by Felicien | Dec 4, 2018 | Education
For most companies that have an IT department, the decisions that revolve around technology, including the devices and the platforms/programs that are used, fall squarely on their shoulders. IT professionals do the research and, in most cases, choose the technology (devices, platforms, etc.) that best suit the needs of the company. The problem is that while the IT professionals may know what’s best, the employees may not agree with their findings. Finding a happy medium is not always as easy as it sounds.
Forcing the Tech Issue
Management often gives the IT department strict control over the technology that is used during the day to day operation of the business. Because they have built the network and know what devices will work most efficiently, they may expect employees to merely follow along. For some, this may work. The problem revolves around the fact that not every employee may feel comfortable with the platforms the IT department wants them to use. They may be difficult to use or the employee may simply have another option that they prefer. Forcing employees to conform to IT departments demands can lead to significant issues, including reduced productivity, increased tension in the workplace, and frustration with the how the system works as a whole. Needless to say, forcing the issue can have disastrous consequences.
Strictly Managed IT or Enhanced Productivity
Simply put, you can have a strictly managed IT network that doesn’t take into consideration the needs and wants of the employees or you can allow the employees to choose the devices and platforms they want increasing productivity, but possibly causing the system to not work as effectively as it should. The key to finding the best of both worlds is to find a happy medium. Employees don’t necessarily want to dictate where the company invests their technology dollars, they just want a say in how it will affect them and how they are able to do their jobs. It’s more beneficial for everyone involved if both the IT department and the employees work together to create a system that makes it easy for the employees to perform effectively as well as allowing the IT department the ability to invest in the technology that is needed to keep the business moving forward.
Personalization
The key is to maintain the integrity of the company’s IT network while allowing employees to use the platforms, programs, and devices they are most comfortable with. This level of personalization may take some time to accomplish but in the end, will create a network that is both efficient as well as secure. When it comes to investing the company’s money into high-tech systems, taking a dictatorial approach can have disastrous results if the employees aren’t comfortable with the IT department’s choice. While IT will still have the final say, allowing employees to voice their opinion and provide input from their perspective will make it possible to build a personalized network that accomplishes everyone’s goals. This includes creating a system that is both secure and well-structured using devices and platforms that allow employees to be as productive as possible.
Working together to create a personalized network will not only ensure that the company’s investment pays off, but it will also allow employees to feel valued. The more appreciated the employee, the more dedicated they are to the company, which in turn, increases productivity and creates a positive work environment.
by Felicien | Dec 4, 2018 | Education
Small and mid-sized companies have a tendency to operate under the assumption that hackers target only more extensive operations. There’s a simple logic to that misconception that these criminals instigate cyber breaches that reap the highest possible reward. Nothing could be further from the truth.
Check out what Robert Herjavec and Scott Schober have to say on Cybersecurity.
Click Here
While hacks into the Democratic National Committee and Equifax make big headlines, the majority of cyber attacks are carried out on smaller, vulnerable systems. Most hackers merely look for the low hanging fruit. If your small or mid-sized company has modestly valuable data and lacks top-tier cybersecurity, you are that low hanging fruit.
By 2020, upwards of 6 billion people globally and 283 million Americans are expected to utilize the Internet. That means businesses of every level will be fully engaged and it only takes two miscreants on another continent to breach your security.
Cybercrime has already reportedly outpaced the combined profits of all the major drug cartels in the world at $6 trillion annually. Unlike vast criminal organizations, two computer whizzes with laptops thousands of miles away can extract sensitive information without a company even knowing until it’s too late.
These days, stealing credit card info is not among the highest priorities. Cybercriminals have discovered that personal and personnel information can yield significant paydays. If you still don’t think cybersecurity ranks among the highest priorities for small and mid-sized companies, just listen to this.
Hacks Are Often Inside Jobs
It may seem counterintuitive, but a company’s most significant cyber threat can be found among the most valued employees. Staff members are not generally acting in a nefarious fashion. In fact, loyal employees are often just that, loyal. But a pervasive attitude exists in workplaces that checking in on personal social media, using various non-work related apps and platforms is both allowable and safe.
According to cyber security experts, upwards of 93 of all breaches that are investigated thoroughly trail back to an employee. Although that person is generally not the so-called “inside man” or “inside woman” regarding criminal intent, their nonchalant attitude about checking personal sites exposed the small or mid-sized organization to a massive data breach.
Many are merely duped by phishing scams or inadvertently infest a business system with malware. This could occur by synching an unsecured device, moving data on a USB drive back and forth between home and work, or surfing the Internet among other security missteps. While many business decision-makers believe their data is not at risk, it takes a cybersecurity professional to build a company-specific “human firewall” that reduces internal threats through actionable policies and training.
Small And Mid-Sized Organizations Held Hostage Everyday
No Third World drug cartel can compare to the volume of theft leveled by small-time hackers. Ransomware remains the top malicious software and ranks among the most lucrative type of cyberattack. This variety of malware targets business systems by penetrating them through a camouflage method of encryption. Once inside a business’ network, it quickly encrypts critical data and makes everything inaccessible to the organization.
The name “ransomware” was earned by what comes after. A defiled organization will likely get a notice to pay a certain amount — often in bitcoin — to get an encryption code allowing you to restore access to your own files. This hostage situation often proves fruitful for the cybercriminal because paying them off appears to be in the company’s best financial interest. Sadly, too many business leaders only move forward with advanced cybersecurity after suffering a feeling of helplessness and humiliation.
Underachieving Cybersecurity Protocols Prove Costly
A Verizon Data Breach Report reportedly concluded that upwards of 60 percent of all incursions during 2016 could be attributed to outside forces. These data breaches were considered instances of “hacking” by a third party’s intent to circumvent existing security measures. Hackers tend to seek out a company’s weakest cyber defense points to gain access.
In essence, this follows the adage that a chain is only as strong as its weakest link. Among the more notable instances of a weak-link failure was JP Morgan’s massive breach in 2014. Despite having a top-tier cybersecurity team in place, a single server was missed during a password update. That single under-protected server resulted in what was ranked among the top 10 worst cyber thefts in history. Approximately 83 million household and business accounts were reportedly impacted at a whopping $100 million.
While this level of cyber theft makes mainstream media headlines, hackers tend to have greater success penetrating smaller companies with far less sophisticated cyber security systems. The basic criminal business model relies on volume not occasional massive paydays. Think about it this way. The Brinks Job made bank-robbing history in 1950, but stick-up men knock off liquor stores every day.
Unpatched Security Bugs Attract Cybercrime Infestations
One of the more prevalent methods used by a hacker is to infiltrate your system in plain sight. Cyber thieves often use well-known software deficiencies commonly called bugs as a type of cracked door.
When software companies send out routine fixes such as patches, users have the option of making this repair. But when a system appears to be functioning appropriately, a small or mid-sized business may discard the effort as more of a nuisance than anything else. That could prove to be a fatal data breach mistake.
When systems linger unpatched, hackers may be quick to seize on specific vulnerabilities and infiltrate a company’s network. It’s important to understand that cybersecurity only seems like another time-consuming task that detracts from company goals. Anyone who uses computers, devices, software or accesses the Internet is inherently in the cybersecurity business. Without adequate cybersecurity systems, policies and protocols in place, the entire organization remains at risk.
Data Breaches Threats Represent A Clear And Present Danger
If you remain unconvinced about how crucial cybersecurity is to your business’ integrity, consider these telling facts. The U.S. government has placed the most significant emphasis on increasing only two areas of the military budget — special ops and cybersecurity.
Today, a person’s electronic medical records are more valuable than credit card information on the dark web. And, electronic ransoms are the fastest growing cybercrime and are expected to occur every 14 seconds by 2020. The question is no longer if a sub-par system will be hacked, it’s when
by Felicien | Dec 4, 2018 | Education
The FBI and Department of Homeland Security (DHS) have issued a vital ransomware alert for the SamSam ransomware also known as MSIL/Samas.A.
The FBI and DHS alert, issued on November 3rd, 2018 describes how hackers armed with SamSam ransomware have targeted multiple industries, including some within critical infrastructure. Those victimized by SamSam have been located predominately in the United States. However, some international attacks also occurred.
This alert comes few days after the Justice Department charged two Iranians as the masterminds behind the recent SamSam ransomware attacks.
Read more about this critical FBI and DHS warning.
Click Here
Stay tuned to our blog for more information.
by Felicien | Dec 3, 2018 | Education
When you think about the risks to your healthcare business, there are likely a lot of things that come to mind. However, one of the biggest threats to the well-being of a modern-day healthcare business is poor data quality. Data quality is actually a significant concern for leaders in the healthcare industry. Problems with data can hinder business goals, increase costs, and even affect your patients. Take a look at what you need to know about data quality risks as someone in the healthcare business.
Your First Step: Understanding That There Are Risks
One of the most significant problems with data risks in healthcare is not all healthcare business owners understand the risks and how common it is for a business to have problems because of them. Only 60 percent of those in the healthcare industry rank data as a serious matter when this should be listed as a serious matter to everyone. At least 61 percent say integrating clinical and business data is a significant challenge for their healthcare business, which shows how many data fallacies are likely committed.
The Inherent Risks of Inaccurate and Incomplete Data
Inaccurate or incomplete data can be a massive barrier of healthcare and even cause the demise of your healthcare business. The number one risk associated with incorrect or incomplete data is non-compliance with government regulations with as many as 34 percent of healthcare business owners having faced this issue because of data wrongs. A few of the other most common risks that are associated with inaccurate or incomplete data include:
A loss of competitive edge due to lacking member retention
A lack of enough data to drive new service or product developments
Problems with interoperability that create a lack of support for the health of the population
Missing real-time insights in clinical or treatment settings
Significant profit losses due to fraud loss
Inaccurate metrics and quality scores that lead to increased overhead costs
A Look at Where Problems with Data Originate
Data problems in healthcare can originate from different places. For example, data risks can start with improper input methods and poorly maintained hardware on a facility level. However, the majority of data problems originate in data silos. Data silos are proverbial storage places for data that are under the operation of one entity most of the time. In the healthcare business, the loads of data that is accumulated must be appropriately housed and data silos are the typical solution.
One of the most significant risks healthcare businesses face is not having access to the data in these silos as they should. This can happen because:
Data gets stuck because it is only accessible by one department
Data is improperly shared or cannot be shared at all
Data cannot be leveraged across the entire enterprise
Data gets lost because it is not adequately backed up outside of the data silo
Data is compromised because it is improperly secured
Silos can and often are set up by a business owner who is trying to rightfully protect the information they take in, but the improper management of this data can pose a world of problems in both the short and long-term.
Changes to Make to Avoid Data Risks in Healthcare
Once you have armed yourself with knowledge about the data risks in the healthcare business, it is critical that you get proactive so your business can avoid those potential problems. You should first simplify data governance by limiting how many governing entities are in charge of or indirect control over your facility’s data. A few other things to do include:
Optimize the analytics of your data
Enable interoperability of your information
Reduce operational overhead of your data
Working with a company that provides data management solutions and specializes in helping clients in the healthcare industry can usually help with these processes. Therefore, bringing in the help of an outside service to help you combat data risks is a logical business move.
by Felicien | Dec 3, 2018 | Education
Heads up if you’ve stayed or made reservations at a Marriott or Starwood property over the last decade. A major security issue was just announced and the scope of the problem is actually quite astonishing. Here’s what you need to know about the Marriott International data breach.
What is the Marriott Data Breach?
On November 30th, Marriott International announced that the private information of up to 500 million guests became compromised. The breach is one of the largest in history and brings up a variety of concerns regarding consumer privacy safety.
They noted that an internal tool recognized a data breach in September, but wasn’t able to confirm the issue was part of the Starwood database until November. Further investigation revealed that the problem has happened since as far back as 2014 and that the exact breadth of the issue isn’t yet known.
Who is Affected by the Marriott Data Breach?
To be blunt, 500 million people is a lot. If you’ve traveled on business in the past or regularly stay at the hotel chain’s properties, your personal data is likely compromised. Additionally, those who merely made reservations but never actually stayed the night are also included in the breach.
According to NBC News, Marriott also reported that for 327 million of those people, the information includes some combination of a name, mailing address, phone number, email address, passport number, Starwood Preferred Guest account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences. Encrypted credit card information is also likely stolen, but the company isn’t yet sure if the thieves were able to reveal account numbers.
An additional report also suggested that employee information might have even been compromised, especially in situations where workers took advantage of employee discounts to stay at hotels around the globe.
What is Marriott Doing After the Data Breach?
While the initial statement from the company was vague, they have taken steps to improve the situation by hiring the public relations firm Kroll. Those concerned about being part of the Marriott data breach may check for more information at a website provided by the hotel chain.
Maryland Attorney General Brian Frosh is opening an investigation into the incident, citing the company headquarters in his state as the reasoning for his inquisition. Additionally, New York planned to look into the incident and other states where the company has properties are likely to follow. There is no word yet on how the breach is being reviewed internationally.
Furthermore, within hours of the news, a class action lawsuit for 12 billion dollars was filed by Ben Meiselas of Geragos & Geragos. The suit is on behalf of two plaintiffs who feel duped by the company not immediately admitting there was a security issue. In other cases in the past are any indication, there’s likely to be a settlement out of court soon.
What Can Other Companies Learn from Marriott’s Data Breach?
At this time, it is hard to tell what other companies can learn from Marriott International’s data breach since news of the incident is still relatively recent. Other companies have faced similar issues in the past, such as Yahoo’s admission earlier this year that the three billion accounts had information hacked and Under Armour’s data breach of 150 million MyFitnessPal user accounts. Those companies were able to provide customers with free credit monitoring to try to earn back trust, but time will still tell on how it affects each firm’s reputation overall. Both have made attempts to increase application cybersecurity.
In short, if you have made a reservation or stayed at a Marriott Hotel or Starwood property in the last few years, it is wise to invest in some version of identity theft monitoring. Also, consider additional discussion and concerns with your lawyer general and by making a claim on Marriott’s data breach website.
by Felicien | Nov 30, 2018 | Education
How Marriott Got Caught In A 500-Million Person Data Breach
Were You Affected? (Your Questions Answered)
What Do We Need To Know About The Marriott Breach?
Another big corporation got hooked. This time it was Marriott International. They just revealed that their Starwood reservations database of 500 million customers was hacked and that the personal information of up to 327 million guests was stolen. And, this has been going on since 2014!
How Did This Happen?
On September 8, 2018, Marriott was alerted about an attempt to access the Starwood guest reservation database.
They contacted leading security experts to help them determine what occurred. Marriott said that the hacker copied, encrypted and removed their customers’ data.
On November 19, 2018, Marriott was able to decrypt the data and learned that it was from the Starwood guest reservation database.
Marriott acknowledged that the encryption security keys for this data may have fallen into the hands of hackers. This allowed them to access the massive amount of data. Secure systems lock up data and should store the encryption keys in a location that’s separate from the confidential information.
Some good questions to ask here are:
“How did the criminals get Marriott’s encryption keys?
“Why did it take so long for Marriott to reveal the breach?” They learned about it in September which is over two months ago.
And, this was a 4-year long breach! “Why didn’t Marriott know that their customers’ data was being stolen over this long period?”
Maybe we’ll find out the answers to these questions, and perhaps not. What’s for sure is that you are on your own when it comes to protecting your confidential data.
How Do I Know If My Data Was Stolen?
If you are a Starwood Preferred Guest member and your data was stored in the Starwood property’s database (which includes Sheraton, Westin and St. Regis hotels, among others) you need to be on alert.
As mentioned, this data breach goes all the way back to 2014 and includes names, passport numbers, email addresses and payment information for approximately 327 million travelers – a “big catch” for any hacker. Even your date of birth, gender, reservation dates and communication preferences may be included in the breach.
Should I Contact Marriott?
Marriott set up a website and call center for customers who were impacted by the data breach. Email notifications are also being rolled out.
Marriott is also offering affected customers the option to enroll in WebWatcher free of charge for one year. WebWatcher monitors internet sites where personal information is shared and generates an alert if your personal information is found. If you live in the U.S., you’ll also be offered fraud consulting services
What Else Should I Do?
If your data was stolen, you should observe for incidents of identity theft. Also, watch for phishing emails where hackers try to impersonate someone you trust to take information or money from you.
Arrange For Security Awareness Training For Your Employees
If your business data was involved, make sure that you arrange for Security Awareness Training for your employees to train them to recognize phishing attempts. This includes:
Baseline Testing to assess the Phish-prone percentage of your employees through a free simulated phishing attack.
Training For Your Users with content that includes interactive modules, videos, games, posters, and newsletters.
Simulated Phishing Attacks that utilize best-in-class, fully automated, simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.
Reports with statistics and graphs for both training and phishing for your management to review.
Whether your business was involved in the breach or not, Security Awareness Training for your employees is always a good idea. Another good idea is to sign up for Dark Web Scanning Services.
Get Dark Web Scanning For Your Confidential Business Data
The Dark Web is a secret internet society that’s only accessible to a select group of criminals. Criminals use it to take stolen data (like the Marriott/Starwood customer information) and dump it on the black market for sale. Dark Web Scanning is a sophisticated monitoring solution that helps businesses of any size detect cyber threats that expose their stolen business accounts, email addresses, payment information, and other confidential data that’s on the Dark Web. It also does this in real time and detects any of your compromised credentials or information before criminals can use it for profit or other crimes.
Don’t Count On The Marriott’s Of The World To Protect Your Business Data – You Must Do This Yourself
Contact us for information about Data Protection, Security Awareness Training and Dark Web Scanning.
We have a Suite of IT Security Solutions to help you keep your business data secure.
