Archive for the ‘Data breach’ Category
Rep. Mary Bono Mack (R-Calif.) has introduced legislation to protect American consumers from data theft. The legislation is in response to concerns over recent cyber attacks and data breaches.
The Secure and Fortify Electronic Data Act (HR 2577) will require reasonable security policies and procedures to protect personal information, as wells nationwide notice in the event of a security breach.
The announcement of the SAFE Data Act comes on the heels of data breaches at Sony, Epsilon and Citigroup.
“In recent years, sophisticated and carefully orchestrated cyber attacks, designed to obtain personal information about consumers, have become one of the fastest growing criminal enterprises here in the United States and across the world. Today, Americans need new safeguards to prevent identity theft, and the SAFE Data Act will help accomplish this goal,” said Bono Mack. “My legislation is crafted around a guiding principle: Consumers should be promptly informed when their personal information has been jeopardized. The time has come for Congress to take decisive action. We need a uniform national standard for data security and data breach notification, and we need it now.”
The act will not, however, do anything to prevent or deter online crime. A key feature of the act, however, requires notification to the FTC and consumers within 48 hours of the time that a breach has been secured and the scope of the breach has been assessed. If passed, the act would allow the FTC the authority to levy civil penalties if entities fail to respond in a timely and responsible manner.
The Federal Communications Commission has announced the launch of a new website designed to help small businesses protect against cyberattacks.
The site – fcc.gov/cyberforsmallbiz – includes links to vendor, nonprofit and government resources, including materials from the National Cyber Security Alliance, and a PowerPoint presentation from the National Institute of Standards and Technology.
There’s also posted a list of tips for small businesses, which includes information on training employees, installing patches, limiting access and regularly changing passwords.
Small and mid-size businesses have been hit hard in recent years by hackers who use malware to steal corporate bank account credentials, which they use to wire out large amounts of cash.
Businesses in the mid-size to small range often lack the resources needed to take additional steps to protect themselves from hacking attacks. But considering the risks and possible financial ruin, business owners can no longer afford to ignore this hazard. Here are some tips for small business owners to help fight against hacking.
• Go beyond traditional antivirus software and implement a complete security system on servers.
• Make sure you have a backup and recovery system in place.
• Buy a complete security software package from a reputable buyer.
• Enact and enforce Internet policies with employees, and train employees about what they can and can’t do, as well as changing passwords and protecting mobile devices. Employees should be trained to never open unfamiliar links or go to unfamiliar websites.
The news of data breaches causes ripples of panic among consumers – and the threat of a possible data breach has business owners sitting up and taking notice as well. At any given moment, an employee may be accessing confidential information, either by accident or dishonestly. This presents a unique challenge for businesses today.
Fortunately, through some simple management procedures, your human resources department can help prevent leaks from happening. These procedures will help protect employee and customer information from being exposed to unauthorized parties.
First of all, be aware of where critical employee and customer information is located and who has access to this data. Develop acceptable use policies for all employees that clearly outlines appropriate use of this information. You should include procedures as to what will take place should a violation occur. Be sure to consistently enforce these policies and procedures.
You should regularly review and revise these policies to make sure all changes and additions have been addressed, and that the procedures stay current with changing laws.
Make sure your company has an internal incident plan, and the appropriate resources in house to handle any incidents of employee or customer data loss or unauthorized access by an employee or outsider.
The worst thing your company can do is to compromise any investigation of a breach. Don’t turn on an suspect employee’s computer to “look around.” This may destroy potential evidence.
Don’t make the mistake of assuming your IT department will figure things out. Your IT guys are not forensic specialists. A professionally trained computer forensics expert should be retained for this purpose.
Be sure to report the breach as soon as possible, to both the public and, most importantly, those who may be potentially affected. Not doing so puts your customers at risk, and can potentially be suicide for your business. Be proactive and transparent.
Spear phishing is now apparently the concern for Sony Online Entertainment users, following a data breach that has affected some 77 million users.
Users of games like EverQuest, which is found on the network, could face the exposure of their credit card numbers, despite the fact that Sony said its credit card data is encrypted.
The New York Times has reported that researchers have already spotted credit card numbers associated with the breach listed for sale on the Black Market.
Phishing is a common identity theft scam, which involves criminals sending out e-mails or letters, or even telephoning a potential victim, claiming to be a legitimate source, seeking personal information. It is common for these scammers to claim that “verification” of the victim’s personal information is needed, in the hopes that the victim will just hand over things like credit card or Social Security card numbers.
If you receive such a request, according to Sony, ignore it. Sony officials said the company never sends out e-mails or letters requesting such information, nor does it call customers.
The incident is being investigated by the FBI. Should you be affected by this breach, check your bank and credit card statements carefully, and review your credit report, looking for unauthorized charges.
Be sure you also change your passwords, and if you do receive an e-mail that appears to be from Sony, don’t click on any links it may contain. The links could contain malware, which criminals can use to steal your private information.
If you own your own business, you know how tough it can be to keep your day-to-day operation costs down. It seems there’s always something popping up. Those unexpected costs can really eat up your bottom line.
But what if your company experiences a data breach? Now you’ve got legal issues, and the added cost of making sure your customers are protected. How are you going to deal with this added expense?
The answer is to take steps to be sure it never happens in the first place. Whether you are responding to a data breach, or looking to expand your employee benefits offerings or looking for a new revenue stream for your business, it makes sense to sign up for LifeLock® Breach Services. LifeLock® identity theft protection is a great investment for businesses of all sizes, and can help protect your customers and employees.
Not only can you lose money from a data breach, but your business can lose its good reputation in the community. LifeLock® Breach Services can quickly restore public confidence and help you avoid unnecessary costs. When you sign up, you’ll get fast response from LifeLock®, and a dedicated representative to work with you.
You’ll also get communications management, including notifications that are required by state and federal law and relevant banks or credit card issuers. Your affected customers can get a LifeLock® membership to help protect them.
Even after the incident, LifeLock® will provide you with reports and ongoing information about enrollments and fraud incidents, as well as ongoing support to help prevent any future incidents.
Things you can do yourself to help protect yourself include:
• Take inventory and know who has access to personnel and customer information in your system.
• Implement physical and electronic security methods, as well as employee training, to keep data safe.
• Remove peer-to-peer software and deny access to file sharing sites from company computers.
• Use shredders and wipe decommissioned electronic devices.
• Establish an identity theft protection team to help bolster your efforts.
The most common concern expressed by Facebook users has to do with security – Facebook users everywhere ask the same question: Is my Facebook profile and the information it contains safe?
In recent months, a new application called Firesheep – an add-on for the browser Firefox that provides an easy way for non-hackers to access others’ login information – was released. Firesheep works on a basic principle. Each time you log in, you provide your user name and password, which creates a “cookie.” That cookie can be sidejacked* and used to access your accounts.
If you are on a secured network, you can protect yourself. But if you’re using unsecured Wi-Fi, then your cookies may as well be on a plate and handed over to an identity thief, along with some milk to wash them down.
Once Firesheep is installed, it presents the users who are logged in using an unsecured Wi-Fi network and shows the sites they are visiting. It also reveals the users’ name and image, and with only one click, anyone can log in as that user, and gain access to all of their information.
Facebook has responded to the concerns about Firesheep voiced by its users, and has added a means to keep their web connection secure while connected to their accounts. The ability to add this encryption in Facebook was added this week.
To enable the encryption in your Facebook account, click on “Account,” then “Account Settings.” Scroll down to “Account Security,” and click “Change.” Look for “Secure Browsing https,” and click on the box to enable it.
Https protection has not yet been launched to all Facebook users, but is instead being rolled out slowly in the next few weeks, according to Facebook executives. If you don’t see the option yet, keep an eye out for it, and enable it as soon as possible.
It should be noted, however, that this encryption will not stop scams and the “koobFace” virus. There are still those who try to manipulate Facebook users to see videos, stories or images by clicking on a link, which will put that user’s account at risk. Be sure to verify the source of any links you receive before you click, and don’t click on links contained in unsolicited e-mails.
*Sidejacking is a term used to describe the malicious act of hijacking a victim’s user name and password, most often on social networking sites.
The headlines have been filled in the past year with thousands of data breaches – from universities to hospitals to private companies. There are many more that occur and don’t get reported. And for each breach, there are thousands of people who are affected, and who could become victims of identity theft.
Hackers are getting more and more knowledgeable on how to get into systems and steal customer and patient information. With just a few key pieces of info, like Social Security numbers, addresses and full names, a thief can do major damage – often ruining a person’s credit and good name. This damage can take years to repair, as well as thousands of dollars.
Companies are becoming more sensitive to the fact that they must step up their response to this growing problem. And LifeLock is leading the pack by providing them a way to protect their customers and employees.
LifeLock Breach Services can prove invaluable in helping businesses quickly restore public confidence and avoid unnecessary costs in the event of a breach. LifeLock’s services will help lessen potential fallout by:
• Initiating a rapid response.
• Communicating to people at risk.
• Establishing identity theft protection for those affected persons.
• Tracking results, providing reports and ongoing information about enrollments and fraud incidents.
LifeLock will also work with companies, providing support to stay ahead of any future complications.
Interested in protecting your business? Call LifeLock today at 1-877-511-7906.
Each day that passes, we all face risks. Those risks increase during the holidays. We risk car accidents on the way to the mall. We risk being mugged as we walk about the mall. We even risk catching a cold or the flu from a store clerk or another shopper.
Just as shopping at the local mall has risks, shopping online has its own set of pitfalls. But these pitfalls can mean financial loss, credit card fraud or identity theft.
According to a recent study by the National Cyber Security Alliance, of almost 3,500 U.S. adults surveyed, 64 percent have not made an online purchase from a specific Web site due to cyber security concerns. Sixty percent said this was because they were unsure whether that site was secure. More than 50 percent worried about providing the requested information, and 48.4 percent felt that the Web site requested more information than necessary for the purchase.
When shopping online, you risk landing on a potentially unsecured or even infected Web site, which could infect your computer with spyware. This spyware could be used to steal your data. Or you might provide your credit card information to a legitimate online merchant that later becomes a victim of a data breach.
But shopping online can be safe – if you take the right precautions. Make sure you have the latest version of your browser loaded onto your computer, keep your anti-virus software updated, and install critical updates to your operating system. You should also make sure to have a firewall installed.
To defend against credit card fraud, pay close attention to your statements and refute any unauthorized transactions within 60 days of discovery.
The only way you can avoid getting scammed by a “shady” site is to do business only with trusted web merchants. Do an online search for the Web site or company’s name prior to making a purchase, and read any reviews you find.
By taking these simple precautions, you can get your holiday shopping done online and keep yourself – and your personal information – safe and secure.
Two former University of Central Missouri students have been charged with computer hacking and identity theft.
Daniel J. Fowler, 21, of Kansas City, and Joseph A. Camp, 26, a New York resident, each face charges of conspiracy, fraud, computer intrusion, illegal interception of electronic communications and aggravated identity theft.
Camp has also been charged with trying to sell the personal information of more than 90,000 people to an undercover FBI agent.
For three months, beginning in October 2009, the duo hacked into the university’s computer network and downloaded large databases of faculty, staff, alumni and student information.
Data breaches such as this are becoming more and more common, and many of them aren’t even reported. What happens if you become a victim? Should you be worried? Here are some things to consider.
Seventy percent of all data breaches come from an attack by an external third party. This includes system hacks or intercepting e-mail. The variety and creativity of cyber criminals is greater than ever.
Seventy-five percent of all mid-size companies in America cut their security budgets in 2009 – but criminals don’t suffer during a recession; instead, they thrive. If you’re a small or medium-size business owner, don’t assume you won’t be hit. Thieves know businesses this size are an easy target.
The No. 1 cause of data breaches is human error. Forty-eight percent of all breaches occurred as the result of misuse, compared to 40 percent due to direct hacking. If businesses recognized this and acted accordingly, it would likely cut the number of data breaches by 50 percent.
Simple or intermediary controls would make 96 percent of all data breaches avoidable. But this doesn’t mean businesses must adopt complicated solutions to keep their data safe – simple basic protection would suffice.
Data loss can affect any business at any time. But the vast majority appear to be due to lax controls and the resulting human error. Human error isn’t necessarily something you can ever get rid of, but you can protect your business’ data so that should it be lost, misplaced or intercepted, the confidential business and client information won’t be compromised.