Did You Know Hackers Can Infiltrate Your Network Via Fax Machine?
Fax machines seem to be a thing of the past for many new age businesses and professionals these days, but in reality, they’re still being used. In fact, according to Jive, more than 46 million businesses still use fax machines in some way or another. Typically businesses are still using fax machines because their clients still use them, potential government regulations or industry standards, proof of paper trail, convenience, and in some instances, fax machines are more secure.
However, an Israeli cyber security firm, Check Point, recently discovered that hackers may be infiltrating businesses networks using just a fax machine number…which might not even be connected to the internet. The researchers at Check Point demonstrated that a hacker can execute a script that targets the victim’s fax number in order to obtain network access. According to the researchers, the attacker can then use EternalBlue, a NSA-developed exploit leaked by the Shadow Brokers hacker group, to further infiltrate the network and execute malware.
Using the malware executed for this attack, the hacker can search and exploit specific information about the victim and send it back to the hacker’s fax machine. Additionally, the hacker can severely manipulate what gets sent and received. For example, if the victim sends sensitive account information to their bank, the cybercriminal can program the fax machine to send a copy to the attackers fax machine. The attacker can also tamper with the content included on the document being sent by altering the information to include or exclude what they to be attached to the document.
It’s worth noting that having a cyber security insurance policy in place will protect your business in the case that your fax machine does get exploited by hackers. Contact Jon Jepsen at SentryWest Insurance for a cyber insurance quote.
(Courtesy Evolve MGA https://evolvemga.com/fax-machines/?ct=t)
What happens in a WTF attack?
Hackers manipulate senior executive officers, employees, or clients with the intention of tricking the business or their client into wiring money into the hacker's bank account. Common hack attacks that result in wire fraud consist of stealing login credentials via phishing or key-logging malware, financial data manipulation, and corporate identity theft.
Claims Example: Midsized Trucking Company
In 2017, a trucking company's CEO had his email address compromised. An email was sent to wire money to an existing client, but with new bank account details. The CFO merely thought the client opened up a new bank account and trusted the email from the CEO, which was actually written by the hacker. One payment of $73,000 was wired out without being caught. On the 2nd wire request, they figured out that the figured out the money hadn't been received. Unfortunately, that first payment of $73,000 was unrecoverable.
How Can I Make Sure My Cyber Policy Covers Me?
Check the policy wording to determine if there is coverage for: social engineering, funds transfer fraud, cyber deception, electronic crime, or eCrime. Note the limit provided. Make sure there are no dual factor authentication warranties in the policy wording. If you are looking to ensure that you have quality cyber crime options, please contact Jon Jepsen at SentryWest Insurance.
Did you know that many 501(c)(3) nonprofit organizations have no paid employees? Volunteers provide a critical link between nonprofits and their communities by bringing needed skills, connections, insights and resources to the organization. In some cases, they also serve as valuable public advocates and ambassadors for the nonprofit. Some organizations only have a few volunteers, while others manage hundreds of volunteers – but the fact remains that volunteers are critical to the relationship between nonprofits and their communities.
It’s important that your volunteers know what they can expect in the way of guidance and supervision, as a lack of clear directions and/or difficulty in contacting a supervisor can cause frustration and lead to mistakes. While there are many ways in which to manage a volunteer workforce, consider checking your strategies against the list below to assure your nonprofit is following the best safety practices possible:
When using youth volunteers (anyone under the age of 18), you will want to think about their duties and responsibilities and whether those activities are suitable. There are several things to consider when engaging youth volunteers:
In addition to ensuring that volunteers are safe, don’t forget to show your appreciation on a regular basis! The importance of a simple verbal “thank you” cannot be overstated.
Remember that a volunteer is an individual who performs hours of service for you without promise or expectation of compensation. Any compensation provided to a volunteer, such as a stipend, may inadvertently convert your volunteer into an employee. It can also jeopardize the legal protection for the volunteer under the Volunteer Protection Act.
While the law provides some relief for the negligent acts of volunteers, these laws vary widely from state to state and are often misunderstood. And, don’t make the mistake of assuming that your nonprofit will be exempt from liability because its purposes are charitable, or because the person responsible for the harm is a volunteer.
Managing volunteers is similar to managing paid staff. As with your staff, volunteers expect to be provided with rewarding experiences, treated with respect, trained as needed, properly supervised, and provided with feedback. Millions of volunteers across the country support our communities through all kinds of valuable service. And, they provide this service with an admirable record of safety. Since inadequate or improper training and oversight is frequently the cause of an incident and/or injury involving a volunteer, we hope these suggestions will help make that record of safety even better! Wouldn’t we all prefer to avoid incidents and injury to people and property and spend money on direct services rather than on expensive claims against the organization and volunteer?
Courtesy: Nonprofits Insurance Alliance Group
Jon Jepsen, CIC