wifi spoofing (AKA “evil twin”; “man-in-the-middle”): Just as fake as your favorite late show parody, but day and night when it comes to comic relief. A technique used by cyber criminals to trick internet users into trusting bogus wireless networks, WiFi spoofing is no laughing matter. In an attempt to lead the unsuspecting down a path ending in compromised personal data, WiFi spoofing preys on users’ trust, tantalizes with convenience, and relies on our distraction. When traveling, the risk can’t be overstated, with an estimated 89% of global hotspots reported as unsecure. With the help of apps and online tutorials, it’s relatively easy for the average computer literate person to spoof. The resulting reach is broad, and it’s been used to fool folks for years. So while we all love the thought of free WiFi, the fraud and theft that could tag along should make us think twice. How to skip out on the spoof? Check—double and triple—that the network you’re joining is legit, and avoid password-free WiFi. Encryption is key to a secure connection, so always look for “https” in the address bar. And be sure the settings on your device don’t give it free reign to connect at will to any available network. With a few tips under your belt and eyes wide open, you won’t let cyber criminals have the last laugh.
pci compliance: Don’t let the snore-bore of a name fool you: PCI compliance standards could be your company’s lifeline, packing a solid punch in fighting cybercrime, protecting data security. A set of requirements designed to ensure that ALL companies that “process, store or transmit credit card information” are ardently working to protect said data, PCI compliance is a must. Setting standards and covering tails, PCI compliance opens the door to insurance coverage for really important things, like, say, data breaches. Not only does PCI compliance aim to keep your clients safe and you in the clear, it also keeps hard-earned funds from being thrown away on legal fees, fines and penalties. But PCI compliance is more than “just good business”— it’s a way to show clients some love, proving that you value the trust they’ve placed in your company.
whaling attack: Not your momma’s attempt at lesson teaching, this maritime-inspired techie homophone will catch decision-makers by the worst surprise. Targeting C-suite and high-level end users, sneaky cybercriminals use carefully crafted emails to reel in a company’s “big phish,” gaining insider access to company jewels. An offshoot of the well-known “phishing” attack, whaling is insidious and calculated deceit, with the end goal of exploiting business leaders’ personal devices. And unless execs know what to look for, they can easily be duped. This is no casual spam scam—attackers research correct titles, company information, even personal details in an effort to sound legit. Social media can play a huge part in the harvest, and along with being judicious in detail sharing, experts recommend quizzes and social pen-testing to expose vulnerabilities. Those in the know also predict that in the coming year, execs will need to be ever more vigilant if they hope to evade the hunters. Sounds like it’s time to drop anchor and chart a new course—toward protection.