In the chain of business security, humanity is the weakest link.

Even with the most stringent and sophisticated suite of protection, the risk of your business-critical data being stolen is ever present, especially if your employees are unaware (or even worse, apathetic) of the security risk they pose. Precautions can be made against data breaches. Devices and systems can be safeguarded from outside attack.

Despite this, every business owner should always consider the human factor as the most important one in data protection.

To bring that same factor into focus, we here at Trend Micro worked together with research firm The Ponemon Institute, in an effort to help business owners understand this factor and  how to better address it. The summarized results of this collaborative effort is available for your perusal here. Along with this report, we also have other key materials you may find helpful:

• Our Data Risk Calculator lets you see for yourself what level of risk your organization’s data may be in.
• Our primer, Five Data Security Risks Every Small Business Should Know, tells you what you need to know about the data security risks that plague small businesses.
• Our infographic, The Weakest Link In Data Protection: The Human Factor, gives you a preview on just how much your employees matter in the overall security picture.

The human factor may be the weakest link, but that doesn’t mean it has to remain that way.

Update as of April 4, 2012 4:06 AM (PST)

Never underestimate the impact of the human factor when it comes to data protection. As Trend Micro’s CTO Raimund Genes states, in order to protect company assets, it is the responsiblity of security professionals to educate users on what and what not to reveal online. For more of his insights, you may watch the video The Human Factor of Targeted Attacks.

Whenever something big happens – a celebrity death, a holiday, or even a highly anticipated product release – we at Trend Micro immediately scour the web looking for any ‘traps’. These ‘traps’ are set by cybercriminals in order to prey upon anyone looking for more information about that big news item. The act of tailoring these traps to relevant topics or events is called social engineering. Thousands fall prey to it every time it crops up.

Social engineering schemes often leverage buzz-worthy events or topics to victimize users. For breaking news like calamities or notable deaths, cybercriminals work hard to churn out social engineering scams hours after the said event occurs. For instance, social engineering scams appeared just two hours after the Japan tsunami and earthquake in March. Some cybercriminals also use social engineering for events long before they occur: spam related to the 2012 Olympics appeared as early as 2008.

Invariably, we find signs that people have been falling for these schemes time and again. In our e-guide, “5 Reasons Why Social Engineering Tricks Work,” and infographic, “Countdown to System Infection,” we discuss things users need to know about social engineering schemes. We tell what socially-engineered attacks actually look like, what they’ve been about in the past, how fast they can occur, and where you would usually find them. Most important of all, we show you what to look out for, so you can avoid becoming a victim of such scams.

While it’s always important to take care of our physical bodies in order to enjoy long, fruitful lives with our families and loved ones, we also believe that we must exert as much effort in taking care of our digital selves as well. We came up with these three reminders users can adopt to keep their online health in check:

• Use your common sense. The adage, “If it’s too good to be true, it probably is,” is applicable both in the real world and on the Internet. Using common sense is your first line of defense online. People who are after you or your money abound on the web via all kinds of scams.

• Try to maintain a junk-free online diet. You are what you eat or, in this case, you are what you browse. The Internet has its own brand of “unhealthy food” in the form of shady, suspicious, or risqué sites. Common examples of these are online gambling, adult sites, and illegal file-sharing portalsSuch sites are not only inappropriate to some users, these are also very common malware sources. In fact, in one instance, over 137,000 systems were infected in just one month because their users visited a single adult site that secretly hosted malware.

• Love your online persona. There is such a thing as oversharing and if you’re not careful, the things you say or do online can be used against you. One example is sharing that you’re alone at home, especially if you’re underage, which could attract burglars, robbers, and other unsavory folks. Also, always keep a cool head when sharing personal things online. Users should always ask themselves if anything they’re sharing could pose threats not only to their own reputation but also to their safety and those around them.

These three simple reminders, as well as other helpful activities to secure your data, reputation, and devices, will certainly help protect users from the worst that cybercriminals can do. For more information about these tips, view our infographic here. Make sure to share this infographic to your friends and family as well.

Convenience, ease, and better deals are just three of the reasons why more and more users shop online. Users’ level of adoption for online shopping has been increasing the past years. In fact, reports predict that there will be a 78% increase in the US shopper volume by 2014.

Mobile computing is also starting to play a bigger role in terms of online shopping, as 43% of all Web-enabled smartphone owners said they use their mobile devices to help them shop. This percentage will likely increase in the coming years, or even as soon as the next couple of months considering the upcoming holiday season.

As online shopping becomes widely preferred as a primary method for purchasing items, online shoppers will also become preferred cybercriminal attack targets. Cybercriminals are continuously launching attacks, any or all of the following shopper information: credit card credentials, online banking personal identification numbers, and other personal data. The attack types seen include:

• blackhat SEO attacks – search results for hot items such as gadgets and others can be poisoned to lead users to malicious sites
• scams – coming off as online promos, scams trick users into becoming victims of their malicious schemes that can lead to information and financial theft. A good example of this is a spam run we recently saw leveraging Black Friday.
• session hijacking – users who do their shopping while connected to unsecure networks put themselves at risk of this attack, which involves sniffing through networks for certain kinds of information such as account credentials, and using the said information to impersonate the users and execute actions

Shoppers need not be helpless against these attacks, however, as they can implement security measures and can use solutions that help them avoid being victimized. In our guide, “Online Shopping Safety Made Easy,” and infographic, “Online Shopping Tips,” we discuss things online shoppers need to know in order to protect themselves from online shopping-related attacks.

As we get closer to Christmas, instances of the above-mentioned threats increase in number, thus users need to keep themselves protected. For more information on threats leveraging the holidays, and for ways to prevent being victimized, check our reports, and our ebook:

• Season’s Warnings: iPhone 4S Scam and Other Holiday Threats
• Beware of Holiday-Themed Multi-component Online Threats
• Season’s Warnings

“[I]‘m going to watch you and monitor your telephone line.”

“Your internet access is going to get suspended.”

“Someobdy uplaod a vdieo wtih you on utbue”

Halloween is fast approaching and it’s that time of the year when scaring people is the most popular form of entertainment. However, not all spooks this season may end up in good-natured merriment. Cybercriminals may take this opportunity to scare users with their tricks, which include spammed messages, poisoned search results, spammed tweets with dubious links and Facebook clickjacking attacks. If not wary of these schemes, users may end up becoming victims of information theft, system infection, and even financial loss.

These cybercriminal scare tactics are not new. As seen in the links above, for years we have seen attempts to alarm users to trick them to do things they won’t normally do – open attachments, click links, and pay for fake costly items and antivirus software. The truth is that these bad guys have had some level of success in this field. As proof, a recent blackhat SEO campaign that managed to generate 300 million hits from 113 million visitors in just one month of operation.

It is time for users to conquer their fears. Below is an infographic that provides a quick run-through of common tricks and threats that users may encounter online. We have also included some tips on how to detect and prevent shams to ensure that users’ online experience are safe and spook-free.

Click here for a detailed look at the thumbnail image below.