Archive for June, 2014

Keeping your identity safe on the Web and elsewhere is paramount in today's highly digitized world. If you allow hackers to find out information about you, it could result in a wiped-out bank account or a hacked email address, which will lead to major frustrations. Those who are running a business will have an even greater incentive to protect their identities because businesses thrive on their reputation, and even one successful hack of a website or online database could ruin a company's public standing.

So what are some mistakes that might lead to your identity being hacked? Here are five examples of the worst things you can do:

1. Ignore Your Bank Account and Credit Scores. Keeping your credit scores under close watch has been discussed in . Checking your online bank statement is the fastest way to determine if someone has stolen your bank credentials and begun to make purchases. You should review your bank account regularly, especially after buying something online or from a business that you know was recently hacked, such as Target. Check your credit scores as well, to ensure someone else isn't opening credit lines in your name. Use reputable credit checking companies like TransUnion, Experian and Equifax. You can also visit .

2. Use One Password. Your passwords are often the only thing keeping you from being hacked, so make them complicated, and use different ones for every site you access, . If someone discovers that an easily hacked site contains the password to your Amazon account, they could begin making purchases before you realize it – especially if you ignore your bank account.

3. Don't Bother to Check Website Credentials. Phishing is everywhere, according to California's Attorney General Office. If you don't look to see if a website is the authentic site for Amazon or some other online shopping center, then you could easily fall prey to a phishing scheme that will steal your password. Be careful of emails as well, as these can be used to phish for information.

4. Give Out Your Social Security Number. Your Social Security number is the most important piece of data in your possession. Hackers can set up all kinds of accounts in your name if they have your Social Security number and your address. Don't give them that chance. Keep your Social Security number as secure as possible.

5. Tell Everyone About Where You Are Going on Facebook. Remember that Facebook is readily available to anyone with a computer, and if someone wants to break into your house, they can  find out the best time for that by looking at your social updates, . So don't say whether you're on vacation, and don't make your daily schedule of when you're out of the house available online.

shutterstock_137427692 Do you ever wonder how large corporations that have a mature and robust information security program still suffer a data breach even after spending millions of dollars on security experts and cutting-edge technology?

If a sinking ship has five holes in its hull and the crew only plugs three of them, the ship will still sink. If you view the holes in the ship’s hull the same as you would a threat to your network, information systems, and data, you know you must plug all of the holes to prevent the potential for a breach.  If not, you risk your ship sinking and potentially taking your crew (and reputation) down with you.

(more…)

2014_stevie_winner_350x246

We’re proud to share some good news: Our Privacy XChange Forum has earned a Bronze Stevie® Award for Best Corporate Image Live Event!

The award was presented at the American Business Awards traditional awards banquet recently held in Chicago, Illinois. Other winners in the Live Event category included Levi’s, PepsiCo, American Express, Swiss Re, and more.

(more…)

Summer Scams

Preparing yourself for summer means getting ready for higher temperatures, family vacations and, unfortunately, a barrage of summertime scams. This special time of year brings out individuals looking to take advantage of consumers.

Here are a few summertime scams and ways you can avoid becoming a victim of them.

(more…)

A new report by security firm Kaspersky Lab reveals 12 percent of all global organizations were targeted by hackers in at least one cyberattack last year, up from 9 percent in 2012, showing global hacking is on the rise, . The firm issued a survey to 4,000 IT managers from 27 different countries and found the public and defense sectors accounted for the most attacks. Factors that affect a company's security against potential attacks include its industry and its existing cyberdefenses.

Cyberattacks a Concern for Companies and Global Leaders Alike
Eighteen percent of government and defense organizations experienced cyberattacks. This likely means cyber attacks are a major concern for leaders of countries affected by this problem. Attacks on these groups were more frequent than last year. It is probable that the countries dealing with these attacks are spending a great deal of money to boost their cyberdefenses.

One example of a group that is targeting the U.S. in particular is the hacking group Anonymous.The group has already hacked into computer systems belonging to several federal agencies and stolen crucial information, . The government described the group as a long-term threat that is widespread.

Ordinary firms that have nothing to do with the government must also take care to avoid being attacked. The industries most affected are in the telecom, financial services and transport and logistics sector. Seventeen percent of those in the telecom sector reported a hacking attempt, while 16 percent of IT professionals in both the financial services and transportation reported a cyberattack.

It is likely that companies without proper IT network security in place are at a greater risk for being hacked because hackers typically aim for the low-hanging fruit, which is to say they attack companies that are the most vulnerable to cyberattacks.

An Example of One Global Malware Threat
Cybersecurity is becoming an issue that every company must address. One example of a threat to companies around the world is the so-called Careto or "Mask" malware, . This threat has affected companies in as many as 31 different countries, with more than 1,000 IP addresses hacked by it. It is very sophisticated and difficult to detect. It includes several different components, and it will attack different software in different ways. For example, it will automatically hack a computer with the Linux operating system differently from a Windows computer. Secure List reports that this is one of the most advanced pieces of malware in current existence.

The software has been known to infiltrate not only governments, but also private companies. The total number of victims is as of yet unknown, due to its ability to hide in a computer system.

Phishing attacks are becoming a greater risk to the health care industry, . These breaches could potentially lead to serious costs—and jeopardize patients' health. Patient data could be stolen, and there could be identity theft and lawsuits against the company that was hacked. In a recent talk with David Holtzman, CynergisTek Vice President of Compliance, the Health IT Security team reported on the most common attacks that IT professionals experience in the health industry, which include phishing attacks.

Phishing Attacks a Major Threat
Holtzman reports that he has seen a major increase in phishing over recent months. Hackers will sent emails or other communications to those inside the IT network in an effort to get victims to download self-executing programs that install malware compromising the entire system. These communications can be disguised in various ways. For example, they can appear to come directly from the IT department. The email address can be modified through hacks to show it comes from IT_Helpdesk @company.com, [email protected] or something similar.

Examples of Recent Attacks
In March, a server operating under contract for DeKalb Health Medical Group in Auburn, Indiana, experienced a cyber​attack that eventually led to more than 1,300 patient information records being compromised, . The names, addresses, credit card numbers and Social Security numbers of the patients could have all been stolen.

Several of those patients were then directed to a fraudulent website that looked exactly like the DeKalb Health charity site. Additionally, DeKalb Health's own website was hacked, so that the link to the charity went to the phishing page.

In Plano, Texas, Baylor Regional Medical Center was hacked after doctors affiliated with the medical center responded to phishing emails, . Just responding was evidently enough to cause the inboxes of the doctors involved to be hacked, potentially exposing the patient information contained in their inboxes, including names, addresses, dates of birth and Social Security numbers. The attack was only discovered in February, and affected patients were notified on April 25.

Finally, the Franciscan Health System of Tacoma, Washington, was hacked in a phishing scheme in March that affected potentially 12,000 patients, .

How to Evade the Attacks
Avoiding becoming the victim of a cyberattack like this can be as simple as testing out security by sending fake phishing emails to see how many people click on them. This is what Holtzman has advised his clients to do. He also encouraged companies to raise internal awareness of the threat of phishing attacks to try to prevent problems before they start. Sending out weekly newsletters with tips for cybersecurity can be a major help.

A new malware has been spotted that affects​ cloud-based point-of-sale software, . The malware is being called POSCLOUD, and it targets software used the most by small businesses.

The malware was discovered by IntelCrawler, a cyber intelligence company.

"We identified it right after a pretty big botnet takedown and think that it was developed specially by cybercriminals in private [circles] to attack cloud-based environments, and hunt for IDs and customer data, including credit cards," IntelCrawler CEO Andrew Komarov told SC Magazine.

The hacking tool works by logging the keystrokes that a user makes when entering information, as well as grabbing screenshots to monitor personal data. The information taken is then sold on the black market. Komarov said that he expects to see a larger number of this type of malware.

"The niche of cloud-based technologies for retailers supporting integration with POS equipment is pretty insecure, especially for small businesses," Komarov told SC Magazine.

According to Komarov, a large number of cloud-based POS systems were compromised, judging from the code, which looks for network connections to specific cloud-based POS providers.

Another Hack Technique on the Rise for Small Businesses

Attacks that affect small businesses can cost , according to Inc. Magazine. They are not immune to hacks. On the contrary, there are cyberattacks geared especially for them.

Structured Query Language (SQL) injection hacks have become a major concern for small businesses, . These cyberattacks involve sending code that takes over a database, as SQL is a special language used for communicating with databases. These databases can hold information ranging from employee records to customer information. A SQL injection attack works by sending malicious SQL code into a database to hack into it. Once the database is breached, a cybercriminal can then download information from it at will, and sell the information on the black market.

According a survey by Ponemon Institute, reported by Inc Magazine, 65 percent of organizations surveyed had been breached by a SQL injection attack. Additionally, out of all the breaches reported by respondents, 42 percent involved SQL injections.

The key takeaways are that IT professionals, even in small businesses, must maintain constant vigilance over their database networking, looking for SQL attacks. Additionally, they must encrypt all of the information that goes into their database to help slow down hackers from selling the information on the black market. Furthermore, staff that has access to IT systems must be made aware of any possible attacks, including SQL attacks.

Infographic snapshot

Many people know about identity theft, but still need to take steps to protect their personal information. This infographic was created by the folks at to raise awareness of this fast-growing crime and what you can do to protect yourself.

(more…)

Links

The term ‘data breach’ entered the vocabulary of a large number of people in 2013. Whether consumers were victims of a data breach or seeing it in the headlines, those who were unaffected by a breach were few and far between. This month, Javelin Research & Strategy released the results of their 2014 Data Breach Fraud Impact Report and the results demonstrated the fact that data breaches and the resulting fraud are no longer fringe issues. While data breaches and the related fields of identity theft and information security used to be limited to the knowledge of a relatively small number of technologically savvy individuals, the issue is known to most Americans whether or not they even know how to send an email.

The report, titled “Consumers Shoot the Messenger and Financial Institutions Take the Bullet,” looked at important questions that have certain implications for both consumers and businesses alike.

(more…)

Mobile Phone

Just as cell phones were one of the greatest boons to busy people everywhere, the cell phone’s shinier cousin—the smartphone—has literally changed the way we work and live. Thanks to these little devices, we have access to unheard of communication and capability. Text, email, internet surfing, watching movies, and even online shopping are just a few of the many functions of a smartphone.

Unfortunately, all the things that make your smartphone so invaluable make it highly lucrative in the hands of an identity thief. Whether someone accesses your smartphone by physically finding or stealing it, or by hacking into its network, too much stored information and not enough security protocols make it incredibly useful for the wrong reasons.

In terms of physically grabbing your phone, remember that anyone who picks it up can access all of the information you make available. A would-be thief can press that email app just as well as you can, or can go to your online banking app if you have it enabled. If you’ve stored the passwords to any of your apps, then a thief can use them just as thoroughly as you can.

(more…)