With technology driving business growth, more companies are implementing bring your own device policies in the workplace. Almost 2 in 3 IT professionals believe employee carelessness is connected to major data breaches that exposed customer information, according to a study by IT security firm Check Point. With the risk of employees causing data breaches of customer and corporate information, employers should consider potential problem areas that could leave sensitive details vulnerable.
Here are five unseen employee behaviors that could cause data breaches:
1. Browsing on Social Media
Compared to other distractions at work, social media might be one of the most dangerous for cybersecurity. About 36 percent of respondents log into their computer to look at social media sites, according to a survey by GFI Software/Opinion Matters. While browsing through a friend's post online looks harmless, massive data breaches in the past have been caused by social engineering attacks.
2. Shopping Online
The same GFI Software said about one-third of all respondents used their work computers for online shopping. Since online shopping retailers store financial information, cyberattackers may target these sites to steal information through unsecured connections and look for unencrypted information. People browsing on the Internet for purchases might also click on a link to a malware-infected site or suspicious websites requesting their credentials.
3. Downloading Games on Business Devices
Although there are tons of games available online, many of these apps might be malware in disguise. Fake games were a major source of malware infections, especially on third party app stores that are not equipped to scan for malicious software, .
4. Uploading Corporate Documents with Unsafe Connections
With more employees spread out in different branches, hubs and more, online collaboration has increased in importance. Employees often upload corporate documents to share and get input from their colleagues. However, when these connections or websites are not completely safe, cybercriminals could get their hands on this information. Firms should ensure employees send employees through Wi-Fi connections that are absolutely secure.
5. Not Telling the IT Department of Threats
While companies may or may not have policies that require employees to only to use their business devices for work, there are things that go wrong that may be remain reported. IT security professionals may be unaware of malware or other threats on mobile devices because workers may neglect to raise the alarm, which could leave threats undetected.
As retailers gear up for the holiday shopping season, cybercriminals lurk as an unknown threat for point-of-sale systems and computer networks. With the value of financial information on black markets, criminals are likely to exploit security flaws in retailers' POS systems using phishing, malware and other hacking tools.
A recent study by IT security firm BitSight Technologies found 1 in 3 retailers may be vulnerable to cyberattacks because of security flaws at their third-party vendors.
The study highlights the importance of ensuring strong cybersecurity for all parts of the supply chain, not just the company's headquarters or stores.
Vulnerabilities at Third-Party Vendors
In the past, retailers struggled with keeping their payment systems secure because of supply chain risks. The Target data breach that exposed the information of 110 million people began after cybercriminals stole the credentials of the company's third-party vendor. After acquiring the necessary login information, they were then able to upload malware onto Target stores' POS systems, allowing them to access millions of payment card numbers.
A similar scenario played out at the Home Depot data breach that compromised 56 million customer payment card records and 53 million customer email addresses, . Cybercriminals in the Home Depot breach stole the third-party vendor's password and username to gain access to its network and then discovered a flaw in Microsoft Windows that gave them the access to customer information.
Are Security Improvements Enough?
While one-third of retailers in the BitSight Technologies survey were exposed to attacks from their third-party vendors, companies noted some improvements that could prevent cybercriminals from causing data breaches.
The survey found almost 3 in 4 retailers that reported a data breach ramped up their security after the incident.
"While it's encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management," said Stephen Boyer, co-founder and chief technology officer of BitSight. "This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one's supply chain."
Although their security has been enhanced, companies still face growing threats that could endanger customer and corporate information. The survey found malware server infections increased 200 percent while botnet infections also rose 29 percent.
In addition, companies face the growing challenge of responding to threats fast. The report found there was a 5 percent rise in the time it took for IT security teams to address attacks.
Don’t let a data breach spoil the holidays. Protect your business from lapses in security with these tips from IDT911 experts.
With the massive data breach at Home Depot, financial institutions are feeling the pressure to adapt to new ways to fight against the techniques and tools employed by cybercriminals. While big banks might have the resources for IT security to handle cyberintrusions, data breaches might have a greater impact on smaller institutions like credit unions.
The Home Depot breach confirmed on Sept. 18 compromised an estimated 56 million debit and credit card numbers, .
After the incident, credit unions reported losses from reissuing cards, fraud and other costs. Credit unions across the U.S. had to issue 7.2 million credit and debit cards as a result of the breach, with costs totaling $57.4 million, according to a survey by the Credit Union National Association. The Home Depot data breach costs were almost double that of the expenses connected to the incident at Target, when 40 million credit and debit cards were affected in the holiday season of 2013.
With the high costs of data breaches to credit unions, these financial institutions are finding new ways to combat cybercriminals.
Here are the potential cybersecurity changes for credit unions in the future:
Implementation of Chip and PIN Technology
When cybercriminals get their hands on the financial information of consumers, they could put this data up for sale on black markets. Reissuing new cards is an effective way to prevent thieves from making fraudulent purchases. However, it's expensive for credit unions as it cost an average of $2.64 per card in the case of the Home Depot breach, according to the CUNA survey.
Implementing more secure payment technology like chip and PIN credit cards could help curb the cost of reissuing credit and debit cards after a data breach as the more advanced cards would make it harder to copy data. In the past, retailers accused credit unions of not taking on chip and PIN technology by the date established by the financial industry, . But changes in cybersecurity standards could necessitate this emerging technology.
Stricter Data Security Standards
After the Home Depot breach, leaders of the credit union association called for tougher data security standards not only for credit unions, but across the board for segments of the economy that are especially vulnerable to cyberattacks, including the retail industry.
"Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others," CUNA President and CEO Jim Nussle said in a statement.
With new data breach legislation making its way in Congress, improved security standards for private networks and point-of-sale systems could deter cybercriminals from stealing valuable information that could result in huge financial losses for credit unions and banks.
IDT911 unveiled , a new online publication for cyber privacy, data breach and identity fraud news, on Tuesday at the second annual Privacy XChange Forum in Scottsdale, Arizona.
The news site will strive to engage readers in a conversation about these critical security issues at a time when companies of all sizes and in nearly every industry are experiencing data breaches as a third certainty in life.
Byron Acohido, one of the nation’s most respected cybersecurity and privacy experts, will serve as Editor-In-Chief. The site is underwritten by , the nation’s premier consultative provider of identity and data risk management, resolution, and education services. ThirdCertainty.com will feature breaking and investigative news pieces with commentary from industry experts.
“Data breaches and the identity theft that flows from them is the third certainty in life, and their effects can wreak havoc on the financial health and reputation of businesses and consumers alike,” said Adam Levin, chairman and founder of IDT911 and Credit.com. “The public is thirsty for knowledge about all things privacy, and business leaders now know that a breach can easily undo years of brand equity. Everyone at some point in their lives is going to get got, very likely more than once.”
Welcome to the second annual , a two-day exploration of the Post Privacy Era uniting a diverse group of leaders from the public and privacy sectors at the Fairmont Scottsdale Princess Resort in Scottsdale, Arizona.
In the past year, we’ve witnessed numerous data breaches impacting a range of industries including financial, retail and health care. Headlines featured high-profile attacks with software bugs such as Shellshock and Heartbleed.
“This forum, The Post Privacy Era, is meant to be a realistic assessment of where things are in the digital world around privacy and a call to action for all of us who are trying find solutions for people and combat these risks in an intelligent way,” said Matt Cullina, chief executive officer at IDT911, to more than 150 delegates. (more…)
2014 has been a big year for data breaches. An unprecedented number of corporate breaches have led to the exposure of sensitive consumer data, according to a recent survey from the Identity Theft Resource Center (ITRC).
Let’s take a closer look. So far this year there have been a reported 636 data breaches, resulting in the exposure of 78,098,439 consumer records that include personally identifiable information. That’s an increase of 26.5 percent over the same time period last year. To put this in perspective, there were 614 breaches in all of 2013, according to ITRC records. (more…)
Imagine you've just had your information exposed in the latest data breach. You've already received a data breach notification letter from the company where the security incident occurred, but now you're suddenly sent an email seemingly from the same firm saying you need to verify your personal or financial information. You may suspect there's something fishy about this email and you're probably right.
When you've become affected by a data breach or think you have, this kind of scam claiming you need to give away your sensitive information is widespread, especially after companies confirm a cyberintrusion. Be careful about these and other kinds of scams that could lead to identity theft and endanger your data security even more.
Here are three ways scammers might try to trick you after a breach:
1. Sending Phishing Emails
As described above, cybercriminals try to extract information from you in order to gain access to your financial accounts. During the chaotic time right after a data breach, consumers have a difficult time separating fact from fiction. Cybercriminals may have obtained your information through the breach at the company itself and try to copy the same logos actual firms use to make it seem like their message is legitimate.
If you are at risk for phishing emails after an incident, make sure you only listen to official communication provided by the companies impacted.
2. Offering Identity Theft Protection
When a breach occurs, the corporation affected tends to offer identity theft protection or credit monitoring to customers who had their information compromised. While this is helpful, criminals could also take advantage of this. After the data breach at Target, the company cautioned consumers about potential scams, warning that cybercriminals may attempt to offer this same service in exchange for your information, according to its data breach FAQ page.
"Be wary of call or email scams that may appear to offer protection but are really trying to get personal information from you," Target said.
Again, only call the number for identity theft protection listed on the real notification letter sent by companies.
3. Downloading Malware
Even if you haven't actually been a victim of a data breach, there is another way scammers can get the information they need. Some cybercriminals will call potential "victims" and alert them to a nonexistent problem on their computer. They will ask that the callers download a program that the scammers claim will fix their problem, . However, the program might be disguised as malware to control their computer remotely, which they could use to access confidential information.
With knowing these tricks, you can stop identity theft and fraud to move forward from a breach sooner.
With the holiday shopping season fast approaching, consumers will be hitting stores and online retailers to get a head start on buying gifts. During Black Friday, shoppers are naturally on the hunt for deals. However, it's also a great time for scammers and cybercriminals. Last year during Black Friday weekend, Target had a breach that exposed 110 million customer records. Target stores had their point-of-sale systems infected with malware designed to steal this information and send it to servers abroad.
A recent survey by CreditCard.com revealed almost half of consumers would avoid shopping at stores that had a data breach. Since there has been a string of breaches affecting retailers leading up to the holiday season, consumers should be more careful about protecting their payment cards.
Here are five tips to protect your card and prevent fraud this Black Friday:
1. Avoid Deals Too Good to Be True
Although you may be shopping for deals, there are some discounts or promotions that might be a scam in disguise. If you get an email from an unknown sender advertising cheap or free electronics, travel tickets or other merchandise, be on the look out for signs of a scam. Schemers may ask you for your personal information or credit card details to get the deal, but avoid clicking on any links that request this information.
2. Use a Credit Card Instead of Debit
While you could choose cash to avoid having your information processed at POS systems, your next best bet is a credit card. Credit card companies often will not hold you liable for fraudulent purchases. In the event someone does get a hold of a card without permission, consumers are also liable for less money with a credit card than a debit card.
3. Block Your PIN from View
Whether you're checking out at a store or withdrawing cash from an ATM, be sure to cover your PIN from view. This is to prevent people from looking over your shoulder or using a hidden camera to record your PIN.
4. Use Only Secured Sites
Black Friday and its online equivalent Cyber Monday means more shoppers making purchases on the Internet. When shopping, only visit secured sites and look for the little icon of a padlock next to the webpage's URL to indicate that the site is safe to use.
5. Monitor Your Credit Card and Bank Statements
Cybercriminals might take advantage of the fact that you may be too busy with shopping and visiting family this Black Friday to actively monitor your financial accounts. While you may be occupied, continue to look at your statements for any suspicious activity.
Patricia Oliver is a fraud operations team leader for IDT911.
One year after a breach at one of the nation's major federal agencies, it seems that cybercriminals may still be able to access sensitive information, . The U.S. Food and Drug Administration has key security flaws in its systems that could make it vulnerable to cyberintrusions, . The federal watchdog said data breaches experienced by the FDA could lead to exposure of FDA data or unauthorized changes to this information. A cyberattack on the agency's systems could have also made information not available.
The cyberattacks in the health care industry have garnered the attention of both the public and private sectors, as the findings of the report showcase that the FDA still has vulnerabilities that could put consumer and even corporate information at risk. On October 2013, a data breach at the FDA affected users of an online system at the Center for Biologics Evaluation and Research, . The attack was on a network that held information related to various systems, including the electronic blood establishment registration system and the human cell and tissue establishment registration system.
"It is the legal obligation of the Food and Drug Administration to protect companies' trade secrets and confidential commercial information," PhRMA Vice President Sascha Haverfield said in a statement.
FDA Security Flaws Found in Report
In December 2013, pharmaceutical companies called on the FDA to have an independent security audit performed after a breach, Reuters reported.
While the OIG was unable to infiltrate the FDA's systems, according to the latest report, the agency has some issues related to external security measures. These include systems' inability to lockout accounts, as well as not have having security assessments done for external servers. In addition to lacking proper security, the report also noted that users may have been able to see potentially confidential system information from error messages and demonstration programs.
Besides having inadequate security, the FDA seems to lack basic defenses, including encryption for passwords, according to Health IT Security. After the breach last year, lawmakers sent a letter to FDA Commissioner Margaret Hamburg pointing out the security risks.
"The security breach of FDA's gateway system not only compromised the security of personal identifiable information, but also compromised the protection of confidential business information and medical privacy information of patients enrolled in clinical trials," the letter explained.
As the FDA is charged with protecting consumer information and company secrets, the agency is sure to face increasing pressure to improve its cybersecurity from organizations in and out of the public sector.