Data security is not just a problem for large companies. Medium businesses are targeted more and more as data thieves expand their reach and small businesses are often an easy target for these sophisticated tricks.  

The excuse many SMBs give is they don’t have the resources for the technology to protect their companies. While technology is an important piece, an equally critical component is ensuring your employees understand the things they must do to keep your company outside of a hacker’s sights. 

What many companies overlook are simple and affordable ways to train employees to recognize trouble and to protect the critical company information they work with on a daily basis. Employees are your first line of defense and they need to be equipped with the basics of data security to protect your business.

A data breach is something we hear about every day, but it doesn’t have to be something that attacks your company. 

Make employees your first line of defense against cyber thieves. 

While we often give data thieves credit for targeting large company business data, the problems many SMBs face is often due to human error. Your employees interact with sensitive data daily, making them both your greatest asset and your biggest vulnerability. 

As you consider how to attack this opportunity with your employees, here are three ways you can start the process without breaking the bank:

1. Simple and Easy Training. Focus on simple and easy-to-implement techniques that will raise awareness and teach them how to identify the situations that data thieves thrive on.
2. Time-Friendly Approaches. Rather than creating large and complex programs, build training methods that can be included in their normal workflow, such as online modules they can complete as they have time.
3. Build Awareness of Employees’ Roles in the Solution. It’s sad but true: Many employees at small and medium-sized businesses are simply not aware of the potential cybersecurity risks your company faces. This will be the place to start your new training program. 

Where should data security training for SMBs focus to reduce cyberattacks? 

Employee training in data security shouldn’t be a one-time event. To truly embed a culture based on information security, regular training sessions and updates are required (because we know for sure the cyber criminals are honing their craft on a daily basis).

These sessions can take various forms, including workshops, online modules and simulated phishing exercises. Here are six areas where SMBs should focus their training efforts:

1. Recognizing Sensitive Information

This is any data that, if exposed, could lead to financial loss, legal repercussions or damage to an individual’s or organization’s reputation.

• Employees should be able to identify personal client data (e.g., names, addresses, and financial information), proprietary business plans and data subject to legal regulations. Provide examples of what constitutes sensitive information in your industry, making it clear what information should be handled with extra care. Malware and ransomware can target sensitive information, aiming to steal or encrypt it for extortion.
• Training Approach. Host brief team meetings to discuss specific examples of sensitive information in your business. Encourage employees to share their thoughts and to ask questions (remember, there are no dumb questions).

2. Secure Data Handling

This involves using methods and tools to ensure that data is kept confidential, its integrity is maintained, and it’s accessible only to authorized individuals.

• Provide high quality antivirus software and train employees on creating strong, unique passwords. Encourage them to use password management tools to prevent hackers from breaching your company’s firewall. Many tools have options for businesses. Multi-factor authentication is another tool that reduces cybersecurity threats. Explain the importance of data protection encryption when sharing sensitive files so that even if intercepted, the data remains unreadable.
• For example, when sending confidential financial documents to a client, use a secure file-sharing platform that encrypts the data during transmission and requires the recipient to enter a password to access the file. Two of the most popular platforms are Dropbox and Google Workspace.
• Training Approach. Share easy-to-follow guides through emails or on your company’s intranet. These guides can cover topics like password creation and the use of secure file-sharing tools.

3. Phishing Awareness

Phishing attacks are a fraudulent attempt to obtain sensitive information, often through deceptive emails, websites, social media such as LinkedIn or messages.

• Teach employees how to recognize suspicious emails that often contain malware or ransomware, such as unexpected requests for sensitive data or urgent requests for money. Advise them not to click on links or download attachments from unknown sources.
• For example, if an employee receives an email claiming to be from a bank requesting them to click a link to verify their account details, they should be very cautious and verify the request through official channels before taking action.
• Training Approach. Send regular emails with tips on identifying phishing attempts. Share real-life examples to make the content relatable.

4. Physical Document Security.

This involves safeguarding physical copies of sensitive information from unauthorized access, loss or theft.

• Instruct employees on proper document handling, storage and disposal. Explain the significance of shredding documents containing client names and addresses.
• Employees should use a designated paper shredding device to render the information unreadable or utilize a bin provided by a document destruction company. Be sure to find a company that shreds your documents on site rather than taking it to a processing location off-site.
• Training Approach. Organize a short workshop during a lunch break (and the company provides the lunch) that shows employees how to properly handle and dispose of important documents.

5. Mobile Device Management.

This refers to strategies and practices to secure mobile devices such as smartphones, tablets and laptops used for work purposes.

• Educate employees on setting up device passcodes or biometric authentication, such as a fingerprint. Encourage them to enable remote tracking and data wiping features in case their device is lost or stolen.
• For example, if an employee’s work laptop is stolen, they should be able to remotely erase all data on the device before a thief can steal the data.
• Training Approach. Create a one-page guide with step-by-step instructions for setting up security features on mobile devices.

6. Social Engineering.

This involves manipulating individuals into divulging confidential information or performing actions that compromise network security.

• Provide examples of common social engineering tactics, like impersonation, pretexting or baiting.  Teach employees to verify requests for sensitive information by contacting the requester through official channels.
• For example, an employee should be cautious if they receive a phone call from someone claiming to be from IT support and asking for their password. The employee should call the IT department to verify the legitimacy of the request.
• Training Approach. Share brief anecdotes about social engineering incidents and how they can happen to anyone. 

Artificial Intelligence (AI) is a two-way player in the world of cybercriminal activities.

AI is playing an increasing role in data security by both enhancing defense mechanisms against cyber threats and being utilized by bad actors trying to carry out attacks. Here is how AI impacts data security and what companies should be vigilant about:

AI as an enhancement for data security

• Threat Detection. AI-powered tools can analyze vast amounts of data quickly that can help companies identify patterns indicative of cyber threats. AI can detect anomalies in user behavior, network traffic and system activities to help companies better identify malicious activities.
• Fraud Prevention. AI algorithms can detect unusual transaction patterns to head off fraudulent activities. This is especially meaningful in financial services and e-commerce industries.
• Phishing Detection. AL-driven email security solutions can analyze email content, sender behavior and metadata to head off phishing attempts.
• Predictive Analysis. AI can predict potential vulnerabilities and weaknesses in a company’s systems to help IT teams prioritize security efforts.

AI as an enhancement to cyber threats

• Advanced Attacks. Bad guys use AI to drive broad-based phishing attacks such as phishing emails that mimic human communication and behavior.
• Automated Attacks. AI can automate many stages of malicious attacks allowing cybercriminals to scale their illegal operations very quickly.
• Evasion Techniques. AI can develop malware that adapts its behavior to evade detection by traditional security systems.

In short, AI presents both opportunities and challenges for data security. SDD recently published an article titled “Data Security Threats to SMB from Artificial Intelligence.” The article goes into much more detail about the issues above.

Any size company can create a culture that protects its important data. 

You don’t need a big budget or large training organization to drastically improve your company’s data security. Midsize businesses can conduct simple and specific training throughout the year to help maintain overall awareness of the issues critical to avoiding security breaches that lead to your critical in-house data being stolen. And starting the process to develop cyber security best practices and cyber security policies is critical to ensuring consistency in your cybersecurity solutions throughout your company.

Medium and small business owners remember this: The goal is to implement security measures that safeguard your sensitive information and that of your clients. Successful companies make data security an important part of their culture and it doesn’t require great amounts of investment.

Does your car have a keyless entry system? If so, it may be an easy target for sophisticated car thieves who have figured out how to hack the technology designed to make your life easier.

Car makers, the insurance industry, and law enforcement are playing catch-up on fob-related car theft techniques that have become a growing problem with modern cars.

Here’s what you need to know to protect yourself from these criminals.

How Is Fob Hacking Possible?

A key fob is designed to be small, so it can be carried around inconspicuously, just like a key chain. The term fob and small key chains have been used interchangeably for many years.

Keyless cars use a fob to communicate low-power radio signals to car doors, ignition and start/stop buttons. They’re only effective when the fob is within three feet of these components. However, hackers have developed special equipment to amplify the communication signals between vehicles and smart fobs, greatly extending the system’s effective range. Signals can also be cloned using an RFID transmitter or by hacking into a smartphone app which is also used to start cars.

These are known as relay hacks and can trick the car into thinking the fob is next to the car door or ignition system when it is really somewhere else. Thieves use the relay hack to unlock and start the vehicle.

Some relay thieves use wireless transmitters held up to the front door or window of a house or the pocket of a car owner to capture the signal from a genuine digital key and relay it to a target vehicle. Another person standing close to the vehicle captures the signal, fooling the car into thinking the key is within range, allowing it to be unlocked. Once inside the vehicle, the process can be repeated to start the engine.

Typically, these attacks happen in residential areas where many people have their keys hanging by the door or in the kitchen, such as in a condo or apartment community where keys tend to be closer to where a car is parked.

Other thieves use signal jamming by transmitting on the same radio frequency as the fob. This blocks the signal that locks the door, allowing thieves to open the door when the owner walks away.

These methods are commonplace because they don’t require any special or expensive equipment. It’s also easy to find online videos on how to hack a key fob, which makes a crook’s job even easier.

Not all cars can be hacked by the methods above. For example, only vehicles manufactured during 2009-2017 can be hacked by key cloning, and the most vulnerable makes are Toyota, Hyundai, Kia, and Tesla. Also, encryption flaws are usually common among older cars sold outside the USA.

How Can I Prevent My Key Fob From Being Hacked?

You have several options to reduce or eliminate key fob hacks.

Block the fob signal. A Faraday bag is one of the most effective ways to do this. It’s made of flexible metallic fabric to stop any signal from getting out or in the bag. They’re already in common use and come in different sizes and price ranges so finding one that best suits your needs should be a relatively simple task. If you don’t want to use a Faraday bag, you can store your fob in a safe or another metal object.

Reprogram the fob from time to time. A locksmith can do this for you in just a few minutes, but it’s probably more of a hassle and will cost more money and time than using a Faraday bag.

Physically place your fob away from doors or windows in your home or office, effectively reducing or blocking a hacker’s signal-stealing technology.

Look for a fob flash. When you lock your car with a fob by touching the door handle or clicking the button on a remote, make sure the indicators flash and listen for the clunk of locks.

Keep up with software updates. As cars, phones, and other technology are more connected than ever, it’s crucial to keep thieves at bay by installing the latest software on your vehicle and phone.

Keep your key fob in a shielded wallet when you’re out and about. Some people think wrapping a fob in aluminum foil will provide enough protection, but that may not be true. Again, a Faraday bag is still your best bet when in public.

Attach a lock to your steering wheel. It’s old school, but metal bars that lock steering wheels are an effective and visible deterrent for thieves trying to steal your vehicle. You may go a little more extreme and get a lock for one of your car wheels. Just remember to remove it before you attempt to drive off!

Install a tracker. Unusual activity is monitored, and you are alerted if it appears a car is not where it should be. You can also trace the vehicle via GPS if it is stolen.

Switch off the fob when not in use or use a motion sensor fob. Some fobs can be turned off, which is what you should do when it’s not in use. Other fobs have motion sensors, meaning the fob stops transmitting a signal if it’s left idle for a certain amount of time. This negates the use of relays to steal your fob signal.

Install CCTV or a smart doorbell. This may not prevent your car from being stolen, but if thieves see active cameras on your property, that may be enough of a deterrent for them to move on. These devices also make it easier to find your car if it does get stolen. Good exterior lighting and an active Neighborhood Watch are also added deterrents that are easy to implement.

Scammers are more sophisticated than ever, and they’re doing it by returning to one of the most basic forms of communication we have…our phones.

It seems almost impossible to avoid every oddball or unknown phone number that calls you. While some are harmless, others are more intentional about trying to separate you from your money, identity, and your sanity.

Types of Scams

There are several common types of calls that demonstrate red flags you should look out for.

The one-ring scam happens when scammers use robocall technology to place internet calls that ring only once on cell phones. If you pick up, the robocall drops the line. However, if you miss or ignore the call and later call back the number, you could be on the hook for international calling fees with area codes outside the U.S. Those fees can be as much as a whopping $15-$30 per minute!

The Federal Trade Commission (FTC) says you should never call back numbers in these area codes:

• 268: Antigua and Barbuda
• 284: British Virgin Islands
• 473: Grenada, Carriacou and Petite Martinique
• 664: Montserrat
• 649: Turks and Caicos Islands
• 767: Commonwealth of Dominica
• 809, 829, 849: Dominican Republic
• 876: Jamaica

When an unfamiliar number comes in, you’re better off waiting for a voicemail to determine if the call is legitimate before calling back. You can also Google the phone number on the chance that others have already posted about the number and whether it’s legitimate or not.

How prevalent are robocalls? It’s estimated more than 36 billion robocalls have been placed in 2022 according to the YouMail Robocall Index

With a prize-winner scam a caller will tell you that you’ve won a prize or a lottery. But then they’ll ask you for a fee to confirm the prize and shipping costs or for another reason related to unlocking your winnings.

Scammers also prey upon you with threats that you’ll get arrested or face fines if you don’t comply with law enforcement actions or those related to a federal agency. You may immediately be coerced into paying IRS penalties, taxes, or other debt.

Scammers may also call you with a limited time offer and force you to commit to something that sounds too good to be true. Here’s a hint. If it sounds too good to be true and the caller on the other end of the line wants a decision or money from you now, it is too good to be true. Hang up immediately.

Debt relief and credit repair scams are also common. Callers will offer you lower credit card rates, promise to fix your credit, or agree to help you get debt forgiven for an upfront fee.

Another quasi-government scam is someone calling purporting to be from a government agency and asking you to confirm sensitive information such as your Social Security number, bank accounts, or other similar private information. Government agencies never do this! Do not divulge anything if you get a call like this.

Charity scams always pop up, especially immediately following a large-scale natural disaster. Never feel pressured to give until you’re ready to help. Always check out a charity before you give or give only to well-known charities such as the Red Cross.

Someone you’re unfamiliar with may call you with a legitimate sounding deal but will ask you to pay with cash, a gift card, wiring money, or some other form of payment that gives you no recourse to get your money back if they take off with it. Only pay with negotiable instruments that protect you in case you’re victimized.

A recent scam making the rounds is a robocall that starts with the simple four-word phrase “Can you hear me?” in hopes of recording your response and using it to commit fraud.

The phrase is designed to trick the victim into responding “yes,” while the person or computer on the other end records the response. The scammer can use the recording to access important online accounts, make purchases and commit fraud like identity theft. All they must do is play the recording of your voice saying “yes” when asked to authorize a log-in or agree to a major purchase.

What You Can Do to Lessen Scam Calls

The first and most obvious thing you can do is never answer calls from numbers you don’t know. Let calls roll to voicemail.

All the major wireless carriers offer robocall blocking. There are also several free and paid third-party apps that you can also use to block scam phone numbers. A little online research should produce another added layer of protection.

If you’re on the National Do Not Call Registry, you shouldn’t get live sales calls from companies you haven’t done business with before. Those calls are illegal. If someone is already breaking the law calling you, there’s a good chance it’s a scam.

Also, don’t trust your caller ID. Scammers can spoof you and make any name or number show up on your caller ID. Even when a number looks like it’s a government agency or the call is from a local number, it could be a scammer calling from anywhere in the world.

What if You’ve Already Been Scammed

Scammers know which methods of payments make it challenging for you to get your money back. Sometimes that money is gone forever, but there are ways to protect yourself.

If you paid a scammer with a credit or debit card, you may be able to stop the transaction. Contact your credit card company or bank right away. Tell them what happened and ask for a “chargeback” to reverse the charges. The same action applies if you paid a scammer with a gift card, prepaid card, or cash reload card. Call and ask for a refund as quickly as possible, and you may be able to recover your money.

Contact the app company if you paid a scammer using a money transfer app like PayPal or Venmo. However, contact your credit card company or bank first if the app is linked to a credit card or debit card.

In instances where you gave your username, password, or other sensitive information to a scammer, change your information right away. If you use the same password for other accounts or sites, change it there, too.

If you gave a scammer your Social Security number (SSN), visit IdentityTheft.gov to learn how to monitor your credit report to see if your SSN is being misused.

You should report scams as well.

When you’ve lost money to a phone scam or have information about the company or scammer who called you, report it at ReportFraud.ftc.gov. If you didn’t lose money but want to report a call, you can use the reporting form at DoNotCall.gov.