by Felicien | Sep 8, 2017 | Education
Consumer Credit Score Giant Equifax At The Center Of What May Be The Worst Data Breach In History.
Atlanta-based consumer credit score provider Equifax announced Thursday that the company had been the target of a major data breach. This breach is thought to have occurred between mid-May and July of this year, with the breach finally being discovered on July 29th. Equifax took immediate steps to determine exactly what had happened and how hackers were able to gain access to the affected files.
In a statement released by Equifax Chairman and CEO Rick Smith, the breach was confirmed, and an explanation was offered to the more than 143 million affected consumers. It’s been advised that Equifax has been in ongoing contact with law enforcement, and has been fully cooperative with their continued investigation into the incident in an effort to locate the offenders.
A comprehensive forensic review was completed by a top cyber security provider, which uncovered the source of the breach and the number of files involved in this incident. It appears that the hackers responsible exploited a US website application vulnerability to access information that includes names, Social Security Numbers, and drivers’ license numbers, as well as a few hundred thousand credit card numbers. While the bulk of the affected users are US residents, Equifax has stated that some Canadian and UK users were also impacted.
It was also discovered that while this is still one of the worst data breaches ever to have occurred, hackers were not able to gain access to any of Equifax’s core data bases.
In an attempt to protect their customers and put forth maximum effort where damage control is concerned, Equifax is offering a complete identity theft protection package to each affected US consumer completely free of charge. A dedicated call center and web page have been created for consumers to get updated information on the situation, and take advantage of the identity theft protection package. Consumers are advised to get in touch with Equifax as soon as possible to determine if they are among the 143 million users impacted by this data breach and start taking steps to protect themselves from any potential consequences.
Equifax has vowed to invest even more into their cyber security systems in order to stop an event like this from ever occurring again. They’ve stated that their focus is on looking after their customers and doing everything they can to keep any possible damage resulting from this incident to a minimum. While it may feel like too little, too late for some, Equifax has made a real effort to step up and take responsibility for what has happened.
That being said, for affected consumers, the nightmare is only beginning. Data that has been stolen more often than not finds its way onto the dark web, and even if the hackers responsible were so inclined, there is no getting that data back once it’s hit the criminal marketplace. As this breach gave hackers millions upon millions of Social Security numbers with vital information like full names, addresses, and dates or birth attached to them, they’ve been able to create neat little identity theft packages to be sold off to the highest bidder.
When a data breach involves passwords or login credentials, a victim can change that information with relative ease and put the breach behind them. When your entire identity has been compromised, that’s not so easy. And while Equifax is offering free protection to US data breach victims, that complementary protection – as mandated by regulators – only needs to be offered for a full year after the incident is made public. At the end of that year, victims are left hoping that nothing is done with their data from that point on. And that’s rarely the case.
Credit card numbers can be replaced, but your Social Security number and date of birth are tied to you permanently. You can’t change your identity. This means that consumers involved in this data breach will remain at risk of identity theft and all of the headaches that go along with it for years to come. Bank loans taken out under someone else’s name using your information, or credit cards activated under your own name to be used by a stranger are both very real possibilities for those who have had their information stolen during this massive Equifax data breach.
At its core, this incident serves as a stark reminder of the ongoing dangers we face in a digital world. Cyber security is constantly evolving, but so are the criminals who are in search of ways to circumvent that security. The smallest vulnerability can lead to a major catastrophe, and while a company like Equifax has the capital available to rebound from even this disaster, a smaller business would collapse under the financial and reputational damage.
Want to learn more about the steps your business needs to be taking to keep a data breach incident like this from happening to your customers? Contact the {company} team at {email} or {phone} today. We’re the cyber security experts businesses in {city} trust.
by Felicien | Sep 8, 2017 | Education
Unless you properly prepare for tropical storms and hurricanes in advance, not only your property and business, but your life could be at risk. This may require evacuating. Plan your evacuation in advance, especially if you live in a hurricane-prone area.
Have your Evacuation Grab Bags ready to go. Make sure they’re waterproof and easy to carry. Essentials include:
2 gallons of water per person, per day for at least 3 days (including animals).
Non-perishable foods, and a can opener for canned foods.
Pet food and bowls.
Clean clothes and toiletries.
Your medications (for at least 7 days).
A First-Aid Kit.
Important documents in a flame and water-proof container.
Cell phones, chargers and battery backup.
Cash in small bills ($100 or more).
A flashlight and extra batteries (LED flashlights last longer).
A Battery-Powered Radio.
Spare car and house keys.
Whistle to signal for help.
Dust masks to filter contaminated air, and plastic sheeting and duct tape to shelter-in-place.
Moist towelettes, garbage bags and plastic ties for personal sanitation
A map with your evacuation route marked
A wrench or pliers to turn off utilities before you leave.
When you’re ready to evacuate, keep these tips in mind:
Take roads less traveled. There are often secondary highways and state/provincial roads that go to the same place as major highways or interstates. Use Google Maps to plan your evacuation route.
Use the Gas Buddy App to know where you can find gas when travelling. Be sure to fuel up at every single opportunity.
Install the Zello app on your smart phone. Make sure your family members, coworkers and friends do this as well. It’s faster than making a phone call, and saves time texting and emailing. Plus, you can tune into public channels that provide emergency information.
Don’t wait until the last minute. Use Expedia or hotels.comto book hotels in advance. You can always cancel it if you don’t need it. if needed.
Unless you have a safe deposit box at your local bank, store your valuables, paperwork and jewelry in your dishwasher. It’s waterproof and built into your cabinets so it won’t blow around.
Be safe everyone.
For more information, visit:
The National Hurricane Center
Ready.gov
The Red Cross
by Felicien | Sep 8, 2017 | Education
Equifax Security Breach of 143 Million Private Records Rocks Consumer Confidence and Injures Corporate Image
You would expect that a company – like Equifax – that is entrusted with vital information and tracking information of peoples purchase history would have iron-clad cybersecurity to protect its data.
Apparently not.
On September 7, 2017, Equifax came out with the truth.
They had been hacked.
From mid-May through to July, cybercriminals had access to the addresses, social security numbers, drivers license numbers, and birthdates of Equifax “customers”- that’s pretty much everyone – in the USA, Canada, and the UK.
The September 7th, 2017 press release from Equifax states that nearly half of the population of the United States – 143 million people – have had their private information compromised by the Equifax breach.
Equifax maintains that relatively few Canadian and UK consumers’ private information was impacted and that they are working with the Canadian and UK regulators to comply with the necessary regulations surrounding breach transparency.
But that’s not the worst news…
As part of this Equifax cyber intrusion, 209,000 people had their credit card information stolen, AND according to Equifax, the breach also impacted 182,000 people who had private information contained in Equifax Dispute Documents.
(Are you looking for professional help with securing your private or corporate data? Let the professional cybersecurity experts of {company} take this worry off your mind! Contact us now at {phone} or {email}
The Equifax public relations bulletin regarding this breach tells us that they finally discovered the intrusion and theft of consumer’s private information on July 29th, and that following the discovery of the breach, they hired an independent cybersecurity firm to investigate.
That investigation apparently took a little over a month to complete, because the public wasn’t informed that their private information had been compromised until the September 7th press release.
What is Equifax doing about it?
Their Chairman and CEO, Rick Smith, recorded a public apology and defense of Equifax’s actions in this matter.
They set up a website for you to check to see if you are among the millions of people whose information was stolen. equifaxsecurity2017.com
They have offered a free year of credit monitoring and ID theft protection
They have set up a call center to handle the flood of calls from concerned consumers. 866-447-7559
That’s the official response from Equifax.
Here’s the problem.
They went for over a month without notifying the public that something very important and valuable – their private information – may have been compromised.
Ironically, the website that they have set up for you to check to see if you are one of the 143 million people affected by the breach asks you to give your social security number – again – to Equifax.
The free year of credit monitoring and ID theft protection is offered THROUGH Equifax.
Equifax is only notifying the people whose credit card numbers or Dispute Documents were seen by the criminals – not everyone affected.
To add insult to injury, according to TechCrunch and Bloomberg both report that three Equifax Executives dumped a portion of their Equifax stock BEFORE the news of the breach went public.
TechCrunch states, “The transactions in question were initiated by Chief Financial Officer and Corporate VP John Gamble, who sold $946,374 worth of shares; President of U.S. Information Solutions Joseph Loughran, who dumped $584,099; and President of Workforce Solutions Rodolfo Ploder, who sold $250,458 in shares. As Bloomberg notes, these transactions were not pre-scheduled trades and they took place on August 2, three days after the company learned of the hack.”
While Equifax has come out with a statement insisting that these men had no knowledge of the breach at the time of the trades, it still looks more than a little fishy.
So, what is the average consumer supposed to make of all of this?
Well, to put it in perspective, this isn’t the biggest case of a corporate entity being breached by cybercriminals. In 2016, Yahoo disclosed that 1.3 billion user accounts had been hacked in two separate incidents in 2013-2014. Wikipedia records that the criminals involved stole, “names, email addresses, telephone numbers, encrypted or unencrypted security questions and answers, dates of birth, and hashed passwords.”
So, this kind of breach – and corporate delay in disclosure – has happened before.
In an effort to calm public outrage over this breach, Equifax’s CEO, Rick Smith said, “I’ve told our entire team that our goal can’t be simply to fix the problem and move on. Confronting cybersecurity risks is a daily fight. While we’ve made significant investments in data security, we recognize we must do more. And we will.”
Rick Smith has a led Equifax since 2005 and has a good track record as a corporate leader and a conscientious and caring citizen. According to his Equifax bio, his “is currently a trustee for The Boys & Girls Clubs of Metro Atlanta and has formerly been a director of the Operation HOPE global board, director of the YMCA of Metropolitan Atlanta, and a Trustee of the Woodruff Arts Center.”
Although Equifax has hit some speedbumps in the rollout of their response to this crisis, it seems that the issues seem to mostly center around transparency, messaging, and public relations, not the leadership of Rick Smith.
Time will tell whether Equifax will be able to regain and hold on to public confidence. At the moment, their biggest statement defending their systems is,
“The company has found no evidence of unauthorized activity on Equifax’s core consumer or commercial credit reporting databases.”
What should you be doing about this breach?
Pay attention to your credit cards and any new credit applications opening in your name. If your credit card sites provide alerts to your smartphone, set them up.
If you trust Equifax with your Social Security number, go to equifaxsecurity2017.com and check to see if they count you in the group that has had their information stolen.
If you feel confident in Equifax, take advantage of their credit monitoring offer – if not, subscribe to another credible organization’s credit monitoring services.
Wait – the whole story has not been told on this breach yet. Further reporting in the media will continue to shed light on this unfolding narrative.
Want to know more about how to protect yourself and your business from cyber crime? Contact the cyber security professionals at {company}! {phone} or {email}
by Felicien | Sep 8, 2017 | Education
Check out the most advanced security tactics in the fight against hackers for companies like yours.
One of the worst things about malware is that it never stays the same. There’s always a new threat, vulnerability, or revised virus cropping up. But there’s good news—A lot of innovation is happening in the world of cybersecurity Let’s take a look at some of the latest advances and how they can help businesses like yours in the fight against hackers.
The “White Worm” Approach
For a while now, universities in countries like Sweden, Denmark, and Russia have been studying the Mirai worm, an annoying piece of malware that crept into programs and wreaked havoc. However, security experts at these universities had a good idea—What if they could turn Mirai into a vaccine to use against similar types of worms?
It’s not exactly a new idea, but it is finally showing real-world success. The White Worm Project created a vaccine that uses Mirai-like capabilities to access devices and search for vulnerabilities. However, instead of exploiting those vulnerabilities, the new software (called AntibIoTic for its smart-device application) adds an extra security code instead. The code alerts device owners about potential problems and changes the authorization settings so malware can’t get in.
Additional white worms can be designed to shore up lagging security, warn users about new threats, preemptively protect devices, and more. The future of anti-malware is looking a lot better!
Advanced Machine Learning AI (Artificial Intelligence)
If you’ve kept up on the latest malware developments and security solutions, you’ve probably heard about machine learning and AI programs. Large security organizations are now using AI programs to identify aberrations. These aberrations are numerous and customizable, and focus on any out-of-the-ordinary activity from both software and account users. They indicate anything from malware attacks to identity theft, so the “AI approach” has very quickly become popular. If you receive threat intelligence reports from Microsoft Office 365, you’ve benefited from this technology.
The software adapts based on what it learns. For example, AI software might send 10 alerts to a security administrator. The administrator notes that five of these threats are false positives (ordinary activity that’s just a little unusual, but not threatening). The AI uses its machine-learning capabilities to include this information in its future scans—adding more accuracy over time to pinpoint the security problem.
VM Browsers
Browsers get hit with a lot of malware that can be challenging to block. One new solution that’s getting praise from security experts is a VM (virtual machine) browser approach. In this case, a business only allows browsers to be used when they’re opened in a virtual machine. A VM is created with each new browsing session. If malware manages to make it through the browser, it will get stuck in the VM and be destroyed when the browser session is complete. This approach is interesting because it also allows for the possibility of popular “security browsers” to be used at the professional level, a trend that’s just off the horizon.
Email Authentication
DMARC or Domain Message Authentication Reporting and Conformance is a term you can expect to hear frequently in the near future. It’s an email authentication standard that helps companies to secure their email (to prevent hackers from spoofing them for phishing attacks) and confirm the emails of others (to stop incoming phishing attacks). Customized authentication standards open the path to better and faster security for businesses worldwide.
Architectural Security
The Internet of Things (IoT) is defined as a pervasive and ubiquitous network which enables monitoring and control of the physical environment by collecting, processing, and analyzing the data generated by sensors or smart objects. While many existing security technologies and solutions can be leveraged in a network architecture, there are unique challenges in the IoT space. Architectural security refers to how the Internet of Things is set up. It’s about designing and producing smart devices with security in mind – making them more difficult to access, and with communication features that decrease the likelihood of an attack.
Encrypted Detection
If you’ve attended any of the latest security conferences, you’ve probably heard talk about encrypted detection. However, encrypted data is hard to scan for signs of hacking. In the past security solutions had to unencrypt data and analyze it for threats, or just let the encrypted data pass and hope it didn’t include anything dangerous. Modern solutions have found ways to search for threats in encrypted data, without compromising its encryption. This is a big deal for companies that want to protect their data – especially wireless data –and should soon become standard once the last few wrinkles are ironed out.
Security as Development
During program development, security is often added on after the core workings of the program are already complete. This is problematic – it tends to create a lot more vulnerabilities. We’re finally seeing a concerted demand for developers to start including security aspects in their initial coding. This new standard could help secure many of the applications on the market.
Do you need help with data security for your business in {city}? The team at {company} understands these challenges. We’ll work with you to create a comprehensive security plan to protect your business from data breaches, malware or other cyber threats. Contact our security professionals at {phone} or {email} to schedule your no-obligation consult.
by Felicien | Sep 8, 2017 | Education
More Than 50% of All Social Security Numbers in The U.S. Were Stolen. Make Sure Yours Isn’t on The List.
On Thursday, September 7, 2017, hackers stole the names and social security numbers of 143 million Americans after a massive breach of Equifax. That’s more than half of the adult population.
Amazing, right? Not really—Cybercriminals are much more sophisticated than in the past. Staying safe and secure online is becoming more difficult all the time. Cyber criminals are everywhere, constantly looking for ways to breach network vulnerabilities—And they hit the “Mother Lode” with this one!
The hackers entered the Equifax data base, scanned through birth dates, addresses and driver’s license numbers, as well as 209,000 credit card numbers! The breach occurred between mid-May and the end of July, but, unfortunately, we’re just finding out now.
Equifax is an obvious target for hackers because it stores so much valuable, confidential personal data. But isn’t it ironic that a company that sells identity and security products ends up getting hacked. If they can, your business can too.
What You Should Do.
It’s imperative that you find out if your data was compromised. To do so, go to the Equifax website and sign up for their free credit monitoring and identity theft protection. (Equifax is offering this to every U.S. consumer in the country regardless of whether they were victimized.)
Here are the instructions Equifax provides:
To determine if your personal information may have been impacted by this incident, please follow the below steps:
Click on the below link, “Check Potential Impact,” and provide your last name and the last six digits of your Social Security number.
Based on that information, you will receive a message indicating whether your personal information may have been impacted by this incident.
Regardless of whether your information may have been impacted, we will provide you the option to enroll in TrustedID Premier. You will receive an enrollment date. You should return to this site and follow the “How do I enroll?” instructions below on or after that date to continue the enrollment and activation process. The enrollment period ends on Tuesday, November 21, 2017.
CHECK POTENTIAL IMPACT
The information accessed includes credit card numbers for approximately 209,000 U.S. consumers. Fraudulent credit card charges will likely take place, if they haven’t already.
In addition:
Be sure to scrutinize your credit card and bank statements for charges that you don’t recognize. (You should be doing this every month anyway.)
Watch out for any notifications that new credit applications have been filed on your behalf. If your personal information is circulated on the black market, other criminals will try to find ways to take advantage of it.
Keep a lookout for phishing emails. Cybercriminals often sell stolen personal information for use in email “phishing” campaigns that persuade victims to hand over additional sensitive information, including bank account numbers.
This Wasn’t the First Major Breach, and It Certainly Won’t Be the Last.
Here’s a brief list of some of the breaches that took place just this year:
Gmail May 3, 2017: Gmail users were targeted in a phishing scam that gained access to accounts through a third-party app. The emails looked like they came from a user’s trusted contact saying they wanted to share a Google Doc with them. Once clicked, the link led to Google’s real security page where the person was prompted to allow a fake Google Docs app to manage his or her email account. Nearly 1 million users were affected.
The IRS April 6, 2017: 100,000 taxpayers had their personal information stolen via the IRS Data Retrieval Tool, which is used to complete the Free Application for Federal Student Aid (FAFSA). Identity thieves also used the tool to steal additional data.
DocuSign May 17, 2017: Customers of this electronic signature provider were targeted with malware phishing attacks. The hackers breached one of DocuSign’s systems, and used the email addresses they stole to conduct a malicious email campaign where recipients were prompted to click and download a Microsoft Word document that contained malware.
Chipotle April 25, 2017: Chipotle said payment card transactions that occurred from March 24, 2017 through April 18, 2017 may have been breached. The investigation is still ongoing. At the time the notice was published, the company didn’t have any additional information, and said it’s too early to provide any more details.
So, What Can You Do to Protect Your Business from a Hack?
You can no longer protect your wired and wireless networks with simple security solutions. You must deploy a proactive defense.
You can’t do this alone. Anti-virus and malware programs aren’t enough You must partner with a trusted Managed Service Provider in your area who provides:
Vulnerability & Risk Assessments to ensure you comply with HIPAA, FINRA, PCI or other industry regulations.
24/7 Remote Network Monitoring that detects and blocks security threats.
The latest Anti-Spam, Anti-Virus and Anti-Malware Solutions that secure your desktops, laptops, servers and mobile devices.
A Managed Firewall that’s constantly deployed and upgraded in real time to prevent unauthorized access and data breaches.
Remote Network Management for issue-remediation to ensure both wired and wireless Network Security.
Web-Filtering Solutions to protect you and your staff when using the Internet from any computer device, wired or wireless.
Backup and Disaster-Recovery Services so your files are always secure and retrievable as recommended by the S. Government.
Data and Email Encryption to ensure your information is protected against unauthorized use, and that messages are kept private, both when in transit and when archived.
Safe Wireless Networking with the ability to constantly monitor and secure access points to prevent unauthorized users from entering.
Mobile Device Management so your confidential data is protected when employees use BYOD.
It’s hard enough to secure your personal data. Securing your business’s data is much harder. It takes expertise. However, you can implement very effective solutions (such as those listed above) to ensure that when a hacker comes around, he’ll move on to another victim, because your infrastructure isn’t worth the trouble of hacking into.
{company} will deploy a proactive defense to protect your business in {city} from today’s malicious cyber threats. Don’t wait until a data breach occurs. Contact us for an assessment of your Network Security needs: {phone} {email}
by Felicien | Sep 6, 2017 | Education
Do you know about NIST and what their guidelines can do to benefit your business? If not, it’s time to get educated.
The National Institute of Standards and Technology (NIST) promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through research and development. They support greater development and application of practical, innovative and secure technologies to enhance our country’s ability to compete more effectively on the world stage.
What does this have to do with your business? — If you adopt NIST standards, your business will be more competitive and secure.
The next time your IT team advises you to comply with NIST, listen. While you may think that overarching IT authority will limit your company’s effectiveness, the exact opposite is true. Governance and innovation are not mutually exclusive concepts when it comes to your business.
Risk, Compliance and Regulation
NIST provides standards and metrics for maintaining organizational effectiveness and information security. By adopting these policies along you’ll reduce confusion and provide your IT and business teams more time to focus on process optimization and growing your business.
However, even the most innovative, NIST-compliant organizations can’t innovate and compete if they use aging technology systems. To operate productively and lead the force in innovation requires a peak-performing, secure IT infrastructure, along with the adoption of NIST compliance controls.
Creating a framework for governance can be difficult as complexities evolve and IT assets are being introduced at an expanding rate. When risk isn’t adequately controlled and governance rules aren’t followed, you open yourself up to of both foreign and domestic hackers who have the resources to find holes in your security practices. This is why you need the assistance of an IT Managed Services Provider who is versed in NIST best practices.
NIST recognizes the critical need for cybersecurity standards and best practices for organizations like yours. Following NIST’s cybersecurity standards can enhance your ability to address current and future computer and information security challenges.
Big Data and Security
The heavy reliance on data translates into more opportunities for hijacking information as it moves between locations—And the additional endpoints in today’s businesses add risk factors that are difficult, if not impossible, to control. The vast quantity of data points from online sales transactions, social media and mobile activities make organizations like yours a primary target for cybercriminals interested in learning more about your expansive network of individuals.
Governance provides a way to secure data and provide customers and employees with a higher level of comfort knowing that their personal information is being protected.
Federal Information Processing Standards
NIST has created a set of guidelines called Federal Information Processing Standards (FIPS) that are the gold standard of managing data for U.S. federal agencies. Since these standards are endorsed by the U.S. government, any contractors and companies in their employment must actively be engaged in maintaining these specifications and best practices.
These stringent security measures ensure that anyone doing business with the U.S. government is in full compliance with all other standards including HIPAA, FISMA (Federal Information Security Modernization Act) and Sarbanes Oxley (SOX).
NIST Compliance Examples
While this is not a full overview of what brings an organization into NIST compliance, below are a few of the steps you can take to comply with standards for FISMA:
Security controls must be continuously monitored.
Baseline controls must be documented in a written plan, with risk assessments to refine the standards.
Security professionals must document any data protected under FISMA.
Any information systems used for processing must be authorized, with full security controls applied.
Ongoing performance monitoring is crucial to maintaining full compliance.
Becoming NIST compliant may be challenging for smaller IT teams, but there are myriad benefits if you do this. Even if you aren’t actively conducting business with the U.S. government, these regulations may help stop aggressive cyberattacks and protect your customers from being the victim of a data breach.
Alternatively, NIST compliance does not ensure that your organization will be safe from cybercriminals, internal attacks or simple negligence — but it can help. Monitoring of NIST and other standards by a competent Managed Services Provider is one way you can provide a higher level of security than can be provided by internal IT teams.
Innovation and competitiveness can only flourish when your IT systems are fully supported, structured and secure. When your IT teams aren’t spending their time chasing outliers or managing non-compliance issues, they can better support the growth of your business.
Let {company} help your organization in {city} find the ideal measure of governance to support your competitiveness, innovation and security. Contact our IT Process and Security Professionals at {phone} or via email {email} to learn more about how you can accelerate your company’s growth potential.
