should do the following:

  1. guard against identity theft by preventing unauthorized information access
  2. anticipate and plan for any threats to security
  3. maintain the confidentiality of personal information
  4. outline technical, administrative and physical safeguards that meet or exceed cyber security expectations recognized by the industry

Put in simple terms, these privacy laws make sure that companies can’t just collect people’s personal information for the sake of collecting it. They have to have a specific, lawful purpose for gathering and processing data. Moreover, they provide a framework for protecting companies and their customers from outside security threats.

If you are interested in better aligning your business with the requirements of evolving data privacy laws, take the first step today with a call that will transform the security of your business.

Prepare for the unexpected and protect your sensitive data. Contact us to get started.

Voice Search SEO – What is it and why should you care?

None of us is exempt. We’re all staunch adherents to this modern day phenomena that has become a rite of passage to 21st century living, extreme multitasking. We’re expected to get more done in less time so any means of efficiently allowing us to do so is welcomed with open arms.  Enter the world of Voice Search, which has equipped average Joe’s (& Jane’s) with their own personal digital assistant, available 24 hours, 7 days a week to answer any inquiry. Voice search has gained traction due to its convenience – it can be done while users are in the middle of other important tasks such as cooking, cleaning, and driving. The potential for that is endless as consumers become increasingly aware of the number of ways that hands-free assistance can serve them in their day-to-day lives. 

While the level of utilization still has significant room for growth, we’re already in the middle of a revolution that will have a huge impact on the way that consumers find businesses and how businesses are seen by those consumers. In 2016, Google told us that 20% of mobile searches for that year were voice searches. Fast forward to 2019 and audio technology has already grown more sophisticated. Comscore predicted that within the year, we will see 50 percent of searches initiated through digital assistants. 

Voice search has widened the communication channel, allowing us to search more precisely with a sense of intimacy that cannot be found in traditional typed searches. That sense of intimacy results in an entirely different framing of search phrases. In fact, in most cases, they are no longer phrases at all. We’ve transitioned into more conversational queries, often structured as questions, that require a different search engine optimization strategy from businesses. As a consumer, the rising popularity of voice technology is simply a matter of expanding convenience and accessibility. However, for businesses this technology calls for a major shift in marketing efforts.

Perhaps the most important shift businesses can make is to curate content fueled by customer interactions,with a focus on providing an answer that is within the context that your consumer is expecting. You can gain better insight into phrases they might use by observing the language they use in exchanges with your business and using that as a framework from which to build your web copy. Those observations should present you with an idea of long-tailed, intuitive keywords that can be used to create more visibility for your business. Those keywords can be included within a featured snippet on your website, an above the fold summary of a body of content typically prioritized above regular search listings. 

You’ll also want to be sure to leverage Google Business listing, which supplies Google with location information relevant to your business that can help you show up in location-based searches. To put the importance of this in perspective, consider the frequency in which you ask Siri location-based questions. She pulls her response to you from a list of businesses registered to Google Business. 

30% of all website sessions are now being conducted without a screen. As a business, that means you just inherited the new challenge of ensuring your business is prepared.

Tweets Can No Longer Be Sent From SMS To Twitter

If you use Twitter on a regular basis, then you probably saw the official tweet from the company. Effective immediately, they’ve shut down the functionality that allowed users to tweet via SMS, something that has been a part of the platform since its earliest days.

For the time being, the company is keeping SMS-based two-factor authentication for account holders, but that may change.

Currently, it’s too soon to say with any degree of confidence. The recent action was taken in response to serious security flaws with tweeting via SMS that made user accounts vulnerable.

This is not the first time the company has suspended use of the feature. The first time they did it though, the suspension lasted just two days. It happened September 4th and 5th of 2019 after CEO Jack Dorsey’s Twitter account was hacked. This time, there’s no end in sight.

Users who rely on SMS-based tweeting are urged to make the transition to the social network’s Twitter mobile app, which serves as a viable alternative.

It should also be noted that while SMS-based tweeting has been suspended for most of the world, there are a few remote areas where it’s the only option available, and in those places, the capability to send a tweet via SMS remains intact.

The Twitter support team’s message about the change was short and to the point, reading simply:

We want to continue to help keep your account safe. We’ve seen vulnerabilities with SMS, so we’ve turned off our Twitter via SMS service, except for a few countries. If you were using Twitter vis SMS, you can log in at twitter.com or download our mobile app to enjoy the full Twitter experience.”

At this time, there is no word on if or whether the service will be restored. If it’s something you’ve been in the habit of relying on in the past, be aware that you’ll have to make a few changes to your routine.

Used with permission from Article Aggregator

Beware Fake Craigslist Email Could Contain Ransomware

If you post ads on Craigslist for short term employment, be aware that there’s a new malspam campaign that aims to distribute Sigma ransomware on the computers of unwary users.

By all outward appearances, the emails seem to come from Craigslist in response to ads posted in Craigslist’s “Gigs” section for short term employment.  The emails will generally express interest in whatever job the user has posted and include a protected Word or RTF document which recipients will assume are resumes.

If the recipient enters the password to unlock the document, they’ll then be presented with a screen that asks them to enable the content in the document.  Unfortunately, this is the step that dooms the user. The file isn’t a resume at all, but merely a delivery vehicle.

As soon as the content is enabled, the ransomware will be installed, the user’s files will be encrypted, and then will “helpfully” post a message explaining that the files have been encrypted, and explaining that to get access to them again, they’ll have to pay a $400 fee, which rises to $800 if the user waits longer than seven days to request the decryption key.

Unfortunately, there’s no known way to decrypt Sigma-encrypted files other than paying the ransom.

This is a new twist on a very old game. Even worse, it’s enjoying a relatively high success rate because people who post ads for short term employment on Craigslist expect to get responses from people they don’t know. They expect that those people will be sending resumes for review.

The “tell” is that when a potential employee sends you a resume, it’s almost certainly not going to be password protected.  In this case, your best bet would be to reply to the sending and ask them to send you a non-protected resume if they’re genuinely interested in the job.

Used with permission from Article Aggregator