by John Mamon | Dec 14, 2020 | IT Service Blog
Businesses often take the privacy and security of email for granted. But if there’s only one thing you take away from this information, it should be that email is the prime target for hackers and data thieves. There are hundreds of threats out there at any moment, and each of them have the potential to steal information, take control of your computer and network, and even damage your brand reputation. Below are 4 of the 13 email threats you should know about.
- Conversation Hijacking – Conversation Hijacking attacks are when hackers manage to replicate legitimate email threads between people to make it seem as though the victim is the one sending the messages back and forth. Make sure you have Multi-Factor Authentication (MFA) in place to keep the bad guys out of your email tenant.
- Account Takeover – Account takeover is when malicious third party attackers successfully gain access to a user’s account and credentials. Once the account is compromised, hackers monitor and track activity to learn how the company does business, the email signatures they use, and the way financial transaction are handled. This helps them launch successful attacks, including harvesting additional login credentials for other accounts. MFA is the best answer for this threat.
- Data Exfiltration – Data exfiltration is the unauthorized transfer of data from a computer or other device. It can be conducted manually via physical access to a computer and as an automated process using malicious programming on the internet or a network. Attacks are typically targeted, with the objective of gaining access to a network or machine to locate and copy specific data. There are specific monitoring tools that can watch for suspicious data movement.
- Lateral Phishing – With lateral phishing, attackers use recently hijacked accounts to send phishing emails to unsuspecting recipients to spread the attack more broadly. Because these attacks come from a legitimate email account and appear to be from a trusted colleague or partner, they tend to have a high success rate. MFA is crucial to minimizing this threat.
Click here to download the 9 other ways you can improve the privacy and security of your emails.
by John Mamon | Dec 1, 2020 | IT Service Blog
Businesses often take the privacy and security of email for granted. But if there’s only one thing you take away from this information, it should be that email is the prime target for hackers and data thieves. There are hundreds of threats out there at any moment, and each of them have the potential to steal information, take control of your computer and network, and even damage your brand reputation. Below are 3 of the 13 email threats you should know about.
- Spam – Email spam is also known as junk mail. Spam emails are sent out in mass quantities by spammers and cyber criminals that are looking to make money, obtain information or spread malicious code onto the recipient’s computer. Having a good 3rd party SPAM filter in place is critical. This service can often be bundled with advanced email security.
- Domain Impersonation – Domain impersonation, or domain spoofing, is when a hacker uses a fake web domain or email address to impersonate an organization or one of its employees. This threat is closely related and sometimes used in conjunction with Spear Phishing. SAT can help
here as well.
- Brand Impersonation – Brand impersonation is designed to impersonate a company or a brand to trick their victims into responding and disclosing personal or otherwise sensitive information. Common types of brand impersonation include service impersonation and brand hijacking. This threat is similar to Scamming, so advanced email security can help here too.
Click here to download the 10 other ways you can improve the privacy and security of your emails.
by John Mamon | Sep 13, 2018 | IT Service Blog
Many cyber attacks that are attributed to “hacking” or “malware” first enter the organization through an old, reliable channel: email.
Email is a door into the network. With a cleverly crafted message, hackers can convince employees to install malware, share access credentials, or perform any number of actions to open an entry point for a larger attack. In this way, staff members become unwitting supporters of the attacks and help them to succeed. The mistake takes only a few seconds of oversight and can spark a data breach that harms the organization for years. In certain environments, only one employee has to make a single mistake to give attackers a foothold.
Going Phishing
When we talk about email as a vessel for hacking or malware, we are referring to an attack called “phishing.” This is when an attacker will disguise as a trustworthy individual or institution in an attempt to acquire sensitive information. Email-based cyber attacks are very common and are growing more sophisticated. Broad- scale phishing emails, which are often easier to spot, are giving way to targeted, spear phishing emails – which are more closely tailored to the recipient and far more convincing.
More than two-thirds (69%) of health IT professionals surveyed said their organizations experienced a spear phishing attack in the last 12 months, according to the Ponemon report. This happens almost exclusively through email, though in rare cases it occurs over the phone. When asked to consider their organization’s most recent major security incident, 62% of healthcare information security professionals said email was the initial point of compromise, according to the HIMSS report. This was far beyond any other channel mentioned (“other” was second at 13% and “don’t know” was third at 12%).
Most often, malicious emails attempt to trick recipients into opening a malware attachment, clicking to visit a malicious website, or clicking to open a phony web form. However, the channel can also be used to leak or steal sensitive data directly. An attacker may convince an employee to reply to an email with access credentials or other sensitive information. Also, employees can accidentally email patient data to the wrong person (a.k.a. “misdelivery”).
Email is the top location for data breaches reported to OCR from Jan. 1 to May 15, 2018, accounting for 25% of the total during the period.
Email is also the top location for data breaches reported to OCR in 2017, accounting for 23% of the total and impacting 11% of all affected individuals.
What Can You Do About It?
You need an IT support partner who thoroughly understands both HIPAA compliance and network security, as they have to work in tandem to keep your medical practice secure and clear of HIPAA violations. To learn more, call 678-389-6200 or see HIPAA Compliance and Network Security for Medical Practices.
by John Mamon | Sep 13, 2018 | IT Service Blog
Insiders are among the biggest threats to data security in healthcare. Research suggests the problem has reach epidemic proportions – with staff members snooping, stealing, or otherwise leaking sensitive data on a scale much broader than in other industries.
The trend is consistent:
- Insiders caused 58% of the healthcare security incidents reviewed for the 2018 Verizon PHI Data Breach Report.
- Insiders caused 37% of 2017 healthcare data breaches reviewed in the 2018 Protenus Breach Barometer Report.
- An insider caused the largest healthcare data breach reported to OCR in 2017, allegedly stealing data affecting 697,800 individuals.
The trend has extended into 2018. A Calyptix review of the data breaches reported to the OCR from Jan. 1 to May 15 this year revealed:
- 45% were caused by “unauthorized access / disclosure”, a type of breach typically associated with insiders. The breaches accounted for 55% of the total records exposed during the period.
- 9% were caused by “loss” or “improper disposal”, which are also often associated with insiders.
The numbers might be inflated by the stringent breach reporting requirements in HIPAA. However, other industries – such as the public sector – also have stringent reporting requirements. While they often see higher levels of insider incidents, they are nowhere near the levels seen in healthcare, suggesting the severity of the problem may be unique to the industry.
Why Insiders Breach
Why do staff members knowingly violate HIPAA guidelines, causing a data breach? In a review of 306 data breaches in healthcare shown to be caused by insiders, 48% were financially motivated and 31% were motivated by fun or curiosity, according the Verizon report. Interestingly, another 10% were motivated by convenience.
Insider data breaches come in two general types: intentional and accidental. A staff member either mistakenly leaks data – such as by emailing health records to the wrong patient – or purposefully exposes the data – such as by theft or snooping. One snooping case reported in 2017 went undiscovered for 14 years. An employee at a Massachusetts hospital was found to have inappropriately accessed the medical records of as many as 1,176 patients over the years.
The person’s motivation can have a significant impact on the scale of the breach. For example, an insider who is financially motivated to steal patient health data may try to grab as much as possible. Malicious or nosey insiders are also more likely to attempt to hide their actions. On the other hand, an employee who makes an honest mistake will likely try to minimize the impact. This may partly explain why data breaches involving “insider wrongdoing” were shown to impact 14% more patient records in 2017 than breaches caused by “insider error”, according to the Protenus report.
Gaps in IT Security Knowledge
Many factors – including large volumes of sensitive data, legacy systems, and complex networks – combine to support a high level of insider breaches. Another factor may be a lower awareness of cyber security issues among healthcare staff. When tested on their security knowledge in 2017, end users in healthcare came in second-to- last compared to other industries, answering 23% of the questions incorrectly, according to a study by Wombat Security.
Healthcare IT professionals seem to echo this finding. More than half (52%) of those surveyed agreed with the statement, “Employees’ lack of awareness affects our ability to achieve a strong security posture.”
The problem also extends to specialized IT security staff, with 74% of respondents in healthcare IT indicating that “insufficient staffing” had hampered the organization’s cyber security posture – more than any other challenge cited. Filling the gaps is apparently not easy, with 79% reporting it is at least “somewhat difficult” to recruit IT security personnel. Nearly one-third (32%) reported it is “extremely difficult”
More Training Needed
Security awareness training is required by HIPAA – but the necessary quality and quantity of training is open to interpretation. In a survey of 239 IT security professionals completed in Jan.2018 by the Healthcare Information Management and Systems Society (HIMSS), only 8.4% said their organization did not have a security awareness training program – which is a good sign. Unfortunately, more than half of respondents (51.8%) said they conduct training just once per year. About one-in-five (22.9%) train monthly.
What Can You Do About It?
You need an IT support partner who thoroughly understands both HIPAA compliance and network security, as they have to work in tandem to keep your medical practice secure and clear of HIPAA violations. To learn more, call 678-389-6200 or see HIPAA Compliance and Network Security for Medical Practices.
by John Mamon | Mar 21, 2018 | Uncategorized
The Yahoo! Data Breach of 2013 may seem like old news, but 2017 revealed it was far worse than reported. After Verizon acquired Yahoo! in June 2017, they discovered the 2013 breach affected every Yahoo! customer account – three billion in total!
That mind-boggling number is three times more than Yahoo! reports when they first disclosed the breach in 2017. It’s almost 10 times greater that the whole US population.
How could that happen?
The hackers had free access to billions of email accounts for three years before they were discovered. More that 150,000 of the accounts were owned by current and former US government and military employees. They included the accounts of White House staff members, US Congress, and members of the FBA, NSA, and CIA.
Part of the problem is Business Email Compromise (BEC), a growing trend of organized cyber criminals. They get into your network, spend weeks or months studying your organization’s vendors, billing systems, and your CEO’s style of email communications. They can then send a fake email from your CEO (while he or she is away and unavailable) to someone in your finance office, requesting you send payment to someone your company would normally pay. This is a scam that works and the money is hard to track and recover.
How Your Business Could Avoid a Yahoo-type Breach
- Patch Vulnerabilities: This must be done in a timely manner. The more time your system spends vulnerable the easier it is for hackers to get what they want.
- Don’t trust email from an employee’s private account. Anytime someone in your company sends you an email from a private email account, be suspicious. Reply by phone or use the company email to ask if that email was from them.
- Use your company email for business. Make sure all company business that must be emailed is done via your company email account. That includes minor things like requesting a meeting or sending a file. Because data breaches are a huge and growing threat, it’s best to always keep your company email communications within the safety and security of your business email account.
- Get a real security partner to assess your vulnerabilities and catch issues before they blow up into expensive and damaging problems. Call mPowered IT at 678-389-6200 and ask for a FREE VULNERABILITY ASSESSMENT.
