Does your company have a Cyber Security Training manual or annual procedure in place? Most Cyber Security Insurance providers are now asking that question, and for a good reason. Just last week a client on mine called to ask for advice about a security incident with one of their work-from-home staff members. One of their older, non-computer savvy employees began searching the Internet for help with his personal iPhone.
As he explained the details of the situation, the supposed “iPhone Technician” he found online asked for remote access to his home computer, which he complied with.
Once logged in, the bad actor performed what I refer to as a Smash and Grab. Hackers these days are going after one thing, your bank account! Stealing your data, then looking through everything takes too long. The quickest and most effective scheme for these lowlife’s, is to gain online access to your bank and crypto accounts.
The moment you allow them onto your computer, they install a small piece of software that runs a series of PowerShell commands in the background. One of these commands retrieves your web history and all the username and passwords you’ve used.
If you save your bank account username and password in your web browser, they’ve got you!
For those who don’t, the bad actor will ask you to log into your bank account to ensure the proper payment amount was sent to them. Once you log in, they’ve got you!
Within an hour of having his home computer comprised, someone started draining his Bank of America account. Bank accounts in most cases will reverse any fraudulent charges if found in time but Crypto Currency wallets such as Coinbase and Robinhood won’t. They’ll tell you that you’re solely responsible for your account.
If your Coinbase account gets hacked into, your’e S.O.L.
Antivirus software alone isn’t good enough anymore. Even with the best antivirus protection software installed, nothing can protect your business if an employee invites a bad actor onto their computer.
The only way to help prevent this from happening in your organization is to conduct quarterly or annual Cyber Security Training. A simple reminder about cyber crimes and the ways and means the theft is occurring may help to provide the insight needed for your unsuspecting employees.
If your company is larger than 100 employees, you may what to consider using an active, ongoing Cyber Security Training firm such as HoxHunt, Reciprocity, ESET or CyberReady.
Smaller companies in the Kansas City area can contact Kansas City Tech today to go over our best practice procedures and schedule a free, no obligation Computer, Security and Network Assessment.
We can help you to find any security blinds spots, and may be able to point out some cost saving opportunities. Call today, (816) 875-6580.