3C Privleged Accounts

Companies have been distributing privileged accounts to employees and vendors for the past 20 years without considering the security ramifications.

Privileged accounts are logons that open access to desktops, laptops, servers, firewalls, databases, printers—any device with a microprocessor that’s connected to a company network.

But hackers and data thieves are abusing privileged accounts to breach highly protected networks and steal mountains of sensitive data. In fact 86 percent of large enterprise organizations either do not know or underestimate the number of privileged accounts incorporated into their networks, according to a survey from password security vendor CyberArk Software.

Follow these best practices for securing privileged accounts and sensitive data from .

1.  Reduce the number of privileged accounts. Every company has too many. This creates opportunities for accidental damage and breaches. And…

Two major government agencies in charge of cybersecurity have issued a warning about the rising threat of insiders who may cause data breaches or destroy sensitive information, . The warning released by the DHS along with the Federal Bureau of Investigation noted disgruntled or former employees may be the ones who take action to steal proprietary software or consumer information from their former workplace in order to benefit another company. 

The sources of these breaches may be cloud storage services, such as Dropbox, as well as personal email accounts, according to the DHS and FBI. Companies that are aware of this problem may want to look into deactivating former employees' access to corporate systems as the report said terminated employees may still be able to view information held on their IT networks via remote desktop protocol software. 

When insiders…

ITRC FTC pass it on

If you’ve ever had to help someone understand a new piece of technology or a new app or program, you can end up feeling like a one-person tech support team, but a new campaign is underway that can help you protect people around you when they’re online. The Federal Trade Commission’s campaign is aimed at making sure you are armed and ready to protect the people you care about from identity theft and online scams.

The very same people who constantly come to you with questions about downloading software or installing new components are the ones who need this information to come from a trusted source: you. The FTC has put together information sheets on identity theft and several scams so you can “pass it on” to friends and…

itrc data breach victim

Everywhere you turn these days, it seems as though there is another news story about another data breach. The stories help educate the public about how vulnerable their personal information is and how to protect themselves, but they also cause confusion.

Each week, the Identity Theft Resource Center publishes a , sponsored by IDT911, that lists the latest data breaches, the type of personal information involved, and the number of records exposed. This report has become a resource for reporters covering issues such as privacy and identity theft. This identity theft part is where we run into trouble.

(more…)

Home Depot client
Home Depot customers who shopped there this summer must take steps to protect their credit card accounts. The home improvement retailer that the account information for 56 million cardholders was compromised when hackers breached the company’s cash register networks at stores in the United States and Canada.

The affected registers have been removed and the hackers’ access has been closed off. The company said there is no evidence that debit card PINs or online customers were compromised. But consumers should be aware of how to secure their identities.

Why do thieves steal this data? To websites to criminals who run as many fraudulent transactions before the bank closes or replaces the account.

What You Should Do

(more…)

Former employees of Home Depot said they voiced their criticism of the company's security vulnerabilities years before its massive data breach, but the company did not respond quickly enough, . Sources close to the company said they began raising concerns in 2008. Fast forward to 2014, Home Depot confirmed a data breach affecting 56 million credit and debit cards swiped throughout the company's U.S. locations.

Companies like Home Depot may be lacking in both prevention and detection of cyber threats, the Times reported. Without these abilities, firms are vulnerable to attacks on their systems, which could result in data breaches.

Home Depot said the breach lasted between April and September, .

One of the procedures IT security experts suggest for data theft prevention is regular scans of systems with the latest technology. However, sources familiar with Home Depot's cybersecurity procedures…

When he was a master identity thief in the 1960s, Frank Abagnale said he used to make his own fraudulent ID cards and forge checks, . Immortalized in the critically acclaimed film "Catch Me If You Can," Abagnale later turned his life around and became a respected anti-fraud expert. Now he is warning that lack of action from leaders in the federal government may be endangering consumer information because it has become easier to steal data today. 

State laws have typically governed how businesses notify consumers about data breaches. California has some of the strictest cybersecurity and privacy laws in the nation, recently passing the kill switch law to install remote-locking capabilities on phones and the eraser button law, allowing younger Internet users to remove embarrassing photos on social media sites. While states have had some success in guarding…

checklist

The breach at is only the most recent in a torrent of high-profile data compromises. Data and are at record levels. Consumers are in uncharted territory, which raises a question: Is it time to do for data breaches and cybersecurity what the nutritional label did for food? I believe we need a Breach Disclosure Box, and that it can be a powerful consumer information and education tool.

Once a cost of doing business, today data breaches in the best-case scenario can sap a company’s bottom line, and at their worst represent an extinction-level event. The real-world effects for consumers can be catastrophic. Because there is a patchwork of state and federal laws related to data security—some good, some bad, all indecipherable—and none that work together, it’s impossible to know…

Rather than setting their sights on computers, cybercriminals are increasingly targeting point of sale systems to steal valuable customer information. With attacks against in-store systems growing, the payment industry is fighting back. The Payment Card Industry Security Standards Council (PCI SSC) recently overhauled its guidance document to curb data breaches and security flaws in payment systems, . Although the PCI SSC has updated its recommendation for payment system security, some IT professionals are questioning whether these methods are enough to stop cybercriminals from getting their hands – and servers – on customer data.

Recently, the PCI SCC unveiled version 3.0 of the Payment Card Industry Data Security Standards (PCI DSS), Mark Burnette, partner with LBMC Security & Risk Services, . The newest update focuses on testing to ensure systems are not vulnerable to outsider attacks. With…

While consumers are tired of being bombarded with ads every day, a more dangerous threat could be lurking in the background on webpages and their personal devices. Malicious advertising, also known as malvertising, is an emerging way cybercriminals are infecting new computers with malware, . This technique poses a great risk to cybersecurity because it exploits the popularity of social media sites as cybercriminals may spread malware exponentially through social networking advertising.

When users encounter a website with a malicious advertisement, they are sent to a different site that may download malware onto their computer or other device. The malicious software might mask as a regular download so the users do not suspect their systems are being infected.

"The attackers are purely relying on social engineering techniques, in order to get the user to install the software package," CIsco researchers said….