Posts Tagged ‘fraud’

icon of blue outlined files with an orange padlock in front

How to Securely Share Your Files

Digital file-sharing is a normal part of business, but don’t let down your guard

Today you can send almost any type of file through the internet. Digital repositories to receive or send data are a standardized feature of many office-based workplaces. In each one of our pockets, there is a cloud-connected device continually backing up our files, notes, pictures and texts.

While this technology is incredibly convenient, offering a streamlined way to share personal or professional information, it can still carry a security risk. If you don’t protect your files, there is the possibility someone could access or hack your business’s personal details. In this blog, we will discuss different ways to stay safe while sharing your files.

P2P File Sharing: What Are the Risks?

Whenever you engage in peer-to-peer (P2P) file sharing, you are opening yourself to potential security risks. From difficulties in tracking what becomes of your files to the elevated threat of malware, you can’t be too careful when sharing sensitive information. Downloading files also often results in significant traffic over a network, potentially reducing the availability of select programs on your computer or access to the internet itself.

Reasonable Precautions

With the inherent risk to P2P systems, how can you protect yourself? While nothing can completely eliminate risk, there are several strategies for more securely sharing files. First and foremost, there is anti-virus software, a type of software specifically designed to recognize, sequester and eliminate threats. Keep in mind that bad actors are constantly creating new viruses, so you can’t have a set-it-and-forget-it attitude. Use due-diligence and keep your anti-virus program current to maximize the amount of security it offers.

It is possible to apply an additional level of security by adding password protection to your files. Modern software programs make this easy to implement. For instance, Microsoft Word offers a step-by-step guide for how to attach an encrypted password to your documents.

The next method is to use encryption. By encrypting your files, you will always be able to keep your folders safe. Typically, encryption is accomplished with algorithms such as ECDH. You will want to ensure that encryption is part of any file sharing service you pursue for business purposes. And luckily, there is a wealth of information out there to help you vet potential providers.

Email is another common way that files get transferred, and it is highly important to secure these electronic communications. A frequent technique of email hacking is phishing. Stay alert when exchanging emails with anyone you don’t know. There are also specific email settings to keep the attachment of an email completely protected. Finally, many anti-virus software programs will scan all your emails and check whether they are infected or not.

You Can Never Be Too Careful With it becoming ever easier for people to connect, communicate and collaborate, one can occasionally forget that safety must be prioritized to the same level as productivity and convenience. Yet there are plenty of easy steps one can take to bolster their security when sharing files. By implementing these best practices, you will fortify your data and files, and be able to safely leverage these technologies for greater business growth.

internet scamming icon

The Growing Menace of Ransomware

Ransomware attacks are on the rise. Don’t let yourself become a victim.

For anyone with a passing awareness of IT trends, ransomware is the hot topic of the day. From the Colonial Pipeline attack to the JBS Holdings attack, ransomware attacks are becoming more brazen, more destructive and more frequent. According to recent data, this cybercrime is expected to grow by a staggering 15 percent per year, until it reaches 10.5 trillion dollars in 2025.[1] For comparison’s sake, the entire GDP of the United States in 2019 was 21.43 trillion dollars.[2] 

Of course, independent title insurance agencies are much smaller than a gigantic oil pipeline system or food processing company. But that doesn’t mean they are immune from being targeted by bad actors or that they will stay under the radar of cybercriminals by default. Smaller companies are also at risk and need to take steps to protect themselves and their operations from ransomware. 

Here is what you need to know about this particularly destructive cybercrime. 

What is Ransomware?

Ransomware is a type of malware. True to its name, it blocks access to systems, devices, files or data until a ransom is paid. It’s important to note, however, that there are many different variations of ransomware. There is crypto ransomware, where malware encrypts a system’s files; wiper ransomware, where it threatens to erase files; or locker ransomware, where it blocks access to a system entirely. Ransomware also often includes communication from the criminal, a demand for financial payment – typically in the form of Bitcoin. 

How Do Ransomware Attacks Occur?

Ransomware is delivered in a variety of ways. Some of its delivery mechanisms can include malicious attachments or links sent in an email; a network intrusion; being dropped by another malware infection; or by being wormable, where it spreads laterally via flash drives or Windows shortcut (LNK) files.

Why Be Aware of Ransomware?

Ransomware is a chronic and escalating problem. Not only do attacks appear to be happening more frequently, but their impact is also growing. In 2019, for instance, ransomware tore through 750 government computers in Texas. Earlier in 2021, the Colonial Pipeline got shaken down for nearly $5 million in ransom. Also this year, the computer giant Acer was attacked, with the threat of actors demanding a $50 million payment – the largest known ransom to date.

The ransoms that follow these types of attacks are not the only losses these companies experience. Ransomware also results in significant downtime for a company, which can cause havoc for an organization’s bottom line, not to mention their brand and reputation. 

How Do You Protect Yourself?

As with many cyber initiatives, developing an effective and robust defense against ransomware requires an all-hands-on-deck approach and strong organizational buy-in. It is imperative for companies to develop, implement and enforce cybersecurity policies across all departments. Such policies should include guidance and training for how to spot malicious emails and report suspicious activity. In addition, businesses can change default passwords at network access points, routinely apply software patches to keep systems current and segment networks to make it harder for a criminal to roam across your entire digital ecosystem.  

Now is the Time for Action

With the prevalence of breaches and cyber-attacks, conducting business online can feel like the Wild West: you just never know what is going to happen. But there is truth in the adage that the best defense is a good offense.

With ransomware attacks growing in both size and scope, now is the time to take proactive, preventative action to discourage bad actors or make your enterprise more resistant to cybercrime. Nobody can eliminate the prospect of ransomware attacks. But by taking strong action before a problem arises, you will greatly reduce the possibility of being attacked and keep your operations running as smoothly as ever. 

[1] The increase in ransomware attacks during the COVID-19 pandemic may lead to a new internet (theconversation.com)

[2] United States of America – Place Explorer – Data Commons

breaking news orange

Cloudstar Outage: We’re Here to Help

AGENCY ALERT

Over the weekend, cloud-hosting and data security provider Cloudstar fell victim to a sophisticated ransomware attack. Alliant National was not impacted, however the attack has affected many agents across the country.

As a valued partner of Alliant National please know that we will make every effort to assist you and your agency if you have been impacted by this ransomware attack. During this challenging time, we are being as pro-active as possible by contacting customers and offering assistance.

Major title software vendors including Qualia, RamQuest, and SoftPro are offering hosting services to those affected by the Cloudstar attack, and there are other third-party vendors that may be able to help as well.

We have provided Alliant National forms packages to the major escrow software providers so they can be loaded quickly and easily into your environment if needed. The National Operations Center of Alliant National is on standby should you need assistance issuing individual Closing Protection Letters outside of your operating environment. We have our agency teams standing by to help you find a closing solution should you need a closing done to mitigate your reputational risk. In short, if you have a need, please reach out today to your Alliant National contact.

Please know that Alliant National will do anything possible to assist you and your agency if you are affected by this attack.

Additional information about this industry wide outage can be found here.

Blue binary code background with isometric padlocks in foreground.

Protecting Customer Data

The world is awash in data. And business owners must protect their customers.

Anyone who has been paying attention over the last couple of decades knows that data is all around us. We can’t see it. We can’t touch it. But it is everywhere, informing how we work, shop, explore and entertain ourselves. Data is also extremely valuable. Advertisers covet our data. And bad actors often weaponize it for identity theft and illicit financial schemes. 

It is imperative that business leaders protect their customers’ data. Not only is it the ethical thing to do, but it is also pragmatic. The way businesses use and protect customer data is rightly coming under increasing scrutiny. Additionally, businesses that mismanage customer data can experience significant consequences to their brand and reputation. With such high stakes, it’s important to be knowledgeable on best practices for data protection. Here are some tips to get you started. 

Conduct an Audit 

The first step toward a comprehensive and proactive approach to protecting your customer base’s data is to gain a full understanding of the various types of data your business holds. Is it social security numbers? Credit card information? Online account passwords? Real estate and title insurance professionals often deal with large amounts of sensitive data. Conduct an audit to ensure that you have a full accounting for everything you and your employees hold. 

Understand the Legal Basics 

Data protection laws vary depending on where your business is and the industry in which you work. It is wise to invest the time and resources to gain a full understanding of the basics as required by law and as they apply to your specific enterprise. For instance, most people know about the Health Insurance Portability and Accountability Act (HIPAA), the 1996 federal law that stipulates that healthcare insurance industries must protect customer health information from fraud and theft. However, other state-level laws apply to all industries. Become apprised of what is required of you by law when designing data protection policies for your business. There are ample resources online that can serve as an effective primer. 

Gain Buy-In

It’s all well and good if you want to take a proactive and fastidious approach to your customers’ data, but if you have employees, you are going to need their buy-in and compliance as well. If a chain is only as strong as its weakest link, then a business can only take a comprehensive approach to data security if it treats it as an organizational priority rather than a siloed effort. 

If Possible, Throw it Out 

Only keep data you need. Schedule routine reviews of the customer data you are holding and have a process in place to decide when you can safely dispose of it. Considering that you have an ethical and often legal obligation to safeguard customer data, this can be a great strategy for limiting your company’s exposure. 

Do What You Can

Protecting customer data can be an expensive and time-consuming effort. In fact, major corporations often spend millions of dollars to secure this information. You may not have access to such resources. However, there are still practical steps you can take to operate a more data-secure shop.

Consider, for instance, limiting employee access to data, only giving them as much information as they need to effectively do their jobs. Be sure to also have a process in place for properly destroying and disposing of both physical and cyber versions of customer data. Lastly, you could even consider looking into a designated server for your most sensitive data. While using a shared server might be more economical, it carries a security risk. 

Go the Extra Mile

We know that running a title agency is no easy matter. Time is always tight, resources thin, and sometimes it can feel as if taking on a new initiative will be the straw that breaks the proverbial camel’s back. Still, it’s important to remember that customers are worth the effort. As title professionals, our customers entrust us with some of their most sensitive data, and we must do our best to protect it.

a businessman point at an email with the word "now" in the foreground in red.

Beware CEO Fraud

You just received an unusual email from your boss. Better answer it, right? Not so fast.

As an internet user, you likely have some awareness of cyberattacks, and chances are, you may have already been impacted by a cyberattack in one form or another. This is particularly likely considering some of the massive data breaches that have affected large companies over the past few years.

One cyberattack you may be less familiar with, however, is called CEO fraud. CEO fraud is a targeted type of email attack where the scammer poses as the boss and tricks an employee into taking a detrimental action. CEO fraud can affect any type of business, from a large corporation to a small agency. Essentially, if you have a job or work for a company that is larger than just yourself, you are vulnerable to this type of malicious behavior. Here’s how you can be prepared to stop CEO fraud and avoid jeopardizing your company.

The Internet Weaponized

Let’s say you work for a small title agency. There are only a few employees in addition to you and the CEO. A cyber attacker will use the internet to research who your boss is and then create an email pretending to be them. What makes these types of emails especially dangerous is that they don’t contain any malicious links or infected attachments that your average email filtering software will catch. Instead, they appear like your average, ordinary email. 

A Fraudulent Sense of Urgency

One of the most defining features of a fraudulent email is urgency. They will urge you to take a specific action right away. These requests are often fiduciary, like handling an invoice, changing payment information, or instructing you to send documents that contain sensitive information.

Two Different Scams

It’s important to take a more granular look into how these scams often work. The first way is wire fraud, a particularly pertinent subject for anyone working in the field of real estate or title insurance. When a cybercriminal is attempting to pull off a scam like this, they will usually spend time identifying those who handle accounts payable and then send them an email pretending to be their boss. The email will direct them to change something about an upcoming money transfer, typically the account where the money will eventually go.

The second way this scam occurs is in the form of tax fraud. In this instance, a similar process will play out, where the criminal will again send someone within your business or organization a fraudulent email pretending to be a superior. The difference this time, however, is that the email will urgently instruct its recipient to send employee tax documents, sensitive information that could be extremely damaging if it fell into the wrong hands.

Stay Vigilant and Stay Safe

Faced with the possibility of such threats, what can an average worker do to practice due diligence and protect themselves or their company from becoming victimized? Most of the time, exercising common sense will be sufficient. But there are also some common signs that can alert you to an email not being on the up-and-up.

Fraudulent emails will almost always be short, with the message consisting of only a few lines of text. They will also mention that the email was sent from a mobile device. They will include instructions that run contrary to your business’s policies, basically conveying that you should ignore standard procedure for the sake of urgency. The actual email address that the message was sent from will also be a dead giveaway. Be on the lookout for any email ending with a common domain name like “@gmail.com” or “@yahoo.com” instead of your company’s email domain name. If you’re in charge at your organization, encourage your employees to give you a call to double check any emailed request from you that may seem out of the ordinary. Practicing these easy steps will go a long way toward helping avoid any potentially dicey situations. Even better, they will alleviate unnecessary stress and let you focus on far more important professional priorities.

Let’s Connect

Discover more stories and conversations on our social media networks,
or drop us a line on our contact page.


The Independent Underwriter for
the Independent AgentSM