checklist

The breach at Home Depot is only the most recent in a torrent of high-profile data compromises. Data and identity-related crimes are at record levels. Consumers are in uncharted territory, which raises a question: Is it time to do for data breaches and cybersecurity what the nutritional label did for food? I believe we need a Breach Disclosure Box, and that it can be a powerful consumer information and education tool.

Once a cost of doing business, today data breaches in the best-case scenario can sap a company’s bottom line, and at their worst represent an extinction-level event. The real-world effects for consumers can be catastrophic. Because there is a patchwork of state and federal laws related to data security—some good, some bad, all indecipherable—and none that work together, it’s impossible to know…

Rather than setting their sights on computers, cybercriminals are increasingly targeting point of sale systems to steal valuable customer information. With attacks against in-store systems growing, the payment industry is fighting back. The Payment Card Industry Security Standards Council (PCI SSC) recently overhauled its guidance document to curb data breaches and security flaws in payment systems, according to a new document. Although the PCI SSC has updated its recommendation for payment system security, some IT professionals are questioning whether these methods are enough to stop cybercriminals from getting their hands – and servers – on customer data.

Recently, the PCI SCC unveiled version 3.0 of the Payment Card Industry Data Security Standards (PCI DSS), Mark Burnette, partner with LBMC Security & Risk Services, wrote in Help Net Security. The newest update focuses on testing to ensure systems are not vulnerable to outsider attacks. With…

While consumers are tired of being bombarded with ads every day, a more dangerous threat could be lurking in the background on webpages and their personal devices. Malicious advertising, also known as malvertising, is an emerging way cybercriminals are infecting new computers with malware, Cisco staff said in a blog post. This technique poses a great risk to cybersecurity because it exploits the popularity of social media sites as cybercriminals may spread malware exponentially through social networking advertising.

When users encounter a website with a malicious advertisement, they are sent to a different site that may download malware onto their computer or other device. The malicious software might mask as a regular download so the users do not suspect their systems are being infected.

"The attackers are purely relying on social engineering techniques, in order to get the user to install the software package," CIsco researchers said….

When the federal health insurance marketplace HealthCare.gov was launched in October 2013, IT security experts were concerned about the potential for data breaches and other security glitches. Now their fears might be realized after government officials said the site experienced a breach that was detected on Aug. 25, The New York Times reported

Hackers managed to infiltrate a test server and infect the device with malware. The site was also the target of a denial of service attack that aimed to overload its systems and take it offline.

The Centers for Medicare and Medicaid Services (CMS) operates the federal health insurance marketplace's website. The site serves residents in 36 states for health insurance coverage and began enrollment on Oct. 1, 2013. Aaron Albright, a spokesman at CMS, said an evaluation showed the test server did not store consumer personal information and data was not stolen…

When someone hands their credit or debit card to a family member or friend, they might become a victim of identity theft, which could cost them financially. But giving someone else their health insurance information might cost their life. As their health records are tied to their personal identifying information, consumers who have had their identity stolen or misrepresented might be at risk for having wrong information marked on their medical reports, putting them in danger for receiving the wrong medication or health care advice. 

One of the biggest reasons for medical identity theft is when consumers allow a friend or relative to obtain their insurance identification card, FierceHealthPayer reported.

This type of identity theft is defined as stealing a patient's personal information to receive health care services or even to buy medication, according to the U.S. Department of Health and Human Services

In 2013, more than…

Helpful Tips

Doing a bit of pre-holiday organizing and cleaning? Add these identity theft protection tips to your routine. It won’t take but a few moments to follow these steps to safeguarding your personally identifiable information from Young & Free St. Louis powered by Vantage Credit Union.

(more…)

With more consumers using cloud services to upload pictures, documents and more, cybercriminals are infiltrating cloud accounts to steal valuable information. Hackers managed to access sensitive photos from celebrities' personal iCloud accounts and shared them with other Internet users, CBS News reported. While cloud services like iCloud and other storage apps are used to store content to be easily accessed from other electronic devices, the latest data breach has stoked fears about the security of the cloud.

Technology experts believe the attack happened over time, allowing hackers to collect photos over months or years, according to CBS News. To gain access to celebrities' cloud accounts, the thieves used a hacking tool to input various passwords to finally crack the code. Apple raced to patch the iCloud security flaw that resulted in the data breach of Hollywood celebrities' pictures. Despite the quick fix, the attack on various movie stars raised the…

Cybercriminals have different motivations to hack into protected systems, from taking bank information to sell in underground markets to stealing intellectual property to make another nation more competitive in the global market. Hackers can also be driven to infiltrate companies for political purposes. Recently, hackers targeted several financial institutions and major banking companies, causing a data breach of customer information, including at JPMorgan Chase, Bloomberg reported.

Politically Charged Cyberattacks
However, the main reason for the attacks may not have just been about money. The U.S. Federal Bureau of Investigation is looking into the attacks with sources close to the investigation saying the attackers may have originated in Eastern Europe, with a focus on Russia.

One of the reasons why the FBI is concentrating on Russia in its investigation of the breach is due to the rise in attacks from hackers in Russia and Eastern Europe…

While companies can spend millions on their IT security systems to prevent cyberattacks and other common security risks, they may be fighting a losing battle if their worst enemy already has the password and unrestricted access to their systems. While detecting breaches and other security events from external causes are difficult to detect, tracking insider attacks might be an even bigger obstacle. A new report about insider threats in organizations brings to light the challenge of controlling for security risks that are due to malicious intentions or mistakes.

The majority of businesses in the U.S., Latin America and Europe said they did not have the means to fend off an insider threat, according to a survey by IT security firm SpectorSoft. Even worse, 59 percent of IT professionals said their employers did not have the ability to find threats that lurk within their company. 

With the wealth of…

shutterstock_64869118

Nowadays, you don’t have to be a large corporation to attract the wrath of hackers. Limousine companies, escrow firms, and even hay-compressing companies have become the target of cyber attacks in recent years. According to an article in PCWorld, 20 percent of small businesses are victims of cyber crime each year, and of those, some 60 percent go out of business within six months after an attack.

Fortunately, there are actions that companies of all sizes can take to help keep their information systems safe. In February, I wrote about what I call the “Three I’s” of computer virus protection: Install, Inform, and Insure. The first “I” is for installing antivirus software (AVS), and the last “I” is for insuring your company. Today, though, is just about the second “I”—which stands for informing staff.