Cybersecurity Business

Everything you need to know to have a cybersecure trip

by

Cybersecurity is a subject that must be taken seriously at all times, even when you take a trip. When organizing your vacation, it is important to take into account all of the necessary safety precautions in order to have a cybersecure trip.

Usually we take our mobile devices everywhere and tend to use them often, both at home and at work. During this time one rarely stops to consider that we will be in areas that do not offer the same level of security that they were expecting. This means that if certain precautions aren’t taken, one could easily become the next victim of a cyberattack.

You don’t need to cancel your well-deserved vacation, just follow these simple tips and enjoy your experience from start to finish.

Tips for a cybersecure trip

1. Block your devices.

The first recommended measure is the simplest. Block your devices with the options available to you, using either a PIN number or a fingerprint ID. While traveling, change them regularly.

2. Be cautious of public Wi-Fi.

When traveling, we are always looking for a Wi-Fi connection. This is why it is important to exercise caution with free access networks as they tend to be the most dangerous. It is best to use Wi-Fi encrypted and to ask the hotel about the security protocol they use before connecting.

3. Avoid accessing your personal data in non-secure connections.

If it is necessary to use a public Wi-Fi connection, avoid accessing personal accounts or confidential data while you are connected to that network. Do not make purchases online or click on advertising banners, and if possible, try not to consult bank accounts.

4. Disable automatic connection.

Most phones, tablets and computers have a configuration that allows you to automatically connect to Wi-Fi networks available in your area. This exposes you to unsafe internet connections without you even knowing it. Before traveling, change this setting so that you must connect your devices to the internet manually.

5. Share your location in a limited way.

It is common to use social networks to share your location with your followers, this can be a threat to your safety. Pointing out your location can signal to criminals that you are not at home or at the hotel where you registered. Limit the information you publish online to avoid these types of threats.

6. Deactivate Bluetooth connectivity.

Like automatic Wi-Fi connectivity, Bluetooth connection can also be a risk. Bluetooth signals can come from anywhere and if your device has it on, nearby attackers can access your mobile. Keep your Bluetooth disabled as much as possible while traveling abroad.

Cybersecure trip for business people

Business travelers are more vulnerable to a cyberattack due to the fact that they handle confidential information for companies, information that could be very valuable to cybercriminals. In their daily work inside or outside the office, they share sensitive organizational information. If the necessary measures are not taken, it could have serious financial consequences.

If you are an executive on a business trip, some measures to have a cybersecure trip are:

  • Share your files from secure applications
    If you need to share or send files from abroad, you should use an application with encryption system such as the HushApp. This will allow you to do send easily and safely from anywhere you are.
  • Install and update the operating systems and your antivirus license
    This is a measure that must be taken inside and outside the home. Make sure you have installed a protection system on your computer. In addition to keeping it and your operating system updated, this level of security applies to applications on your mobile as well.

Take your devices that do not store confidential information and only the necessary documents that you want and need to work with.

International regulations

In addition to implementing these security measures, be aware of laws and regulations involving cyber security in each country you plan to visit. Remember that when we travel we are subject to their legislation.

A suggestion to reinforce your security is to buy a data plan to use to in your destination country, even though it may be limited. This will allow you to check messages, confirm check-in times and keep up to date with other important issues

Whether you are a frequent traveler or not, for business or pleasure, do not let your guard down in terms of cybersecurity. Following these smple steps will allow you to enjoy your trip without compromising your personal or business information.

What is phishing? Everything you need to know to prevent and fight it

by

Have you ever been a victim of fraud via email? This type of fraud is known as phishing and is becoming more common and dangerous every day. It is a method used by cybercriminals to deceive users, showing them information that seems like it comes from a known company, thus, they get confidential information such as credit cards, social security numbers or bank account numbers.

They usually send you an apparently corporate email (for example, an email from your bank) where they will direct you to a fake website, and kindly ask you to update your password, validate information about an account, or the most attractive ones offer you gifts, among other things, which will then allow hackers to keep your data. 

In some cases these attacks are easy to detect, however, in the day to day especially during working hours, we do not have time to look at small details. Spelling errors, unofficial URLs of companies that claim to be, or sometimes very similar addresses but not exactly the same, are the main indication that something is wrong. 

There are not only produced via email we can find several types:

Types of phishing attacks: 

  • Deceptive Phishing: This is the traditional type that we described above, the aim of the attacker is to obtain personal information from the user either by trying to get the user to provide it or by redirecting it to a fake website in order to obtain said information.
  • Spear phishing: This type of attack is usually more personalized and may include more personal information such as the name of the victim, phone or workplace. Spear phishing can come with names of known people, where they tell you that they attach a file that may be common for you, but this can be infected. These types of attacks are much more difficult to detect.
  • CEO Fraud: It works in the same way as Spear phishing, but in this specific case, the attacker pretends to be the CEO or someone with a relevant position, where they requests confidential information and that the employee will believe that must be given as someone with decision-making power in the company. 
  • Smishing: This type of attack is produced by SMS. They usually offer prizes and to receive it, the victim has to click on a link, reply to the message or call a phone number.
  • Vishing: This type of attack differs by being through a typical telephone call, where the attacker, as well as via e-mail, seeks to obtain certain personal information. 
  • By search in the browser: the fraud occurs in the same way with a fake site, but in this case, the hacker uses SEO and SEM techniques to position his false site and thus the user finds them among the first options of what you are looking for 
  • Pharming: This type of attack manipulates the hosts files or Domain Name Systems (DNS) to redirect a specific domain name to the one chosen by the cyber-attacker. 

What to do to prevent it?

  1. Recognize and identify a possible phishing: some details that can help us detect an email of this type: 
  • The URL address is different from the official website of the company where it says it is. The difference can be minimal: an “i” in uppercase (I) looks like a lowercase “L” (l).
  • They usually offer gifts or ask to update data, which is rarely requested in this way. 
  • Check the wording and language: often this type of emails have some details in the wording or language, if you see an email from your bank written in another language, this can be a clear sign of phishing.
  1. Enter your confidential data only on secure websites: In addition to checking the domain, check that the website is secure and that it starts with https: //
  2. Use two-factor authentication for all the services that allow it, especially for those who handle financial information
  3. Check the shortened URLs: if you see an abbreviated URL on a social media or it arrives by mail, there are websites that allow you to see the full address, that will allow you to see where you are redirected. 
  4. Open documents with other online documents viewer such as Google Drive: If it is usual for you to receive files from different contacts, you can open it first in an online document reader which will prevent some malicious software from being installed on your device. 
  5. Frequently update all the operating systems, browsers and applications that you use, thus avoiding vulnerabilities. 

Cyber ​​attacks are becoming more sophisticated every day and we can easily be deceived, but if we take the necessary preventive measures and are aware of how they are evolving, we can go a step further and thus reduce the risk of being the next victim. 

Encrypting files: What kind of information should your company protect?

by

Every time it becomes more common to hear that a company must pay a fine for not complying with data protection regulations in Europe in particular, the GDPR has become one of the major concerns of organizations. It is clear that data should be protected, the question is, what should we protect? And also, why encrypting files is the best way to protect your company?

Frauds, phishing, cyber attacks, data leaks, malware, among others, are terms that are becoming increasingly common; they are attacks to which any company or person is exposed to suffer at any time. To understand the consequences of this type of attack, you have to understand the causes of the problem, the information that the company deals with and how it is handled.

Personal data and privacy

Although it is not the only information that a company should protect, it can be considered the most valuable and at the same time vulnerable data that an organization manages. It is about everything that concerns the identity of a person, whether public or private, and each one decides whether it can be shared or not.

Everything that refers to personal data such as: contact data, physical characteristics, data related to your assets, biometric information, professional training, including ideological information, sexual life or ethnic origin, among others, refers to information that if reach the wrong hands, It could affect their reputation or safety.

It is not only about personal information but also about confidential information of the company that is also susceptible to a security breach and could cause serious financial problems.

What should be done with the information obtained?

It is the responsibility of the company to safeguard the integrity of the people from whom it handles such information. This refers to any type of action taken with these data: the way it is collected, processed, stored, transferred or even destroyed.

Therefore, the procedure should be:

  • Know the type of information handled.
  • Classify it according to its value, if it should be public, private and above all, who will have access or not.
  • Identify which are the possible threats and the possible consequences.
  • Apply the necessary tools for the protection of information, especially the most confidential one. In this step is where encrypting files is useful.

Encrypting files: Classification and examples of information that must be protected

Some examples of information that must be protected with encryption systems can be:

– Company files: sensitive data for the company such as business secrets, bank documents, including passwords that give access to confidential documents, corporate devices, credit cards, market studies, etc.

In the case of personal files could involve employees, customers or any other person related to the company. Some examples include:

– Employee files: personal data of employees (such as those mentioned above), identification documents, medical reports, etc.

– Client files: Identification documents, payment data, contact data, among others.

In the case of clients, it is important to understand the obligation to protect the data they are offering and should be used only for the purpose they decided. Therefore, if you are requesting a client’s email to subscribe to the company’s newsletter, it should be used only for that and not for other purposes. For example, to promote other products of another company, since this can be sanctioned in many countries.

Why encrypt the files?

Encrypting your files can be one of the best options to protect the sensitive information of a company. Nowadays, the most used and effective method to protect your data is an encryption system, in which you can secure that information is completely protected.

It is important to highlight the level of security offered by an encryption system. It is a much more powerful tool than a password since they only protect access. Encryption protects data directly, making it impossible to see the contents of files.

Encrypting files easily with HushApp

To comply with all data protection regulations that each country requires, it is important to use the appropriate security tools.

That’s why we introduce you the HushApp. It is a safe alternative to other file submission services, since it facilitates the daily protection of company data and helps safeguard your customer’s sensitive information.

How? Implementing high-level encryption methods in a simple and transparent way for the user without affecting the efficiency of business processes. Security, usability and a good user experience are all our priorities.

Using HushApp you will have the opportunity to offer additional value to your customers, protect your own confidential information and allow your work team to perform easily and safely actions.

We invite to try HushApp …

Ransomware: What your company needs to know to prevent and combat them

by

Have you ever heard about the Ransomware? Surely you have heard about them in your workplace and also how dangerous they can be. More than a computer technician can tremble only to hear the word, and no wonder, since it is considered one of the most dangerous malwares that exist today. Why? Here we explain it to you.

What is a Ransomware and how does it work?

It is a kind of digital hijacking with a type of malware that blocks users from accessing their system or files, and the only way to access them again is through a rescue requested by cybercriminals.                                                                                                        

This type of malicious software has existed since the 80s, and in its early days, they demanded rescues via postal mail, nowadays the payments work through cryptocurrencies or credit cards.

Their way of operating is usually through malicious spam, which can appear as advertising or email with infected attachments and often deceive users by posing as recognized institutions (for example the FBI) to click on their contents.

Once it arrives on the system, the ransomware contacts the central server to obtain the information it needs to activate, there it can block or encrypt the files, and thus indicate the rescue instructions.

Generally, cybercriminals threaten to erase information or raise the price of rescue if it is not paid in the estimated time. The ransomware can affect any type of operating system: Windows, Mac or Linux.

Types of Ransomware according to its complexity:

Scareware: Despite the fact it seems dangerous nevertheless it is less fearsome. It generally uses pop-up messages from “supposed” fake security programs or a false offer of technical support reporting that a malware has been “detected” and that the only way to get rid of it is to pay. If the payment is not made, it will continue to issue pop-up messages, however the files are not affected.

Screen blockers: In this case, the malware is more complex because it blocks the computer screen, preventing its use completely. The files are there but there is no way to access them, unless the computer is restored, which will lose all the information you have if there is no previous backup.

Encryption Ransomware: It is the most dangerous of all and, therefore, the most known, as it steals the files and the numbers, demanding a payment to re-decrypt and return them. By using encryption, it is impossible for a common security or restore software to return these files, unless the ransom is paid, which will not guarantee that the cybercriminal will return them.

Some prevention tips against Ransomware:

  1. Start by using (and updating) an antimalware, which includes firewalls.
  2. Update the system and all applications for any operating system, Mac, Windows or Linux.
  3. You can add a specific anti-ransom tool for this type of attack.
  4. Use antispam filters where these malwares usually arrive.
  5. There are applications that block the execution of some suspicious JavaScript code that could be harmful to the computer. If you install any, you can minimize the risk of infection through the web.
  6. Review the extensions of the files, to identify files that are passed by others (for example if you see a Word file with the extension .exe)
  7. Administrator accounts are the most sought after by hackers, they know they are those who have greater access to the system. That is why it is recommended to do daily tasks in other accounts and use administrator account only for system manipulations.
  8. Limit network access to sensitive files in terms of editing, share them so they can be read and give permission to edit only to those who need it.
  9. Make backups and save and keep the most sensitive information handly in secure applications such as Hushapp.

After the attack:

If, unfortunately, you were already a victim of a Ransomware, the first thing you should do is to keep calm, avoid as much as possible to pay, this will not ensure anything, and finally, follow these steps:

  • Disconnect the internet device quickly before the malware can access the server. Isolates the device from all the rest of the network.
  • Some large cybersecurity firms offer free solutions such as web pages and software to decipher ransomware and search for solutions to damages.
  • The idea is to call the relevant authorities so they can help.

Cyber attacks by Ransomware are increasingly sophisticated and can cause large losses to companies (and also to people). Therefore, it is important to take all necessary preventive measures to protect sensitive information of the company.

7 basic tips to protect the banking data of a cyber attack

by

Every day more companies join the different changes that digital transformation implies in their services, in order to provide greater comfort, usability and agility to their customers. However, digitalization leads to an increase in risks in terms of cyber attacks, which are growing by leaps and bounds and cover any business sector, especially the financial sector, since customer banking data is the most desired objective by hackers.

A common example is the mobile applications of the banks, the clients, without a doubt, prefer to carry out their transactions from their smartphones, for the speed and ease that it offers them. But if the necessary measures are not taken, this would be an open door for any cybercriminal to obtain information or money easily from the users and the banks.

Phishing, Ransomware, Malware, DDoS attacks and ATM attacks are terms that have become increasingly common in the financial world. This has forced security professionals to increase their efforts so that banking data remains protected and at the same time are easily accessible to users.

According to the Cisco Latin America blog, the main concerns of security professionals are: the use given to mobile devices (58%), sensitive data stored in public clouds (57%) and finally (57%) behavior of the user. It could be said, according to this data, that it will largely depend on the degree of awareness regarding cybersecurity that the user may have when handling sensitive information.

That is why education on issues of cybersecurity and privacy plays a fundamental role. Start with some tips or online security measures that can make a difference when making a bank transaction safely, and here we mention some.

How to protect your banking data from a cyber attack?

  1. Keep your computer’s operating system updated: starting with the basics is the first step in improving the security of your information, especially computers. One of the most common vulnerabilities that facilitates cyber attacks are outdated operating systems. The most likely to be affected can be: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP, Windows 7, Windows 8.1, Windows RT 8.1, Windows Server 2012 and R2, Windows 10 and Windows Server 2016. 
  2. Avoid connecting to a network Public Wi-Fi: when it comes to banking data and transactions, it is preferable to avoid connecting with a public network at all costs, in case it is very necessary, here you can read some extra security measures.
  3. Use Two-factor authentication: most banks have this service, it is important to take advantage of it, with this the bank will be able to verify if the account holder was connected or made any transaction, since it recognizes which devices are registered by the client.
  4. Disconnect or log out of the mobile or web application: if you are not going to continue using the account, it is preferable to disconnect or log out, from any of the devices you are using. A simple step that adds more difficulty to cybercriminals.
  5. Activate notifications by text message: it is advisable to activate notifications on the mobile to have up-to-date information on all transactions, and thus easily recognize any suspicious activity. You can also activate it (some banks already do it automatically) for notifications of high amounts.
  6. In case of being a victim of an attack like some ransomware, it is important to resist the impulse to pay the delinquents, since that will not ensure that the information is recovered. The most advisable thing is to call the relevant authorities so they can follow up on the case.
  7. Store banking data in secure applications: Data such as users, passwords, and other sensitive banking information can be stored in secure applications that allow you to keep your files encrypted.  With Hushapp you can save these types of files in the Hushbox of your mobile and they will remain safe, even if your device reaches inadequate hands, only you will have access to those files. You can also send them to whoever you want from the application and they will remain protected.

We invite you to learn more about Hushapp and how we can help you protect your important information.

Data Breach: Types and Vulnerabilities

by

We invite you to read Hogan Injury’s post, our special guests:

For many years now, data has been a critical part of every organization. Criminals have been sharpening their tools to breach companies’ cybersecurity to get a hold of sensitive data.

What is a data breach?

A data breach occurs when a cybercriminal is able to infiltrate a data source and acquire sensitive information, either done physically by accessing a computer or a network and steal the information or compromising a network security remotely. The latter is the one often used to target companies.

What are types of data breaches?

  1. Phishing. This refers to attempts to extract information from users by presenting itself as something official. This could be an email message that looks like an official message from your bank asking you to update your information.
  2. Password attacks. Cybercriminals run programs that would try multiple passwords until they are able to access your accounts. Such attacks can successfully crack unsecure passwords.
  3. Malware. The word “malware” is the general term used to refer to any virus. Worms and Trojans are among the best-known malwares. To keep them from infiltrating systems, risk management firms advise against clicking links and opening attachments from unrecognized sources.
  4. Ransomware. This type of breach is becoming popular recently, especially in law firms and hospitals. Cybercriminals, after gaining access to the network or website, will shut it down and lock it from all functionalities. After which, the criminals will ask for ransom for the access and the information gained.
  5. Denial of Service. This breach happens when the attackers or hackers attempt to prevent legitimate users from accessing a network, account, or service. It is done by flooding the users with useless and invalid authentication requests, resulting in the network to eventually crash.

How does a company become vulnerable to data breaches?

  • Employees. Insider threat remains to be on top of the list of security risks, partially because it is much easier for those who already have access to data to abuse it. Unhappy employees and those who have recently separated from the company are potential threats to data security. Employers must employ protocols that will minimize internal attacks and immediately deactivate separated employees’ login credentials. Employees who are careless and uninformed are equally dangerous.
  • Cloud Storage Apps. While it is a modern and convenient way to store data, cloud systems are vulnerable to breaches. To minimize risk, choose a reputable cloud storage company that uses data encryption.
  • Mobile Devices. When employees are allowed to bring and use their own mobile devices at work, it is a lot more difficult to control security, passwords, downloads, and other activities. Companies that allow employees to sue their own mobile device must have a comprehensive written policy in terms of expectations, liabilities, and limitations.
  • Third Party Service Providers. Outsourcing can be convenient and cost-effective, but it also leaves your company susceptible to cyber attacks and data breaches, especially if your service provider uses low-security methods. To minimize risk, choose a reputable third party service provider; have them specify in the contract their security procedures and the assumption of liability in case of a data breach in their system.

Contact us at Hogan Injury for expert legal advice.

Original text here

Today’s Big Thing, “Big Data”: What You Need to Know

by

We invite you to read Hogan Injury’s post, our special guests:

It is projected that by 2020, 1.7 megabytes of data will be generated for every person in the world, every single second; and the proportion of data that needs to be protected is growing faster than the digital universe itself. All the data coming in large volumes from different places is called Big Data.

Big data basically means sets of structured or unstructured data whose volumes are so large and so complex that traditional data processing software cannot process them within a reasonable amount of time. The information mined from these sets are then analyzed and put to good use. Big data involves more than just the volume and complexity of data, however. Doug Laney laid out the definition of big data in 3 V’s.

Volume: Data is collected from everyone, everywhere. From social media activity to online shopping, data can be farmed from everywhere.

Velocity: The speed at which data streams in near-real time thanks to RFID tags, sensors, and smart metering.

Variety: Big data comes in different formats—emails, texts, videos, forms, business transactions, etc.

Some real world uses for big data include:

  • Retail organizations and commercial companies monitor social media activities to find out emerging trends in the market. This way, they can ride the trend and start selling things people are clamoring for at that point in time.
  • Financial organizations analyze data from their clients to organize them into different groups. This categorizing results in more optimized programs that can better serve the needs of their clients. Data analyzed from their clients’ activities could also help detect fraud.
  • Hospitals analyze patient data to foresee which patients would most likely be readmitted and plan treatment programs that will prevent the patients from needing to be readmitted.
  • Industrial companies use machines that gather data that allows them to figure out when a certain machine would need upkeep or replacement.

Data extracted from big data can be very helpful in a lot of ways for many people and organizations. However, as a now famous fictional uncle once told his nephew, “with great power comes great responsibility.” There are two major considerations when trying to build a business around big data. One is data ownership — who has the rights to an individual person’s data and what rights do the government, financial, commercial or health institutions have to them.

The other is data protection. Once an institution or business has access to their clients’ data, how do they protect the private information that go through their systems on a daily basis?

With the scandal of data leaked or sold by such a large social media company as Facebook, more and more people are becoming aware of the dangers of leaving their personal data unprotected. Realizing that something as innocuous as answering online quizzes could actually be used for data mining is somewhat worrying.

Having a good grasp of the legal implications of going into big data is very important. Big data is still an emerging and growing market. If you have any concerns about the legality of anyone, be it an individual or an institution, using and keeping personal data, it is best to get in touch with a lawyer that understand the legalities surrounding data rights, privacy, and protection.

Contact us at Hogan Injury for expert legal advice.

Original text here

10 tips to ensure your web page of possible cyber attacks

by

A web page is not complete if you do not add the necessary security levels. According to Hootsuite, 82% of users immediately leave a page if they feel unprotected when visiting a website. Therefore, it is useless to have a nice and easy to use website if it is an easy target for hackers who can carry out possible cyber attacks.  

The cybercriminals have a wide range of tools that they can use to attack you through your web page. The most severe dangers that you may encounter will be the access of sensitive data that is exchanged on your website, a virus or malware, or even send emails from your accounts using your identity.

Another important point to consider is that major search engines such as Google have increased the penalties for unsafe websites, therefore your website would have less exposure to searches due to lacking the appropriate security for your website. There are some fundamental measures to ensure your website is safe from possible cyber attacks. The following are some ways to protect yourself and help safeguard from a potential attack.

How to secure my website of possible cyber attacks?

  1. Add HTTPS security with an SSL certificate: The basic rule of how to know if a site is safe or not is to check if the beginning of the URL is “https”. Websites that have this have a padlock, and for this you need an SSL certificate. The typical connection where websites are hosted is HTTP, notice it is the same but there is no  “s” at the end. This website would be open to leak any sensitive data of users such as users and passwords or banking information if it is an e-commerce.

Using HTTPS, an encrypted connection is established between the browser and the website therefore data cannot be intercepted. The SSL certificate is what will provide this encryption and you should only install it on your hosting, the way to do it will depend on the provider.

Another clear benefit is that by having these type of secure pages, search engines will give them a better promote them.

  1. Add a Security Seal to a website: Having a site seal is an extra layer of security  because it acts as an antivirus for your page. These stamps can monitor your website under searches of malwares or viruses that may have been loaded by a hacker, and it notifies you so you can eliminate potential harm.
  2. Keep your website code updated: Just like you do with any application or software on your devices.
  3. Similarly, keep the platform and the scripts updated especially for the CMS (content management system) that you use.
  4. Change the prefix of the table in the database of your website: In the case of blogs like WordPress they have the default prefix “wp”, this can be changed and it will be harder for hackers to obtain information from your website.
  5. Place a password on the database of the site, thereby adding more protection to the information collected by your website.
  6. After having uploaded or updated the content of your website, be sure to delete the copy that remains in your device. Mainly since if you do not, any cybercriminal could access your computer and have access to your files, therefore save them in a secure place.
  7. It uses a CDN: A content delivery network consists of a network of several servers that are spread over different points between which the work and information is distributed. Its advantage is that if one server is attacked, the others serve as a backup.
  8. If your website is an e-commerce, you must ensure that your customers can trust it.
  9. Use robust passwords to access your website: Although it seems obvious, many people omit it, thereby making a hackers life much easier especially if they are seeking to access all site content, so you must protect it.

Although no measure is 100% infallible to avoid possible cyber attacks, the more layers of security you add to your website, the harder it becomes for hackers.

Cyber crisis: how to manage a reputational crisis caused by cyber attack

by

We always think that it will happen to someone else, but finally it happened to you, you are the victim of a cyber attack. You arrived at that moment where your company suffers not only financial damages, but also negative publicity. Rumors begin and social networks are activated as an unauthorized information dissemination center, all while employees frantically nervous about their future work. This is a cyber crisis, how can a reputational crisis caused by a cyberattack be managed?

During any crisis there are three stages: before, during and after. At all times, the important thing is that the company knows how to deal with them. In the particular case of cyber attacks, it would be advisable to do the following.

The before: better to prevent than to regret

In the past it is not just about being careless because you believe that nothing will happen, it is being aware that it has not happened yet, but at any moment it could. Cyber ​​attacks are the priority of the day and consequently the crisis that entails, too. What can you do to prepare your company?

Know what you are exposed to: It is important that you know the risks to which your company is exposed to. To do so, you must determine what  the most common attacks are, what hackers are looking for, and what damages they could cause. If you have clear answers to the following questions, it will make it easier for you to understand the possible scenarios of cyber attacks:

Train employees on cybersecurity issues: If the company trains and educates its employees on cybersecurity issues, the risks will be reduced.

Have a crisis manual that includes management in the case of cyber attacks: Many companies manage this manual to handle possible crisis scenarios. With the rise of cyber attacks, it is essential today to talk about cyber crisis and act before they occur.

Carry out simulations of cyber crisis: This will allow you to familiarize yourself and the employees with this type of situation and thus take an approach with organization and calmness.

Have an insurance against cyber attacks: This type of insurance has coverage against cyber risks such as malware, DDos, ransomware, etc. It is important that the company evaluates the possibility of purchasing this type of insurance.

During the cyber crisis:

You have joined the list of companies that have suffered such attacks, now is the time to know how to act.

Convene a crisis committee: This committee must be made up of people with enough authority to make decisions, such as a CEO, board of directors, etc. In addition to the legal team, communication advisors and the computer team are necessary to track the attack.

Search qualified advisors: It is important to hire people who have experience in this type of field. Both legal  and communication advisors must also work hand in hand in their strategies.

Inform all your employees and stakeholders: When a crisis occurs the media will seek, in any way, to obtain a source of information. In addition, employees often disseminate information on their social networks about what happened (even if it is not true). Therefore, employees can unwittingly become spokespersons for the company.

That is why it is essential that the company personally inform its employees of what has happened, before it arrives through others, this will prevent the dissemination of unofficial information.

All the stakeholders involved with the company and especially if they were affected must be properly informed of what is happening. This includes the media, to which they must prepare a respective communication, press conference, or any mode of information considered by the communication advisors more convenient to deal with the crisis.

It is best to recognize when the problem exists and not deny it, because in the end everything can be known in one way or another.

The after and the learning

After the storm comes the calm, after the cyber crisis is over, the company must:

Report how the situation was solved: Your audience should also know how the problem was solved. The more transparent and detailed the better.

Evaluate the situation: Analyze the situation and learn from mistakes, what should be done to improve the company’s security and how to channel it.

We can all be victims of a cyber attack, the important thing is to be aware that we are vulnerable and be prepared, as best we can, to deal with its possible consequences.

8 Tips for your customers to trust in your e-commerce

by

The work of selling a product is becoming more difficult every day. We are overwhelmed by information and advertising, especially on the web. Even when your e-commerce manages to correctly apply all the positioning strategies to stand out in search engines, you still sell little or nothing. Why is it? Is it possible that your e commerce does not generate sufficient confidence.

The increase in cyber attacks has caused people to become skeptical about the websites they use and not feel comfortable leaving their private and financial information online to make a purchase. If you feel that your ecommerce is not generating confidence in your potential clients, follow the tips below that will help you identify what the problems are and how to solve them.

How is the image of your e-commerce?

1. The first impression counts: Start by reviewing the design, if it is old or outdated it will not make a good impression, the same way bad spelling or grammar can affect the image of your company. People do not feel confident in an organization that does not know how to express what they want from you.

The ideal is to hire specialists in these areas that can give the right image to your company. Also consider that if poor wording can affect the rankings of a Google search.

It is important that the prospective buyer is clear about the characteristics of what they are going to buy and the benefits that they will bring. Therefore, the entire image of your website must clearly express what your message.

However, the trust is not only in the image, the company also has to convey confidence at the time that your customer is going to make the purchase, at that time, you should consider the following:

2. Clients want to know who you are: There you can show the physical and / or legal information of the company. The more information you offer, the better, company history, mission, vision, business objectives, professional team, managers, etc.

3. Contact you easily: The contact section must have all the necessary information so that the customer can communicate with the company without problems. The information should include telephone numbers, emails and physical address (if available). Using Google Maps is the best way to show a physical address. There are other channels that can facilitate communication such as chats or interaction with users in social networks, will bring more value to the company.

What do they say about your company?

4. If managed correctly social media can be a great help and a fundamental tool for any business, as they allow a channel of communication with customers.

Users today pay a great deal of attention to the reviews a company receives on the web. If there are negative comments it is possible that this generates distrust. Therefore, it is important to manage this type of problems as quickly as possible, and contact
the affected clients, to reduce the impact that these comments may have.

Generate confidence in your e-commerce beyond the image

5. Use SSL certificate for your website: This way you are already guaranteeing the visitor that you are an authentic and reliable site regarding the registration of your personal or banking data, as these will travel from encrypted form. To have it, just ask the company where we have hosted the domain and configure it in your content manager. 

6. Show your stamps and certificates of quality: There are different certifications that will make your online store generate more confidence, for example, “Online trust” that guarantees the protection of your data and your rights as a consumer or, “Ekomi” to demonstrate that your payment is safe. There are also others like ChambertTrust and Fevad.

7. Clarify return policies: Clearly state in which cases they can apply and when they can not.

8. It offers multiple payment options: Offer your clients all the payment options you can, so that you can choose the one you feel most comfortable with. Paypal, bank transfer, credit card, etc. are among the best known. It is also important to make clear if it is necessary to charge some type of commission.

The security of your customers’ data must be paramount for you when making any online transaction, and you must prove it using all possible methods so that you feel comfortable and safe when visiting your e-commerce.