Scary Stuff…

 Read and heed…

 

Report: 2016 saw 8.5 million mobile malware attacks, ransomware and IoT threats on the rise

In 2016, the number of malicious installation packages hit more than 8.5 million-three times more than the year before, according to a report on mobile malware evolution from Kaspersky Lab, released on Tuesday. The firm registered nearly 40 million attacks by malicious mobile software over the course of the year as well.

http://www.techrepublic.com/article/report-2016-saw-8-5-million-mobile-malware-attacks-ransomware-and-iot-threats-on-the-rise/

Most hackers claim they can break target systems in under 12 hours

The majority of hackers claim they can break through cybersecurity defenses and infiltrate their target’s systems within hours, according to new research.

While most reports only state stats and figures, the Nuix Black report attempts to separate itself by approaching security from the view of researchers as well as penetration testers. The report, released on February 23, says that more than three-quarters of hackers — 88 percent in total — who responded to the Nuix survey believe most network defenses can be breached within 12 hours.

In total, roughly a third said that their activities were never noticed by their victims — and 17 percent of hackers claimed it would take them no longer than two hours to breach a target.

http://www.zdnet.com/article/most-hackers-claim-they-can-break-enterprise-system

Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages

A maker of Internet-connected stuffed animal toys has exposed more than 2 million voice recordings of children and parents, as well as e-mail addresses and password data for more than 800,000 accounts.

The account data was left in a publicly available database that wasn’t protected by a password or placed behind a firewall

https://arstechnica.com/security/2017/02/creepy-iot-teddy-bear-leaks-2-million-parents-and-kids-voice-messages/

 

Advertisements

Hack city- 43% targeted small business

Watch this video: https://vimeo.com/185391179

We are a corporate and individual agency for LifeLock Agency # C1A464

For more information and applications visit our website: http://www.lendingcapital.net

In 2015, there were over 1 million web attacks against people a day. Out of that staggering number, 43% targeted small businesses. With larger companies beefing up their cybersecurity measures, small businesses have become attractive targets for hackers. Owners should be concerned the average cost of a data breach for a small business merchant is between $36,000 and $100,000.

Common-sense solutions and general awareness of cybercrime techniques can greatly reduce your business’s vulnerability to cyberattacks.

  • Install Antivirus Software
    The best ways to steer clear of viruses and malware are to use an industry-leading anti-virus software solution. There are many options out there, do not install multiple anti-virus software as they can counter react and defeat the purpose. If you already have good antivirus software, make sure the auto-update and firewall options are turned on.
  • Back Up Your Files
    Symantec reports that ransomware—a method of using encryption to hold critical data hostage for money—increased 35% in 2015. Updating your web applications can help prevent an attack, but it’s important to regularly back-up important files just in case.
    To minimize the impact of a ransomware attack is to immediately disconnect the infected machine(s) from the network, reinstall the operating system and restore from your last good backup copy.
  • Email & Downloads
    Email scams are becoming ever more sophisticated. Spear phishing, for example, is an email that appears to be from an individual or business you know, designed to trick you into revealing personal info.
    It’s important for you and your employees to be wary of anything coming into your inbox. “Never click a link or open an attachment that you did not expect to receive. If you’re not expecting something or must think twice about the contents, don’t open it. Second step is to call and confirm from the sender
  • Install Software & Operating System Updates
    Pop-up reminders to update your web browser or operating system (like Windows or OS) may seem annoying, but don’t ignore them. “Ensure operating systems and applications are always fully patched with the latest security fixes. Updates will help protect you from cyberattacks.
  • Use Strong Passwords                                                                                                                            Weak passwords are an invitation for hackers. Don’t make the mistake of using         simple passwords, using the same password for multiple accounts. And you should change your passwords every 60 to 90 days.Businesses should invest in complex password policies for all their employees. These do not have to be too complex, but they should include a minimum of 10 characters, upper case letter, lower case letter, number and symbol. In addition, all businesses should incorporate some sort of identity theft software for their employees as well, this protects everybody.
  • Use Secure Encrypted Systems to Accept Card Payments
    Never photocopy, hand write, electronically key-in to a terminal, or manually copy credit card information. This is a common practice for orders over the phone, consider a secure online payment system like PayPal to accept transactions. If your systems are compromised, keystroke loggers and other hacking tools can scrape the manually entered information for later attacks.
    In addition, make sure you’ve upgraded to the latest point-of-sale equipment for in-person purchases, many of the POS systems today are using older technology and operating systems like Windows XP that are no longer supported, this leaves you completely vulnerable to attacks.
  • Don’t Bank Over Unsecured Wi-Fi
    Wi-Fi connections at coffee shops, airports and other public places are convenient, but they aren’t secure. Never log into your online banking profile on an unsecured network—it’s all too easy for someone to steal your information that way. Look for little devices with generally 2 antennas sitting next to someone’s laptop or computer, this is called a pineapple, be aware.
    If you are a road warrior and are using public Wi-Fi, invest in a VPN service to secure your transmissions
  • Secure Physical Devices Storing Sensitive Data
    Don’t forget that sensitive data can be physically stolen as well. Computers and drives with private business or customer information should be protected. Assume somebody will steal them and plan accordingly. So, no leaving your computer in the front seat of your car, desk, or anywhere that is accessible to the public, employees who do not have proper clearance, and ALWAYS password protect all your devices, cell phones, laptops, computers, Ipad’s.
  • Train Employees & Yourself
    When it comes to cybersecurity, your actions are more important than any technology. If you have employees, hold regular training to make sure they’re aware of company IT policies, and how to avoid email scams and other types of cyberattacks. Practice what you preach, if you don’t it could put you out of business!

http://www.lendingcapital.net

 

Cyber Security Update…be aware

 

 

A rash of invisible, fileless malware is infecting banks around the globe
According to research Kaspersky Lab plans to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher.

“What’s interesting here is that these attacks are ongoing globally against banks themselves,” Kaspersky Lab expert Kurt Baumgartner told Ars. “The banks have not been adequately prepared in many cases to deal with this.” He went on to say that people behind the attacks are “pushing money out of the banks from within the banks,” by targeting computers that run automatic teller machines.

https://arstechnica.com/security/2017/02/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe/

Experts predict a flood of denial-of-service attacks

As Internet of Things (IoT) goes mainstream Mirai-style denial-of-service botnet attacks are escalating, and hackers are targeting health care companies, financial services, and the government.

The hottest trend in cyberattacks is an archaic and simplistic hacker tool. Propelled by the rise of IoT, the popularity of denial-of-service attacks rebounded in late 2016 and early 2017. Accompanying the rapid acceleration of the IoT and connected device market, warn cybersecurity experts, will be a zombie botnet swarm of network-crippling attacks.

Denial-of-service attacks are simple but effective weapons that bring down websites and services by flooding networks with junk traffic from commandeered botnets. Digital fallout will often cripple the target and ripple across the web to knock out unaffiliated but connected services and sites. “After an attack [clients] often feel angry and violated,” said Matthew Prince, CEO of denial-of-service mitigation service CloudFlare in an interview with TechRepublic. “A distributed denial-of-service (DDoS) attack is not a sophisticated attack. It’s the functional equivalent of a caveman with a club. But a caveman with a club can do a lot of damage.”

http://www.techrepublic.com/article/everything-old-is-new-again-experts-predict-a-flood-of-denial-of-service-attacks/

Security flaws in Pentagon systems ‘easily’ exploited by hackers

Hackers are likely exploiting the easy-to-find vulnerabilities, according to the security researcher who warned the Pentagon of the flaws months ago. Several misconfigured servers run by the US Department of Defense (DOD) could allow hackers easy access to internal government systems, a security researcher has warned.

The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department’s systems to make it look as though it originated from US networks. Dan Tentler, founder of cybersecurity firm Phobos Group, who discovered the vulnerable hosts, warned the flaws are so easy to find that he believes he was probably not the first person to find them.

“It’s very likely that these servers are being exploited in the wild,” he told me on the phone.

While the Pentagon is said to be aware of the vulnerable servers, it has yet to implement any fixes — more than eight months after the department was alerted.

http://www.zdnet.com/article/pentagon-system-flaws-likely-under-attack-by-foreign-hackers/

InterContinental Hotels Group admits data breach

IHG says that payment card systems at 12 hotels are involved in the security incident.

InterContinental Hotels Group (IHG) has admitted to falling prey to cyberattackers who were able to compromise payment systems at hotels in the US and the Caribbean.

IHG is the parent company of hotel chains including Crowne Plaza, Holiday Inn, Candlewood Suites and Kimpton Hotels and Resorts, with thousands of locations worldwide. According to the conglomerate, the data breach was discovered on 28 December after an undisclosed number of clients reported unauthorized, fraudulent charges on cards previously used at a number of US hotels owned by the hotel giant.

http://www.zdnet.com/article/intercontinental-hotels-group-admits-data-breach/

Take heed, get protection, pay attention, check your statements, get links and alerts for your credit cards and lower the amount of alerts to $1 on credit cards. Get Identity theft protection!

We now offer both corporate and individual Lifelock which is now part of Norton Security Systems, we will have special discounts for the as well.

Frank

www.Lendingcapital.net

Annual Penalty Adjustments for 2017

In 2015, Congress passed the Federal Civil Penalties Inflation Adjustment Act of 2015 (the “Inflation Adjustment Act”) to direct federal agencies to adjust the civil monetary penalties for inflation every year. Civil penalties ensure compliance with federal regulation by incentivizing employers not to violate federal regulation and providing federal agencies the power to ensure compliance. However, when penalties are too low, or have failed to be increased for inflation, compliance with federal regulation remains stagnant. The Department of Labor (DOL) recently published the final rule to adjust for inflation the civil monetary penalties assessed or enforced in its regulations, and the annual adjustments for 2017 that increases certain penalties applicable to employee benefit plans. The updated penalties went into effect on January 13, 2017 and apply to penalties assessed after the effective date. Annual Penalty Adjustments for 2017 The following updated penalties are applicable to health and welfare plans subject to ERISA.

Description Current Penalty Updated Penalty

  • Failure to file Form 5500 Up to $2,063 per day Up to $2,097 per day Failure of a MEWA to file reports Up to $1,502 per day Up to $1,527 per day
  • Failure to provide CHIP Notice Up to $110 per day per employee
  • Up to $112 per day per employee

This document is designed to highlight various employee benefit matters of general interest to our readers. It is not intended to interpret laws or regulations, or to address specific client situations. You should not act or rely on any information contained herein without seeking the advice of an attorney or tax professional. ©2017 Emerson Reid, LLC. All Rights Reserved. CA Insurance License #0C94240.

  • Failure to disclose CHIP/Medicare Coordination to the State $110 per day per violation (per participant/beneficiary) $112 per day per violation (per participant/beneficiary)
  • Failure to provide SBCs Up to $1,087 per
  • Failure Up to $1,105 per failure
  • Failure to furnish plan documents (including SPDs/SMMs) $147 per day $1,472 cap per request $149 per day $1,496 cap per request Genetic information failures $100 per day $112 per day
  • De minimis failures to meet genetic information requirements (Minimum) $2,500 minimum $2,790 minimum
  • Failure to meet genetic information requirements – not de minimis failures (Minimum) $15,000 minimum $16,742 minimum
  • Cap on unintentional failures to meet genetic information requirements (Maximum) $500,000 maximum $558,078 maximum
  • Employer Action Private employers, including non-profits, should ensure employees receive required notices timely (SBC, CHIP, SPD, etc.) to prevent civil penalty assessments. In addition, employers should ensure Form 5500s are properly and timely filed. Finally, employers facing document requests from EBSA should ensure documents are provided timely, as requested.                                                                                                                                                                                                                                                       Who knows what will happen next? Repeal and replace? But for now this is the law…

Frank

Marketing 101 1/2?

Delete, delete, delete, emails all day long. I also hate where I have to open envelopes full of half information and propaganda.

 As a business owner like all of us, we are looking at attracting new customers and it becomes more and more difficult to do. Most Email blast are very annoying, so which ones are we likely to open? And are they legit? Do they even pertain to what we do?

Here is what I have found over the years that have been very effective for me.

  1. I use 5 x 8 postcard mailers, clean and to the point of what I offer, and I do research as to who could actually use my services or products (target marketing).
  2. Seminars I use 5 x 8 postcards with a four or five point agenda and one guest speaker. The agenda again should be aimed at your target market, provide some sort of dinner, snacks and coffee, and a time limit on how long your show will last. keep in mind-do not make your guest speaker the main attraction, it is you that must connect with your audience and potential customer.
  3. Seminars, I make it interactive, questions and answers, this keeps thee audience engaged, not the boring dry read from the scripts type of lecture. Avoid details on your products and services, instead talk about how your services help or have helped your customers.
  4. I only mailed around 100-150 invites with RSVP only, I had to I used to have the seminars on Tuesday, I had to add Thursdays because of the overflow.
  5. Demographics, most companies or individuals do not want to travel more than 10-15 minutes to attend a seminar. So do your homework and outline a circle radius from your hosting location and send invites within the 15 minute circle
  6. Have a sign-in sheet
  7. Have a handout with your information (single sheet) where they can pick a topic or product they are interested. Have them fill this out BEFORE they leave.
  8. Videos on your website
  9. Company logo, branding your name is crucial.
  10. Joining every possible place in the world: Facebook, LinkedIn, reddit, spyfu, moz, manta, yahoo, yelp, wordpress, wordtracker, tumblr, Alexa, mailchimp, opportunity, alignable, google one account, proringer, ezinearticles, and the list goes on…BLOG, BLOG, BLOG
  11. I wrote my book: Seminar Marketing & Sales Training for the Financial Professional Back in 2006, it still sells well, why? back to basics, it works.  
  12. My author website: www.bookworm.tv

Find your niche, market to your niche and strength, keep it simple. Just think about what turns you on or off and apply that to your marketing strategy.

Best of luck in 2017…

http://www.lendingcapital.net

Frank

Employer 1094 & 1095 Reporting

You must file in accordance to the Affordable Care Act (ACA) as mandated by IRS by February 28, 2017 or March 31, 2017 if filing electronically forms 1094 & 1095 for calendar year 2016, in addition 1095 form which lists each covered employee and their dependents must be prepared and distributed individually to each of your employees by january 31, 2017.

You must distinguish between large and small employers. employers. Large employers (ALE’s) are subject to ACA’s minimum Essential Coverage and Affordability requirement to avoid penalty. Small employers are not subject to penalty and only have Minimum Essential Coverage requirements.

  • Small is considered with less that 50 full time equivalent employees are considered Minimum Essential Coverage. They are required to file forms 1094-B and 1095-B with the IRS and distribute individual forms to each of it’s employees covered under the health plan.
  • Employers with 50 or more full time equivalent employees are Applicable Large Employers (ALE’s) for 2016 and are required to file forms 1094-C and 1095-C with the IRS and are also required to distribute the individual 1095-C forms to each of its employees covered under the plan.
  • Instructions for 1094-B and 1095-B https://www.irs.gov/instructions/i109495b/ar01.html
  • Instructiuons for 1094-C and 1095-C https://www.irs.gov/instructions/i10945c/ar01.html

All of this may change going forward with a new administration, however as of 2016 tax filing you must complete these forms and filings.

Happy Tax time

Frank

http://www.lendingcapital.net

Hack city- 43% targeted small business

an average breach for small business can cost $100,000 or more

Watch this video: https://vimeo.com/185391179

We are a corporate and individual agency for LifeLock Agency # C1A464

For more information and applications visit our website: http://www.lendingcapital.net

In 2015, there were over 1 million web attacks against people a day. Out of that staggering number, 43% targeted small businesses. With larger companies beefing up their cybersecurity measures, small businesses have become attractive targets for hackers. Owners should be concerned the average cost of a data breach for a small business merchant is between $36,000 and $100,000.

Common-sense solutions and general awareness of cybercrime techniques can greatly reduce your business’s vulnerability to cyberattacks.

  • Install Antivirus Software
    The best ways to steer clear of viruses and malware are to use an industry-leading anti-virus software solution. There are many options out there, do not install multiple anti-virus software as they can counter react and defeat the purpose. If you already have good antivirus software, make sure the auto-update and firewall options are turned on.
  • Back Up Your Files
    Symantec reports that ransomware—a method of using encryption to hold critical data hostage for money—increased 35% in 2015. Updating your web applications can help prevent an attack, but it’s important to regularly back-up important files just in case.
    To minimize the impact of a ransomware attack is to immediately disconnect the infected machine(s) from the network, reinstall the operating system and restore from your last good backup copy.
  • Email & Downloads
    Email scams are becoming ever more sophisticated. Spear phishing, for example, is an email that appears to be from an individual or business you know, designed to trick you into revealing personal info.
    It’s important for you and your employees to be wary of anything coming into your inbox. “Never click a link or open an attachment that you did not expect to receive. If you’re not expecting something or must think twice about the contents, don’t open it. Second step is to call and confirm from the sender
  • Install Software & Operating System Updates
    Pop-up reminders to update your web browser or operating system (like Windows or OS) may seem annoying, but don’t ignore them. “Ensure operating systems and applications are always fully patched with the latest security fixes. Updates will help protect you from cyberattacks.
  • Use Strong Passwords                                                                                                                            Weak passwords are an invitation for hackers. Don’t make the mistake of using         simple passwords, using the same password for multiple accounts. And you should change your passwords every 60 to 90 days.Businesses should invest in complex password policies for all their employees. These do not have to be too complex, but they should include a minimum of 10 characters, upper case letter, lower case letter, number and symbol. In addition, all businesses should incorporate some sort of identity theft software for their employees as well, this protects everybody.
  • Use Secure Encrypted Systems to Accept Card Payments
    Never photocopy, hand write, electronically key-in to a terminal, or manually copy credit card information. This is a common practice for orders over the phone, consider a secure online payment system like PayPal to accept transactions. If your systems are compromised, keystroke loggers and other hacking tools can scrape the manually entered information for later attacks.
    In addition, make sure you’ve upgraded to the latest point-of-sale equipment for in-person purchases, many of the POS systems today are using older technology and operating systems like Windows XP that are no longer supported, this leaves you completely vulnerable to attacks.
  • Don’t Bank Over Unsecured Wi-Fi
    Wi-Fi connections at coffee shops, airports and other public places are convenient, but they aren’t secure. Never log into your online banking profile on an unsecured network—it’s all too easy for someone to steal your information that way. Look for little devices with generally 2 antennas sitting next to someone’s laptop or computer, this is called a pineapple, be aware.
    If you are a road warrior and are using public Wi-Fi, invest in a VPN service to secure your transmissions
  • Secure Physical Devices Storing Sensitive Data
    Don’t forget that sensitive data can be physically stolen as well. Computers and drives with private business or customer information should be protected. Assume somebody will steal them and plan accordingly. So, no leaving your computer in the front seat of your car, desk, or anywhere that is accessible to the public, employees who do not have proper clearance, and ALWAYS password protect all your devices, cell phones, laptops, computers, Ipad’s.
  • Train Employees & Yourself
    When it comes to cybersecurity, your actions are more important than any technology. If you have employees, hold regular training to make sure they’re aware of company IT policies, and how to avoid email scams and other types of cyberattacks. Practice what you preach, if you don’t it could put you out of business!

http://www.lendingcapital.net