Thursday, February 28, 2019

What’s the point of a cybersecurity program?

When we say, “cybersecurity program”, here’s what we mean:  Implementing cybersecurity policies, procedures, and controls in a unified approach to reduce risk to private data and systems.  The cost of not implementing a cybersecurity program in your organization goes far beyond downtime and extends to financial loss, reputation damage, and a loss of employee confidence.

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Business & Professional Services
Top Employee Count: 11 - 50 Employees 

What We’re Listening To:

What We’re Listening To:

Wednesday, February 27, 2019

How Cybersecurity Misconceptions are Leaving Customers Vulnerable

How Cybersecurity Misconceptions are Leaving Customers VulnerableAccording to a recent survey among 2,034 US consumers, public misperceptions are making customers more vulnerable to breach. Almost 90% believe that cybersecurity risks are increasing, with 41% who know someone that has been a victim and 25% being personally impacted.
However, just over half are taking critical measures such as using two-factor authentication or changing their settings across browsers, social media, or email. Additionally, most have not recognized the vulnerabilities involved in smart home devices or mobile device security.
There is also a lack of alignment in terms of which breaches are the most common and severe, with 97.4% being aware of viruses, even though phishing and identity theft are the first and second most damaging threats to consumers. In order to prepare for future breaches to come, consumers must educate themselves on the new landscape of cybersecurity and take recommended actions to protect themselves.

In Other News:

In Other News:
GDPR Update: 95,000 Data Breach Complaints Since Adoption
Since the widely anticipated installation of the EU privacy law known as the General Data Protection Regulation (GDPR), regulators have received over 95,000 complaints of possible data breaches within an eight month period.
As you may already know, GDPR enables privacy enforcers to levy fines of up to 4 percent of global revenue or 20 million euros ($23 million), whichever amounts to a higher number. Just last week, the French data protection watchdog imposed a fine of 50M euros on Alphabet-owned Google over allegations that they failed to obtain user consent for personalized ads, the largest GDPR sanction to date. As more penalties begin to join in the mix, organizations must consult experts to ensure that they are adhering to the stringent regulations for protecting EU consumers.
So far, most complaints have been related to telemarketing, promotional emails and video surveillance by closed-circuit televisions.

Tuesday, February 26, 2019

What’s the most important part of an incident response plan?


The most important part of an incident response plan is not the plan itself, but the actual regular testing, tweaking, and discussion of the plan.  How can a plan be useful if nobody knows where it is and their role and responsibilities within the plan?  Incident response planning should be an ongoing, yearly exercise with actual testing of the plan performed at least once a year.  Additionally, incident response isn’t just an IT issue. It’s a business issue that affects all departments, and in many cases third-parties such as legal counsel, PR, and third-party hardware and software vendors.

Monday, February 25, 2019

What we can do to stop putting our data at risk of identity theft

What we can do to stop putting our data at risk of identity theft
5 quick and easy tips for updating your data security
It’s safe to say that data breaches are one of the primary threats affecting the ways in which small businesses operate. All industries face the risk of exposing valuable personally identifiable information (PII) or protected health information (PHI). To compound the matter, innovations such as Internet of Things (IoT) become deeply integrated into operations and can create additional risk.
However, to mitigate even the most advanced cybersecurity concerns, we must begin by thinking simple and effective. Here are 5 steps for proactively preventing breaches and protecting your data in the event of a compromise:
1. Foster cybersecurity team buy-in
Consider implementing an incentive program for employees who detect significant vulnerabilities in cybersecurity. Create a workplace culture that values customer and employee privacy and offer continued education.
2. Make regular updates
Schedule timely updates and involve employees in the process by sending notifications and ensuring compliance.
3. Encrypt data
By making data unreadable for hackers, SMBs can dodge hefty fines and tarnished reputations in the event of a breach.
4. Backup data
By backing up your data onto multiple servers, you can prevent information from being lost in the case of a ransomware attack. Diversifying the format of how data is stored and keeping multiple copies that are secure offers additional protection.
5. Test cybersecurity protocols
By assessing vulnerabilities and conducting penetration testing, you can anticipate weaknesses in your security. Teaming up with security providers to stay constantly alert will offer the two-pronged benefit of preventing a breach from happening in the first place and being prepared pre- and post-incident.

Quick Start Guide to Dark Web Security



https://preview.hs-sites.com/_hcms/preview/content/7440928435?portalId=4331745&_preview=true&cacheBust=1550794851801&preview_key=zflscGba&from_buffer=false

Hi There,
Did you get the chance to check out our latest ebook?
The "Quick Start Guide to Dark Web Security" walks you through the mind of a cybercriminal, describing ways they can steal your information and hold it for ransom or sell it on the dark web.
Learn how to protect confidential data from being hacked. Do not delay. Your business could be next.
Learn More
  




Signature Image
Robert Blake Consultant
Bit by Bit Computer Consultants




Friday, February 22, 2019

In Other News:

In Other News:
MyFitnessPal and CoffeeMeetsBagel data go for sale on the Dark Web
After the breach of MyFitnessPal last year involving 150M user accounts, the data has finally been packaged up along with stolen credentials from 15 other websites to be sold on the Dark Web. The asking price? Less than $20,000 in Bitcoin...

Thursday, February 21, 2019

February Newsletter: Understanding How the Cloud Works





How will you recover after a cyber incident?


Dark web Trends

This week, Dunkin’ faces a 2nd credential stuffing attack, a Canadian photo-sharing platform discovers hack, a French cybersecurity society is compromised and Australian property data is leaked.
Dark Web ID Trends:Top Source Hits: ID Theft Forums (99%) 
Top Compromise Type: Domain (99%)
Top Industry: Medical and Healthcare
Top Employee Count: 1 - 10 Employees (94%)

What is the importance of written security policy?


Written policy is essential to a successful cybersecurity program.  Without it, employees can misbehave and get away with it.  Response and recovery times in the event of a cyber incident will be drastically longer.  The mindset of leadership will not be set in stone.  Policy guides employee behavior, establishes leadership’s attitude toward cybersecurity, and addresses how data is to be stored, processed, and protected.

United States - Valley Hope Association

extreme gauge
Exploit: Database leak.
Valley Hope Association: Kansas-based group of addiction treatment centers.
Risk to Small Business: 1.777 = Severe
Customers Impacted: 70,000 patients.
>> Read full details on our blog. 

Wednesday, February 20, 2019

How secure is your password?


How to save your IT system from its own users: Zero Trust Browsing

How to save your IT system from its own users: Zero Trust Browsing
2017: The Year of Cryptojacking. 2018: The Year of Ransomware. 2019? It’s shaping up to be the Year of Phishing.
Historically, we’ve labeled phishing as a nuisance that only a select few fall for. However, the increasing sophistication of social engineering, along with a gradual evolution of phishing techniques, have leveled the game. For example, hackers have realized the importance we place on SSL certification, and have found ways to exploit it in order to give us a false sense of reassurance. Browsers such as Edge, Chrome, and Firefox have created advanced filtering techniques, but they are still unable to identify 10-25% of phishing sites...

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: ID Theft Forums (98%) 
Top Compromise Type: Domain (99%)
Top Industry: Service Provider
Top Employee Count: 1 - 10 Employees (96%)

Tuesday, February 19, 2019

United States - Graeter's Ice Cream

correct severe gauge
Exploit: Malware on website checkout page.
Graeter’s Ice Cream: Regional ice cream brand based in Cincinnati.
Risk to Small Business: 1.888 = SevereCustomers Impacted: Approximately 12,000.
>> Read full details on our blog. 

Friday, February 15, 2019

Does anyone actually know how consumers are affected by a data breach?

Does anyone actually know how consumers are affected by a data breach?If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.
This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?
Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.
https://www.americanbanker.com/opinion/consumer-harm-from-data-breaches-is-a-black-box

Thursday, February 14, 2019

In Other News:

In Other News:
The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.
A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials, and sentenced to eight years in prison.
Then 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for its rogue employee’s actions. It now faces large compensation costs.
Notable not only for being the first of its kind around data breach in the U.K., this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.
A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.