Chat with us, powered by LiveChat
678-389-6200

Password Protect Customer Data!

secure customer data deep roots analytics voter exposure

The Republican National Committee hired Deep Root Analytics in 2017 to gather political information on US voters but didn’t secure the data. They had personal information on about 61% of the US population stored on an Amazon cloud server – with no password protection. It was exposed there, open for anyone to access, for about two weeks before a security researcher discovered it. A class action lawsuit, and a media storm of negative publicity immediately followed.

A company that acquires and manages personal information should know how to secure data. They were entrusted with sensitive information such as names, birthdates, home address, phone numbers, regions, ethnicities, and voter registration information, and carelessly stored them without password protection. A class action lawsuit immediately followed.

Your business may not have millions of personal records, but you need to secure data for your own customers, because their trust is important to you. And their information is gold to hackers.

How Your Business Could Avoid a Deep Roots-type Error 

  • Recognize What Data is Sensitive: While you don’t want any company data to become public, you do need to recognize that your customer data should be considered sensitive. Names, addresses, phone numbers, email address should always be kept secure. The mere fact that these people are your customers is a major piece of information for hackers, and they can sell that data to your competitors. If you have your customers’ annual income, social security numbers, date of birth, etc., you have to be even more careful about protecting them.
  • Password Protect Your Customer Database. Your customer data should never be accessible to anyone without a password.
  • Limit Access to Your Customer Database. Only the people in your company who absolutely need to access your database to perform their jobs should have access. Limiting access will reduce both unintentional and intentional data breaches by employees.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

No Personal Email Accounts for Company Business!

The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!

That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.

How could that happen?

The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.

Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.

How Your Business Could Avoid a Yahoo-type Breach 

  • Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
  • Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
  • Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

Keep Your Systems Updated and Patched

What some have called “the worse ransomware attack ever” struck in May 2017, infecting an estimated 300,000 computer systems in just four days. WannaCry was similar to many ransomware attacks, i.e. it encrypted files and demanded a Bitcoin payment to decrypt them.

However, it differed in one major way: worm tactics.

Once WannaCry infected a machine, it scanned the connected LANs and WANs to find and attack other vulnerable hosts. The subsequent infections occurred automatically without user interaction.

This allowed WannaCry to seize entire networks and even hop to others, rapidly sparking a flash epidemic worldwide.

The National Health Service in the U.K. was hit particularly hard, with at least one-third of health trusts (i.e. healthcare offices and services) disrupted and over 19,000 appointments canceled, including surgeries.

Stolen NSA Cyber Weapons

WannaCry spread via EternalBlue, an exploit for Windows Server Message Block version 1 (SMBv1), a legacy network file-sharing protocol present in every version of Windows released in the last 15 years (and maybe more).

The exploit is allegedly from a cache of cyber weapons stolen from the U.S. National Security Administration (NSA) and released publicly on April 14, 2017.

Microsoft issued a patch for the vulnerability on March 14, 2017. When the attack began, every Windows system that had not been patched within eight weeks was vulnerable.

How Your Business Can Avoid a WannaCry 

  • Patch Vulnerabilities: The importance of patching cannot be overstated. When WannaCry struck, administrators with freshly patched Windows machines were safe.
  • Plan for Disaster: This attack targeted a vulnerability in millions of Windows systems. A patch had been available for only about two months. Another attack of this scale is always possible. If your systems are compromised, what will you do? If you don’t already have one, get a backup and disaster recovery plan in place.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Never Hide a Data Security Breach from Your Customers

Uber’s CEO revealed on Nov. 21, 2017, that the ride-hailing service failed to disclose a massive data breach last year. In Oct. 2016, hackers accessed a server containing personal information for more than 57 million Uber drivers and riders. They demanded a $100,000 ransom to delete their copy of the data, which Uber paid.

The attackers allegedly first accessed a private GitHub repository used by Uber’s developers. The repository contained code with login credentials for other Uber systems, which ultimately provided access to the stolen data.

Uber later identified the hackers and pushed them to sign nondisclosure agreements. It also disguised the ransom payment as part of a bug bounty program, according to the New York Times.

The Biggest Mistake was the Cover-up

The Uber data breach may prove to be an example of when the cover-up is worse than the crime. The breach undoubtedly harmed the company’s brand, but the damage caused by hiding the attack has only begun. Lawsuits are now raining down on Uber from attorneys general across the U.S.

How your Business Can Avoid Lawsuits and Customer Distrust from a Security Breach

Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:

  • Know the laws. There are federal, state and local laws on how to handle a data breach and notify customers, and some are industry specific.
  • Err on the side of transparency – Thousands of companies have experienced a data security breach. It’s how you respond to it that matters to your customers. Most will forgive you, especially if you care enough about their information to keep them informed.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Never Overlook Data Security Vulnerabilities!

Credit reporting agency Equifax stores financial data on more than 800 million consumers and 88 million businesses worldwide, so data security is absolutely critical.

On July 29, 2017, the company detected and blocked suspicious network activity associated with a web portal used by U.S. consumers to file disputes. Later analysis revealed the portal’s application framework, Apache Struts, was outdated and had a severe data security vulnerability.

Equifax hired cybersecurity firm Mandiant to conduct a forensic analysis, which revealed a massive data breach affecting 143 million U.S. consumers. Further investigation later increased the number to 145.5 million – or about 45% of the U.S. population.

Severe Data Security Vulnerability Overlooked

Equifax was first alerted to the Apache Struts vulnerability on March 8, 2017, more than two months before the breach started, according to testimony to a U.S. House subcommittee by from former Equifax CEO Richard Smith. Equifax failed to act on the alert and apply the available patch.

Hackers launched the attack exploiting the vulnerability about two months later, on May 13, 2017. By the time the breach was discovered in late July, hackers had accessed dozens of databases and created more than 30 backdoors into Equifax’s systems.

How your Business Can Avoid this Type of Security Breach

Even though the security breaches at large corporations make the headlines, it’s the smaller companies that are the most vulnerable. Small businesses are generally easier to hack because they don’t put real security measures in place. Here’s what we recommend:

  • Apply Security Patches in a timely manner – Equifax failed to realize an alert for a critical vulnerability applied to one of its web portals. A flaw that should have been patched in a timely manner went unpatched for months.
  • Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.

 

 

Web Analytics