Sometimes even big corporations have cyber attacks slip through the cracks. From 2013 to 2015 Evaldas Rimasauskas, a Lithuanian citizen, sent fake invoices and phishing emails to Google and Facebook for amounts totaling over $120 million dollars. This was an elaborate operation that seemed legitimate to an unsuspecting accountant.

The first step to his phishing scam was to set up a fake business for Google and Facebook to wire the money to. He used the name of a real company, Quanta Computer, that had done business with these corporations in the past. He sent emails to Google and Facebook that had forged contracts, and invoices requesting payments. These payments were sent to fake bank accounts in Cyprus and Latvia. He was able to get $23 million from Google and $98 million from Facebook in a 2 year time period.

Although Rimasauskas was caught, Google and Facebook must question how a single man was able to steal so much from them. In the end, he was sentenced to 9 years in prison. Only $50 million of the stolen funds was recovered. This example serves as a reminder for companies big and small.  It’s always a good idea to be diligent and double-check invoices and bills. Always check where your money is going.

Sources:                                                                                                                             https://www.goptg.com/blog/meet-the-man-whose-phishing-scam-robbed-google-and-facebook-of-millions                                                                https://www.justice.gov/usao-sdny/pr/lithuanian-man-sentenced-5-years-prison-theft-over-120-million-fraudulent-business

The first step in learning how to manage cyber threats is determining what the threats actually are. There are 5 major threats to a company of our size.

1. Phishing Attacks
2. Ransomware
3. Insider Threats
4. Weak Passwords
5. Vulnerabilities in Software

Let’s describe each of these a little bit more in depth.

Phishing Attacks

First up we’ve got phishing attacks. A phishing attack is when a cybercriminal poses as a well-known company or entity. They will attempt to gather passwords, banking details, and any other sensitive information they can gain access to. It’s very important to be constantly aware when you receive emails. There are some things you can look out for to avoid falling into a phishing scam. According to the FTC (Federal Trade Commission),  scammers may tell you that they have noticed unsuccessful log-in attempts, say your payment information is incorrect, say you have a government refund or include some sort of link for you to click on. NEVER CLICK ON THE LINKS. These may lead to fake websites and when you enter your information they will use it for whatever they want.

Ransomware

Ransomware is a form of malware or bad code that infiltrates a companies systems. Sometimes, the links in phishing emails will download this ransomware onto a company server. They will take over part of the software and “hold it for a ransom.” They will request large sums of money or cryptocurrency in exchange for the information back. During the height of the COVID-19 pandemic, ransomware became very prevalent so there is a lot more information out there than before. To learn more, read this article from Check Point Security.

Insider Threats

Sometimes, cyber threats can even come from within the company. According to the Cybersecurity & Infrastructure Security Agency (CISA), there are two main types of insider threats, intentional and unintentional. Unintentional could involve a number of things. An employee may accidentally click on a phishing email like mentioned above. They could also lose memory drives containing sensitive information and they could fall into the wrong hands. It is important to keep track of every bit of information you have. It’s also important to change your password and other login information when prompted, usually about every 90 days. Make sure to keep anti-virus software and other security  measures up to date on ANY device you access information involving the company.

Weak Passwords

Weak passwords can be a huge issue for an individual but, they can also be detrimental to larger corporations like ours. One weak password can give an experienced cyberhacker access to a whole network of information. There are 5 things that we can all do to help secure our passwords and ensure they are as strong as can be. First, avoid using common passwords such as “123456” “a1b2c3d4e5” or even our birthday. These are easy for people to guess. Avoid reusing passwords. Although it may be easy to just have one or two passwords you use for everything, one website leaking information can lead to all of your personal and business information being accessed. When offered, use 2-factor authentication. This adds an extra layer of security so even if your password is leaked, there is a second layer to get through. Like previously mentioned, regularly update passwords. When we send out reminders to update passwords, don’t ignore it. It’s important to update regularly as there is a lower chance of someone guessing passwords only active for a few months. Finally, store your passwords somewhere safe. This means don’t have them written on a post-it note or carelessly left on a desk. Make use of locked password managers or save passwords on your device. These tips will all ensure you have secure passwords and keep our company data safe.

Software Vulnerabilities

Software vulnerabilities are more technical than many of the other threats to a company. These would more be the concern of those working on the technical side of things. Employees in that position must be constantly aware of potential vulnerabilities in software. We must be aware of outdated software and unpatched systems or “backdoors” into our software. There is a necessity for constant software vulnerability checks. Many companies offer free checks to determine how strong our infrastructure is and where there is a need for reinforcement in our software. We can perform these checks regularly to ensure we are doing all we can to keep our information safe.

Now that we have established vulnerabilities, let’s talk about 5 specific software our company utilizes and how they could be accessed by cyber criminals.

1. Microsoft Teams
2. Our own website
3. Hard drives
4. Desktops at our stores
5. Outlook

Microsoft Teams

This is an extremely useful tool however, it can be a security risk if we are not careful. Never share passwords or any sensitive login information through chat features. If you are ever on a public computer, make sure to fully sign out and delete any information someone could use against the company. Additionally, make sure you are using a secure internet connection when talking about company details. Use discretion with chatting with potential clients and keep secure information secure.

Our Website

As an e-commerce company, our website is vital to our survival. There are some things we can do to keep it protected. Firstly, we want to make sure that all information posted to the website has been double checked and there is nothing being released that shouldn’t be. Since we do have contact info on our website we want to make sure that all messages that come through are legitimate and verified potential customers. We also want to make sure we are checking that we always are on our company website as people sometimes pose as companies and use anything you input to weaken our security.

Hard Drives

Hard drives are physical storage units. These are utilized in our company for backups and for storing sensitive information. If you own one, make sure you always keep it in a secure place. When downloading information make sure there aren’t any viruses or malware also being downloaded. Do not mix personal and business information on hard drives. If you ever misplace a hard drive, inform someone in the IT department so we can be aware and ready for anything that may come of it.

Desktops

At each of our 3 locations, we have offices with 1-3 desktops used for company information. There are a few things we can do to ensure our data is protected. One, never leave the computer logged in overnight. Always close all tabs and log out completely. Make sure you don’t leave the computer unattended while logged in. These desktops are only for work purposes so do not log in to personal accounts or try to access personal information on them. Don’t leave the passwords visible. If you print any sensitive documents, clear the printer history and keep them in a safe place.

Outlook

Outlook is the main emailing system we use. We want to apply the same safeguards we use when on Microsoft Teams. Don’t share sensitive information, keep track of who you are contacting. It is also necessary to be aware of phishing scams and false links within emails. Log out of your email account when you are finishing work each day. Make sure your email signature only contains your company phone number as opposed to your personal contact information. Don’t give out any details about the company to prospective clients that isn’t public information.

There is a lot of information available about cyber attacks and protections to put in place, here are 5 things I recommend for our company.

1. Update passwords for any company platform every 90 days. Reminders are sent but they need to be made mandatory.
2. Do not use personal computers to access sensitive company information.
3. Make sure there is up to date anti-virus software downloaded on every company device.
4. Be aware of any links sent in emails.
5. Keep hard drives in a secure place when not being used.

Following these steps will give us the best chance to be a secure company and avoid any data leaks or ransomware attacks.

Tutorial #1: Adobe Illustrator for Beginners: Get Started in 10 Minutes

Format: Youtube Video

This video is a quick and fairly easy tutorial to follow. In 10 minutes, he describes what vectors are and walks you through Illustrator from opening the app to how to use individual tools. He even supplies some “bonus tips” that may not be readily known such as how to duplicate an item easily. This tutorial was published 10 months ago so all of the information is accurate and up to date with the version of Illustrator that I currently use. The creator of this video is a graphic designer named Andy who has over 10 years of experience. He is a member of the Adobe Community Experts Program which is a worldwide group of professionals in Adobe. He has a lot of great tutorials for a variety of skill sets, mainly focusing on Adobe Illustrator. This video in particular has over 14 thousand likes and 300+ positive comments. After watching the video, I understood everything he explained and have no doubt a beginner would be able to easily follow.  I would definitely reference back to this for the basics of Illustrator and I recommend any beginners to watch this video and use Andy as a reference.

Tutorial #2: A Beginner’s Guide: 10 Tips for Graphic Designers

Format: Blog

Although this blog was published over a year ago, the information is timeless. The authors have included 10 steps for successful designing and every point is applicable for any type of design. The authors of this blog post are known as “Team Pepper” and they write for the Pepper Blog. The Pepper Blog is a well-known blog that gives tips mainly on marketing while also touching on a variety of topics including graphic design. Their post included quite a few infographics which I believe adds to their credibility as it shows that the advice they are giving is proven from other sources as well. This blog does not have any features for commenting or liking. This post was the 3rd link when I looked up “Tips for Graphic Designers” so I believe they are a common blog for designers. It is a very easy to follow. The format was the same for all 10 points, subheading with the point, bullet points with information and most also include a graphic explaining the point or tip. I probably won’t use this as a reference in the future just because it is very basic information and I don’t necessarily have a use for it at this point in my education. I would recommend it to newcomers in graphic design.

Tutorial #3: Is Ai Killing the Graphic Design Industry?

Format: YouTube Video

This video was posted 2 months ago and it is a very relevant topic in today’s design world. The topic of Ai is a hot-button topic in many fields, especially graphic design and I don’t see that changing anytime soon. The creator of this video, Will Paterson, is a graphic designer who has owned a logo design company for over 10 years. On YouTube, Will has over 834 thousand subscribers. This video in particular has over a thousand likes and close to 200 comments that are all positive. This video moves very fast. It has more technical jargon that beginners or people who aren’t graphic designers may not understand. There is not a clear line of conversation or obvious main idea. It is more of a random FAQ session about Ai. I agree with many of the things said however, it is harder to follow. He breaks up his information with a good about of examples and graphics used to enhance his points. I probably would not use this video in the future as it is more of an opinion piece and watching it once is all one really needs from the video.