You’ve Been Hacked!

You’re asleep, dreaming about all of the money effortlessly flowing into your bank account because of your years of hard work and determination to succeed as an e-commerce business owner.

Suddenly your eyes jerk open to the sound of your partner’s ringtone. He’s the only person that you let call you after hours.

You turn over to reach for your phone. Your alarm clock shows you that it’s 3:30 in the morning. You begin to get nervous, asking yourself what could possibly be so important.

You answer the phone searching for explanations when your partner, with almost palpable stress in his voice exclaims: “We’ve been hacked!”
You've Been Hacked!
Not really knowing what that means, you get him to calm down and tell you what happened. He explains that he found out earlier that night that one of your longstanding customers had her credit card information stolen and linked the theft back to your site.

He was just going to talk to you about it the next day, but then he received another notification of identity theft linked to your website, then another, and then another. This started to really scare him. Then, right before he called you, your programmer called to tell him that a hacker had taken control of your website.

That’s a lot of bad, life-changing, gut-wrenching information to take in – especially at 3:30 in the morning.

You take a minute to try to make sense of it all. Finally you respond to your partner. “So, what you’re saying is that we no longer have access to our website and that we are probably responsible for the identity and credit card theft of all of our customers.”

You hear your partner take a long, deep, concerned breath before answering with a lump in his throat “Yep.”

And to think that all of this could have been avoided by using Trust Guard’s security monitoring services.

What Victims of Identity Theft Can Do

If you haven’t heard, Equifax, one of the three big credit reporting agencies in the United States, announced that it suffered a massive data breach. More than 143,000,000 records were compromised, including email addresses, names, social security cards and credit card numbers.

If you believe you were the victim of identity theft, here’s what you can do:

  1. Close the accounts that you believe may have been tampered with or opened fraudulently. Use the government’s Identity Theft Report, which can be found at www.identitytheft.govIdentity Theft
  2. File a police report and get a copy to submit to your creditors and others who may require proof of the crime. If you have proof of identity theft, be sure to take that proof with you when you go to file your police report.
  3. File your complaint with the FTC at www.consumer.ftc.gov. The FTC maintains an identity theft database that law enforcement agencies use for investigations. Filing a complaint also helps the FTC better assist you, as the commission learns more about online theft of identities and the problems it creates.

If you are a business owner with an SSL certificate but without protection from hackers, contact Trust Guard, the leader in website security to protect you and your online visitors from hackers.

More Hackers Are Doing More Damage

If you’re concerned about cyber security these days—and you should be—reading the headlines isn’t exactly going to give you any peace of mind. Sometimes it seems that hackers just have the upper hand.

Equifax_LogoOne such headline from TheRegister.co.uk tells us that “Energy sector biz hackers are back and badder than ever before.” Cyber security firm Symantec believes that a resurgent group of hackers dubbed “Dragonfly 2.0” poses more of a threat than ever. They were apparently behind a massive attack on the Ukraine’s electrical grid, which affected hundreds of thousands of people. The group now poses a threat to the electrical grids of Western nations.

Newsweek reports that the recent attack on HBO caused the loss of seven times more data than the Sony cyber attack, which back in 2014 gizmodo.com called possibly “the worst corporate hack in history.” The losses of data include things like employee medical records, Social Security numbers and TV show scripts.

And then there is the Equifax hack that lost personal data of 143 million people—yes, that’s a million. And the list goes on and on.

It would seem a good time to take cyber security seriously by using Trust Guard. If they’re on your side, they will scan for the more than 75,500 known vulnerabilities so any hacker-inviting weakness in your computer system can be fixed before the hackers can put you in a fix.

The name of the game is staying ahead of the bad guys, and you almost certainly can’t do that on your own. Trust Guard will also provide you with a Trust Seal for your web site so visitors can see that their personal data will be protected if they make a purchase on your site.

Don’t let your business make it on the hacking headlines; let Trust Guard worry about warding off hackers so you can focus on your business.  


Sources:
http://gizmodo.com/the-sony-pictures-hack-exposed-budgets-layoffs-and-3-1665739357/1666122168
http://www.newsweek.com/hbo-cyberattack-sony-hack-leak-game-thrones-645450
https://www.theregister.co.uk/2017/09/06/energy_sector_attacks
https://us.norton.com/internetsecurity-emerging-threats-143-million-people-exposed-in-equifax-data-breach.html?om_em_cid=hho_email_US_BLST_ACT_2017_09_databreach_Equifax

 

What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

Vulnerability Scanned Websites

vulnerabilityTo me, shopping on the Internet is the best thing to have ever happened to mankind since the invention of the internet itself.

According to a recent study, 51% of Americans prefer to shop online than in stores and 96% of American adults, at some point in their lives, have made an online purchase.

Impressive numbers don’t you think? That is why e-commerce is estimated to be growing at a rate of 23% every year.

The problem of website vulnerability has been a major concern for e-commerce websites.

Hackers are more and more prevalent – as seen this week in the huge Equifax data breach that saw the identity theft of 143 million people in the US, Canada and United Kingdom.

Vulnerability scanning involves the use of computer programs designed to assess computers, websites, networks or applications for weaknesses that can be exploited by hackers and identity thieves. These scans are used to discover the weak points or loopholes in website designs. Currently, Trust Guard scans for more than 75,575 of these security holes.  Unsafe websites is a very big problem for e-commerce owners because they require their customers to submit sensitive information to make their purchases. Imagine how useful this information would be in the hands of  identity thieves. From credit card information to mailing addresses, phone numbers, account details and photographs, it’s like giving these thieves the key to your home, bank account and your office.

Your customers worry about the safety of their personal information when they visit your website.

They worry about the vulnerability of your website. Ask yourself this, why should I save my money in a bank that has a massive hole on the side of its vault through which anyone can have free access? Your customers need to feel as safe using your website as they do at their bank. Look at things from the perspective of your customers. Why would they give their personal information to a website that isn’t safe?

As an online shopper, you should only shop on websites that have been thoroughly scanned for vulnerabilities by a reputable website protection company. Website protection companies like Trust Guard are able to completely uncover a website’s vulnerabilities and instruct the website owner how to fix them. How can you identify e-commerce websites that are free from vulnerabilities? Quite simple. You can check websites for security trust seals. Security scanned trust seals are an indication that the website you’re shopping on is safe.

We know that everything on the internet is hackable. However, it will take expertise and focus for hackers to attack a vulnerability-free website.


 

Identity TheftThis article was written by Emmanuel Ozigi, a biochemist in the making from Nigeria. In my spare time, I’m a science, health, and fitness blogger. I also specialize in graphic design and photo editing. I also have this insatiable hunger for information and the desire to learn new things. Visit my blog at http://sciencehealth24.com.

 

What is Vulnerability Scanning?

There are different types of vulnerability scanning as well as different software for each. But what is it exactly?

A vulnerability scanner is a software or an application developed to scan computers, networks, and even websites for possible security threats. It is responsible for the analysis of how strong or weak a computer’s or a server’s defenses are. By scanning, the users and technicians will know, or at least have an overview of, what threats or issues they are dealing with in terms of the security of a network, website, computer, or server.

Vulnerability ScanningIf you are to choose the right vulnerability scanner, then you first need to know the main kinds to understand your options better. There are at least two main categories I’d like to talk about.

Network Vulnerability Scanners

These scanners are often installed into one machine and are configured to access and scan multiple computers and networks. These are programmed to detect vulnerabilities of the devices, alerting the user or an IT person if there are mis-configured settings or if the treat is coming from either a pre-installed application or a user-installed application. The network vulnerability scanner works on anything that has to do with firewalls, networks, web servers, and system administration. They deal with high-profile information but not individual files since they are not installed directly onto the host.

Hosted Vulnerability Scanners

These scanners are installed on the host (the computer or system being scanned). These types of scanners take care of the low-profile information such as passwords, operating systems of the computers they were installed in, suspicious files downloaded, and file system checks.

Despite having technology to do all the job for the security of your computer, network, servers, and everything in the cloud, it is also crucial that you understand their limitations.

Vulnerability scanners are coded software that, at some point in time, may fail to do what you expect them to do. They are programmed to take snapshots of your system’s security status at a given time. It is highly recommended that users regularly scan their devices to get the most updated (if not the exact) security status of the systems and files therein. Trust Guard currently scans for 75,575 security holes. 


JonnaArticle written by Jonna Lindawan

Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Effective Protection from Identity Theft

This is the 21st century and, in case you didn’t know, a whole lot of information is stored on the internet. In this ‘digital age’ (as some like to call it), any individual or business without an online presence is deemed ‘outdated’ or ‘old-school’. 


Identity Theft
While a lot of the content on the internet may be irrelevant, some of your valuable, personally identifiable information may be stolen by online hackers and impersonators. Identity theft refers to the act of impersonating another person to access their bank account, to obtain and abuse a credit card in their victim’s name, or to tap into other personal or professional resources. 
Identity theft is a crime. It is estimated that over 15 million Americans every year are victims of identity theft.

Here are some of the most effective ways to avoid being the next victim.

Try using a Firewall: Identity thieves that do not have a direct access to your computer can also gain access to your files by hacking into your internet connection. A firewall is a software that is able to control and regulate access to your internet connection. A firewall on your computer serves as a gatekeeper for incoming or outgoing internet traffic, allowing you to decide which programs can send and receive information.

Try to Watch Out for Phishing: Phishing scams are trending now and even my email is saturated with hundreds of them. Identity thieves create and use replicas of popular websites, fake lottery entries, fake loan applications and many other ways to trick people into entering their personal information which they eventually steal. Next time you get an email to update your website account details, be sure to check the URL of the web page before entering your details.

Identity TheftAlways Try to Be Secure: An identity thief that is able to somehow gain access to your network can intercept your network traffic and maneuver his way to files and sensitive information on your computer. Regularly changing the network password for your local WiFi and the login information for your router might be the safest thing to do.

Beware of Malicious Software: What better way to gain access to files and sensitive information on your computer than to use malicious software and programs. The presence of loads of free software and cracks on the internet is a problem in disguise. Many of these free software are plagued with Trojan horses and Spyware programs that steal sensitive information from your computer and only require an internet connection to relay this back to its master without you ever knowing.

Use A Complex Password and Change it Often: The importance of this cannot be over emphasized. Use a combination of Upper case and lower case letters, numbers and characters to create the most untraceable password you can think of, and of course remember. Also, changing this password regularly is also very important. If you’ve seen the movie Mr. Robot, you’d understand why you must avoid using your personal information as your password, like your date of birth, partner’s name, or pet’s name.

Use Data Encryption Software: Okay, I can’t possibly stop you from keeping sensitive data on your computer. However, if at all these data gets stolen by identity thieves, you’ve made it all too easy for them by not having them encrypted. And in case things do get stolen, it’s not a bad idea to have a copy on a flash drive or online with Google Drive or Dropbox.

Ensure Website Protection: Whenever you register on a website that requires you to submit sensitive information such as your name, address, phone number, age, personal interests, banking details, always endeavor to check if data is submitted exclusively via an encrypted secure connection (SSL/TLS protocol). How do you check this? Simply look at your address bar and if you see ‘https://’ instead of ‘http://’ then you’ll know that your connection is secure. The “s” in the “https” means secure. 

 

Look for Security Trust Seals On Websites Before Shopping: As a seller online, trust seals are an amazing way to tell your customers that your website has been scanned by a website protection company and your business is legit and secure. As a shopper, you need to ensure that the website you’re shopping on has a trust seal displayed on their home page. If they do, check it out and determine if it is the real deal. Trust Guard is among the best trust seal providers. Trust seals can make your customers feel safer before performing transactions with you online and they have been proven to increase your online sales.


Identity TheftHi there, I’m Emmanuel Ozigi, a biochemist in the making from Nigeria. In my spare time, I’m a science, health, and fitness blogger. I also specialize in graphic design and photo editing. I also have this insatiable hunger for information and the desire to learn new things. Visit my blog at http://sciencehealth24.com.

 

Your Dog’s Name is Not a Good Password

Buster and Champ are great names for dogs. But neither of them make a good online password – especially when those are the names of your dogs!

Password Trust GuardOne of the most annoying things you’ll come across on the web is when a website forces you to create a complicated password. You’ve had to do it before—with capitals, and numbers, and special characters. You end up with something like “Beth@ny12”, which looks more like a 12-year-old’s screen name than a password. The worst part? Those passwords aren’t secure. Here’s why.

Dictionary Attacks

Brute force is usually what people think of when hacking comes to mind. That’s when hackers guess every possible combination of every letter and character. It’s a technique that’s used, but only as a last resort. Hackers start, instead, with dictionary attacks. These involve taking a very large and comprehensive list of common passwords, characters, and substitutions, and then using them to guess your password. So, yes, they’re going to guess “password”, or even “p@ssw0rd1”.

The problem, here, is that people pick passwords out of habit. The computers have been forcing us to when they make us turn “Scruffy” into “$CruFfy89”. We use short, familiar words because it’s the only way we can remember those ridiculous passwords. But that only makes them easier to guess for the dictionary attacks. Online bullies know all of the words we pick, and all the substitutions we’re going to use. And heaven forbid we forget our password. Then we just reset it to a password we already use somewhere else…which is another cardinal password sin.

Better Passwords

So how do we protect ourselves? The best option is to add more letters, preferably in the form of a random word (or words), as words are easier to remember than substitutions. If you have the option, instead of “$CruFfy89”, do a few random words, like “correcthorsebatterystaple”. You’ll get way more bang for your security buck that way. There are online password creation and storage companies like LastPass that can create and store unique passwords for you. That way, you only have to remember one password in order to access all of your accounts.

Online security should be a big deal for you! It seems like every other day we hear about another big company that got hacked. So before you give some online business your personal information and unique, non-personal password, make sure the website has a Trust Guard trust seal on it, verifying that it is secure.


Special thanks to writer Stephen Porritt.