Posts

Emotet malware strikes in a cyber attack

UHS Cyber Attack and the Rise of Ransomware

The major hospital and health care network Universal Health System was hit by potentially the largest cyberattack in U.S. history so far.

The computer infrastructure of Universal Health Systems (UHS) showed signs of failure on Sunday morning throughout the United Kingdom, Puerto Rico and the United States. The attack took down UHS’ network cross the United States. As the situation worsened patients have been moved to different rooms and facilities. Appointments and test results were also delayed as a consequence of the attack.

The attack encouraged one the UHS hospitals to move towards an all paper filing system, according to some individuals familiar with the situation. UHS operates more than 400 hospitals and facilities with over 90,000 employees.

The fortune 500 company said that there was no evidence that patient or employee had been misused, stolen or copied. Bleeping Computers, the online publication that first reported on the attack, spoke to employees who determined the ransomware attack had the tell-tale signs of the Ryuk virus.

What is Ryuk Ransomware?

Justin Heard, Director of Security, Intelligence and Analytics at Nuspire, noted that up until recently, Ryuk was used solely to target financial services, but over the last several months Ryuk has been seen targeting manufacturing, oil and gas, and now healthcare.

Ryuk is a type of ransomware that uses encryptions to cut off access to systems, files, and devices until the victim pays ransom. The ransomware is placed in a system by other types of malware.

The most common is TrickBot, however Ryuk can also gain access through Remote Desktop Service.

The Ryuk ransomware takes payments through Bitcoin and instructs victims to deposit the money in a particular Bitcoin wallet. The demand is usually between $100,000-$500,000 in Bitcoin depending on the conversion price of the cryptocurrency.

Once installed, the Ryuk malware spreads through the network infecting as many servers as it can.

The Ryuk Attack

An employee told Bleeping Computer that, during the cyberattack, files were being renamed to include the .ryk extension. This extension is used by the Ryuk ransomware, reports BleepingComputer. “Another UHS employee told us that one of the impacted computers’ screens changed to display a ransom note reading “Shadow of the Universe,” a similar phrase to that appearing at the bottom of Ryuk ransom notes. Based on information shared with BleepingComputer by Advanced Intel’s Vitali Kremez, the attack on UHS’ system likely started via a phishing attack,” BleepingComputer says.

An employee of UHS told Bleeping Computer that files were being renamed to include the .ryk extension as the cyber-attack took place. Based on information provided to Bleeping Computers the attack on UHS’ system began as a phishing attack.

Many health care workers posted notes about the situation at various Universal Health facilities in a Reddit thread. One in Florida noted that it was “a hot mess in the ER today.” Ambulances with heart patients were being diverted because the facility’s catheterization lab was down, the person posted.

Another nurse in a facility in North Dakota said computers slowed down and then didn’t turn on Sunday morning.

Ransomware & Medical Facilities

Hospitals are high valued targets for cyber attackers because they hold incredibly valuable personal information that can be sold on the dark web or used as leverage for a ransom payment.
A ransomware bug called WannaCry was used in 2017 to target Microsoft Window’s operating system at the time. It spread through an exploit named EternalBlue and reached the U.K.’s National Health System.

The WannaCry ransomware impacted 80 medical facilities although there were no reported deaths as a result.

Hospitals are the perfect target for threat actors because they rely on critical and immediate care to assist patients in need. That means solutions and treatment are time sensitive and dependent on drug history and other medical information to proceed. Without this information patients can suffer or die. This makes hospitals likelier to pay a ransom instead of risking lives by delaying.

Ransomware and other Businesses

Hospitals are not the only industries suffering from malware. We’ve covered cases of schools, businesses and entire cities being impacted by ransomware attacks.

In October, 2019 the technology company Pitney Bowes, was attacked by malicious ransomware. Its shipping and mailing services were compromised and disrupted client access to their services.
Ransomware is a growing problem as over 140 attacks were reported in 2019 targeting state and local governments as well as health care providers like UHS.

As we’ve shown, hospitals and the health services industry are prime targets but are not the only targets. For this reason many businesses are adopting Managed IT services to help deal with this rise in cybercrime.

Emotet Malware

In July 2020 there was a rise in Emotet malspam campaigns. Emotet is a banking malware that infects systems to try and steal sensitive financial information.

The Emotet Malware was first identified in 2014. It was originally just a banking malware. However, later versions were designed to include spamming and malware delivery services. This made it more dangerous and easier to spread.

These campaigns infected victims with Trickbot and Qbot malware. If you’ve been paying attention, you’ll recognize TrickBot malware from earlier.

Emotet is a Trojan that spreads mainly through spam emails. These malicious emails might take on the disguise of legitimate emails. As a result they often persuade users to click on a link or button.
That’s how most likely how the UHS attack took place. As we’ve seen with Emotet, these ransomware attacks only get more sophisticated and more popular as their success rate increases.
Ransomware has become the most popular form of attack growing 350 percent since 2018. What’s more, ransomware from phishing emails like Emotet have increased by 109 percent since 2017.

What should be Done?

There are researchers that are calling for a ban on paying ransomware. However, that recommendation is controversial and not mainstream. They argue that refusing to pay ransomware reduces any incentive a hacker might have and will reduce the rise of malware hacks.

This solution doesn’t address the fact that hackers who gain access to company data can still use it.  Cyber attackers can sell it on the black market, or continue to freeze should the ransom remain unpaid.

The only real solution so far is to educate and train employees as much as possible to avoid malicious or fraudulent email scams.  IT services companies often play a role in educating their clients on these matters but it falls on the business to teach personnel of the risks.  IT consulting can benefit many smaller and medium sized companies who aren’t equipped with the appropriate tools needed to combat these threats.

Even the most dedicated cyber security team with the most sophisticated digital tools will mean nothing if an employee opens the wrong email, clicking on an infected link. Companies that don’t dedicate the time to training their employees turn them into liabilities and the more vulnerable your employees, the more vulnerable the company.

cyber hacker breaches the security of thousands of Canadian CPA firms

CPA Canada Breach Exposes Over 300,000 People

Data Breach in CPA Canada

A breach of CPA Canada exposed the personal data of over 300,000 Canadian accountants and stakeholders.

According to existing reports, the information pertained to the distribution of CPA Magazine. CPA Canada said credit card numbers and passwords were encrypted and not among the exposed data. The cyber criminals accessed CPA Canada members’ contact information on the organization’s website.

Approximately 329,000 individuals were notified of the breach and warned of possible attacks in the future.

It warned members to stay vigilant of possible phishing emails, texts or phone calls that may come as a result of the attack.

Taking Secure Steps

Members of CPA Canada will have to check their emails frequently and be careful not to open any attachments from unsolicited messages.

CPA Canada took steps to secure its systems to secure their site, however the breach could have happened months earlier. As is the case with many breaches, it’s difficult to pinpoint when exactly a breach happens.

The association ties the incident to an alert issued in April about a phishing campaign that requested users to change their CPA Canada password due to a website breach. This is a common way cyber attackers gain access to information.

A similar breach occurred after the launch of Disney Plus. Experts say that hackers sent fraudulent emails asking users to “verify” their passwords so they could be saved and sold on the dark web.

They explain that the emails originated from the IT department where the victim was employed. The emails indicates that the IT department suspected a security issue with the domain cpacanada.ca.

This is Nothing New For CPA’s

Unfortunately, this type of event is too common for accounting firms. In April 2020, the IRS issued warnings to taxpayers and firms to be aware of phishing scams involving the stimulus checks from the CARES Act.

Cyber security experts advise accountants to take even greater care of their data especially when working remotely.

Forcing digitalization has left many firms more vulnerable to attacks than ever. The usual types of phishing attacks are all present only now they’re more frequent. Hackers know that firms that had issues shifting to a remote environment left many digital vulnerabilities exposed.

The IRS itself had struggled with enabling employees to work remotely. Changes to internal systems and readjustments made for enabling remote access leaves gaps for attackers firms might not otherwise have.

Some Firms are More Vulnerable Than Others

CPA Canada reports that all activities are normal for now, but things could have turned out much worse. Accounting firms that neglect their cybersecurity can quickly become the victims of hackers. The moment attackers gain access, they encrypt and freeze data until your firm pays their fee.

Larger firms are safer because they perform frequent audits and have security consultants ready in hand. However, smaller firms might not have the resources and cyber security skills necessary to protect themselves.

These firms still deal with sensitive financial information so they become preferred targets by hackers. It’s much easier for a hacker to attack several small firms than one larger one.

Conversely, firms experience attacks caused by spiteful or careless employees. Performing regular backups is better than doing nothing but there is no guarantee the hacker won’t just keep your data hostage. Paying the ransom doesn’t guarantee an end to the attack either.

How Do you Prepare Against Phishing Attacks?

The best way to prepare for an attack is to do incremental backups and consistently testing those backups. Backups are useless if you can’t restore your systems should something happen.

Working Remotely Adds New Risks

Now that CPA firms are working remotely, they might not have the same resources or security measures they would have in an office setting. Firm employees typically access applications through their secured office desktops. Accessing these same applications on a personal device could mean they are easier to breach even with a VPN.

IF a CPA failed to assess the security measures needed to function remotely it can leave the doors open to a cyber attack that breaches systems quickly.

Compliance is Key

A way smaller firms can avoid scenarios like the one mentioned above is by applying best practices when it comes to IT security. Even if you are a smaller firm with limited IT personnel, there are Managed IT services providers that can supply you with the needed boost in security.

How? By doing what the larger firms are doing, applying best practices to all of your systems. A CPA has to follow strict compliance regulations in order to operate. SOX and FINRA regulations, for example, require regular audits that demonstrate sensitive financial data is kept safe.

The added benefit achieving compliance is that it requires a secure IT infrastructure. By auditing and verifying compliance firm are also checking for cyber vulnerabilities.

Cyber criminals have learned that companies are increasingly more difficult to infiltrate by directly breaking through their security systems. That is why they rely on phishing attacks to go around this problem.

Phishing Attacks Still Happen Because They Still Work

In the case of CPA Canada a phishing scam exposed valuable information. Phishing scams are still the most popular form of cyber attack today. That is because it doesn’t target a network, it targets the user.

Phishing is all about manipulating the target into performing an action. It can be downloading an infected attachment or clicking on a malicious link.

With phishing scams, hackers don’t have to worry about the strength of a firm’s network because no matter how strong the network, it’s only as strong as its most gullible employee.

It can be even worse when added to a remote environment. Having a dedicated team of IT experts available 24/7 improves an employee’s chances of avoiding a phishing attack altogether.

Nerds Support has comprehensive IT solutions that allow our technicians to flag and monitor potential email scams. However, the safest action to take if you have a limited IT team is to send suspicious emails over to your IT department rather than opening them yourself.

CPA Canada has contacted the Canadian Anti-Fraud Center and private authorities to conduct a proper investigation. Only time will tell the ramifications of this breach and how vulnerable those affected really are.

Top Security Tips for Safe Emailing

Not a day goes by without another phishing scam hitting the news. For many of us, these are just headlines. For the organizations and individuals affected however, a phishing attack can be disastrous. Phishing emails are increasing in frequency, sophistication and severity. How can you best stay protected?

Email threats

Criminals have realized that in order to steal money or information, you don’t need to rob a bank. A simple email will do the job just fine. Phishing emails have been used to steal huge amounts of money ($12 billion according to the FBI) and are responsible for countless data breaches, credential theft, ransomware attacks and other types of malware deployment.

What’s more, thanks to criminal activity on the Dark Web, it’s not only credit card details that are for sale – now full phishing kits are available, starting at around $25.

Most email threats fall into the following categories:

  • Simple scams
  • Phishing emails
  • Fraudulent emails

Simple scams: these range from the classic “you’ve won a competition” to “we’ve been recording you on your web cam” or “your account’s been compromised”. Generally, these are pretty harmless and easy to spot. They rely on emotions such as fear to trick a user into taking action.

Phishing emails: these are emails that purport to be from legitimate senders, yet are cleverly disguised fakes. They range from sophisticated Business Email Compromise (“BEC”) emails – where a fraudster targets someone specific in an organization pretending to be the CEO, for example – to more general emails pretending to be from Microsoft, Netflix, or any other well known organization.

These emails either get you to click a link or download a file – deploying malware onto your system – or direct a user to a fake website where they enter sensitive information.

Fraudulent emails: a subset of phishing emails, these emails target companies pretending to be from suppliers whose banking details have changed. Money is paid into the new account, and the fraudster rides off into the sunset.

Next, we’ll look at what exactly to look out for so that you don’t fall for any of these.

What to look out for

Here are the most important things to look for when checking if an email is legit:

Sender: start by looking carefully at the sender’s address. Not just who they say they are – but the actual address that the email is coming from. Check for any additional or missing letters (“@microsofts.com”), or even non-English characters that can be used to spoof well-known addresses. A common trick is the use of subdomains – don’t be confused by amazon.xyz.com.

Content: look out for anything that’s made to look urgent. Is the message addressed to you, or is it generic, like “Dear Sir” Mouse-over the links. Do they lead to the real company’s website? Asses what action the email is asking for: anything that requires you to “confirm your account” or “update your payment details” should be met with suspicion.

Be wary of any email that mentions voicemails that are waiting for you, or subscription details that need to be updated.

Advanced – header information: most popular email clients – including Gmail and Microsoft Outlook – let you see the original header information (in Outlook: File / Properties / Internet Headers). For more advanced users, going through these headers can give immediate clues as to whether an email is legitimate.

An important note: when it comes to emails, almost anything can be faked. When it comes to email phishing protection, a specific anti-phishing product is the best way to identify and stop phishing attacks. It’s also really important to stay aware, use a healthy dose of skepticism, and where possible confirm details with a phone call.

Staying Email Safe

By protecting your email, you’re taking a massive step in terms of keeping your entire organization protected against cyber threats.

A winning combination combines awareness, training, and tech-based solutions working together to keep you safe.

If you want to find out more about keeping your organization protected against cyber threats, don’t hesitate to get in touch.

South Florida Law Firms Ransomware Data Breach

Ransomeware Attack in Coral Gables, Florida Puts Law Firms at Risk

Cyber Attack in Coral Gables, Fl

The Coral Gables-based company TrialWorks, a software company that manages electronic records for thousands of law firms in the US, was subject to a ransomware attack. Digital legal documents were held hostage in a classic ransomware attack.

Last Thursday, one of the law firms who’s information is kept by TrialWorks, was forced to request more timed to meet a filing deadline in an important case in federal court because it could not access its documents.

How did it Happen?

TrialWorks alerted its customers about the breach and stated it was caused by a Microsoft service outage affecting Outlook desktop and mobile apps, according to court records.

Software management services like TrialWorks continue to grow as law firms look to store their abundance of electronic documents in a host facility. This part of a larger trend of digital transformation.  In other words, the cloud. And as industries move their files and digital information to the cloud, security becomes essential against cyber threats. Government facilities throughout Florida have already suffered from cyber-attacks involving ransomware. Banks have experienced breaches as well.

Cloud computing is the natural progression of software technology. The old client-server model of getting physical disks and installing software on local servers was the only viable solution for the better part of two decades. Now industries are looking to cloud technology for a more practical approach to data storage.

TrialWorks alerted the law firms and attorneys that use its case management services that they could not access their electronically stored documents while they were resolving the breach issue. This created a more issues as TrialWorks informed customers that it had a high ticket volume and response times would be delayed.

The company merged with another company, Needles and expanded greatly. Law firms using Trialworks suffered significantly. Attorneys working cases couldn’t access the necessary files and creates set-backs that impact TrialWorks and all of their clients.

Data Breaches & Cyber Attacks

Data breaches, social engineering and ransomware attacks are devastating and are, unfortunately, underestimated by small and medium sized businesses. One of TrialWorks’ clients was a small firm of nine lawyers working on a civil litigation case. The TrialWorks breached slowed down their work. Their deadline issue was resolved, however, they have until November 14 to respond to a dispute over the testimony of an expert witness. This response requires access to critical documents in the case.

What happened at TrialWorks is not specific to them. In the month of September of 2019 alone there were 75 data breaches and a total of 531,596,111 breached records. This number is significantly less than August, which had 95 incidents total. However, there was an overall increase of 363% in terms of records breached.

A data breach happens when a cybercriminal successfully infiltrates data sources and extracts sensitive information. The more valuable the information, the likelier an organization is to become a target. The healthcare industry, for example, is often targeted. In fact, the medical industry is the top industries for cyberattacks. However, there are a number of other industries also vulnerable to attack.

The most targeted sectors for cyberattacks are the following:
1. Healthcare
2. Retail
3. Financial Services & Insurance
4. Public Administration
5. Information
6. Professional/Scientific
7. Education
8. Manufacturing

Among these, the top three are Healthcare, Retail and Financial Services. These verticals are where average consumers, clients and patients expose their most sensitive information.

South Florida Law Firms Ransomware Data Breach Statistics

Healthcare

In healthcare, hospitals house a lot of private data. A patient’s medical record, social security, insurance provider, and medication are all valuable to a hacker.

Retail

Retailers are lucrative because of the swipe and go payment machines and the high amount of transactions make credit card or debit card information accessible to cybercriminals through various methods like skimming. Skimming is a means to get card data by creating a duplicate payment cards and re-using the copies.

Financial Services

It’s well known that over 25 percent of all malware attacks target the financial sector. Cyber criminals target financial services companies by implementing Trojan viruses to steal banking information and download data. One of the most famous examples of this was the Equifax data breach. The company’s estimated to lose over $600 million because of it. Furthermore, companies in the financial services industry are paying more to secure infrastructures and protect critical data from theft. That is why financial cloud computing is becoming popular in the industry. Cloud accounting technology is also on the rise.  However, criminals are still motivated to commit cyber crime due to the low risk, high reward nature of cyber-attacks.

Not Your Average Theft

Unlike a physical robbery, it isn’t immediately apparent when you’ve experienced a data breach. It can take weeks, months or, in some cases, years before a breach is discovered. Hackers use this to their advantage, targeting the weaknesses within regulatory guidelines. That’s why it’s important not to take any compliance risks.

These cyber breaches are becoming more dangerous and harder to detect. A financial company’s IT infrastructure is not enough anymore. Organizations are adopting a more proactive approach by employing advanced cyber security software, multi-factor authentication and expert security response professionals layered on top of efficient cloud technology. As a result, financial cloud providers not only anticipate attacks as early as possible, but train financial services firms to assist in their own protection.

The breach in TrialWorks is a perfect anecdote to what can happen to any firm in a number or industries.  When you experience a breach, your company loses credibility, clients, resources and has to deal with all the ramifications of the breach itself. There are long, extensive investigations into the nature of the breach, potential lawsuits and compliance related hassles that can stagnate if not completely ruin a financial firm regardless of size.

For more blogs on cyber security news, fintech, the cloud and more visit our website.

DoorDash Gets Data Dashed After Breach

DoorDash Data Breach

The food delivery company DoorDash was compromised on May 4th 2019. The company said the data breach exposed the data of 4.9 million users, delivery workers and merchants. Fortunately, users who made accounts after April 5, 2018 were not affected by the breach. However, the breach exposed names, phone numbers, order histories, email addresses, and password information.  DoorDash said the breach happened through a third-party service. If it can happen to them it can happen to anybody and too often, it does.

DoorDash said in light of the hack, it took additional security steps to secure user data. It added security layers around the data and brought in outside consultants and experts to further identify and repel potential threats.

The company also said hackers obtained the last four digits of users’ credit card information. The customers’ full card numbers were not obtained, nor were the card verification values (CVV). The hackers also managed to steal the driver’s license numbers of about 100,000 delivery workers.

Hashing

DoorDash uses a method of encrypting data called Hashing. Hashing is taking a way of representing data in the form of a series of symbols. Moreover, it allows you to take an input, say a password, of any length and turn it into a string of characters that turn out to be the same length.

There are algorithms, like SHA1 and SHA256, that do this for you and generate unique hashes. They will take a name like Thomas Johnson and turn it into something that resembles “aeb4048c96b086739900f4f4144cd1f5”. The good thing about these hashing algorithms is that there’s no way of reversing the process. If someone had access to the hash, they couldn’t reverse engineer the name. At least in theory.

Brute Force-Attacks

There is are some methods of getting the non-hashed password or information hackers often exploit, sometimes quite successfully. One of these methods is called a brute force attack or a dictionary attack. The hackers take a long list of passwords and run it through the appropriate algorithm. Then the hacker looks at the hash they wish to recover and look for it in the list of hashes. Like looking for a number in the phone book when all you have is a name. If they find a hash in the list that matches the one they have, they simply look at the plain text version on their list.

If you couldn’t tell, this is a very intensive process. However, experienced hackers will use huge word lists and run them through their systems. These systems can analyze passwords in a matter of seconds.

Hash Collision

Hash collisions happen when two sets of data correspond to the same hash. This is very rare but useful. The hacker would be able to use a series of characters to access your account since it generates the same hash as your password.

Doordash assured its users and the cyber community that the hashing routine used salt to increase its complexity. No, not actual salt. “Salt” in cryptography simply means adding random data to the input (the password going into the algorithm)  so the hash is unique. This decreases the chances of a brute force attack or a hash collision.

Adding Salt to a Hash

Hashing isn’t full proof. It’s very deterministic, meaning a certain input will always give you the same output. Thomas Johnson as an input will always produce the same hash. So, if two people coincidentally use the same input for a password, they will both generate the same hash.

Adding salt to a hash means you take a random variable of a specific length and add it to the input. So, even if the input itself isn’t unique, the variable makes the hash unique. Metaphorically adding salt gives the hash a more distinctive flavor.

Despite the fact DoorDash took these extra precautions to encrypt their users passwords, experts suggest that any user affected by the breach should change their passwords to something as complex and secure as possible.

It’s Common

Unfortunately,  data breaches like the one in DoorDash occur fairly often. The more sensitive the information the more lucrative the hack will seem to a cybercriminal. That’s why the healthcare, accounting and financial services industry are often targets of cyber-attacks. 71 percent of breaches in 2019 were financially motivated, meaning hackers are looking to get information they can use to enrich themselves. Then, company that regularly deals with clients’ financial information would be a prime target. Doordash has credit card information to facilitate purchases but accountants and financial advisers have much more specific information.

That’s why managed IT for Finance and accounting is so important. Companies take their IT infrastructure for granted, often times, because they see it as an extra expense not a necessity. However, security is an expectation not a luxury. Providing managed IT for accounting and fiance is mostly about planning with compliance and security in mind.

That’s why agencies regulate these types of companies . Many compliance laws force industries like fiance and accounting to maintain high levels of security. That way, financial information isn’t compromised. Yes a thief is blamed for a robbery, but if the bank has poor security and didn’t install security cameras to cut costs, the bank is just as much to blame. This metaphor might simplify things a bit too much, but sadly that is the case for many industries. They don’t invest in newer cyber security because they’re too small to get attacked. Other times companies will think the security measures they take are good enough.

Small Sized Businesses are More at Risk

If a business owner reads this article and thinks to themselves, “I’m not Doordash, I run a small accounting firm,” they’re sadly mistaken. As a matter of fact, 43 percent of data breaches in 2019 targeted small businesses. People only take notice of the breaches occurring in large companies like Doordash and Capital One because those make interesting news articles and blogs. More often, it’s the smaller companies that suffer the greatest losses. 60 percent of small companies go out of business within six months to a year of a cyberattack. This is a number taken from the U.S. National Cyber Security Alliance.

Most of these breaches occur because a low level employee does something wrong. They open an email that contains malware, they don’t secure their passwords, they expose valuable information on social media, they are victims of an elaborate phishing scam. Nerds Support works as a financial cloud provider giving extensive training, security protocols, policies and procedures within the company.

Now, notice how they published a blog regarding the incident. They didn’t have to do this. DoorDash could’ve gone to the press but they knew it was important to retain a sense of confidence in the company. The company needed to tell as many people as possible that everything was taken care of. That’s obviously because perception builds trust and trust is the currency that builds companies.

A Data-Breach in Trust

If a breach occurs it’s highly likely that confidence in the companies ability to secure sensitive data will decrease. Restaurants have gone out of business because a customer found insects or filth in their foods. Companies fail more often from a decline in trust than anything else.

Nerd Support provides FINRA approved cloud storage to financial firms because keeping with industry compliance creates a safer digital environment for both the company and its clients. If someone is looking for a firm and sees it’s following all regulatory and security standards, then it’s a subconscious relief that builds confidence in the firm.
That being said, IT solutions for finance differ from the solutions other companies need, but all industries are regulated to some degree.

What can you do to Avoid a Breach?

Create a business continuity plan. This will mitigate the impact of a breach and ensure your business survives and recovers. DoorDash has one, which is why it immediately took steps to bounce back from the attack. The company added new security measures to their systems, hired outside consultants, and took to social media to update everyone on the status of the company. There is no doubt the company discussed all of this at some point in it’s history.

This was a swift and comprehensive move on DoorDash’s part because they knew the longer it takes to act after a disaster the bigger the losses.

Delete all emails, links online posts that you suspect might lead to a virus or data-breach. These are how many cybercriminals steal information.

Update and secure all software. This is often overlooked but it can be one of the best defenses against malware and viruses.

Encrypt sensitive data. Like DoorDash, encrypting sensitive data will make access to it difficult at worst and nearly impossible at best. Encrypting data is just converting data into another form.  Like hashing a password by turning it into a series of numbers and letters. Nerds Support encrypt its partner’s data and store it in a highly secure data center. We focus more on software encryption but you can also encrypt hardware.

DoorDash is just an example of what can befall any company in today’s world. Companies experience hacks, data  leaks, and personal data’s constantly stolen. The threat is more visible to the public now as larger companies fall victim to attacks. Cyber-crime is the world’s highest paying business, estimated in the trillions of dollars.

Business owners need to take action. If they don’t do anything, they’re just waiting to be next