Small Business, BIG RISK!

Does anyone actually know how consumers are affected by a data breach?

Does anyone actually know how consumers are affected by a data breach?If you take a peek into a recent newspaper, you’re likely to see the words ‘data breach’ flash across headlines. The conversation surrounding data privacy is becoming increasingly commonplace, yet surprisingly scarce in acknowledging the actual consequences or outcomes for affected consumers. Although we are able to speculate as to what might happen to consumers, we are usually left wondering what actually does.

This void in information results in our entire industry viewing only part of the problem, as we cannot understand the link between the efficacy of security measures and the level of harm caused to end-users. As a sector, we know very little regarding how hackers transform data breaches into financial gain for themselves. What can we do to solve this?

Tapping into the vast resources of law enforcement agencies, large banks, and major card providers. Through collaboration, they can offer financial forensics, fraud detection, and task forces that can help attribute breaches to thefts and fraud. Some would argue that investments and partnerships must be made to acquire such information, but enhancing awareness could be the match that lights the fire, illuminating the path towards global data accountability by consumers and businesses alike.
https://www.americanbanker.com/opinion/consumer-harm-from-data-breaches-is-a-black-box

In Other News:

In Other News:

The U.K. has seen its first group litigation case concerning data breach, and the organization in question, the supermarket chain Morrisons, was found vicariously liable for the actions of one of its employees.

A disgruntled employee posted a file on a file-sharing website that included data on nearly 100,000 of his colleagues. That employee was found guilty of several charges related to the incident, including fraud and gaining unauthorized access to computer materials, and sentenced to eight years in prison.

Then 5,518 of the individuals whose personal data was published sued Morrisons. In this class-action-type suit, Morrisons — which was determined to have been compliant with data security laws at the time — was found vicariously liable for its rogue employee’s actions. It now faces large compensation costs.

Notable not only for being the first of its kind around data breach in the U.K., this case is also interesting for setting a high standard of responsibility among companies for their employees’ actions. As data breaches increase in both frequency and scope in Europe, those affected by them are likely to look to class-action claims under the provisions of the GDPR, which gives data subjects’ more rights and increases defendants’ penalties.

A side note: Similar claims but concerning nonmaterial damage like emotional distress may be enabled by the GDPR and the Irish Data Protection Act 2018 to be brought to Irish courts.

https://www.siliconrepublic.com/enterprise/morrisons-data-breach-employees

In Other News:

In Other News:

An Emerging Target for Data Breaches: HR and Finance EmployeesAs phishing attacks evolve in sophistication, human resource and finance teams are becoming caught in the crosshairs. Historically, such departments have been able to fend off poorly executed phishing campaigns. However, as hackers get smarter, so do their tactics. By adopting the writing styles of executives on social media, they can produce “look-alike” language that is capable of fooling even the most careful employees.

Many times, employee data can command a higher price tag on the Dark Web than customer data, since it is more likely to include social security numbers, dates of birth, names of dependents, and other lucrative data that can be used in perpetuity, instead of a one-time payment card fraud. When it comes to phishing attacks, it’s important to remember that human users are the weakest link the security chain.
https://searchhrsoftware.techtarget.com/feature/Phishing-attacks-are-top-employee-data-breach-threat-for-HR

Dark Web ID Trends:

Dark Web ID Trends:Top Source Hits: Domains (99%) 
Top Compromise Type: ID Theft Forums (99%)
Top Industry: High-Tech / IT 
Top Employee Count: 11 - 50 Employees 

Ransomware on the rise!

7 Passwords You Should Never Use at Your Small Business - SMALL BIZ AHEAD

https://sba.thehartford.com/managing-risk/7-passwords-you-should-never-use/?cmp=EMC-SC-SBA-13055326&eml=1

7 Passwords You Should Never Use at Your Small Business

Owning a small business means owning data. You're constantly acquiring new information related to your customers, your financial details, and all the vendors and contractors with whom you work.  One cyber criminal, though, one lucky hack, and you've just exposed your business to a major blow. From lost trust among your clients to costly lawsuits for the damage done, protecting your company from data theft is among your most important responsibilities.

A lot of it comes down to one simple choice you make:  passwords.

"Overall, passwords still present the biggest challenge for businesses of all sizes," said Ron Schlecht, founder and managing partner of BTB Security. Businesses hire Schlecht's company to test their digital security for weak spots and, he said, "you can't imagine how many times we still break in to companies because of a bad password."

If you want to avoid weak passwords at your business, start by steering clear of the following list. Read on for seven passwords you should never (ever) use.

Password

Arguably, this is the number-one and most common bad choice. Also prevalent are variations such as P@ssword and P@55w0rd!. These might be easy to remember, but they're also among the first options hackers will try.

QWERTY

Easy-to-guess passwords often take root because they're simple to remember. That's the story with this hacker-friendly option constructed from the sequence of letters at the top left of the typical computer keyboard.

12345

Or, 98765. Or, 4567. You get the picture — no consecutive numbers (and the same goes for sequential letter combinations). You can only count on passwords such as these to expose your business to digital theft.

BusinessName1

If your shop is called Serafina's Weddings, don't set your password as SerafinasWeddings1. That would be a early choice for hackers looking to break into your valuable data.

Business Address

Skip it entirely, when it comes to passwords. Also avoid trying to mash together similar details, such as your street name and street number — i.e. Main215. 

Date of Birth

Thanks to the Internet, it doesn't take much effort to find a person's DOB. Birthdays, birthdates, years of birth — all of them make for readily attainable passwords and are poor choices for your company.

Simple Dictionary Words

Especially if they're related to your business, don't use them. No baseball, football, or soccer for your sporting goods store. No muffler, tire, or spark plug for your auto garage.

 And so, what should you do when it comes to picking a password?

A key approach starts with thinking of a passphrase. Next, substitute letters, characters, and abbreviations for parts of it. For example, my first car was a Honda in 1990 would be easy enough to remember, if that was the case in your life. Now, change it to my1stc@r=honda90.

Steer clear of the not so magnificent seven above, and protect your data with hard-to-guess constructions. With a strong password strategy, you're well on your way to foiling online attacks.

Next Steps:  Are you looking to expand and grow your small business but don't have time to keep up with the latest trends and technology? We've got you covered with the weekly Small Biz Ahead newsletter. Sign up today and start receiving the weekly newsletter chock full of the latest tools and resources to help you run a successful business.

Blog www.3boffice.com

Robert Blake Consultant Bit by Bit Computer Consultants 721 North Fielder Suite B, Arlington TX 76012 t: 877.860.5831 x190 m: 972.365.7010 w: http://www.bitxbit.com e: robert.blake@bitxbit.com

Managing technology and Protecting Data.