Call Us (877) 740-5028
Call Us (877) 740-5028
As we did in 2016, we’re rounding up the biggest data breaches of 2017. What have we learned as a result, and what can companies do better next year? Equifax: The loss of 145 million records may not be the highest in history, but the value of information very well might be. Thanks to an unpatched flaw in an Apache Struts server, names, dates, social security numbers, and more were compromised. Most of the records were American, but about a million people were affected in the UK and Canada as well. To make matters even worse, the credit bureau’s response to the crisis was less than stellar, with widespread criticism of the company’s incident response website, officials questioning how much company executives knew before it disclosed the breach, and prompting an investigation by Congress. Uber: Another breach for the books that falls under “poorly handled.” The loss of 57 million records actually happened in October 2016, but Uber didn’t disclose until November of this year, and it was also discovered the rideshare company had paid the hackers who compromised them $100,000 to stay quiet and delete the data. The result? CSO Joe Sullivan and a deputy were shown the door….
With all the deals that can be found on Black Friday and Cyber Monday, it’s time to start scoring great deals online. But only half of consumers say they can determine whether the site they’re visiting is safe and legitimate, according to a survey by the Global Cyber Alliance. Here’s 6 ways on how to stay safe during the holiday shopping season. Check the URL of the site you’re visiting. Sophisticated phishing attacks can do a great job of making the site you’re visiting look just like the store you think you’re buying from, but the URL will be different. If the URL doesn’t match the site name, don’t buy anything and get out of there. Similar to the URL, be sure to check the domain name of the site you’re visiting. Is it on the vendor’s list of authorized dealers? If not, beware. A simple can help you determine who owns the particular site you’re visiting. Check out the official retail site before using a third-party site to score deals. Some fake sites can be hard to spot, but others are more obvious. The best way to compare is to go to the official brand’s site to look at…
Companies across the globe are still reeling and recovering from the global ransomware attack known as WannaCry on Friday, which took down tens of thousands of machines in 150 countries, including Britain’s National Health System. How and why did this happen? We’ve talked at length about ransomware and how it’s distributed, how it particularly affects healthcare, and the rise of ransomware as a service. Friday’s attack was unusual in how quickly the infection spread, but it also reminded us of an age-old life lesson: It’s really important to keep your systems patched and up to date. Prevention is the best cure The security world has been saying it for years, but now it has another true-to-life case in point: Update your machine when it tells you to. The attack on Friday took advantage of a zero-day vulnerability in all Microsoft systems before Windows 10. Microsoft had released a patch for it back in March (even issuing a rare patch for the now-unsupported Windows XP systems), but most people treat system updates the way they treat pre-cancer screenings: “I’m fine now, so why should I worry about it?” Well, just like you don’t want cancer when you’re older, you don’t want ransomware, either….
In a world where the Internet of Things is growing exponentially, attackers are exploiting vulnerabilities in systems every day, and data breaches are constantly announced, cybersecurity has been top of mind. Here’s a look at some of the biggest data breaches from 2016 as well as some honorable mentions from 2015. Yahoo: The company suffered two breaches this year, announcing thefts in September and December. The latest breach may be the biggest of all time, as Yahoo is estimating 1 billion accounts may be compromised. Yahoo believes someone illegally accessed the company’s code to make forged cookies, although that is not certain. SWIFT: In February, attackers used malware to hack into the company’s software and steal $81 million from the Bangladesh Bank. The Belgium-based cooperative of 3,000 organizations maintains a messaging platform that banks use to move money internationally. Of the $81 million stolen, only $6.9 was believed to be recoverable. Anthem: In February of 2015, Anthem announced it had suffered a massive data breach, exposing more than 78 million records and compromising 18.8 million non-patient records as well. It is the largest healthcare data breach to date. The company is still feeling the effects, as customers filed several class-action…
What is Two-Factor Authentication? The simplest example may be the use of an ATM/debit card – this combines two factors; one is something you own (the card) and the other is something you know (the PIN). Employees and other users may need to log into a private network to access data from a remote location, using a VPN (virtual private network). In this scenario, one authentication factor includes logging into a web-based system with a username and password. The second authentication factor may include the use of a cell phone – with a smartphone, you can register your phone number with the system and receive a request to approve. Or, by using a passcode via text message, you can log into the system with the randomized numbers sent to your phone. You can even answer a phone call and press a key in order to authenticate you are the authorized account holder. There are other authentication factors that can be used – for example, biometrics requires something specific to you, from a fingerprint to voice recognition. Or, you can use something physical you own, like a keyfob. Who’s Using Two-Factor Authentication? One well-known example of a company using two-factor is Google…