With technology driving business growth, more companies are implementing bring your own device policies in the workplace. Almost 2 in 3 IT professionals believe employee carelessness is connected to major data breaches that exposed customer information, according to a study by IT security firm Check Point. With the risk of employees causing data breaches of customer and corporate information, employers should consider potential problem areas that could leave sensitive details vulnerable.
Here are five unseen employee behaviors that could cause data breaches:
1. Browsing on Social Media
Compared to other distractions at work, social media might be one of the most dangerous for cybersecurity. About 36 percent of respondents log into their computer to look at social media sites, according to a survey by GFI Software/Opinion Matters. While browsing through a friend's post online looks harmless, massive data breaches in the past have been caused by social engineering attacks.
2. Shopping Online
The same GFI Software said about one-third of all respondents used their work computers for online shopping. Since online shopping retailers store financial information, cyberattackers may target these sites to steal information through unsecured connections and look for unencrypted information. People browsing on the Internet for purchases might also click on a link to a malware-infected site or suspicious websites requesting their credentials.
3. Downloading Games on Business Devices
Although there are tons of games available online, many of these apps might be malware in disguise. Fake games were a major source of malware infections, especially on third party app stores that are not equipped to scan for malicious software, .
4. Uploading Corporate Documents with Unsafe Connections
With more employees spread out in different branches, hubs and more, online collaboration has increased in importance. Employees often upload corporate documents to share and get input from their colleagues. However, when these connections or websites are not completely safe, cybercriminals could get their hands on this information. Firms should ensure employees send employees through Wi-Fi connections that are absolutely secure.
5. Not Telling the IT Department of Threats
While companies may or may not have policies that require employees to only to use their business devices for work, there are things that go wrong that may be remain reported. IT security professionals may be unaware of malware or other threats on mobile devices because workers may neglect to raise the alarm, which could leave threats undetected.
As retailers gear up for the holiday shopping season, cybercriminals lurk as an unknown threat for point-of-sale systems and computer networks. With the value of financial information on black markets, criminals are likely to exploit security flaws in retailers' POS systems using phishing, malware and other hacking tools.
A recent study by IT security firm BitSight Technologies found 1 in 3 retailers may be vulnerable to cyberattacks because of security flaws at their third-party vendors.
The study highlights the importance of ensuring strong cybersecurity for all parts of the supply chain, not just the company's headquarters or stores.
Vulnerabilities at Third-Party Vendors
In the past, retailers struggled with keeping their payment systems secure because of supply chain risks. The Target data breach that exposed the information of 110 million people began after cybercriminals stole the credentials of the company's third-party vendor. After acquiring the necessary login information, they were then able to upload malware onto Target stores' POS systems, allowing them to access millions of payment card numbers.
A similar scenario played out at the Home Depot data breach that compromised 56 million customer payment card records and 53 million customer email addresses, . Cybercriminals in the Home Depot breach stole the third-party vendor's password and username to gain access to its network and then discovered a flaw in Microsoft Windows that gave them the access to customer information.
Are Security Improvements Enough?
While one-third of retailers in the BitSight Technologies survey were exposed to attacks from their third-party vendors, companies noted some improvements that could prevent cybercriminals from causing data breaches.
The survey found almost 3 in 4 retailers that reported a data breach ramped up their security after the incident.
"While it's encouraging that a majority of the breached retailers have improved their security effectiveness, there is more work to be done, especially in the area of vendor risk management," said Stephen Boyer, co-founder and chief technology officer of BitSight. "This trend in retail highlights the importance of proactive measures such as industry and peer benchmarking, as well as continuous monitoring of one's supply chain."
Although their security has been enhanced, companies still face growing threats that could endanger customer and corporate information. The survey found malware server infections increased 200 percent while botnet infections also rose 29 percent.
In addition, companies face the growing challenge of responding to threats fast. The report found there was a 5 percent rise in the time it took for IT security teams to address attacks.
Don’t let a data breach spoil the holidays. Protect your business from lapses in security with these tips from IDT911 experts.
A rise in cyber threats around the world underlines the importance of cybersecurity in a technology-rich and reliant world. Most businesses and countries have made cyber security a top priority, even finding it to be one of their main businesses risks. However, this focus hasn't stopped the increasing number of attacks, and it may not be improving companies' strategies to combat the issues.
The number of cybersecurity incidents grew 66 percent at a compound annual growth rate between 2009 and 2014, LLP's Global State of Information Security Survey 2015. In 2013, there was a 48 percent increase alone, which equates to 117,339 attacks launched each day of the year.
Lack of executive buy in
As the number and variety of attacks rise, many companies' budgets are decreasing or staying the same, PwC found. Last year saw a 48 percent increase in attacks but an overall 4 percent decline in information security budget investments. Smaller firms are particularly likely to forgo a large cybersecurity budget, even though data breaches resulting in leaked information and identity theft could cost them millions of dollars in damages, not to mention a loss of company reputation.
Companies' boards may be staying too far away from the problem. Only 36 percent of respondents stated information security issues were looked into by the board.
Causes of cyberthreats
The growth of cybersecurity issues is problematic enough for firms, but the rise in insider cybercrimes is compounding the risks and increasing the costs of security and breaches. Insider security breaches can come from current employees, providers and consultants, former workers, business partners and customers. The most common threat is from current employees, according to the PwC survey. From 2013 to this year, respondents stated the amount of current employees committing cybercrimes rose from 31 to 35 percent. This was followed by the next most common culprit, former employees, which increased from 27 to 30 percent.
Businesses may not want to look inward at loyal and hardworking employees, but cybersecurity systems and protocol that ignore inside threats leave firms vulnerable to common attacks. Companies need to have programs in place that focus on preventing such threats, but also monitor to detect and respond to inside cyber issues.
As the consequences of identify theft affect more people each year, a , in addition to PwC's findings, should raise executive's concern. More than half of IT professionals stated they were not confident in the security configuration of their router, firewalls, modems and switches.
Around this time last year, hackers pulled off what was then one of the largest retail data breaches the industry has seen. They unleashed Backoff malware on computer networks that have now reportedly attacked thousands of retailers’ point-of-sale systems. The largest victim then was Target, from which hackers stole millions of credit and debit card numbers.
So what can you do to keep your identity safe during this busy time of year? Follow a few simple tips to build smart habits, for now and into the new year. (more…)
With the massive data breach at Home Depot, financial institutions are feeling the pressure to adapt to new ways to fight against the techniques and tools employed by cybercriminals. While big banks might have the resources for IT security to handle cyberintrusions, data breaches might have a greater impact on smaller institutions like credit unions.
The Home Depot breach confirmed on Sept. 18 compromised an estimated 56 million debit and credit card numbers, .
After the incident, credit unions reported losses from reissuing cards, fraud and other costs. Credit unions across the U.S. had to issue 7.2 million credit and debit cards as a result of the breach, with costs totaling $57.4 million, according to a survey by the Credit Union National Association. The Home Depot data breach costs were almost double that of the expenses connected to the incident at Target, when 40 million credit and debit cards were affected in the holiday season of 2013.
With the high costs of data breaches to credit unions, these financial institutions are finding new ways to combat cybercriminals.
Here are the potential cybersecurity changes for credit unions in the future:
Implementation of Chip and PIN Technology
When cybercriminals get their hands on the financial information of consumers, they could put this data up for sale on black markets. Reissuing new cards is an effective way to prevent thieves from making fraudulent purchases. However, it's expensive for credit unions as it cost an average of $2.64 per card in the case of the Home Depot breach, according to the CUNA survey.
Implementing more secure payment technology like chip and PIN credit cards could help curb the cost of reissuing credit and debit cards after a data breach as the more advanced cards would make it harder to copy data. In the past, retailers accused credit unions of not taking on chip and PIN technology by the date established by the financial industry, . But changes in cybersecurity standards could necessitate this emerging technology.
Stricter Data Security Standards
After the Home Depot breach, leaders of the credit union association called for tougher data security standards not only for credit unions, but across the board for segments of the economy that are especially vulnerable to cyberattacks, including the retail industry.
"Congress has a role to play in addressing the issue of merchant data breaches by making sure all of the participants are playing by the same set of data security rules, and that merchants who hold consumer data and allow that data to be breached, are responsible for the costs incurred by others," CUNA President and CEO Jim Nussle said in a statement.
With new data breach legislation making its way in Congress, improved security standards for private networks and point-of-sale systems could deter cybercriminals from stealing valuable information that could result in huge financial losses for credit unions and banks.
The holidays are right around the corner. We understand the desire to give that special someone the latest tech devices out there. We also get that people have reservations about privacy and safety. Here are some of the season’s hottest gadgets with protection tips from Brian Huntley, senior information security advisor at IDT911 Consulting.
IDT911 unveiled , a new online publication for cyber privacy, data breach and identity fraud news, on Tuesday at the second annual Privacy XChange Forum in Scottsdale, Arizona.
The news site will strive to engage readers in a conversation about these critical security issues at a time when companies of all sizes and in nearly every industry are experiencing data breaches as a third certainty in life.
Byron Acohido, one of the nation’s most respected cybersecurity and privacy experts, will serve as Editor-In-Chief. The site is underwritten by , the nation’s premier consultative provider of identity and data risk management, resolution, and education services. ThirdCertainty.com will feature breaking and investigative news pieces with commentary from industry experts.
“Data breaches and the identity theft that flows from them is the third certainty in life, and their effects can wreak havoc on the financial health and reputation of businesses and consumers alike,” said Adam Levin, chairman and founder of IDT911 and Credit.com. “The public is thirsty for knowledge about all things privacy, and business leaders now know that a breach can easily undo years of brand equity. Everyone at some point in their lives is going to get got, very likely more than once.”
Computers are more ubiquitous, affordable, and networked than ever, said Kevin Ashton, the entrepreneurial mind behind the Internet of Things and keynote speaker at the second annual .
What does that mean for your privacy?
“It means your privacy is not just at risk when you interact with your device, it means your privacy is at risk when you interact with the world,” said Ashton, general manager of Conserve, a division of consumer electronics giant Belkin International.
Ashton, speaking to more than 150 delegates at the conference, shared key trends that illustrate our move into an age where computers are even more prevalent and compact. First, everything is becoming networked, that is more devices are putting data onto the Internet. Second, we’ve arrived at census, the ability of these devices to gather information for themselves. (more…)
Some industries are more negatively impacted by data breaches. For example, retail, media, and financial sectors experience a greater loss of customers, while education and health care sustain a higher cost per exposed record, according to a panel of security experts at the Privacy XChange Forum.
The panel, moderated by Deena Coffman, CEO of IDT911 Consulting, brought together Dr. Deborah C. Peel, founder and chairwoman of Patient Privacy Rights, Arthur Tisi, CIO of Natural Markets Food Group, Ali Waezzadah, vice president of information security at CBS, and Michael Young, vice president and product team manager at EverBank, to discuss “Bull’s-Eye: Why High-Risk Industries Are Data Breach Targets.”
The panelists identified the biggest security challenges they face in their respective industries: (more…)