Does your organization accept credit cards? If you do, your organization needs to follow the PCI-DSS compliance standards. PCI-DSS stands for Payment Card Industry Data Security Standards; they were adopted as a shared set of data security standards by the major US credit card companies in 2005. Complying with these standards protects your organization from liability in the event of a breach.Read More
The National Cybersecurity and Communications Integration Center (NCCIC) has issued an alert regarding security vulnerabilities, known as Meltdown and Spectre, that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.Read More
In April 2017, The Automated Reporting Management Information System (ARMIS) contacted Microsoft, Apple, Samsung, and Linux to report eight zero-day vulnerabilities related to connections via Bluetooth, designated as Blueborne.
Blueborne endangers millions of unpatched devices by spreading through the air, across a wide variety of platforms: mobile, desktop, and IoT operating systems which includes Android, iOS, Windows, Linux; and all related devices that use these operating systems.
What is Blueborne?
Blueborne is a vulnerability by which attackers take advantage of Bluetooth connections to remotely control a device. The attack itself does not require the attacker's device to be paired with the target device, or require it to be in a discoverable state. It does, however, require the attacker to be within proximity of the device for the initial connection.Read More
Equifax, one of the three major credit reporting agencies, disclosed a data breach on September 7 that affects 143 million people in the US. The stolen data included the consumer’s name, address, date of birth, and social security number. In addition, credit card numbers and other personally identifiable information was also stolen for about 200,000 of the 143 million individuals. The “unauthorized access” was reported to have occurred on July 29, and the investigation is ongoing.Read More
- Must be at least 6 characters
- Must contain upper and lowercase letters, a number, and a symbol
- Must change every 60 days
Sound familiar? These have been standard rules for password creation for decades. The National Institute of Standards and Technology (NIST) is the government organization behind these familiar password rules, and just earlier this year they annouced that their official standards and recommendations are going to be undergoing a major re-write. They've sought advice from cybersecurity experts and have been open with their development of a new standard for passwords. While not yet official, here is a look at the major cybersecurity themes in the drafts of the new regulation:Read More
Gaining clear visibility into what is happening on your network is necessary to detect the nefarious activities of cybercriminals and to understand your users’ day-to-day activities. Security Incident & Event Management (SIEM) is the solution that can take detection of malicious and anomalous activity to a higher level. SIEM tools have historically been thought of as enterprise or carrier-class products, but as the need for better visibility has expanded to businesses of all sizes, SIEM tools have become less costly and more accessible.Read More
If you received a message today with the subject, “A document on Google Docs has been shared with you,” it is very likely that your email address is on the contact list of someone’s account that was hacked. This ploy was meant to convince you that someone you know sent you a document, and by entering your Google email address and password, you would be able to open the attachment. In reality, entering your credentials would provide a hacker access to your Gmail mailbox from which they could harvest your mailbox and attack your contacts.
Google has reported that they have taken down the offending accounts and system updates are underway to prevent future attacks. Google is also encouraging users to report the email as a Phishing attempt within Gmail.
If you received one of these messages, your account would have been compromised at the point of entering your email address and password. Opening the message, or even clicking on the link that opens the login page would NOT compromise your account.
If you clicked on the link and entered your credentials, immediately complete the following steps:
- Go to your Gmail account’s permissions settings at https://myaccount.google.com/permissions
- Remove permissions for “Google Docs,” the name of the phishing scam (if the page says, “You haven’t granted any apps or websites access to your Google Account,” your documents were not compromised).
- Change your Gmail password
When setting passwords, consider using a passPHRASE made up of three or more common words, and add a number or special character to increase complexity. Even the longest dictionary word is easily hacked, but passPHRASES are much more difficult to pick. Try something like “I-Like-Tomatoes22” or “I-Dr1ve-A-Boat” rather than using a common word or pet’s name. The length and use of multiple words provide added protection.
This is only the latest of several new email attacks. Always pay attention to the TO, FROM, and SUBJECT LINE before clicking on a link or opening an attachment. The “TO” line on this Google Docs message says, firstname.lastname@example.org. It is also important to be very suspicious anytime you are asked to enter your password from an email request. Credential phishing is big business for cybercriminals.Read More
If you've been putting off Cyber Security Awareness Training for your business, this is the year to get to it. The headlines featuring phrases like 'data breach,' 'cyber attack,' 'stolen data,' will continue and you need to do everything you can to make sure that your business isn't the story's subject. Everybody believes it won't happen to their business, until it does. With cyber crime on the rise, your business is at risk. This is the year to be certain that your employees have all the latest available data security knowledge and are prepared to help defend company data against all threats.Read More
What is mobile data security? If current trends are any indication, it could simply be another term for 'data security.' Now, many businesses supply employees with laptops, smartphones, and even tablets. All of those devices can and do leave the building (as well as the security measures your business has in place). If your business allows for employees to use mobile devices in a work-capacity, it's time to pay more attention to mobile data security and consider policies that protect sensitive data no matter where those devices are.Read More
Security, security, security. It dominated the headlines internationally last year and there's little reason to believe that will change anytime soon. As more business and commerce moves online, there is greater incentive for criminals to try to take advantage. For business leaders, this is a call to action: improve or become imperiled. Your network security should be a top priority for this year and beyond. As security races to catch up to cybercrime, more headlines will be made. Don't let your business appear in them.Read More