Why Business Email Compromise is the Cyber Criminal’s Most Devastating Weapon

business email compromise

You’ve probably heard stories like this one before: A person in a business is supposed to send a wire transfer to another business. They receive an email at the last minute, often with a panicked tone, making an urgent request – their primary bank account is unavailable, so the money will need to be sent to a different bank.

The email is from a recognized email address. It looks like their emails (with all the right typos and grammatical mistakes), and even “sounds” like them. The panicked tone and urgent demand put the reader into emergency mode – changes will have to be made quickly to get this transfer done on time. Both management and the receiving company will likely appreciate the hard work.

The money is sent, but later that day a representative from the other company calls asking about the money. It was never received. Because the new wiring instructions caused the funds to be sent to an account controlled by a hacker. And absent a miracle, it’s gone.

The email looked right. It even felt right. But it wasn’t. It was sent by a hacker. It was the result of a Business Email Compromise.

In this episode, we discuss:

  • What is a Business Email Compromise;
  • What can a hacker who gains access to a business email account do with it;
  • Why BEC scams have become so common and so lucrative; and
  • How can you protect yourself against these insidious, relentless attacks?

For more information, resources, and a full transcript of this episode, check out the original post.

The Best Multi-Factor Authentication Setup to Immediately Improve Your Security [Podcast]

multi-factor authentication

Proving who you are is the primary goal of most cybersecurity systems. The best way to accomplish that task is through Multi-Factor Authentication.

The primary purpose of cybersecurity systems is to protect data from those who are not authorized to get it. Therefore, the very first thing any cybersecurity system does is make sure that you are who you say you are.

The authentication process has evolved over time, from basic login information to complex passwords, and now includes authentication apps and biometrics. However, to best protect your authentication system, it’s important to rely on more than one method.

Multi-Factor Authentication takes advantage of different methods of authentication to limit the likelihood that a bad actor can penetrate your systems. Some systems are better than others, though. How does your process measure up?

In this episode, we discuss:

  • The three types of authentication that Multi-Factor Authentication relies on – something you know, something you have, and something you are;
  • What types of authentication are presently available to use, and which categories they fall under;
  • Which authentication methods are more secure than others; and
  • Where multi-factor authentication, while important, is not sufficient alone to protect you from cyber threats.

For more information, resources, and a complete transcript of this episode, check out the original post.

3 API Best Practices You Need to Start Using Immediately

api best practices

In today’s fast-paced digital landscape, APIs have become the backbone of software integration and innovation. With an ever-increasing reliance on APIs, the need for robust security measures and the use of API Best Practices has never been more critical. As T-Mobile demonstrated recently, the breach of an API can be catastrophic – 37 million users’ data… gone!

In this episode, we discuss essential strategies and techniques to help you build a solid foundation for secure API development. You’ll learn about key principles like the importance of authentication, authorization, and ensuring data privacy in every API interaction.

3 API Best Practices

First, we discuss how to limit a threat actor’s access to your system before they even have the chance to breach your defenses. If cybercriminals are unable to even find the API, you have negated their ability to use it as a tool against you.

Next, we explore how to protect sensitive data transmitted through APIs, emphasizing the need for encryption, both in transit and at rest. We discuss the benefits of using SSL/TLS encryption and offer practical tips for managing and rotating your API keys to prevent security vulnerabilities.

Finally, we touch upon the topic of rate limiting and logging, and their crucial role in maintaining API security. You’ll discover how rate limiting can protect your APIs from DDoS attacks and prevent abuse, while ensuring optimal performance and availability for legitimate users, and how proper logging will keep you apprised of improper use.

This podcast episode is a must-listen for developers, IT professionals, and anyone involved in creating or managing APIs. Don’t miss this opportunity to enhance your understanding of API security best practices and build a more secure foundation for your digital endeavors. Tune in now and stay ahead of the curve in the ever-evolving world of API security!

For more information, resources, and a full transcript of this episode, check out the original post.

APIs – A Powerful, Versatile Tool and Your Achilles Heel, All in One


T-Mobile recently announced that hackers had breached their systems and stolen the records of 37 million customers. While the records apparently didn’t include financial information, enough personal information was taken to create significant risks for the victims.

How did the hackers gain access to T-Mobile’s data? They were able to get in by exploiting T-Mobile’s Application Program Interface, or API. APIs are everywhere, and you use them all the time. They’re incredibly popular among software development companies, and they’re incredibly useful.

They’re also very popular with hackers, with API exploits increasing by over 600% in the past year. So, you really need to know about APIs, particularly why they are so popular, and how they can be secured.

In this episode, we discuss:

  • How APIs connect different programs and applications;
  • The different types of APIs that you are most likely to interact with;
  • The reasons that APIs are so popular among programmers and software developers; and
  • The reasons APIs commonly contain major vulnerabilities that make them such a popular target for hackers.

For more information, resources, and a full transcript of this episode, please check out the original post.

The Best Cloud Backup for Small Business in 2023

cloud backup for small business

In today’s digital age, small businesses rely on data to run their operations and make critical business and operational decisions. But with so much data being stored on a company’s computers, servers, and other devices, it’s important to have a plan in place to protect that data from loss or damage. Too often, we think myopically about “protecting” data – as though the only threats come from hackers or cyberthreats. Other risks also threaten your company’s critical information too, like severe weather disasters and run-of-the-mill employee mistakes or bad luck. Protecting your data requires a solution tailored to your needs: a provider that specializes in cloud backup for small business.

You need to protect the data itself. Make sure that it’s kept physically apart from your digital and electronic infrastructure at your physical locations. That’s where cloud backup comes in.

Cloud backup is a type of data backup that stores a copy of your data in the cloud, or on remote servers accessed via the internet. This provides a secure, off-site backup of your data that you can access from anywhere with an internet connection.

Cloud Backup for Small Business needs to: (more…)

Encryption 101: 4 Useful Concepts You Need to Know [Podcast]


4 Basic Concepts. 15 minutes. That’s it.

That’s all the time you need to understand how encryption works in the modern ecosystem. It’s an important tool for protecting data, it’s required by countless laws, regulations, rules, and contracts. But do you really know how it works?

If you don’t understand how encryption works, how can you possibly be expected to know what level of encryption you need? Or even what level of encryption is even desirable?

In this episode of the Fearless Paranoia podcast, we guide you through what you need to know about encryption. There are a lot of terms and jargon thrown around in cybersecurity, and one of the most commonly used is encryption. You’ll hear advertising of RSA or AES encryption, promotion of transitioning from 128-bit to 256-bit, and entire campaigns about how the newest system relies on (random 5-letter acronym) instead of 256-bit encryption.

Yet very few people actually stop to talk about what those things mean. We will give you a baseline understanding of encryption so that you can make informed decisions about what kind of encryption you need.

In this episode, we discuss:

  • The three essential components of any encryption system;
  • The difference between symmetric and asymmetric encryption, including when you’re most likely to encounter each one;
  • The common misunderstanding that encryption and “hashing” are the same thing; and
  • What it means when someone describes a 128-bit vs. 256-bit encryption algorithm.

For more information, resources, and a transcript of this episode, check out the original post.

The 6 Best Password Managers for Individuals and Families in 2023

password managers

We all have multiple online accounts that require us to create user accounts with a login and password. The days of reminding you not to use your pet’s five-letter name on all of your accounts should be long gone, and hopefully you’re at least making an effort to keep your passwords strong.

However, the days when we only had a handful of logins to remember are long gone as well. With so many different passwords to remember, it’s simply not possible to create and remember passwords for all those accounts that are both unique and strong.

You need a Password Manager. (more…)

Pin It on Pinterest