Thursday, February 28, 2019

What’s the point of a cybersecurity program?

When we say, “cybersecurity program”, here’s what we mean:  Implementing cybersecurity policies, procedures, and controls in a unified approach to reduce risk to private data and systems.  The cost of not implementing a cybersecurity program in your organization goes far beyond downtime and extends to financial loss, reputation damage, and a loss of employee confidence.

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 - 50 Employees 

What We’re Listening To:

What We’re Listening To:

Wednesday, February 27, 2019

How Cybersecurity Misconceptions are Leaving Customers Vulnerable

How Cybersecurity Misconceptions are Leaving Customers VulnerableAccording to a recent survey among 2,034 US consumers, public misperceptions are making customers more vulnerable to breach. Almost 90% believe that cybersecurity risks are increasing, with 41% who know someone that has been a victim and 25% being personally impacted.
However, just over half are taking critical measures such as using two-factor authentication or changing their settings across browsers, social media, or email. Additionally, most have not recognized the vulnerabilities involved in smart home devices or mobile device security.
There is also a lack of alignment in terms of which breaches are the most common and severe, with 97.4% being aware of viruses, even though phishing and identity theft are the first and second most damaging threats to consumers. In order to prepare for future breaches to come, consumers must educate themselves on the new landscape of cybersecurity and take recommended actions to protect themselves.

In Other News:

In Other News:
GDPR Update: 95,000 Data Breach Complaints Since Adoption
Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period.
As you may already know, GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.
So far, most complaints have been related to telemarketing, promotional emails and video surveillance by closed-circuit televisions.

Tuesday, February 26, 2019

What’s the most important part of an incident response plan?


The most important part of an incident response plan is not the plan itself, but the actual regular testing, tweaking, and discussion of the plan.  How can a plan be useful if nobody knows where it is and their role and responsibilities within the plan?  Incident response planning should be an ongoing, yearly exercise with actual testing of the plan performed at least once a year.  Additionally, incident response isn’t just an IT issue. It’s a business issue that affects all departments, and in many cases third-parties such as legal counsel, PR, and third-party hardware and software vendors.

Breached - France, Philippines, New Zealand

correct severe gauge
Exploit: Credential stuffing attack.
DailyMotion: Video sharing platform
Risk to Small Business: 2.333 = SevereCustomers Impacted: To be determined 
>> Read full details on our blog. 
correct severe gauge
Exploit: Email server compromise.
Cebuana Lhuillier: Pawn shop and microfinance firm.
Risk to Small Business: 2 = SevereCustomers Impacted: 900,000 clients. 
>> Read full details on our blog. 
correct moderate gauge
Exploit: Payment fraud.
Cryptopia: Online cryptocurrency exchange.
Risk to Small Business: 1.888 = Severe Customers Impacted: Unknown.
>> Read full details on our blog. 

Monday, February 25, 2019

What we can do to stop putting our data at risk of identity theft

What we can do to stop putting our data at risk of identity theft
5 quick and easy tips for updating your data security
It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.
However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise:
1. Foster cybersecurity team buy-in
Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.
2. Make regular updates
Schedule timely updates and involve employees in the process by sending notifications and ensuring compliance.
3. Encrypt data
By making data unreadable for hackers, SMBs can dodge hefty fines and tarnished reputations in the event of a breach.
4. Backup data
By backing up your data onto multiple servers, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection.
5. Test cybersecurity protocols
By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. Teaming up with security providers to stay constantly alert will offer the two-pronged benefit of preventing a breach from happening in the first place and being prepared pre- and post-incident.

Breached - United Kingdom - B&Q

extreme gauge
Exploit: Database leak.
B&Q: Home improvement retailer.
Risk to Small Business:  2.222 = Severe Customers Impacted: 70,000. 
>> Read full details on our blog. 

Quick Start Guide to Dark Web Security



https://preview.hs-sites.com/_hcms/preview/content/7440928435?portalId=4331745&_preview=true&cacheBust=1550794851801&preview_key=zflscGba&from_buffer=false

Hi There,
Did you get the chance to check out our latest ebook?
The "Quick Start Guide to Dark Web Security" walks you through the mind of a cybercriminal, describing ways they can steal your information and hold it for ransom or sell it on the dark web.
Learn how to protect confidential data from being hacked. Do not delay. Your business could be next.
Learn More
  




Signature Image
Robert Blake Consultant
Bit by Bit Computer Consultants




Friday, February 22, 2019

In Other News:

In Other News:
MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web
After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin...

United States- Lebanon VA Medical Center - BREACHED

correct severe gauge
Exploit: Employee error.
Lebanon VA Medical Center: Veterans hospital located in Pennsylvania.
Risk to Small Business: 1.555 = SevereCustomers Impacted: 1,002 patients. 
>> Read full details on our blog. 

Thursday, February 21, 2019

February Newsletter: Understanding How the Cloud Works





How will you recover after a cyber incident?


Breached - US, Canada and more!

correct severe gauge
Exploit: Credential stuffing attack
Dunkin' Donuts: One of the world's leading baked goods and coffee chains
>> Read full details on our blog. 
correct severe gauge
Exploit: Malware injection into point-of-sale (POS) systems
Truluck's: Houston-based chain restaurant.
>> Read full details on our blog. 
correct severe gaugeExploit: Unauthorized system access
DataCamp: Online learning platform for data science
>> Read full details on our blog. 
extreme gauge
Exploit: Server hack
500px: Photo-sharing platform 
>> Read full details on our blog. 
correct severe gauge
Exploit: Employee breach
eHealth Saskatchewan: Electronic health record system
>> Read full details on our blog. 
correct moderate gauge
Exploit: Human error resulting in data leak
CLUSIF: Paris-based information security society
>> Read full details on our blog. 
correct severe gauge
Exploit: Database leak
LandMark White: Large property evaluation firm
>> Read full details on our blog. 

correct severe gauge
Exploit: Website glitch and phishing
Optus: Telecommunications company seeking to be first-in-market with 5G home broadband service
>> Read full details on our blog.