Author Archives: Marketing

Think You’re Immune to Cyber Crime Because You’re Small? Think Again!

14 December 2015
by: Marketing
in: Cybersecurity,Small Business
Tags: cybersecurity, Healthcare, small business
note: no comments

Do you believe your healthcare practice isn’t appealing to a cyber criminal because of your small size, lack of revenue, or maybe because you’re just a drop in the vast bucket of healthcare practices?

You are dead wrong. You are actually more appealing to cyber criminals because they know as a smaller practice, you are probably less secure.

A poll by KPMG showed that over 200 healthcare providers were polled and found that four out of five providers had been hacked. 44% of healthcare organizations have been attacked 1-50 times while 38% have been attacked between 50-350 times in the last year. 13% were attacked more than 350 times.

These cyber criminals are going after smaller healthcare practices with full force and the consequences are dire. If a cyber criminal is successful in attacking your network, you will have violated the Health Insurance Portability and Accountability Act (HIPPA), lose all trust from your patients, or even worse, you could lose a life and your entire practice. You are not immune to these consequences if your healthcare practice is small.

Out of all the industries that exist, the healthcare industry is probably one of the most complicated to get a handle on their cyber-security. Many healthcare practices have been holding onto old practices, and with the ever-evolving landscape in cyber-security, if you’re not staying up-to-date, you are opening yourself to these attacks. For many, the idea of tackling this is too much. Instead of being so overwhelmed by all the ways a hacker could breach your network, take that time to reach out to the professionals who will help manage your cyber-security.

According to the American Medical News, a five physician practice named Phoenix Cardiac Surgery was fined and penalized after it was found that they had a host of problems amongst their cyber security and were negligent in fixing these problems.

The practice ‘failed to implement adequate policies and procedures to protect patient information; failed to document that it trained employees on HIPAA Privacy and Security Rules; failed to identify a security official within the practice and conduct a risk analysis; and failed to obtain any business associate agreements for its Internet-based email and scheduling services.’

In the end, Phoenix Cardiac Surgery had to pay over $100,000. Leon Rodriguez, director of the Health and Human Services of The Office for Civil Rights stated,

We hope that health care providers pay careful attention to this resolution agreement and understand that the HIPAA Privacy and Security Rules have been in place for many years, and OCR expects full compliance no matter the size of a covered entity.

Once a healthcare facility has violated HIPPA privacy laws, HIPPA will continue to audit the practice. That means that they have eagle eyes and are looking for other violations. It does not help anyone to ignore your cyber-security issues.

How can Axiom Cyber Solutions help your healthcare practice?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own.

Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

The Benefits of Managed Cyber-Security

You’d have to have had your head stuck in the sand for the past year to not notice the amount of cyber-security breaches that are occurring. The cyber-security industry is growing and attacks are at an all-time high.

Quick Statistics:
-Currently, 60% of all targeted attacks struck small and medium sized organizations (Symantec).
-For most of these businesses, it took 170 days to detect a malicious or criminal attack (Ponemon).
-60% of businesses close within six months of experiencing a cyber breach (National Cyber Security Alliance).
So why do so many businesses continue to ignore their cyber-security?

For most, it comes down to their budget. Many employees in small businesses wear several ‘hats’ and are involved with numerous departments at their job. If most small businesses can’t hire an IT staff, it’s safe to say that a cyber-security professional is definitely out of the question. For many of these businesses, they haven’t even thought about an incident response plan for these attacks. These businesses don’t know what they’ll do, who they’ll contact, or how they’ll tell their customers when it happens to them.
Axiom Cyber Solutions wants to help keep you and your business secure. For $199 a month, Axiom will manage your business’ cyber-security. We believe the benefits to managed cyber-security is well worth it, in order to keep your business and clients safe and secure.

Here are 4 major benefits to managed cyber-security.

1. Protecting your business means protecting your data: All businesses should have anti-virus software but in the world of ever evolving cyber threats, it simply is not enough to only have anti-virus software. Each Axiom managed cyber-security package comes with: An Axiom Sentry Firewall managed by Cyber-Security Experts, Automatic Firmware & Security Updates, Threat Detection, Threat Prevention, Real-time Alerting & Monitoring, Denial of Service Protection, Advanced Ransomware Protection, Monthly Reporting and 24/7 Support

2. By spending $199 a month, you have the peace of mind that your network is being monitored with state of the art equipment. With our real time alerting, you will not have to wait 170 days to discover your network has been maliciously attacked. Leave it to our experts to help keep you secure.

3. If your business is protected, your organization’s reputation will not be hurt. One negative story about your business in the news will scare potential clients and your current clients. No one wants to do business with a company who doesn’t care about their clients and by having managed cyber-security, you are protecting your client’s most valuable data.

4. Do you want to have to report to the FTC daily? Save yourself from being hit with fines and audits, otherwise the FTC can fine a company that has not sufficiently protected their data against a breach. The FTC will require a company to undergo 20 years of security audits if they are found negligent. Having firewalls and intrusion detection mechanisms in place to prohibit cyber criminals from gaining access to your network is key to avoiding the potential fallout you’ll have to deal with.

How can we help your small business?
Axiom Cyber Solutions is offering Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.
Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Facebook and Phishing: The New Social Frontier

With the holidays approaching, it’s not always all about cheer and goodwill. Crime tends to peak during the holidays and cyber crime is included.

Facebook currently has over 1.44 billion users. It’s no surprise that cyber criminals are using this popular social networking service as a gateway to identity theft. An incredibly popular method called ‘phishing’ is a common way for these thieves to trick you in order to gain your personal and financial information. It’s so common that with a simple google search, one can find step by step guides on how to hack Facebook accounts using phishing methods.

So what is phishing and how is it done? To put it simply, phishing is where users are directed to enter details into a fake website that looks and feels like the legitimate one. Basically, these cyber criminals goals are to get you to login to your fake login page and the criminal then successfully gets the Facebook email and password.

Nearly all cyber crime comes from some sort of phishing. National Counterintelligence Executive William Evanina said in a recent interview with the Washington Examiner, “We’ve looked at all of these intrusions and exploitation of personally identifiable information over the years, both government and private sector, and just about 90% of them either started with or were enhanced by a spear phishing success.”

Recently, a colleague shared an experience he had on Facebook. He had received a friend request from someone who he thought he was already friends with. He assumed that maybe his friend had accidentally removed him and was re-adding him. After some small talk, my colleague’s friend sent him a message with a link that said “Hey, have you checked this link out?”

My colleague had an odd feeling at this point. In conjunction with the unique scenario and the poor spelling, he realized something was not right. He then asked his friend “Hey, how exactly do we know one another?” The friend responded but brushed the question aside, “We’ve been friends forever.” After a little more back and forth, the friend refused to share details on their friendship. My colleague successfully avoided this likely phishing attack. Had he clicked on that link, he would’ve been asked for his password, and had he entered it, he would’ve had a problem on his hands.

These phishing attacks can come in many forms. It may look like Facebook is emailing you about a photo violation or maybe a friend is sending you a holiday e-card. Warning bells should go off immediately if it links you to a website and asks you for your password. Odd spelling and a poor use of English is also a dead giveaway when it comes to cyber crime.

Facebook addresses how to keep your account safe with the following tips:

Protect your password. Use a combination of at least 6 letters, numbers and punctuation marks. Avoid including your name or common words. Your password should be difficult to guess. Don’t use your Facebook password anywhere else online and never share your password.
Never share your login information (ex: email address and password). Sometimes people or Pages will promise you something (ex: free poker chips) if you share your login info with them. If you’re ever asked to re-enter your password on Facebook (ex: you’re making changes to your account settings) check to make sure facebook.com is still in the URL (web address).
Log out of Facebook when you use a computer you share with other people. If you forget, you can log out remotely.
Don’t accept friend requests from people you don’t know. Sometimes scammers will create fake accounts to friend people. Becoming friends with scammers might allow them to spam your Timeline, tag you in posts and send you malicious messages. Your real friends might also end up being targeted.
Never click suspicious links, even if they come from a friend or a company you know. This includes links sent on Facebook (ex: in posts) or in emails. If one of your friends clicks a spam link, they could accidentally send you or tag you in spam. If you see something suspicious on Facebook, report it. You also shouldn’t download things (ex: a .exe file) if you aren’t sure what they are.
Watch out for fake Pages and apps/games. Be suspicious of Pages promoting offers that are too good to be true. If in doubt, check to see if a Page is verified. Be mindful when you install new apps or games. Sometimes scammers use bad apps and games to gain access to your Facebook account.
Log in at www.facebook.com. Sometimes scammers will set up a fake page to look like a Facebook login page, hoping to get you to enter your email address and password. Make sure that you check the page’s URL before you enter your login info. When in doubt, you can always type facebook.com into your browser to get back to the real Facebook.
Update your browser. The newest versions of internet browsers have built-in security protection. For example, they might be able to warn you if you’re about to go to a suspected phishing website. Facebook supports: Mozilla Firefox, Safari, Google Chrome, and Internet Explorer.
Run antivirus software. To protect yourself from viruses and malware, scan your computer.

Axiom Cyber Solutions is offering Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Why the FTC Ruling on Cyber Security Affects Every Business Owner

In late August, the United States Court of Appeals for the Third Circuit unanimously affirmed the Federal Trade Commission’s (FTC) power to regulate cybersecurity under the unfairness prong of the FTC Act (15 U.S.C. §45).FTC v. Wyndham, Case, No. 14-3514. The ruling states businesses must have cybersecurity protection for their customers or be subject to fines. This ruling is especially important for those businesses who keep customer data such as financials.

Philadelphia judges ruled 3-0, giving the FTC the authority to sue Wyndham Worldwide, for cyber breaches in 2008 and 2009. In this case, over 619,000 customers had their personal financial information endangered. It has been reported that more than $10 million of fraudulent charges came after.

FTC, 2012. Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL.

The FTC argued that Wyndham Worldwide was guilty of numerous unfair practices. Not only was Wyndham not storing their payment card information in a safe manner, they were also using easily guessed passwords in their property management systems. The FTC stated that the business lacked cyber security policies, including prevention and incident response plans.

Companies really need to think about the following 5 things when it comes to their cyber security, lest they be subject to fines and headaches:

Businesses should analyze their data and how they collect it, use, and store it. This is especially important for businesses who withhold financial information.
Is the business taking reasonable steps to secure their data? Are they limiting administrative access, assigning secure passwords, limiting access to the network, and regulating access to data?
Companies need to compartmentalize the network and oversee who’s trying to gain access. Firewalls and intrusion detection mechanisms need to be in place to prohibit cyber criminals from gaining access to your network.
Do my service providers offer me cyber security measures? Companies need to do their research on what is offered by their service provider when it comes to information security risks.
What procedures do I have right now that are keeping our security up-to-date? Frequent updates and patches to software should be priority, ignoring these things or going into denial about cyber breaches does not do anyone any good.

The bottom line is, any company that has experienced a cyber security data breach is required to take proactive measures to avoid future breaches. If a company does not take some sort of precautionary steps, they will be subject to fines by the FTC.

And it doesn’t stop at fines. A business can lose their reputation, the trust their customers and clients have given them, Even after all of this, it is still not done. The doors have been opened for class action lawsuits. The years of time and money that have to be spent to deal with the fallout of a cyber security data breach is a huge inconvenience and there’s no guarantee that a business will even be able to continue to stay open. Axiom Cyber Solutions can help businesses of all sizes stay safe from hackers.

Data breaches will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network. Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Hackers are Targeting Small Business

“60% of businesses close within six months of a cyber attack.” (The National Cyber Security Alliance)

What side of that statistic do you think your business would fall on?

Do you believe you’re immune from hackers because you’re nowhere near as well-known as Anthem or eBay? You are dead wrong. Smaller businesses do not have the same cyber security resources as larger businesses and hackers are banking on the fact that you are ignoring your cyber security. As a small business, you are a more attractive target because you are more likely to be less secure. Thanks to automation, cyber criminals are mass producing their attacks with numbers in the thousands with little to no investment.

It’s all over the news and almost impossible to escape from. Every day a new story pops up about a data breach or cyber crime. Corporations worldwide are beefing up their cyber security. It is not only the retail and financial organizations, the Pentagon is also following in their footsteps to protect their data.

Cybercrime has cost the US economy $100bn a year, worldwide that total goes up to $300bn annually, according to the Center for Strategic and International Studies.

In fact, McAfee found that almost 90% of small and medium sized business in the US do not use any data protection for their company and customer information. Less than half secured company emails to prevent phishing scams. Where does that leave the hackers? It leaves them to focus on you.

Despite the growing number of cyber crimes, many small business owners believe that hackers will not waste their time on small business. However, hackers are stealing enormous amounts of cash from small businesses and because these are small businesses, they do not get anywhere near the amount of news coverage like a Target or Sony would get. Most of these cyber crimes occur before the business owner can even realize their security has been compromised. The loss of customer data will change how your customers view you and these security threats are not going away anytime soon.

For small business owners, being proactive is an absolute must. Just like in football, your best defense is good offense. Otherwise, the fallout from a data breach can be astounding. You do not want to wait until your data is being held ransom before you think about cyber security. Otherwise, you will face quite the fallout from a breach.

Not only will you have to pay fines and penalties, you will have to conduct a forensic investigation and a PCI assessment. A small business will lose their reputation and lose the faith of their customers. Punishment will come in many shapes and sizes. You may not be able to continue to take credit card payments once a cyber breach has occurred, many merchants will suspend your account once this has occurred. Your payment processor may impose stricter PCI requirements and compliance which of course means it will cost you more money to continue to do business. Anti-virus and anti-malware can only protect a single computer from an attack. It does not protect your network hardware from attempted breaches. You need a good firewall and transport security in conjunction with updated virus and malware protection.

How can Axiom Cyber Solutions help secure a small business?

Axiom Cyber Solutions is offering Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, give us a call us at (800) 519-5070. #FightBackWithAxiom

DDoS: All Hope is Not Lost

02 November 2015
by: Marketing
in: DDoS
Tags: DDoS
note: no comments

With recent news revealing that the TalkTalk UK hack was preempted by a Denial of Service attack, Axiom feels the time is right to reiterate the sentiment that all businesses are susceptible to the dangers of these attacks.

Cloud “Scrubbing” and intelligent routing will not be enough to protect the American core transport infrastructure throughout the coming cyber-attacks of tomorrow. Powerful, efficient, and scalable appliance-based solutions like the Axiom Sentinel are where tomorrow’s protection exists, today.

For those of you that do not know, a Denial of Service attack occurs when a malicious entity sends more traffic to your network than it can handle. When this occurs, your network equipment can become overloaded and fail into a state known as “hub mode” in an effort to maintain communication across the network. When this “hub mode” is enabled, all of the traffic on your network is blasted to every port, allowing an attacker to gather meta and packet data in an effort to map topology of your equipment.

Having a map of your network makes it easier for attackers to push forward with deeper penetration into your infrastructure, allowing them to breach data systems and steal information about your business and clients.

Over the past two years, a popular defense against these attacks has been to pipe your Web domain through a cloud scrubbing service that filters out requests not coming from legitimate users. While these services do a good job of keeping your Web site up and running, the continued use of Cloud scrubbing stems from the ill-conceived idea that DOS and DDoS are only about taking a service off-line, or restricting access.

The bottom line is that these services often only:
1) Protect your domain against application layer (HTTP, HTTPS) traffic.
2) Stem the flood of traffic at their Cloud data center, creating a failure scenario wherein that attack is eventually routed to you. Effectively leaving your susceptible to the brunt of the attack.

Do you run a compliance environment? Payment Cards Standards has recently stated that simply doing business with a “PCI Compliant Cloud Provider” does not make that traffic compliant. Similarly, a HIPPA certified cloud environment will not provide the same level of compliance as your certified internal network.

The bottom line: Working with cloud security providers in standards complaint environments is still an exercise in time and well-formed business agreements.
Axiom engineers believe that to effectively defend against today’s DOS-type attacks, best practices involve protection both up-stream and at the edge of your network using powerful, appliance-based, solutions like Axiom Sentinel. These premise-installed devices are capable of analyzing and processing over one-hundred million packets per second, enough to mitigate some of the largest enterprise-targeted DOS and DDOS attacks.

When deployed in combination with a multitude of failover internet circuits, Axiom Sentinel will keep your network and business online and communicating when the worst attacks come downstream.

Wherein your provider has failed to mitigate the attack, or ported your traffic to stop the flow of packets into their own network, Axiom’s Sentinel allows you to use your backup internet circuits while continuing to defend against any malicious data coming from the compromised route.

Easy deployment, intelligent management, flexible placement, and industry-leading performance make Axiom Sentinel the most robust security platform available on the market.

Why only protect your Web-site when you can protect your entire network.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Social Engineering – Even the CIA Director is Not Immune

What is social engineering?

Social engineering refers to the concept of psychologically manipulating people in order to trick a person into revealing critical information. Cyber criminals will attempt to do this in many ways. For example, an employee may have their computer accessed by a hacker who has installed malware into their system. Another example is tricking an employee into giving them accessibility, it could be a password or crucial banking information. Human nature and trust feeds into this concept and cyber criminals are counting on this. There has even been reports of attractive women befriending IT security professionals, thereby gaining entry and infecting the network with malware.

In another example, how easy would it be to simply call up an employee of a business and pretend to be the company’s IT department, convincing them to handover a password? At this point, a company’s security is compromised and the cyber criminal has exactly what they need to do some real damage. By acquiring this confidential information, the cyber criminal is able to avoid using the internet or hardware to hack.

These days, you’d be hard pressed to find someone who isn’t a member of one social media outlet or another. In fact nearly two-thirds of 50-64 year olds and 43% of those aged 65 and over are now on Facebook according to a recent study done by Pew Research Center.

As shown in recent headlines, even the CIA’s Director is not immune to social engineering. On October 21st, 2015, WikiLeaks published their second batch of CIA Director John Brennan’s confidential AOL emails. The teen hacker admitted that he obtained access to Brennan’s emails by posing as a Verizon employee. So, how can you help yourself stay safe?

According to the Department of Homeland Security, the following tips can help you avoid the above scenario.

Email Awareness – Cyber criminals will send massive amounts of fake e-mails, with hopes that people will open the email and then become infected by malware. By installing and maintaining security protections such as firewalls, antivirus software, and email filters, you can greatly reduce your unwanted email traffic. Employees must be trained on email and browser best practices, including the following tips.

Resist the urge to click links in a suspicious email – visit websites directly.
Be cautious of email attachments from unknown sources.

Website and Software Security – Eighty-six percent of all websites have at least one serious vulnerability, and most of the time, they contain more than one, according to the 2015 Website Security Statistics Report. Hackers will target websites that have Flash or Java to trigger vulnerabilities. By using an antivirus program with software such as firewalls and malware and spyware detection, you can improve your chances against cyber criminals. Making it a priority to check for security patches and updates and following the below tips will assist with your security.

Only install approved applications.

Be sure you’re at the right website when downloading software or an upgrade. Even when using a trusted site, double-check the URL before downloading to make sure you haven’t been directed to a different site.
Recognize the signs that your computer is affected, and contact IT if you believe you have been the victim of an incident.

Password Protections – “Password1” was the most common password used by corporate environments in 2014. How unsafe and unimaginative is that? This prime example of lethargy points out a huge security gap in the industry and is exactly what cyber criminals are looking for when breaking into a system by using unauthorized usernames and passwords. Follow the tips below to safeguard against this.

Change the passwords on computers and point-of-sale systems (including operating systems, security software, payment software, servers, modems and routers) from the default ones the products came with to passwords that are easy for you to remember but difficult to guess. Long, strong passwords incorporate upper- and lowercase letters, numbers and symbols and should consist of “passphrases.”

Update system passwords regularly and especially after outside contractors do hardware, software or point-of-sale system installations or upgrades.
Educate employees and users on choosing strong passwords and changing them frequently.

Use two-factor authentication. Many of these attacks rely on getting a password one way or another. Requiring another form of ID, such as a security token, will make it harder for hackers to falsify an account.

Taking the time to learn more about cybersecurity requires the openness to learn and even change the way you do business. Social engineering is one of the easiest ways a cyber criminal can gain access to critical information. All levels of employees can be vulnerable to social engineering attacks and all it takes is one click.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, give us a call us at (800) 519-5070.

Top 5 Cyber Crimes All CPA’s Should Be Aware Of

The U.S. Intelligence Service puts cyber crime as the number one threat that we face, moving past terrorism. In 2014, 39% of all cyber attacks affected financial institutions compared to 17% found in other industries, according to professional consultancy group, PwC.

These financial institutions include banks, mortgage lenders, insurance companies, and brokerage firms. A recent report by the AICPA (American Institute of Certified Public Accountants), the world’s largest member association with over 400,000 members representing the accounting profession, has identified the top five cyber crimes that CPA’s should be aware of.

Tax Refund Fraud: All a cybercriminal needs is a name and Social Security number in order to go through with his crime. This information can be accessed by either purchasing on the black market, e-mail phishing, or social engineering. The cybercriminal can then fill out the tax return and generate a large refund. The ACIPA encourages CPAs engaged in tax work to assess their privacy and security policies, and establish internal controls to keep client data secure.

Corporate Account Takeover: This is the most stealthy and costly type of attack. An electronic funds transfer such as ACH (Automated Clearing House) fraud or wire transfer fraud involved three key steps.

Log-in credentials are acquired illicitly. It may come as an email attachment or file transfer. When the user allows this malicious program to be downloaded and executed, the cybercriminal moves onto the next step.

Now that the cybercriminal has access to the victim’s computer, they can avoid the bank’s security features, allowing the criminal to move onto their third step.

The cybercriminal can transfer the funds from their victim’s account to an account of their own. A ‘money mule’ may be used to transfer the funds to a protected account, likely overseas and away from U.S. law and jurisdiction.

CPAs can help educate their clients about this type of cybercrime. CPAs in management accounting who hold a key position of responsibility for this kind of fraud must learn the vulnerabilities that come with online banking.

Identity Theft: This is a gateway to other cybercrimes and frauds. Once a criminal has a person’s information, they can financially benefit by the following ways:

Opening a line of credit
Purchase goods or services
Rent or buy a home/apartment
Receive medical care
Obtain employment

Identity theft can be tricky because cybercriminals will sit on that information for some time before using it. According to the AICPA, 50% of identity theft goes undetected for at least one month and 10 percent remains undetected for two or more years. Due diligence must be practiced or lawsuits may occur. The AICPA found that ‘forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws regarding security breaches of personally identifiable information’.

Theft of Sensitive Data: Businesses may have sensitive data such as unencrypted credit card information, personal information, trade secrets, codes, customer, and employee information that lure cybercriminals. The theft of sensitive data can be costly for businesses, in both financial costs and public-image. Legal fees and increasing security measures are sure to follow.

Theft of Intellectual Property: Intellectual property, includes commercial, copyrighted materials like music, movies and books. These are at risk of being stolen. According to the FBI, preventing intellectual property theft is a priority for its criminal investigative program and they are focusing on theft of trade secrets and product infringements, such as counterfeit parts and other products that threaten safety. AICPA encourages CPA’s to work with their clients on being up to date on privacy and security reviews.

The AICPA encourages financial institutions to focus on earlier detection of cyber crimes by implementing monitoring systems and technologies for cyber security.

Axiom’s solutions come in different sizes and all Axiom solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, give us a call us at (800) 519-5070

Cyber Security: Not a Priority in Nuclear Power Plant Facilities

October is National Cyber Security Awareness Month. In our past articles, we’ve mentioned cyber security vulnerabilities ranging from both small to large businesses, healthcare organizations, and more. Recently, a report was published by the International Policy Institute, Chatham House, on cyber security in nuclear power plants.

The fifty-plus page report was released this past September and detailed numerous shortcomings found in worldwide nuclear power facilities, including the United States. The report was extremely critical of vulnerabilities found in these facilities. Many of these infrastructures are ‘insecure by design’, because of their age and are not as well prepared as they may believe. In fact, many of these infrastructures were built before cyber attacks were even considered.

Recent high profile cyber attacks have brought to light these cyber security vulnerabilities in nuclear facilities. Couple that with the present rising number of crimes perpetrated by cyber criminals and terrorist groups and the very real fear of releasing radiation, you have a real cause for concern.

The report states that their focus is on when a plant’s control systems are “disrupted or even captured and harnessed by saboteurs acting either inside or outside the facilities where these systems are located.”

The range of threats could vary from stealing confidential corporate data for financial profit or stealing operational information to be used in an attack at a later time. Considering a plant’s industrial control system, the report states,
“A cyber attack that took one or more nuclear facilities offline could, in a very short time, remove a significant base component to the grid, causing instability.”
However, the worst case scenario according to Chatham is an attack on a nuclear plant’s backup power system could cause a release of ionizing radiation.

Chatham studied nuclear power plants worldwide over an 18 month time period. They found several factors for these vulnerabilities and we have narrowed down the following four industry-wide cyber security challenges.

1. Employees and Human Nature: In general, poor IT practices and the very human nature of finding shortcuts at work can contribute to security breaches. For example, employees may want to charge their smartphones by directly charging them in a control computer but if these devices lack antivirus software, systems are particularly vulnerable.

One source goes on to describe how in some US nuclear power plants, engineers will bring in their personal computers into work, plugging them directly into the computer interface of the PLC (Programmable logic controller). If the engineer’s personal computer is infected with malware, it can and will affect the PLC in the process.

2. Passwords: Default passwords are commonly found at plant facilities, according to Chatham’s report.

“The failure to change default passwords is another challenge at nuclear facilities. In some instances, nuclear facilities fail to take basic ‘good IT hygiene’ security measures, such as changing the factory default passwords on equipment.”

It’s incredible how such a simple safety measure is being overlooked. This is part of a bigger problem, which leads us to our next item.

3. Culture of denial: One source explained that there is a ‘culture of denial; found in many nuclear facility personnel,

“It remains a movie scenario, maybe in the future. They think it is just states against states, not everybody wants to hack us, and also it won’t happen here.” Although many personnel feel it’s unlikely, cyber attacks need to be considered as a real threat. Harmful radiation would have everlasting effects.

Chatham found that cyber security training lacks a cohesiveness in drills between regular plant personnel and the IT security personnel. Training includes focusing on more reactive than proactive solutions, so in many cases, cyber attacks are occurring before an employee is aware of it.

4. Air gaps myth: An air gap is a network security measure, employed on one or more computers to ensure that a secure computer network is physically isolated from unsecured networks, such as the public Internet or an unsecured local area network. Many in the industry believe that ‘air gaps’ will keep them safe from cyber attacks but in reality, all nuclear plants are not ‘air gapped.’

The issues is that employees want those ‘commercial benefits’ that the Internet can offer, and don’t consider that they are connected to the internet.

“A number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of,” the report says. VPNs can be used to introduce malware onto the industrial control network.
Something as tiny and simple as a flash drive is all it takes to gain access into a plant’s system, personal computers are used frequently enough and because they can be directly connected to a plant’s control system, it is by no means a guarantee.

Chatham concludes that “plants must develop guidelines to measure cyber security risk in the nuclear industry, including an integrated risk assessment that takes both security and safety measures into account as well as fostering partnerships between vendors and cyber security companies to enable the development of more robust cyber security products.” Getting a handle on practicing ‘good IT hygiene’ as we mentioned earlier is also an element that needs to be addressed at all of these facilities.

October is Cyber Security Awareness Month

2015 has been the year of cyber crime, data breaches, and cyber attacks. We live in a world where we are all unified with our smartphones, tablets, and laptops. Although this constant connection has changed many people’s lives in many ways for the better, it also poses a huge risk for a company’s data such as financial information and health records.

As we have learned from the Office of Personnel Management to Home Depot , no organization is immune to these breaches. All it takes is one click for an organization to become compromised and lose their data and their customers data. These breaches can be incredibly costly to these organizations, whether it’s due from the downtime a website experiences or the potential fines that the Federal Trade Commission (FTC) may impose. Cyber security is so vital, it even has its own month dedicated to it.

October is National Cyber Security Awareness Month. This October marks the 14th year since its inception by President Obama in 2004. National Cyber Security Awareness Month (NCSAM) encourages vigilance and protection by all computer users, promoting cyber security as “our shared responsibility.”

President Obama stated in his Executive Order on Promoting Private Sector Cybersecurity Information Sharing Proclamation,

“Cyber threats pose one of the gravest national security dangers the United States faces. They jeopardize our country’s critical infrastructure, endanger our individual liberties, and threaten every American’s way of life. When our Nation’s intellectual property is stolen, it harms our economy, and when a victim experiences online theft, fraud, or abuse, it puts all of us at risk. During National Cybersecurity Awareness Month, we continue our work to make our cyberspace more secure, and we redouble our efforts to bring attention to the role we can each play.”

The month long awareness program is sponsored by the National Cyber Security Division (NCSD), which is part of the Department of Homeland Security and the non profit organization, the National Cyber Security Alliance (NCSA). NCSAM’s mission is to engage and educate the public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing the resiliency of the nation in the event of a cyber incident.

Axiom Cyber Solutions would like to share the following cyber security tips from the Department of Homeland Security. These tips can help keep your personal information and assets safe online.

Set strong passwords and don’t share them with anyone.

Keep your operating system, browser, and other critical software optimized by installing updates.

Maintain an open dialogue with your family, friends, and community about Internet safety.

Limit the amount of personal information you post online and use privacy settings to avoid sharing information widely.

Be cautious about what you receive or read online – if it sounds too good to be true, it probably is.

If you are interested in seeing what National Cyber Security Awareness Month activities are near you, please visit: https://www.staysafeonline.org/ncsam/events.

If you or your organization needs further help on security, please contact Axiom Cyber Solutions at 800-519-5070

Page 2 of 3 < Previous 123 Next >

Blog ArchivesMarketing

Blog Archives
Marketing