Disclosure: Our goal is to feature products and services that we think you’ll find interesting and useful. If you purchase them, Entrepreneur may get a small share of the revenue from the sale from our commerce partners.
Gone are the days when we could all bury our heads in the sand regarding cybersecurity. This invisible threat is a real danger in today’s world, but that scary truth comes with a silver lining. Entrepreneurs can leverage the bleak realities of cybersecurity to their advantage because as cyber-attacks become more and more prevalent, the need to protect against them will continuously grow, even in a tough economy.
Since nearly every company will need to beef up its online security, it would be wise to educate yourself on this potentially lucrative new skill set. The 2023 Complete Cyber Security Ethical Hacking Bundle can help. It’s packed with ten informative courses geared toward taking you from beginner to advanced in the world of ethical hacking, and right now, it’s on sale at a massive price drop down to $24.99.
Rated 4.5/ starts online, and packed with 133 hours of instruction, this bundle includes courses taught by experienced teachers like Saad Sarraj, an ethical hacker who teaches courses like Practical Hacking Using Raspberry Pi and Learn Practical Hacking Using Metasploit from Scratch. Sarraj navigates students through this world with his practical, real-world knowledge, showing you how to use Raspberry Pi to carry out various attacks like Wi-Fi, Windows, Linux, and macOS hacking.
Courses like these are geared toward beginners but can also help you improve your skills. There’s also a course that will help you pass the CompTIA PenTest+ certification exam and prove your skills to prospective employers. And all the courses have been organized into brief lectures so you can stop and start when you like.
That screen-blocking software update notification that keeps coming back may be annoying to a phone user, but ignoring it for too long is a mistake.
Many consumers opt to not have phones set to automatic update. Once the day begins, these notifications can pop up at inconvenient and distracted times — while you’re rushing to make a call or send an email or text — but smartphone software updates are primarily designed for your benefit.
Companies including Apple and Samsung, as well as Alphabet‘s Google which makes the Android OS, are constantly working on security and user experience features in annual updates and more periodic updates to fix newly discovered bugs.
Apple’s current operating system iOS 16 launched this past September, and it boasts many new features: the ability to edit and unsend messages; set multiple lock screens and set Focus filters to limit who you receive notifications from; privacy and security updates like Safety Check so victims of domestic or intimate partner violence can reset access that they’ve granted to others; and Lockdown Mode, a method of extreme protection against cyberattacks.
Samsung’s Android 13 One UI 5.0 lets users customize their lock screen, create stickers from any photo and open apps in split screen, along with security updates like warnings when sharing personal information, and a security dashboard in settings to check for and fix security issues.
Not all software updates offer an array of new features, but when they do it can feel like you are getting a new phone without added cost. Yet, many users still do whatever they can to put off the 30 minutes that a software update can take.
Researchers at the University of Tennessee and University of Munich identify this “deliberate delay” as a coping strategy that digital product users implement to counteract the negative emotions that arise when software updates are released. Discomfort often stems from the perception that software updates will require users to relearn how to use certain features on their device and threatens their current habits. Annoyance is a factor, too, and the assumption that current functionality of their phone is optimal, so a software update would only disrupt their devices’ usability.
But there is also more basic human psychology.
“I think some of it is just the nature, ‘I’ll get around to it, when I get around to it,’” said Dr. Richard Forno, University of Maryland Baltimore County’s director of the Cybersecurity Graduate Program and assistant director of the school’s Center for Cybersecurity.
He recommends setting up a phone to automatically download and install the updates overnight when you’re sleeping (as long as Airplane mode is not set). “That’s a feature that a lot of people could and should enable, so they don’t have to worry about it,” Forno said.
Apple, Google update options
Apple allows users to decide whether they want their phone to automatically download and install the newest iOS update, or if they prefer to manually update it. Android users can choose between three local system update policies, including automatic, windowed and postponed updates — all of these policies eventually result in a device automatically updating. The automatic system policy installs as soon as a new update becomes available; the windowed system policy installs updates during a daily maintenance window that the user gets to choose; the postponed option delays installing an update for 30 days. When 30 days have passed, the system then prompts the user to install the system update.
While it’s offered, cybersecurity experts don’t recommend waiting 30 days. “For the normal user, within a few days to a week is likely fine,” said Justin Cappos, associate professor of Computer Science and Engineering at New York University Tandon School of Engineering and a member of New York University’s Center for Cybersecurity. There are certain users who are at a greater risk if they choose to put off or ignore these notifications. “If you are a dissident who is possibly being targeted by a nation-state actor, you should update right away,” he said.
When a major security update comes out, everyone should act relatively fast.
Hackers will target the flaws you don’t update
Big annual OS updates may have the flashier and more reported on new features, but security protection is a major reason why users should download all new software updates available for their phone. Smaller, incremental updates, are released primarily to fix bugs and ensure users greater protection. It’s as simple as knowing that Apple or Samsung, or any other phone maker, is indicating that your current operating system is not the safest anymore, and it is sending that message out into the world. That’s not just good for you, but for hackers looking to exploit users who don’t get the message.
“You’re leaving yourself vulnerable to attacks. Once a vulnerability has been announced and a patch has been released, attackers quickly grab that information and create exploits for those specific vulnerabilities,” said Kathleen Moriarty, chief technology officer at the Center for Internet Security.
Without the latest security patches, every piece of information on your phone is open to attack, from social media accounts to banking information to text messages.
“If you reuse passwords in different places, and they’re able to capture a password that is stored on your phone, they might be able to gain access to other applications,” Moriarty said.
Reuse of passwords across accounts is bad cybersecurity practice to begin with and can become even worse when the personal phone security lapse is used to gain access to an employer’s network.
“Hopefully, you’re not using those across boundaries because this is one area of attack that has been used where, let’s say an administrator for an organization is targeted specifically through their personal accounts and that personal account access is used to gain corporate access,” Moriarty said.
If malware gets through an outdated OS, tricking you to click on a link or download something, it can gain access to your personal information, cause your battery to drain faster and reduce overall performance.
Performance fears overstated, patches better and quicker
Years ago, software updates were much larger and infrequent, which made these updates themselves more susceptible to hacking issues and bugs. For example, Apple found a major operating flaw after its 2017 release of MacOS High Sierra that enabled anyone to enter your computer without needing a password.
However, as Apple and Samsung have shifted toward releasing smaller software updates and patches more frequently, it minimizes the impact on devices and improves testing.
“I have a higher trust level because of the newer processes in place. There are far fewer problems that happen with software updates now than five or 10 years ago,” Moriarty said.
Companies also have developed software updates that can occur behind the scenes on a phone without a user having to download them. In Apple’s release of iOS 16.2, the operating system is now able to push out security updates between the incremental updates with a new feature called “Rapid Security Response.”
Back in 2019, Google’s Project Mainline was introduced in Android 10 and implemented this process of mobile updating without requiring user involvement or a system reboot. While this system can’t do an entire software update in the background through Google Play, it can install critical operating system patches without having to wait on the user or phone maker.
“They can push out security updates pretty much as they need to without requiring the phone to be rebooted and disrupt a person’s life, which is a good thing, because it’s transparent to the end user, but they’re getting the updates they need. So that’s a win for security,” Forno said.
Nowadays, there’s less reason to be worried when it comes to software updates, but the internet is also a good tool to quickly see how any recent update is working for other users. From social media platforms like Instagram and Twitter to tech news sites like The Verge, users can receive quick feedback on the latest software fixes.
“Because of the social media availability, you will know if there are big problems being caused that were unexpected or not predicted with a particular update. So, you could wait a little bit or decide not to be first, especially [for] a large update. But I don’t think the timeline is that long anymore. Due to things like Reddit forums and Twitter and other places where you have easy access to immediate feedback,” Moriarty said.
Smartphone battery issues
Some users avoid software updates out of fear that it will decrease their battery life or slow down the phone itself, and while this can happen after downloading a major software update, these issues are temporary.
“Your phone is going to burn through battery as it installs the update, runs all of its verifications and its checks, and then does a bunch of re-indexing. So, it would not surprise me if for a day or two, after you download an update, your phone battery life might be a little bit less because it’s working more,” Forno said.
However, there have been occasions where Apple’s iOS updates have caused poor battery life for an extended amount of time beyond the initial installment duration. For instance, the release of iOS and iPadOS 15.4 caused a large number of customers to report battery issues lasting for weeks after the updates’ release, which resulted in Apple’s quick release of iOS and iPadOS 15.4.1 to combat this bug.
A phone’s storage is also impacted when you install a security update. Depending on the size of the software update, how old your phone is and what operating system it is currently using, storage can be an issue.
“I think the average user needs to ensure their devices are updated regularly. … I don’t think they have to worry about checking for updates every day,” Forno said.
Age of iPhone, Android model matters
Software updates don’t guarantee that a phone will always be secure. As newer generations of iPhones and Androids are released, Apple and Samsung gradually phase out older devices, and OS support. For example, iOS 16 is supported on every iPhone released since the iPhone 8. Samsung now guarantees customers at least four years of major Android updates and as much as five years of security updates.
Hardware updates, including new chips and security features, come out on a regular basis, too.
“Updating to a new model of your phone every year to every few years can help you stay ahead of the security curve,” Cappos said.
Apple’s release of the iPhone 14 series included the A16 Bionic chip on Pro models, emergency satellite call technology, and better hardware security through the switch to eSIM-only cards. The next big release is the Samsung Galaxy S23 this month, which includes Samsung’s latest tweak to Android 13, One UI 5.1. Users should review the phone’s hardware, software and UI features, and owners of existing Samsung phone models will want to be on the lookout for an announcement about One UI 5.1 being made more broadly available.
The Global Anti-Scam Alliance has awarded the Scam Fighter awards of 2023.
Press Release –
Feb 2, 2023 14:30 CET
AMSTERDAM, February 2, 2023 (Newswire.com)
– Ayleen Charlotte, scam victim of the Tinder Swindler, was honored as ‘Scam Fighter Person of the Year’ 2023. AA419, which has been fighting online scams since 2003, received the Scam Fighter Award for ‘Best Scam Fighting Organization of the Year’ 2023.
The Scam Fighter Awards is organized annually by the Global Anti-Scam Alliance (GASA) together with ScamAdviser, to bring more attention to the importance of fighting online fraud worldwide. According to GASA, last year, more than $55 billion was lost by nearly 300 million consumers worldwide in online scams. As only an estimated 7% of victims report online scams to law enforcement, these numbers are only the tip of the iceberg.
Ayleen,Scamming the Scammer
The independent Jury, consisting of Donna Gregory (Unit Chief of the FBI Internet Crime Complaint Center), Mitchel Chang (Trend Micro), and Jayde Richmond (Executive Director, Scamwatch, Australian Competition and Consumer Commission), selected Ayleen based on several dozens of nominations from the law enforcement and scam fighting community as ‘Scam Fighter Person of the Year’ 2023.
Ayleen was a romance scam victim of Shimon Hayut, who scammed millions of dollars out of women he met through dating apps. Donna Gregory elaborates, “What makes Ayleen unique is that she not only came forward and reported the crime but also participated in the Netflix documentary Tinder Swindler to gain more attention to this horrendous kind of crime. She is a role model for other scam victims. Of course, the fact that she as a victim also scammed the scammer and was able to recover some of the money she lost utters respect, but this is something I would not recommend other scam victims to do.”
AA419, Fighting Scams for 20 Years
Artists Against 419 started listing fake banks in 2003 in a public database. Over the years, the database expanded to include other forms fraud. The core AA419 team has always been small but with a large fan base. The AA419 membership also includes members from other anti-abuse groups, working with AA419 to expose advance fee fraudsters in a central database.
The database allows scam victims to check a website. This list now contains ~157,000 entries will full data and is one of the world’s largest manually collected databases of fraudulent websites, making AA419 recognized for its expertise to identify scams by several law enforcement agencies across the globe.
Jury member Jayde Richmond commented, “AA419 is a research community that provides a valuable service to help tackle online fraud and scams. Its international group of members emphasizes that online fraud is best combated by cross-border cooperation.” Mitchel Chang added, “Trend Micro recognized AA419 as an excellent source for manually vetted scams. Their work is one of the many pillars many security companies rely on to keep consumers worldwide safe.”
Opinions expressed by Entrepreneur contributors are their own.
This time last year, I reviewed the cybersecurity landscape around the world and predicted a year ahead involving advanced threats against home users, the continual growth of ransomware and gaming as a growing attack vector. Looking back over 2022, we indeed saw those predictions play out.
For 2023, we can expect the continued trends of attacks against consumers and remote employees, like phishing and social engineering attacks, including email and SMS scams, which are commonly used to exploit individuals. Trojan viruses, sophisticated malware and new attack vectors will be highly prevalent in 2023, including novel threats such as the Metaverse Attack vector dubbed “Big Brother” discovered by RAV Researchers.
With all this in mind, what else can we expect for 2023?
1. Phishing and social engineering
Unfortunately, humans are still the weakest link in the cybersecurity chain. Home users remain the easiest targets as AV providers are focused on securing enterprise dollars for their services. Phishing and social engineering scams will become more sophisticated as they continue into 2023, and cyber criminals employ more complex technologies such as deep fakes.
Continued use of email phishing is to be expected, with Office Documents that hide macro code still being used as vectors to lure users to run the malicious code in emails. Other means of deploying scams, such as SMS and social media platforms — be it affiliate links, clickbait or credentials pages that attempt to steal your password information — are all likely to continue.
Raising awareness for online users is our best leverage to stop these phishing attempts from being successful. Taking note of simple telltale signs such as misspelling of words, the incorrect use of URLs and completely irrelevant messaging can make all the difference.
Ransomware-as-a-Service (RaaS) and overall Cybercrime-as-a-Service (CaaS) are on the rise. Data breaches are to be expected, as data is still seen as profitable barter on the Dark Web. These services are becoming more commonplace as cyber warfare persists. As the motivations behind cybercrime move from profit-related to geopolitical, the nature of the Dark Web is changing. Worryingly, cyber-criminal groups can now use the malware they trade on these platforms to go after more sensitive computing systems connected to critical infrastructure and government services of other nation-states.
3. Online user demographics
Cyber victims are becoming increasingly younger. We will see the continued targeting of unsecured consumers such as tweens and teens, who are highly connected, starting to use crypto and buying into the metaverse and other digital assets. Likewise, criminals themselves are getting younger. Cybercrime activity by teens and young adults now covers everything from large-scale attacks on enterprises and governments to low-level crimes that target families, friends and strangers. Hacktivism will also be fueled by cyber use — the younger generation can use their cyber skills to show their discontent in ways the past generation didn’t have access to or the ability to do.
Cracking and bypassing two-factor authentication (2FA) is on the rise and will be exploited more and more in the coming year. It’s likely that in the future, we may move on to three or even four-factor authentication. As the technology to crack multi-factor authentication continues to mount up, more and more companies may opt to use biometric authentication.
5. Next-generation threats
As next-generation technologies, such as virtual reality, make it into the mainstream, we will see the continued deployment of next-generation threats. Whether or not the allure of the metaverse and augmented realities makes it into 2023 remains to be seen — but as ever, new vectors offer new opportunities and broader attack surfaces.
Despite ongoing cybersecurity concerns, there’s sometimes a distinct lack of action. For example, 12 months after the Log4J hack, the CISA and FBI agencies are concerned that many companies have still not applied updates, despite their security alerts warning that if organizations haven’t yet patched or mitigated Log4j vulnerabilities, they should assume their network is compromised and act accordingly.
Organizations and individuals alike need to shift their cybersecurity strategies to a more holistic approach. Log4J is a great example of why cybersecurity companies shouldn’t rest on their laurels. Experts have warned that threat actors are perfectly capable of playing the long game; even if a disaster hasn’t struck yet. Unless you are fully prepared, it still can.
As with all aspects of technology, cybersecurity is fast-paced and ever-evolving. Security companies need to constantly mitigate threats, deploying the best cybersecurity available for their users. One thing is certain in 2023: More hacks are coming our way. Cybercriminals will be spending the year ahead fine-tuning their methods. The question is whether the defense can keep up.
Italy’s National Cybersecurity Agency (ACN) warned on Sunday of a large-scale campaign to spread ransomware on thousands of computer servers across Europe and North America.
France, Finland and Italy are the most affected countries in Europe at the moment, while the U.S. and Canada also have a high number of targets, the ACN warned, according to Italian news agency ANSA.
The attack targets vulnerabilities in VMware ESXi technology that were previously discovered but that still leave many organizations vulnerable to intrusion by hackers.
“These types of servers had been targeted by hackers in the past due to their vulnerability,” according to ACN. “However, this vulnerability of the server was not completely fixed, leaving an open door to hackers for new attacks.”
France was the first country to detect the attack, according ANSA.
The French cybersecurity agency ANSSI on Friday released an alert to warn organizations to patch the vulnerability.
It is estimated that thousands of computer servers have been compromised around the world, and according to analysts the number is likely to increase. Experts are warning organizations to take action to avoid being locked out of their systems.
Opinions expressed by Entrepreneur contributors are their own.
As our planet completes yet another lap around the sun, we find ourselves looking ahead to the new challenges and opportunities of 2023. It is always exciting to peer into the unknown and predict what this new solar orbit brings.
But if the recent years have taught us anything, it’s that such a task is, in fact, a difficult endeavor. I’m sure that none of the predictions we made at the start of 2020 could’ve prepared us for what was coming in the years that followed. So, this ritual of soothsaying we practice every year is not about focusing on the finer details, but instead, it seeks to provide an insight into the general direction the world seems to be cruising towards.
Gartner used the phrase “seize uncertainty” as the theme for their strategic roadmap report for the coming years. It is truly an apt phrase to define 2023. The ripples caused by the boiling geopolitical tensions caused by the Russia-Ukraine issue, the brewing cybersecurity concerns and the global recession looming over the horizon point toward the uncertainties that await us.
Because of this, enterprise security has risen to be one of the top priorities for businesses in the coming year, so here’s a take on the upcoming trends of 2023 that companies need to watch out for.
1. Adaptable protection and enhanced visibility for endpoints
Endpoints continue to be a top target for sophisticated hackers. Adversaries are now leveraging endpoints as a launching pad to conduct more lucrative assaults, such as ransomware and business email compromise, rather than simply taking sensitive data from them. Furthermore, businesses must deal with a growing number of devices, including employee-owned devices outside of corporate networks and IoT devices like virtual personal assistants that need access to company networks, services or databases. Consequently, endpoint protection platforms and endpoint management suits remain a high priority.
The cybersecurity landscape is fluid and constantly changing. The last few years have shown a significant rise in industry-specific attacks focused on healthcare, supply chains, education, etc. This trend will likely proceed to the following year, and the industries on the weaker end of digital transformation are easy targets for cyber-attacks. In such a paradigm, solutions to detect such threats, platforms to secure and manage corporate devices and other SaaS offerings can provide visibility, protection and a streamlined management platform to take care of the myriad of endpoints being deployed.
The onset of the cloud and the subsequent migration towards it enabled organizations to set fluid boundaries to give customers a more inclusive solution. Every SaaS vendor is moving towards this approach to combine the strengths of multiple tools and provide a unified console for seamless management.
An example of such a collaboration is the prominence and proliferation of SASE (Secure Access Service Edge). Introduced by Gartner in 2019, SASE is a cybersecurity concept that converges multiple network connectivity and network security solutions into a unified service delivered via the cloud. Global spending on SASE is predicted to grow $8 billion by 2023 – a clear indication of its importance and value.
2023 will also see security and management solutions integrating Artificial Intelligence into their existing toolset. Over the past years, AI has been a significant enabler of automation in security systems. For example, intelligent threat detection systems like endpoint detection and response solutionsuse AI and ML to detect and respond to zero-day vulnerabilities that can harm your business. The coming year will find many solutions integrating AI technology to strengthen their security posture further.
3. Fostering a culture of security awareness
Developing and creating a culture of awareness around cybersecurity risks is the most crucial action to take at any firm. Employers and the workforce can no longer consider cybersecurity to be a problem that the IT department should handle. In reality, everyone’s work description in 2023 should include understanding the dangers and taking simple security measures!
Many IT security strategies follow a reactive rather than proactive approach, which involves pumping money to recover from the attack and rebuild brand reputation. Attackers take advantage of this and target the weak links to cause damage. Phishing attacks utilize “social engineering” techniques to deceive victims into disclosing sensitive data or downloading malware onto their computers.
Anyone can learn to recognize these assaults and take simple safety measures to protect themselves without needing technological expertise. In the same way, fundamental security abilities like secure password usage and learning about two-factor authentication (2FA) ought to be taught to everyone and regularly updated. If an organization wants to ensure resilience and preparation over the next 12 months, taking simple safeguards like these to promote a culture of cybersecurity awareness should be a significant aspect of their security strategy.
Moreover, with the global economy predicting a global recession, enterprises of all sizes can expect budget cuts throughout the year. In such a situation training your employees and ensuring they have a solid understanding of cybersecurity practices can provide a strong security posture that can act as the first line of defense, protecting your business.
As we take our first steps into 2023, every enterprise and industry should prepare for the new year and the challenges it brings with it. While predictions and trends serve as guidelines that help us navigate the coming ordeals, the history of the digital world has shown us to always prepare for the worst and expect the unexpected.
Alec Baldwin will be criminally charged by New Mexico prosecutors for the 2021 fatal shooting of cinematographer Halyna Hutchins on the set of the film “Rust,” authorities said Thursday.
Baldwin, the Emmy-winning star of “30 Rock” and dozens of films including “The Hunt for Red October,” shot the bullet that killed Hutchins. Baldwin said he “didn’t pull the trigger” in an ABC interview. An FBI forensic report obtained by ABC News uncovered that despite Baldwin’s denial, the gun could not have gone off without the trigger being pulled.
Baldwin and the movie’s armorer, Hannah Gutierrez-Reed, each will be charged with two counts of involuntary manslaughter. One of the involuntary manslaughter counts is one in which prosecutors will have to prove there is underlying negligence, prosecutors said. This is a fourth-degree felony that carries a sentence of up to 18 months in jail and a $5,000 fine.
The second involuntary manslaughter charge is one for the commission of a lawful act, a more severe charge which requires proof that there was more than simple negligence involved in a death, prosecutors said. This charge includes a firearm enhancement, which adds a mandatory penalty of five years in jail.
Baldwin and Gutierrez-Reed will be charged under a standard called “charged in the alternative.” If the case ends up going to trial, a jury will determine which of the two charges they’re guilty of.
“Rust” assistant director David Halls signed a plea deal for the charge of negligent use of a deadly weapon, resulting in a suspended sentence and six months of probation.
“If any one of these three people — Alec Baldwin, Hannah Gutierrez-Reed or David Halls — had done their job, Halyna Hutchins would be alive today. It’s that simple,” Andrea Reeb, the special prosecutor on the case, said in a statement Thursday. “The evidence clearly shows a pattern of criminal disregard for safety on the ‘Rust’ film set.”
The prosecutors’ decision is “a terrible miscarriage of justice,” said Luke Nikas, Baldwin’s attorney. “Mr. Baldwin had no reason to believe there was a live bullet in the gun – or anywhere on the movie set. He relied on the professionals with whom he worked, who assured him the gun did not have live rounds. We will fight these charges, and we will win.”
Gutierrez-Reed’s attorneys called it a “very flawed investigation” in a statement Thursday.
“Hannah is, and has always been, very emotional and sad about this tragic accident. But she did not commit involuntary manslaughter,” they said.
Through lawyers, relatives of Hutchins thanked authorities for pursuing the charges.
“It is a comfort to the family that, in New Mexico, no one is above the law,” attorney Brian Panish said. “We support the charges, will fully cooperate with this prosecution, and fervently hope the justice system works to protect the public and hold accountable those who break the law.”
According to documents obtained by the New York Post in September, the office of Santa Fe District Attorney Mary Carmack-Altwies had been waiting to review evidence from an FBI investigation since October 2021 after the accidental shooting took place. Once the office received the evidence, the DA announced that she intended to pursue charges and filed for $635,500 in emergency funding to hire a specialized team, including a new prosecutor, investigator, and spokesperson, to handle the case. The DA received about half of the requested funds.
Hutchins was shot and killed on Oct. 21, 2021, during a scene where Baldwin used a gun that was filled with live bullet rounds instead of dummies, which is against Hollywood film standards. Joel Souza, the movie’s director, was injured by the bullet but later recovered.
Hall, the movie’s assistant director, admitted less than a week after the shooting that he had not properly checked the gun for safety before handing it to the film’s armorer, Gutierrez-Reed, who would pass it along to Baldwin for the scene.
Hutchins’ death amplified a wave of rallying cries for safer filming protocols on movie sets. Her family ultimately sued Baldwin and the film producers in February 2022 for wrongful death. The lawsuit was settled in October and the movie resumed filming with Matt Hutchins, the widower of Halyna, serving as an executive producer.
Opinions expressed by Entrepreneur contributors are their own.
Cryptocurrency is nothing new. While many people discuss the digital asset as an enigma, it is a medium of exchange worth significant value. True, digital coins do not have the same tangible backing as cash, but the security of design, and the blockchain setup, create (or should create) a level of confidence.
If your business has yet to embrace crypto as a form of payment, it is falling behind and missing valuable opportunities to thrive. While not all companies yet embrace crypto, those that do experience unparalleled access to otherwise distant consumer pools.
The number of companies embracing crypto is rising, including such names as Gucci, Paypal and Visa. Permitting crypto payment options can expand your market share and improve your position in the marketplace; it can also demystify this legitimate form of payment.
The reasons crypto is right for your business model
It is easy to look at the failings of FTX and lose confidence in the system, but investors and businesses need to review the market’s otherwise successful history. Bitcoin is only one asset out of thousands that continues to outperform investor expectations. The folly of one digital coin should not deter innovative businesses from embracing a payment option that proves time and time again its ability to persevere.
If your company wants to look toward the future, it must embrace crypto because it isn’t going anywhere. The financial “new normal” demands that businesses adapt and embrace changing structures. Besides the need to adjust, there are many reasons businesses benefit from accepting crypto payments.
Many companies are victims of friendly fraud or mistaken consumers. In the digital subscription age, many consumers don’t remember all their purchases and may report an issue of credit card fraud where there is none. Unfortunately, whether friendly mistakes or criminal, chargebacks cost businesses billions yearly.
Embracing bitcoin payments can reduce fraudulent chargeback risks. Crypto payments report to an immutable public ledger. The payment method does not allow for alteration, meaning once a transaction is complete, nothing can reverse it, eliminating the false claims of fraud on the purchase end.
Cryptocurrencies exist within the blockchain — a decentralized, distributed digital ledger. All transactions are permanent, unmodifiable, and impossible to delete. The entire crypto concept is a vision for secure monetary assets.
A business can improve the security and usability of crypto by partnering with blockchain monitoring services. Some payment processors will offer additional security measures; however, even bare-bones, cryptocurrency is more secure than credit cards and other payment methods.
Accepting crypto shows your consumers that you care about their security and yours. The additional security and finality of digital coins also provide assurances for businesses providing subscriptions or other services in a techno-focused era.
Credit card fees present a significant thorn in the side of many merchants. Fees represent a profit loss on individual transactions. Besides the on-top percentage taken from the sale, many credit card processors also charge a nominal fee per incoming transaction.
Cryptocurrency transactions eliminate any additional fee structures when handled on the business end. If you decide to use a payment processor (recommended), you will need to pay a service fee, typically less than traditional processors will charge.
4. Improve transaction speed, regardless of country of origin
Besides transaction fees, credit card transactions take time to process. As a business owner, you do not have time to waste. Most cryptocurrency transactions occur in real-time — one of the many perks of a decentralized system.
Traditional credit card or debit card payments can take several days, depending on a consumer’s location. Crypto is borderless, so location does not affect or inhibit transaction speed. Also, because the digital asset does not involve cross-country settlements or obstacles, there are no costly currency conversions.
The growth potential of crypto is twofold for business owners: financial and market share. Any crypto investor can tell you about the exponential growth of digital assets in recent years. For a business owner, the potential valuation increases for some cryptocurrencies are enough to embrace the payment method. Permitting crypto payments means you can potentially earn greater profits from the same volume of purchases.
Besides the monetary gains, permitting crypto also opens your business to a wealthier consumer pool and buyers who may not have considered your company before. Crypto allows for a level of anonymity and privacy that other payment forms do not. Newer, more private consumers will appreciate your business’s steps to secure their privacy.
6. Taking crypto means getting cash
You get cash, not crypto, for your payment by dealing with a reputable payment platform. Trusted platforms will convert crypto payments into cash. And by taking crypto, you’re making it easy for crypto holders to buy products and services, all while receiving cash in your bank account. It’s a win-win and a great cost-effective opportunity to increase your revenue.
Crypto is the future and the future is now
Whether a high-end, established retailer or a small, young business, it is time to use cryptocurrency, permitting it as a payment option. Digital currency is more secure than other transaction methods and allows for growth opportunities while maintaining consumer privacy. Embrace crypto and embrace the future of your business.
In the United States, TikTok is a favorite punching ball for lawmakers who’ve compared the Chinese-owned app to “digital fentanyl” and say it should be banned.
Now that hostility is spreading to Europe, where fears about children’s safety and reports that TikTok spied on journalists using their IP locations are fueling a backlash against the video-sharing app used by more than 250 million Europeans.
As TikTok Chief Executive Shou Zi Chew heads to Brussels on Tuesday to meet with top digital policymaker Margrethe Vestager amid a wider reappraisal of EU ties with China, his company faces a slew of legal, regulatory and security challenges in the bloc — as well as a rising din of public criticism.
One of the loudest critics is French President Emmanuel Macron, who has called TikTok “deceptively innocent” and a cause of “real addiction” among users, as well as a source of Russian disinformation. Such comments have gone hand-in-hand with aggressive media coverage in France, including Le Parisien daily’s December 29 front page calling TikTok “A real danger for the brains of our children.”
New restrictions may be in order. During a trip to the United States in November, Macron told a group of American investors and French tech CEOs that he wanted to regulate TikTok, according to two people in the room. TikTok denies it is harmful and says it has measures to protect kids on the app.
While it wasn’t clear what rules Macron was referring to — his office declined to comment — the remarks added to a darkening tableau for TikTok. In addition to two EU-wide privacy probes that are set to wrap up in coming months, TikTok has to contend with extensive new requirements on content moderation under the bloc’s new digital rulebook, the DSA, from mid-2023 — as well as the possibility of being caught up in the bloc’s new digital competition rulebook, the Digital Markets Act.
In answers to emailed questions, France’s digital minister Jean-Noel Barrot said that France would rely on the DSA and DMA to regulate TikTok at an EU level, though he “remained vigilant on these ever-evolving models” of ad-supported social media. Barrot added that he “never failed to maintain a level of pressure appropriate to the stakes of the DSA” in meetings with TikTok executives.
Ahead of Chew’s visit to Brussels, Thierry Breton, the bloc’s internal market commissioner, warned him about the need to “respect the integrality of our rules,” according to comments the commissioner made in Spain, reported by Reuters. A spokesperson for Vestager said she aimed to “review how the company was preparing for complying with its (possible) obligations under our regulation.”
That said, the probes TikTok is facing deal with suspected violations that have already taken place. If Ireland’s data regulator, which leads investigations on behalf of other EU states, finds that TikTok has broken the bloc’s privacy rulebook, the General Data Protection Regulation, fines could amount to up to 4 percent of the firm’s global turnover. Penalties can be even higher under the DSA, which starts applying to big platforms in mid-2023.
Spying fears
And yet, having to fork over a few million euros could be the least of TikTok’s troubles in Europe, as some lawmakers here are following their U.S. peers to call for much tougher restrictions on the app amid fears that data from TikTok will be used for spying.
TikTok is under investigation for sending data on EU users to China — one of two probes being led by Ireland. Reports that TikTok employees in China used TikTok data to track the movements of two Western journalists only intensified spying fears, especially in privacy-conscious Germany. (TikTok acknowledged the incident and fired four employees over what they said was unauthorized access to user data.)
One of the loudest critics is French President Emmanuel Macron, who has called TikTok “deceptively innocent” and a cause of “real addiction” among users | Pool photo by Ludovic Marin/AFP via Getty Images
Citing a “lack of data security and data protection” as well as data transfers to China, the digital policy spokesman for Germany’s Social Democratic Party group in the Bundestag said that the U.S. ban on TikTok for federal employees’ phones was “understandable.”
“I think it makes sense to also critically examine applications such as TikTok and, if necessary, to take measures. I would therefore advise civil servants, but also every citizen, not to install untrustworthy services and apps on their smartphones,” Jens Zimmermann added.
Maximilian Funke-Kaiser, digital policy spokesman for the liberal FDP group in German parliament, went even further raising the prospect of a full ban on use of TikTok on government phones. “In view of the privacy and security risks posed by the app and the app’s far-reaching access rights, I consider the ban on TikTok on the work phones of U.S. government officials to be appropriate. Corresponding steps should also be examined in Germany.”
For Moritz Körner, a centrist lawmaker in European Parliament, the potential risks linked to TikTok are far greater than with Twitter due to the former’s larger user base — at least five times as many users as Twitter in Europe — and the fact that up to a third of its users are aged 13-19.
“The China-app TikTok should be under the special surveillance of the European authorities,” he wrote in an email. “The fight between autocratic and democratic systems will also be fought via digital platforms. Europe has to wake up.”
In Switzerland, lawmakers called earlier this month for a ban on officials’ phones.
Call for a ban
So far, though, no European government or public body has followed the U.S. in banning TikTok usage on officials’ phones. In response to questions from POLITICO, a spokesperson for the European Commission — which previously advised its employees against using Meta’s WhatsApp — wrote that any restriction on TikTok usage for EU civil servants would “require a political decision and will be based on the careful assessment of data protection cybersecurity concerns, and others.”
The spokesperson also pointed out that “there are no official Commission accounts” on TikTok.
A spokesperson for the European Parliament said its services “continuously monitor” for cybersecurity issues, but that “due to the nature of security matters, we don’t comment further on specific platforms.”
POLITICO reached out to cybersecurity agencies for the EU, the U.K. and Germany to ask if they had or were planning any restrictions or recommendations having to do with TikTok. None flagged any specific restrictions, which doesn’t mean there aren’t any. In Germany, for example, officials who use iPhones can’t use or download TikTok in the section of their phone where confidential data can be accessed.
The European Commission has previously advised its employees against using Meta’s WhatsApp | Kirill Kudryavtsev/AFP via Getty Images
For Hamburg’s data protection agency, one of 16 in Germany’s federal system, restricting TikTok on official phones would be a good idea.
“Based on what we know from the available sources, we share, among other things,the concerns of the U.S. government that you mentioned and would therefore welcome it appropriate for government agencies in the EU to refrain from using TikTok,” a spokesperson said.
This suggests that the most immediate public threat for TikTok in Europe is privacy-related. Of the two probes being conducted by Ireland’s privacy regulator, the one looking into child safety on the app is the closest to wrapping up, according to a spokesperson for the Irish Data Protection Commission.
Depending on the outcome of discussions between EU privacy regulators — the child safety probe is likely to trigger a dispute resolution mechanism — TikTok could face new requirements to verify age in the EU. The other probe, looking into TikTok’s transfers of data to China, is likely to wrap up around mid-year or toward the end of 2023 if a dispute is triggered, the spokesperson said.
Antoaneta Roussi contributed reporting.
[ad_2]
Nicholas Vinocur, Clothilde Goujard, Océane Herrero and Louis Westendarp
Phishing is on the rise, and anyone who uses email, text messaging, and other forms of communication is a potential victim.
These attacks, in which a cybercriminal sends a deceptive message that’s designed to fool a user into providing sensitive information such as credit card numbers or to launch malware on the user’s system, can be extremely effective if done well.
These types of attacks have become increasingly sophisticated — making them more dangerous — and more common. An October 2022 study by messaging security provider SlashNext analyzed billions of link-based URLs, attachments, and natural language messages in email, mobile and browser channels over a six-month period, and found more than 255 million attacks. That’s a 61% increase in the rate of phishing attacks compared with 2021.
The study revealed that cybercriminals are shifting their attacks to mobile and personal communication channels to reach users. It showed a 50% increase in attacks on mobile devices, with scams and credential theft at the top of the list of payloads.
“What we’ve been seeing is an increase in the use of voicemail and text as part of two-pronged phishing and BEC [business email compromise] campaigns,” said Jess Burn, senior analyst at Forrester Research. “The attackers leave a voicemail or send a text about the email they sent, either lending credibility to the sender or increasing the urgency of the request.”
The firm is receiving a lot of inquiries from clients about BEC attacks in general, Burn said. “With geopolitical strife disrupting ransomware gang activity and cryptocurrency — the preferred method of ransom payment — imploding as of late, bad actors are going back to old-fashioned fraud to make money,” he said. “So BEC is on the rise.”
One of the iterations of phishing that people need to be aware of is spearphishing, a more targeted form of phishing that often uses topical lures.
“While it is not a new tactic, the topics and themes might evolve with world or even seasonal events,” said Luke McNamara, principal analyst at cyber security consulting firm Mandiant Consulting. “For example, as we are in the holiday season, we can expect to see more phishing lures related to shopping deals. During regional tax seasons, threat actors might similarly try to exploit users in the process of filing their taxes with phishing emails that contain tax themes in the subject line.”
Phishing themes can also be generic, such as an email that appears to be from a technology vendor about resetting an account, McNamara said. “More prolific criminal campaigns might leverage less specific themes, and conversely more targeted campaigns by threat actors involved in activity like cyber espionage might utilize more specific phishing lures,” he said.
Individuals can take steps to better defend themselves against phishing attacks.
One is to be vigilant when giving out personal information, whether it’s to a person or on a website.
“Phishing is a form of social engineering,” Burn said. “That means that phishers use psychology to convince their victims to take an action they may not normally take. Most people want to be helpful and do what someone in authority tells them to do. Phishers know this, so they prey upon those instincts and ask the victim to help with a problem or do something immediately.”
If an email is unexpected from a specific sender, if it’s asking someone to do something urgently, or if it’s asking for information or financial details not normally provided, take a step back and look closely at the sender, Burn said.
“If the sender looks legitimate but something still seems off, don’t open any attachments and mouse or hover over any hyperlinks in the body of the email and look at the URL the link points to,” Burn said. “If it doesn’t seem like a legitimate destination, do not click on it.”
If a suspicious-looking message comes in from a known source, reach out to the person or company via a separate channel and inquire as to whether they sent the message, Burn said. “You’ll save yourself a lot of trouble and you’ll alert the person or company to the phishing scam if the email did not originate from them,” he said.
It’s a good idea to stay up on the latest phishing techniques. “Cyber criminals constantly evolve their methods, so individuals need to be on alert,” said Emily Mossburg, global cyber leader at Deloitte. “Phishers prey on human error.”
Another good practice is to use anti-phishing software and other cyber security tools as protection against potential attacks and to keep personal and work data safe. This includes automated behavior analytics tools to detect and mitigate potential risk indicators. “The use of these tools among employees has increased significantly,” Mossburg said.
Another technology, multi-factor authentication, “can provide one of the best layers of security to secure your emails,” McNamara said. “It provides another layer of defense should a threat actor successfully compromise your credentials.”
Opinions expressed by Entrepreneur contributors are their own.
Over the past few years, cybersecurity has become a bigger issue for small-business owners. Cyber attacks could cost you huge amounts of money, no matter how big your business is. But hiring a cybersecurity or IT team isn’t in the budget for all businesses. Instead, it might be more cost-effective to add cybersecurity to your own list of skills. With The Complete 2023 Cyber Security Developer & IT Skills Bundle, you’ll have a central hub to study to earn some of today’s leading cybersecurity certifications.
StackCommerce
This massive bundle includes 26 courses and, yes, that means it covers 26 different cybersecurity exams. With exams from Microsoft, CompTIA, CISSP, Cisco, CertNexus, and many more leading organizations represented, it’s one of the best resources you’ll find for taking your cybersecurity skills to the next level. Each course is presented by iCollege, one of the most trusted marketplace in online learning for nearly two decades. They’ve helped students in 120 countries learn in-demand tech skills, and are even trusted by Silicon Valley and Fortune 500 organizations to help employees keep their skills up to date.
The bundle casts an extremely wide net when it comes to security, covering cloud security, network security, system security, mobile security, penetration testing, first response, and much more. Some of the exam highlights you’ll cover include:
CertNexus CyberSec First Responder (CFR-310)
ISACA Certified Information Security Manager (CISM)
Opinions expressed by Entrepreneur contributors are their own.
As the year comes to a close and you analyze your business’s performance and look ahead to next year, it’s important not to overlook cybersecurity. Cyber attacks are rampant in today’s world, and with inflation cutting into your bottom line and remote work making you spend more time on public Wi-Fi, it’s absolutely vital that you invest in a VPN.
StackCommerce
You don’t have to break the bank for a quality cybersecurity solution like Windscribe VPN, which has earned 4/5-star ratings from Tech Radar and PC World and a 4.4/5-star rating from G2. And now, you can get it on sale for 66% off.
Windscribe is both a desktop application and browser extension working in conjunction to protect your online privacy and improve your overall internet experience. The intuitive interface allows you to get online easily and supports unlimited downloads and simultaneous connections, all while prioritizing anonymity with an AES-256 cipher with SHA512 auth and a 4096-bit RSA key, as well as a strict zero-logging policy that doesn’t even require an email address to sign up.
The VPN gives you access to servers in 69 countries, the ability to work on multiple protocols, and a ton of other cool features. The desktop app takes the security further by providing a firewall and a secure hotspot and proxy gateway so you can turn your own computer into a secure Wi-Fi router and create a proxy server on your network for other devices. With the browser extension, you’ll also be able to block ads and trackers that follow you across the web, track and delete cookies, and change your location at will.
Invest in your cybersecurity in 2023 without breaking the bank. Right now, you can get a three-year subscription to a Windscribe VPN Pro Plan for 66% off $207 at just $69.
Europe’s largest economy Germany hasn’t kicked its habit of using Chinese kit for its 5G telecoms networks yet.
A new study analyzing Huawei’s market share in Europe estimates that Germany relies on Chinese technology for 59 percent of its 5G networks. Other key markets including Italy and the Netherlands are also among eight countries where over half of 5G networks run on Chinese equipment.
The study, by Copenhagen-based telecoms consultancy Strand Consult, offers a rare glimpse of how some telecoms operators have relied on Chinese vendors Huawei and ZTE in the early stage of Europe’s 5G rollout. The figures also underline one of Western officials’ fears: that Europe’s pushback against Chinese technology for communications networks was slow to wean operators off Huawei.
“It’s easier to preach than to practice,” said John Strand, founder of the consultancy, of EU governments’ hesitance to throw up clear barriers to using Chinese telecoms equipment.
“It is more dangerous to be dependent on Chinese telecoms networks than to be dependent on Russian gas. Digital infrastructure is the fundament of society,” Strand said.
The study matches a warning by the European Commission’s digital chief Margrethe Vestager, who said last month that “a number of countries have passed legislation but they have not put it into effect … Making it work is even better.”
“It is not only Germany, but it is also Germany,” Vestager said in November.
Germany’s ministries of digital affairs, interior and economic affairs didn’t immediately respond to a request for comment.
Huawei also didn’t immediately respond to a request for comment.
Clinging to Huawei kit
European governments in the past two years have imposed security policies on the telecoms industry to cut down on Chinese kit.
In some countries, this has led to a full stop on using Huawei and its smaller Chinese rival ZTE. Strand’s study estimates that nine EU countries, as well as Norway and the Faroe Islands, have no Chinese equipment in new 5G networks at all. France (17 percent) and Belgium (30 percent) have a much lower presence of Chinese kit in 5G than was the case in their 4G and 3G networks.
But the EU regime on using Chinese technology in 5G is a patchwork. In other EU countries those policies either allow for operators to still rely on Huawei for parts of their networks or require the government to actively step in to stop deals.
The Berlin government in the past two years was criticized for being slow in setting up the legal framework that now allows it to intervene on contracts between operators and vendors if ministers choose to do so. Olaf Scholz’s government has taken a more critical stance on Chinese technology and just last month blocked Chinese investors from buying a German chip plant over potential security threats.
But Germany’s largest operator Deutsche Telekom has also maintained a strategic partnership with Huawei for years and it and others have worked with Huawei on the early stages of rolling out 5G, Strand’s report suggests.
In Italy, the government has “golden powers” to stop contracts with Huawei. The former government led by Mario Draghi, seen as close to the U.S., intervened on a couple of deals but it is still unclear how the current government led by far-right Prime Minister Giorgia Meloni will position itself.
In other, smaller countries like the Netherlands, operators were quick to launch 5G networks and some did so using Huawei, especially in “radio access network” (RAN) parts — effectively preempting EU and national decisions to cut down on Chinese kit.
Strand’s data, gathered from European industry players in the past months, show Huawei was quick to provide operators with 5G gear in the first stages of Europe’s rollout.
But another boutique telecoms consultancy, Dell’Oro, compiled data recently that showed the firm in the past year started running into serious obstacles in selling its kit.
As of early last year — right as European officials were changing direction on 5G security — Sweden’s Ericsson overtook Huawei in market share of new European sales of radio access network (RAN) equipment for 3G, 4G and 5G equipment, according to updated figures Dell’Oro compiled this summer, shared with POLITICO by an industry official. Radio access networks make up the largest chunk of network investment and include base stations and antennas.
For 5G RAN specifically, Huawei lost its initial position as a market leader at the start of the rollout; it now provides 22 percent of sales, with Ericsson at 42 percent and Nokia at 32 percent in Europe, Dell’Oro estimated.
A POLITICO investigation last month revealed how the Chinese tech giant was consolidating its operations in Europe and scaling down its lobbying and branding operations across a series of important markets, including France, the United Kingdom and its European representation in Brussels.
Pressed by the United States and increasingly shunned on a continent it once considered its most strategic overseas market, Huawei is pivoting back toward the Chinese market, focusing its remaining European attention on just a few countries, among them Germany.
China hawks, however, fear that Huawei could continue to supply 5G equipment because of the loopholes and political considerations of national governments.
The new figures could serve as “an eye opener for a lot of governments and regulators in Europe,” Strand said.
Opinions expressed by Entrepreneur contributors are their own.
For small businesses, the average cost for a data breach can start as low as $120,000 and reach as high as $1.24 million. Any unplanned expense could impact your company, but one of this magnitude could be enough to sink it. IT services aren’t inexpensive either, with some recommendations saying even businesses of only 40 people should plan for up to $3,000 a month.
StackCommerce
You may be able to offload some of your network security costs using a hardware VPN with a built-in firewall. Deeper Connect has two options for buying, but both of them could help your business retain its privacy and security.
Protect your business online.
Recent years have seen a 600% rise in cyber crimes. While some businesses may have been able to go without network security protocols before, it may be unwise to do so with breaches so common. Installing a Deeper Connect Pico or Deeper Connect Mini decentralized virtual private network is a simple way of helping to protect your business digitally. Just plug in this hardware VPN and connect your devices. Start enjoying ad-free browsing and enterprise-grade cybersecurity functions for all your IoT devices. If your business caters to families, they may appreciate one-click parental controls that can block inappropriate content for their kids.
You may have already researched your options for VPNs and found most of them are entirely digital. They may be convenient, but many digital-only VPNs also have monthly subscription fees. Deeper Connect lets you skip the subscription costs for a one-time payment.
You can still take it anywhere, though. Going on a business trip? Take your Deeper Connect with you for safer browsing. The Deeper Connect Mini Pico works on public or private internet connections, but the Mini needs to be plugged directly into a router.
Opinions expressed by Entrepreneur contributors are their own.
The cybersecurity business has become everyone’s business. It only takes one viral data breach to destroy a company’s social proof and send its clients running to rival organizations in search of safer conditions. IBM estimates that the average data breach this year costs affected businesses $4.35 million, a near 13% increase since 2020. That figure doesn’t include the sometimes irreversible harm to a company’s reputation.
Headline-grabbing data leaks aren’t limited to credit card or identity information, however. These incidents encompass anything and everything having to do with private and personal details. If you submit a car loan application, you trust the prospective lender to be a good steward of your information. When your business does business with another company, you similarly expect the same level of security.
In the financial services world, we’re held to high standards of security where even the smallest misstep must be reported to several entities. Ours certainly isn’t the only industry facing tremendous expectations when it comes to prioritizing the importance of cybersecurity in business, either. It’s become mission-critical across the board.
There can be a surprising upside to so much rigidity and concern, though. If you’re doing a great job and implementing the strongest, most reliable cybersecurity solutions for businesses, you have the opportunity to make your protocols a differentiator. When customers see “social proof” of something, they tend to trust what they see. Yet, you can’t tap into this social proof if you don’t control all your cybersecurity business elements, and that includes how proactive and protective your partners act with your shared data.
Lowering risk exposure starts from the inside
As mentioned above, we’re in the financial services world. To maintain our license, we must use advanced data encryption tools and technologies. Encryption is essential during the process of buying currency online because so much personal information moves back and forth, including a high degree of money-related data like bank routing numbers.
We also must follow BSA/AML compliance guidelines to the letter, just like any financial institution. Therefore, we have a BSA compliance officer who handles all compliance coordination, monitoring and oversight. The BSA compliance officer serves as a critical player in assuring regulatory entities, board members, customers and the public that we’re doing what needs to be done when it comes to lowering our risk exposure.
Opening a money service business like ours is difficult. After taking so many steps and performing intense due diligence, we’re understandably careful about the partners we choose. You should be, too, as one bad apple can ruin the entire bunch.
All companies — especially MSBs, or money service businesses — need to be vigilant and put strategies in play to reduce the chances of a breach. A lot goes into building such a comprehensive, cohesive protection plan. Running online business transactions on a private server and implementing data encryption processes are the minimum requirements to get off the ground, but that’s just the start.
Beyond those necessary action items, companies of all sizes should consider leveraging the following methods to make certain that anyone with access to even a sliver of your data believes in safety as strongly as you do:
1. Vet each partner on basic compliance
Foundational elements to review thoroughly include having up-to-date security certificates, performing detailed security audits, using a VPN to fully protect browsing data and getting federal agency approval when necessary. If a potential partner is cutting compliance corners — intentionally or otherwise — you’d be better off continuing the search until all of your concerns are alleviated. Don’t settle for less than the best.
It’s important to treat each potential partner with the same level of due diligence, as threats and attacks can come from small startups and big corporations alike. The Verizon Business 2022 Data Breach Investigations Report found that62% of “system intrusion” incidents originated with an organization’s partner. And the Ponemon Institute reported that 54% of organizations were “not monitoring the security and privacy practices of third parties that they share sensitive or confidential information with on an ongoing basis.”
That’s hugely concerning. Opportunistic cybercriminals are always looking for the weakest link in the supply chain, after all.
2. Check for third-party verification
In the complicated digital reality we all live in, honesty can be at a premium. This can be especially true when verifying the real identity of a person — or the motives of a potential vendor. Enter third-party providers who use a variety of tactics to drill down to the actual, accurate identities of customers who might attempt to make a financial transaction or businesses that want to join forces. These third-party testers do the thankless work of monitoring platform security and infiltration.
My company, Xchange of America, uses a third-party verification service to authenticate customer identities by specific inputs. A series of four random verification questions that only the true person would know are asked, such as the make and model of previous vehicle(s) owned, street names where the customer previously lived and previous employer(s). Confirming these unique details keeps nefarious actors at bay and prevents sales fraud.
Different industries will perform third-party verifications differently than ours, but the importance is the same for every company. Do your partners employ thorough third-party verification tactics? Stipulate that they do.
What happens if you start to ask questions of your partners and run into brick walls? This may be an indication that they’re not being forthright. You want partners who welcome questions because they have nothing to hide. For example, all money service businesses like ours must be registered and licensed in the states we operate in. If a potential partner is required to have certain registrations, licenses or permits and doesn’t, that’s a major red flag.
Be persistent when it comes to getting the compliance answers you seek. Don’t be hesitant to ask pointed follow-up questions, such as how data encryption works at a partner’s company. Data breaches can be thwarted if information is always encrypted, whether it’s in motion or in storage.
Dropbox is an example of a company that takes data encryption (and protection) seriously. According to Dropbox’s help center, files at rest are encrypted using 256-bit Advanced Encryption Standard (AES). The company also uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) to protect data in transit between Dropbox apps and its servers, among many other layers of protection.
You deserve to know the level of data encryption of any associated organization, not just that they have “some kind of encryption.” Dropbox’s transparency in that regard should serve as the rule, not the exception.
As long as cybercriminals are willing to hack into systems, corporate leaders and their teams must find and remove their cybersecurity vulnerabilities. Just make sure that you’re not just looking at ways to improve your own cybersecurity. Insist that all companies you do business with also treat it as a pressing priority.
The 18-month period of performance is a Phase II SBIR STTR award with a total value of just over $1.5M.
Press Release –
Dec 14, 2022
BALTIMORE, December 14, 2022 (Newswire.com)
– NKrypt, Inc. was awarded a contract by the Space Development Agency (SDA) for Phase II of a Mesh Network NSA Certifiable Cryptographic Solution. In Phase I, NKrypt delivered a design for a high-speed, multichannel, mesh network cryptographic component that provides high assurance encryption of data in transit across Optical Intersatellite Links (OISL) in low earth orbit (LEO).
The 18-month period of performance is a Phase II SBIR STTR award with a total value of just over $1.5M. Under this phase of the contract, NKrypt, Inc. will build a prototype of a transformational architecture that will deliver high-speed encrypted communications across the mesh network. The benefits of the NKrypt solution SDA is exploring are ad-hoc cryptonet establishment, cryptographic agility, and upgradability, future multi-level security options, security of control plan data, limitation of radiation effects, and latency and throughput optimization.
The NKrypt team has decades of unique experience in secure communications, network security, key management, multi-level security, and hardware development in both DoD and commercial environments. We look forward to continuing to work with SDA in this new project phase.
“NKrypt is excited to be working in partnership with the Space Development Agency to prototype this first-of-its-kind satellite mesh encryption solution,” said Neil Kittleson, CEO of NKrypt. “We’re bringing the best ideas, technology, and security concepts found in industry and academia to the challenge.”
“SEAKR Engineering is pleased to be supporting NKrypt for the STTR Phase II of the Mesh Network NSA Certifiable Cryptographic Solution,” said Mark Butkovich, Program Manager. “The team of encryption and secure communications experts from industry and academia that NKrypt is leading, along with SEAKR’s decades of proven ability to design and deliver high-reliability electronic assemblies, will provide an outstanding solution for SDA.”
“We are very excited to partner with NKrypt and its other partners in developing technology solutions that advance U.S. national security objectives,” said Dr. Moses Garuba, Howard University.
Charles Edington, CEO of Pernix Consulting, said: “The Phase II award allows our team to prove emerging commercial technology can be used in low SWaP Commercial Solutions for Classified (CSfC) implementations yet meet critical isolation requirements for high assurance cryptographic solutions.”
NKrypt is proud to be teamed with Howard University, SEAKR Engineering, Lynx Software Solutions, and Pernix Consulting on this effort. NKrypt is a Baltimore, Maryland-based, veteran-owned, small business with a core focus on security engineering consulting services and solutions. NKrypt’s technical capabilities include Cybersecurity and Cryptographic Engineering, Security Design, Strategic Roadmap & Prototype Development, Data Analytics Modernization & Transformation, Software Development, and Blockchain Solutions.
Anyone who depends on LinkedIn to search for jobs, find business partners or other opportunities is probably aware that the business social media site has had issues with fake profiles. While that is no different than other social media platforms including Twitter and Facebook, it presents a different set of problems for users who look to use LinkedIn for professional purposes.
Between January 1 and June 30, more than 21 million fake accounts were detected and removed from LinkedIn, according to the company’s community report. While 95.3% of those fake accounts were stopped at registration by automated defenses, according to the company, there was a nearly 28% increase in fake accounts caught compared to the previous six-month period. LinkedIn says it currently has more than 875 million members on its platform.
While the Microsoft-owned professional social media platform has rolled out new features in recent months to help users better determine if someone contacting them is a real or fake profile, cybersecurity experts say there are several things that users on the platform can do to protect themselves.
Creators of fake LinkedIn profiles sometimes try to drive engagement through content that links to malicious sites, said Mike Clifton, executive vice president and chief information and digital officer at Alorica, a global customer service outsourcing firm.
“For example, we see those that revolve around posts and content promoting a work event, such as a webinar, that uses real photos and people’s real information to legitimize the information and get others to register, often on a fake third-party Web site,” Clifton said.
How to avoid getting duped by fraudulent profiles
Cybercriminals often rely on a human touch to give LinkedIn users the impression that the fake profile belongs to someone they know, or is two degrees removed from someone they know. “This has been going on for years, and at this point can still evade even sophisticated fraud detectors,” Clifton said. “Like we remind our employees and customers, it’s important to stay vigilant and engage cautiously on social networks to protect your information.”
Recruiters who rely heavily on LinkedIn to search for prospective employees can find fake profiles especially troublesome, said Akif Khan, vice president and analyst at research firm Gartner.
“In addition, in other areas of fraud management — for example, when suspicious ecommerce transactions are being manually reviewed — agents will look across social media sites including LinkedIn to try and see if [a] person has a credible digital footprint which would suggest that they are a real-person rather than a fake identity,” Khan said.
For these reasons it can serve the purposes of bad actors to have fake LinkedIn profiles, Khan said.
Gartner is seeing the problem of phony accounts across all social media platforms. “Bad actors are trying to craft fake identities and make them look real by leaving a plausible-looking digital footprint across different platforms,” Khan said.
It’s more likely that the fake profiles are set up manually, Khan said, however, where bad actors are creating large numbers of fake profiles — which can be used to abuse advertising processes or to sell large volumes of followers or likes on-demand — they’ll be using bots to automate that process of creating fake accounts.
The challenge for LinkedIn users is that profiles on social media platforms are easy to create and are typically not verified in any way. LinkedIn has asked users who encounter any content on the platform that looks like it could be fake to report it to the company. Users should specifically be on the lookout for profiles with abnormal profile images or incomplete work history, and other indicators including inconsistencies in the profile image and education.
“Always seek corroboration from other sources if you’re looking at an account and are making decisions based on what you see,” Khan said. “The bigger issue here is for the platforms themselves. They need to ensure that they have appropriate measures in place to detect and prevent automated account creation, particularly at large scale.”
What LinkedIn is doing to detect fakes and bots
Tools for detection do exist, but using them is not an exact science. “Verifying the identity of a user when creating an account would be another effective way to make it more difficult to set up fake accounts, but such identity proofing would have an impact in terms of cost and user experience,” Khan said. “So these platforms are trying to strike a balance in terms of the integrity of accounts and not putting users off creating accounts,” he said.
LinkedIn is taking steps to address the fake accounts problem.
The site is using technology such as artificial intelligence along with teams of experts to remove policy-violating content that it detects before the content goes live. The vast majority of detected fake accounts are caught by automated defenses such as AI, according to a blog post from Oscar Rodriguez, vice president of product management at LinkedIn.
LinkedIn declined to comment further.
The company is also collaborating with peer companies, policymakers, law enforcement and government agencies in efforts to prevent fraudulent activity on the site.
In its latest effort to stop fake accounts, LinkedIn rolled out new features and systems in October to help users make more informed decisions about members that they are interacting with, as well as enhancing its automated systems that keep inauthentic profiles and activity off the platform.
An “about this profile” feature shows users when profiles were created and last updated, along with information about whether the members had verified phone numbers and/or work emails associated with their accounts. The goal is that viewing this information will help users in deciding whether to accept a connection request or reply to a message.
LinkedIn says rapid advances in AI-based synthetic image generation technology have led to the creation of a deep learning model to better catch profiles made with AI. AI-based image generators can create an unlimited number of unique, high-quality profile photos that do not correspond to real people, Rodriguez wrote in the blog post, and phony accounts sometimes use these convincing, AI-generated profile photos to make a profile appear more authentic.
The deep-learning model proactively checks profile photo uploads to determine if an image is AI-generated, using technology designed to detect subtle image artifacts associated with the AI-based synthetic image generation process — without performing facial recognition or biometric analyses, Rodriguez wrote.
The model helps increase the effectiveness of LinkedIn’s automated anti-abuse defenses to help detect and remove fake accounts before they can reach members.
The company also added a warning to some LinkedIn messages that include high-risk content that could impact user security. For example, users might be warned about messages that ask them to take conversations to other platforms, because that might be a sign of a scam.
Following five years of growth, the program from SNHU brings in Melissa Paciulli, previously the Director of Holyoke Community College STEM Starter Academy.
Press Release –
Dec 8, 2022
INDIANAPOLIS, December 8, 2022 (Newswire.com)
– Kenzie Academy from Southern New Hampshire University (SNHU), recognized as an industry leader in coding programming and courses, has announced Melissa Paciulli, MSCE, as the new Executive Director.
Paciulli comes to Kenzie Academy from SNHU with more than 23 years of experience in higher education administration, recruitment and retention, strategic partnership building, and student engagement. In addition, she is a leader in her engineering field, where she researches teens with ADHD and has developed an augmented reality game for new drivers to learn how to drive safely.
Paciulli’s involvement has spanned various management levels and engineering disciplines throughout her career. Paciulli worked as a principal investigator as part of a National Science Foundation five-year grant to create a micro-credentialing accelerated engineering certificate with stackable and transferable credits. These assets stay with and support students continuing their educational journey while connecting them with industry internships throughout their professional careers.
As director of the Holyoke Community College STEM Starter Academy, Paciulli worked on a collaborative multimillion-dollar 10-year initiative funded by the Massachusetts Department of Higher Education to recruit students into STEM. The much-lauded initiative aided students in finding success within the program by creatively implementing experiential learning programs, building strategic regional transfer partnerships, leveraging financial opportunities, and supporting students using a case management model.
Paciulli is a doctoral candidate in engineering at the University of Massachusetts, Amherst. She also holds a Master of Science in Civil Engineering from the University of Massachusetts, Amherst, and a Bachelor of Arts in Economics and Math from Westfield State University. In addition, Paciulli is a National Academies of Science Transportation Board member, serving on several committees over the past 20 years. She is also an active member of the Society of Women Engineers, the Association for Women in Science, and WEPAN.
“I am honored to join the Kenzie Academy team as its new executive director and work with the entire team,” said Paciulli. “The opportunities Kenzie Academy from SNHU provides its students are inspiring, and I look forward to continuing to present opportunities, career paths, and the chance for people to live their dreams.”
Opinions expressed by Entrepreneur contributors are their own.
Even when you’re running your own company, you can still benefit from professional development — especially when it comes to technology and cybersecurity. Every business should have an interest in cybersecurity these days as cybercrime has become more rampant and more targeted towards small businesses than ever. If you want to be your business’s first and last line of defense, grab The Complete 2023 CompTIA Cybersecurity & Pentest Super Bundle while it’s on sale for a specially reduced price.
StackCommerce
This bundle contains four courses from iCollege, a leader in online learning since 2003 and an official educational partner of CompTIA. Students in more than 120 countries have used iCollege’s resources to learn new tech skills and their courses are even trusted by Silicon Valley startups and Fortune 500 companies alike to keep employee skills on the cutting edge.
This bundle covers four specific CompTIA certification exams: CompTIA Security+ (SY0-601), CompTIA PenTest+ (PT0-002), CompTIA CASP+ (CAS-004), and CompTIA CySA+ (CS0-002).
Through each course, you’ll learn the skills you need to know to pass each CompTIA certification exam on your first attempt. Throughout the coursework, you’ll learn how to analyze enterprise environments to minimize threats and vulnerabilities, learn the principles of risk management and legal compliance, and build a foundation to become a cybersecurity expert. You’ll be able to validate your skills in using threat intelligence to protect an organization, using penetration testing tools to discover and exploit vulnerabilities, analyze risk and align defenses with business goals, and much more. By the end of the bundle, you’ll be ready to earn four leading CompTIA certifications.
Become a qualified defender of your business. For a limited time, you can get this CompTIA Cybersecurity & Pentest Super Bundle for the special price of just $39 (reg. $1,196).
AMSTERDAM, December 8, 2022 (Newswire.com)
– The Global Anti Scam Alliance and ScamAdviser.com interviewed both 200 cybercrime experts as well as 4,430 consumers to determine which country is the best at fighting online scams. In short: it seems no country really deserves to be called “Best Scam Fighting Country of the World”.
The 200 experts, in general, believe their country is doing nothing (35%) or only a bit (48%). Only 7% consider their nation the best at fighting scams.
The 4,430 consumers likewise rated the performance of their country poorly. Remarkably, the top three best-performing countries are all developing nations: Indonesia, Bangladesh, and the Philippines. Consumers from Indonesia were the only ones who gave their country a “sufficient” 6.1 out of 10. The United Kingdom is listed in fifth place, followed by Canada and the USA falls in eleventh place.
Consumers could also rate their country on different aspects of scam fighting, including:
Awareness building
Offering tools to identify scams
Ease of scam reporting
Enforcement of scammers
The scoring differs little per category. Indonesia, Bangladesh, and the Philippines are listed each time in the top three. Australia was given a 5.9 for ‘Ease of scam reporting’, owning second place in this category with Indonesia rated as #1 and Bangladesh and the Philippines sharing third place.
The survey participants listed several reasons for the general poor scoring of their countries. When asked how their country can improve, five main areas for improvement were named.
The first focuses on building more scam awareness, especially via mass media such as TV and radio. Consumers especially want to see more concrete examples of the latest kinds of scams.
A second improvement often named is offering consumers more tools to identify or block scams, be it via phone (especially robocalls), email or websites. While in some countries commercial tools are being offered, not all participants stated having the financial resources to buy these or they believe that these should be offered by the government to protect all citizens.
Easier and more centralized reporting of scams is likewise often named. Several respondents stated that reporting of scams cannot be done online in their country. They feel that the police focus on protecting businesses and rich citizens. Some report being laughed at by the police or being told that it is their own fault.
The fourth action named is more strict, international legislation. Many participants call for a global dedicated police force combating online scams, especially regarding cryptocurrency schemes.
Finally, consumers state that social media should be held more accountable for advertisements of scammers. The same applies to banks. Finally, hosting companies and registrars should be named and shamed more publicly for supporting and even protecting scam sites, or be forced to apply to Know Your Customer (KYC) processes.
