Wednesday, September 28, 2016

September 2016 Issue
In This Issue
It's Your Weakest Security Link


Your people. More specifically, your employees. 
Amazingly enough (or maybe not), these are your biggest security risks. But before you start ringing necks, you should know that much of the fraud committed by employees is unintentional. So they may not even realize that they are delivering your organization into the arms of hackers. 

Here are the three of the most common ways a hacker can get into your network:
  1. Phishing: Remains one of the most common ways employees inadvertently invite hackers into their personal systems and into those of their employers. An employee responds to an urgent email that appears to be authentic, and follows a link to provide them with passwords and PINs. Voila! They're in. Only after hours and hours (and possibly thousands of dollars) can you begin to untangle the mess. And you have one pretty embarrassed employee on your hands as well. 
  2. Social media: Today there is so much cross over between what is "personal" and what is job related that it's no wonder companies are reluctant to use social media, let alone allow employees to post. It is an incubator for hackers as personal information flows, is captured and combined with other personal data, all used to mount a successful (and devastating) personal attack within an organization.
  3. Fraud: And, yes, there are plenty of reported incidents of employee involvement in crime rings, assisting cybercriminals in hacking into their employers' systems and getting out again, often so ingeniously that tracing the activity can be challenging. Catching the employee can be equally challenging.
What to do? Here are some ideas to help reduce the threat of hackers: 

You may be surprised at what even your most astute employees do not know. Educating your employees about phishing and other "points of entry" hackers use, can go a long way towards avoiding it. Make sure each employee has access to your technical team in the event he or she comes across a suspicious email, asking them to share personal or corporate information.  
What experts, such as Rik Ferguson, VP of security research at Trend Micro, suggest is to tailor the training to the job function of your employees, and even to try to make it interesting.  
In a ZDnet interview, Rik stressed the importance of this. "You need the right mediums for the right people. You can't have a one-size-fits-all training program; if you're training your developers, you're going to need different content to what you're using to train your sales people, finance or HR people."

Give them a "sandbox":  
One great way to get employees serious about doing their part in protecting against cyber fraud is to let them experience what it can do, first hand. Well, almost. Experts recommend giving them their own sandboxes. As Trend Micro suggests "Let them mess up in a safe environment because then they realize they can mess up, nobody's perfect. Dare to fail, learn from your mistakes, analyze and improve."
Not only awareness between you and your employees, but between employees as well. Keep your eyes and ears open and encourage them to do the same.
Remember, all a hacker needs is one vulnerable point of entry. Just one. So, considering the growing list of devices we all use, that point of entry will become easier to find, not harder. More connections, more devices, more points of entry for hackers. And more headaches for IT. 
Thankfully there are companies that know how to untangle and help mitigate security risks. At CDR-DATA we've been collecting data and uncovering fraudulent data and voice activities for over 20 years. There are few things we haven't seen and helped protect against. 

As your list of potential security breaches continues to grow, don't wait until it becomes a mountain of confusion. Contact us now, so we can help you protect your tomorrow. 


Kevin Young, Founder and CEO 
Emergency Management (COOP) for Local Officials 
(Part I)

by Salvador Marquez, Principle Consultant, CMG Assist 

In a disaster, your community will look to you as a source of advice and guidance, and you need to be there to provide it for them.
Local officials, whether elected, appointed or hired have many vital roles to play in their communities. They have a unique opportunity to help shape policy and affect change for the citizens within their community. One of the most vital roles, and sometimes overlooked is the responsibility for "Emergency Management". However, ensuring that a community or county is ready to face both natural and man-made disasters is one of the most important jobs that a local official has.
One of the foundations of the emergency management plan is the analysis of hazards and risks in the community.   Create a list of recognized potential hazards in your county or state. Once you have that list consider the following:
  1. Historical Occurrence - How many times has the hazard occurred in the jurisdiction in the past?
  2. Probability - How likely is it that hazard will happen in the future?
  3. Geographic Extent of Impact - If the hazard does happen, how much of the area could be affected?
  4. Speed of Impact - How much warning time would your jurisdiction have before the hazard occurs (if any)?
  5. Cascading Affects - Could this hazard cause any other hazards or loss to occur?
  6. Prioritize Risk - What can most likely happen? What could cause the most damage or loss?
  7. Prevention/Mitigation - What can you do to avoid, eliminate or reduce the probability of the occurrence or lessen the effects of an emergency or disaster?
  8. Response - Include warning, evacuation, rescue and other similar operations and emergency support functions. Helping reduce casualties and damage by having a response to every situation.
  9. Recovery - Consider both short-term and long-term recovery efforts.   Short-term recovery efforts seek to restore critical services and provide basic needs for the public. Long-term recovery efforts focus on restoring the community to an improved state of affairs.   Other recovery actions may include, but are not limited to, temporary housing, food, and restoration of vital and non-vital services and reconstruction of damaged areas.
Stay tuned for Part II in the October CDR-DATA Newsletter... 
CDR-Data applications are supported by products that, collectively, provide you with all the resources needed to 
effectively manage your communications and personnel expenses without having to add resources.
eCDR®: All the reporting options and flexibility needed to effectively manage and allocate telecommunications expense. Easy to use and customizable.  
eBill-Back®: Fast, accurate billing system 
for business centers, shared-tenant environments, and any business requiring bill back of end users. 
Call us or drop us an email: . Visit us at  

  CDR-DATA| | | 
PO Box 41141 
Pasadena, CA 91114