How Data Breaches Affect Children

How Data Breaches Affect Children

Believe it or not, data breaches do affect children, even as young as infants. The worrisome aspect of recent massive data breaches is that many adults have grown immune to data breach notifications; so much so that nearly half of Americans haven’t even checked their credit following the Equifax breach. If they are not checking their own credit, you can pretty much bet that they haven’t looked into their children’s credit either.

One family of five decided to plug in their entire family’s information into the Equifax data breach checker and were surprised to see that their 7-year-old son’s information was potential stolen.

The theft of a child’s identity is lucrative to a cyber-criminal because it can remain undetected for years, if not decades. Without regular monitoring, a child’s identity that has been stolen may not be discovered until they are preparing to go to college and start applying for student loans or get their first credit card. By then, the damage is done and the now young adult will need to go through the pain of proving that their identity was indeed stolen.

It may be surprising to many but a 2011 report found that children are 51% more likely to be the victim of identity theft than an adult. It was found that one of the victims was only five months old and another teenager had over $700,000 in debt in their name.

And this tax season, cybercriminals on the DarkWeb have been caught selling the social security numbers of infants for just $300 per social to be used on fraudulent tax returns. While data on children has been on sale for many years, this is the first believed case where hackers are specifically targeting newborns and “fresh” social security numbers.

So, what can parents do to protect their children and their credit?

The first step would be to treat your children’s social security numbers just as carefully as you would treat your own. Do not provide it to anyone unless absolutely necessary (doctor, school, accountant). And if you have a teenager, teach them how to be responsible with their social security number as well.

Secondly, if you have reason to believe that your child’s information may have been stolen, you as a parent are allowed to request to see if your child has a credit report and secondly, if they do, by request you can also put a credit freeze on their report.

Image Credit – Freepik

Another Day, Another Data Breach – Should We Just Get Used to It?

Another Day, Another Data Breach – Should We Just Get Used to It?

It seems like we can’t go a week without news of a data breach affecting a major company: Target, Home Depot, Yahoo (all 3 Billion account holders), HBO, Equifax (3 times), Deloitte, Sonic, Whole Foods. With the prevalence of personal information being exposed and stolen, people often wonder should we just get used to having our data breached? Should we get used to the fact that cat photos on Facebook are more secure than our social security number?

In short, no! We should never simply accept that the companies are not responsible for the security of the data they collect about us. We should be upset when our data is breached and demand action so that companies begin to take data security seriously. And one of the worst things about data breaches is that nearly all of them end up being far worse than initially reported.

The Equifax hack occurred because the company failed to install a patch for vulnerable systems for over six months after the patch was released. The Security & Exchange Commission (SEC) which ironically issues regulations telling other companies to clean up their technology infrastructure and can fine them for failing to take the necessary cyber-security measures suffered a data breach of its “Fort Knox” system called EDGAR which companies use to file all the important stuff about the business like quarterly earnings, merger & acquisition, IPOs, market news, and more. And Deloitte’s email administrator failed to secure his/her account with two-factor authentication and hackers were able to get in with privileged, unrestricted administrator access and steal millions of email records, many with sensitive information.

With the onslaught of lawsuits and regulatory inquires against Equifax will teach businesses anything, it is that our lawmakers and the people they represent are tired of having their data compromised and soon we can hope there will be real, tangible changes in how businesses consider data security. In its most recent shareholder packages for at least five years, Equifax did not mention data security once as a company priority. This must change and any business that collects personal information must be serious about the protection and should they fail, there must be repercussions because the theft of data can lead to real harm to individuals.

The news of the credit card data breach at Sonic has made many wonder, how are credit cards still getting hacked? The credit cards themselves are fairly secure but when the point-of-sale (POS) system used to process the credit card transaction is compromised, there is little the new chip technology can do to protect the consumer. USA Todayattributes part of the problem to the increase in the use of technology by businesses without the budget and skillset required to secure those new internet-connected POS systems. Companies need to ensure that they not only invest in the new systems but also hire the technical staff or find a trusted partner, like Axiom Cyber Solutions, to ensure that the POS systems are properly protected. Companies that take credit cards need to consider PCI requirements and ask the question, “If I get breached and lose the ability to take credit cards, can my company survive?”

Don’t get used to having your data breached. Demand that businesses protect your data and encourage your lawmakers to consider new legislation that would allow regulation of data security standards and penalties for data breaches.

What You Need to Know about the Equifax Breach

What You Need to Know about the Equifax Breach

Data breaches are bad but the Equifax data breach may be one of the worst. When hackers stole the data on potentially 143 million American consumers from the credit reporting bureau they took everything they needed to unlock the identities of 44% of the American population. And ironically, Equifax was one of the companies that other companies turned to when they were breached. As their website states: “You’ll feel safer with Equifax. We’re the leading provider of data breach services…”

Hackers reportedly used a website vulnerability to steal everything from social security numbers to credit card numbers from May until the breach was discovered on July 29thmeaning the hackers had access for at least two full months. No reason for the delay in informing the public has been given but in some recent large investigations law enforcement has requested companies to wait to disclose the information.

What makes this data breach one of the worst, even though the scale isn’t as large as say Yahoo’s 500 million, is that consumers did not have to directly give their information to Equifax, instead it was provided to them by nearly every bank, credit card, and loan company to make credit decisions. So if you have ever applied for a credit card, loan, or mortgage, your data may have been compromised.

As standard with breaches, Equifax has offered free credit monitoring services for a year if you sign up by November 21st whether your data was accessed or not. But wait, don’t leave and sign up right now! A caveat to signing up for Equifax’s offer of free credit monitoring service from TrustedID, which is also owned by Equifax, is that the terms of service of TrustedID states that if you sign up you cannot partake in any class action lawsuits against the company. And not wasting any time at all, two Oregon residents have filled a lawsuit against Equifax alleging negligence in securing the personal information of consumers.

While a nice gesture and possibly giving Equifax some legal relief as people scramble to sign up for credit monitoring, the data stolen from Equifax can be sold on the DarkWeb for years to come to steal identities. There is no expiration date on information like name, address, date of birth, and social security number… all of which the hackers took. Consumers will need to remain vigilant in checking bank account information and making sure their identities are not stolen for the near and far future. Signing up for a credit monitoring service is definitely a good idea, perhaps not with TrustedID, but as you look, try to find one that doesn’t just look for new account creation. Find a service that monitors open accounts for changes as well as new account creation. You can also look into identity protection insurance services, such as LifeLock, as an additional layer of protection.

As a notable side note: Questions have been raised about the sale of $1.8 Million in stock by three executives of Equifax following discovery of the breach before it was disclosed to the public. The company reports that none of them knew about the breach. That does make one question the cyber-security incident reporting policies of such a large organization.

(AP Photo/Mike Stewart)

Why is HIPAA Data so Valuable to Hackers?

Why is HIPAA Data so Valuable to Hackers?

One of the few things that we all have in common is that we need to take some degree of care when it comes to our health. Healthcare providers—like doctors, dentists, nurses, and more—are there for us to take advantage of their extremely vital services in order to keep up with all aspects of our health. In order to properly know our healthcare needs, these providers need to have some pretty sensitive information about every one of us. But what if that very sensitive information was stolen by cybercriminals with plans to distribute it across the dark web? That’s exactly what could happen when healthcare providers fall victim to a data breach.

Stats

Figure 1: Total HIPAA Compliance’s List of 2015 Healthcare Data Breaches

 

In 2015, the healthcare industry saw more data breaches than any other industry—you can see some of the biggest breaches in Figure 1 above—and data breaches have cost the healthcare industry upwards of $6.2 billion over the last two years. Hackers and cybercriminals target healthcare providers because of the valuable information they have on their patients, often referred to as protected health information (PHI), personally identifiable information (PII), or HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting this PHI data and is a regulatory standard across the healthcare industry to this date.

 

Data protected by HIPAA includes health status, provision of health care, or payment for health care that can be linked to a specific individual. This data is valuable to healthcare providers because it is individually identifiable health information related to the patient’s past, present, and future medical conditions—this means it helps the doctor or dentist to make informed decisions about what their patient’s needs are and what means of medical attention are necessary to address these requirements. This is the good side of HIPAA data. However, hackers want this information just as much as healthcare providers, but for a few different reasons.

 

HIPAA data is attractive to hackers and other cybercriminals because it is one of the biggest gateways into stealing a person’s identity.  Even more than credit card information, medical data is the easiest way to steal a person’s identity because of the sheer amount of information that is readily available. Medical records include sensitive information like patients’ full names, social security numbers, credit card numbers, signatures, and more—everything a malicious person would need to steal a person’s identity, or in the case of a data breach, multiple people’s identities. Unlike credit card-induced identity theft, ID theft via stolen medical records does not show up as quickly as credit card fraud. In addition to this fact, healthcare information sells online for ten times that of credit card data.

 

In addition to stealing identities, hackers can utilize HIPAA data that is stolen in health insurance and Medicare fraud. Dark web users who buy full medical files could use patient numbers with false provider numbers to file fraudulent claims with payers. When they do this, the victim does not know about the fraud because bills are being sent to his medical provider without his knowledge and the insurance provider does not know that he is not the one filing.

 

With all of this information needed by healthcare providers, it is their duty to their patients to protect this data. Here are a few ways healthcare providers can protect their PHI from data breaches and attack:

 

  1. Educate staff members—Education is key in all aspects of life, but protecting data is one of the biggest areas where education is required. When staff members know what is and is not HIPAA data, they can take the necessary amount of care in keeping that data safe. Phishing is one of the main ways hackers get into hospitals’ networks, so informing employees of things to look for that could potentially be malicious is vital when it comes to securing your information.
  2. Consider EncryptionBe sure to encrypt both your hard drive and any electronic communication that you can. When hackers have to work harder to get your data, they are likely to skip you and move onto the next, more vulnerable victim.
  3. Protect your network—Having multiple stages of protection is key to keeping your PHI and HIPAA data secure. This includes wired networks, wireless networks, and connected medical devices via IoT. One of the best ways to do this is by installing a next-generation firewall. Axiom Cyber Solutions offers its SecureAmerica® Firewall as well as HIPAA compliance help as a partner to those healthcare providers that need to be HIPAA Compliant.

 

It is important to secure your networks in any industry, but it is even more crucial in those industries where real customers and clients could be compromised in the event of a breach of security. Healthcare has faced many hurdles in cybersecurity recently, but hopefully by creating multiple barriers for hackers to overcome, the industry will see a turn for a safer, more secure environment.

 

Hailey Carlson | Axiom Cyber Solutions | 8/15/2016

Image Source

The Lowdown on the Panama Papers

The Lowdown on the Panama Papers

Law firms pride themselves on being the ultimate safe haven, where men and women alike can count on discretion and privacy when it comes to their most personal affairs. With the recent release of the ‘Panama Papers’, law firms are coming under fire for their cybersecurity or lack thereof. Unfortunately, these data breaches are becoming more and more common for law firms.

On April 3, 2016, 11.5 million confidential documents that provide detailed information on more than 214,000 offshore companies listed by a Panamanian law firm Mossack Fonseca, including the identities of shareholders and directors of said offshore companies. Mossack Fonseca is the fourth largest offshore law firm in the world with more than 40 offices worldwide. Ironically enough, before the Panama Papers leak, Mossack Fonseca was described by the Economist in 2012 as a “tight-lipped” industry leader in offshore finance. In fact, Las Vegas-based subsidiary of Mossack Fonseca is listed as the registered agent for 1,026 firms incorporated over the past decade and a half, many of which have since been dissolved or are no longer active.

These leaked Panama Papers have revealed the hidden wealth from some of the most high-ranking political officials, billionaires, celebrities and star athletes. This is important because the leak shows how the rich and famous can exploit tax shelters and also reveals an unprecedented pattern of corruption worldwide for 40 years. While shell companies inherently are not illegal, they are often used as a method to commit fraud.

The Panama Papers were leaked by an anonymous source who communicated with journalists that Mossack Fonseca was behaving unethically, thus deserving to be shut down. Below is a list of the most important information gleaned from the Panama Papers leak according to the Guardian News.

-Twelve national leaders are among 143 politicians, their families and close associates from around the world known to have been using offshore tax havens.

-A $2bn trail leads all the way to Vladimir Putin. The Russian president’s best friend – a cellist called Sergei Roldugin – is at the centre of a scheme in which money from Russian state banks is hidden offshore. Some of it ends up in a ski resort where in 2013 Putin’s daughter Katerina got married.

-Among national leaders with offshore wealth are Nawaz Sharif, Pakistan’s prime minister; Ayad Allawi, ex-interim prime minister and former vice-president of Iraq; Petro Poroshenko, president of Ukraine; Alaa Mubarak, son of Egypt’s former president; and the prime minister of Iceland, Sigmundur Davíð Gunnlaugsson.

-In the UK, six members of the House of Lords, three former Conservative MPs and dozens of donors to British political parties have had offshore assets.

-The families of at least eight current and former members of China’s supreme ruling body, the politburo, have been found to have hidden wealth offshore.

-Twenty-three individuals who have had sanctions imposed on them for supporting the regimes in North Korea, Zimbabwe, Russia, Iran and Syria have been clients of Mossack Fonseca. Their companies were harboured by the Seychelles, the British Virgin Islands, Panama and other jurisdictions.

-A key member of Fifa’s powerful ethics committee, which is supposed to be spearheading reform at world football’s scandal-hit governing body, acted as a lawyer for individuals and companies recently charged with bribery and corruption.

-One leaked memorandum from a partner of Mossack Fonseca said: “Ninety-five per cent of our work coincidentally consists in selling vehicles to avoid taxes.”

For further information on data breaches and law firms, please refer to one of our earlier articles: https://axiomcyber.com/blog/hacking/law-firms-beware-of-cyber-criminals/

Worried about cybersecurity? Axiom Cyber Solutions can help!

Our cybersecurity experts will secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.

Panama Papers – The World’s Largest Data Leak

On Sunday, the International Consortium of Investigative Journalists announced the world’s largest data leak to the public. Kept secret since late 2014, the data leak from the Mossack Fonseca law firm is said to be 2000 times larger than 2010 Wikileaks Cablegate release of US State Department documents. A massive 2.7 terabytes (TB) of emails, database files, and PDFs which equals almost 40 years of documents was collected from the anonymous whistle-blower. In comparison again to Wikileaks, Cablegate was a mere 1.7 gigabytes (GB) of data.

“This is pretty much every document from this firm over a 40-year period,” ICIJ director Gerard Ryle told WIRED in a phone call, arguing that at “about 2,000 times larger than the WikiLeaks state department cables,” it’s indeed the biggest leak in history.

What are the Panama Papers?

The Panama Papers allegedly contain information on 143 politicians, their family members and friends who have been creating offshore companies as tax havens. Fallout has begun with protests in Iceland calling for the resignation of the Prime Minister whose name has been linked to an offshore company in the British Virgin Islands. The Russian government has dismissed claims of wrongdoing and describe it as a “series of fibs” created to discredit Putin ahead of elections. However several countries including the US, Mexico, and Britain have vowed to investigate the possibility of tax evasion.

Why target a law firm?

Axiom has been tweeting lately about how law firms are an attractive target for hackers and that large elite law firms in the US have recently been directly targeted by hackers. And remember our blog post a few months ago about how law firms are being targeted?

Panama Papers proves just how lucrative the data breach of a law firm can be for hackers. Think about all the data that a law firm has: health, financial, intellectual property, and business trade secrets. In the wrong hands, that data would be a virtual treasure trove of information to be sold in the Dark Web.

There are two types of companies: those who have been hacked, and those who don’t yet know they have been hacked.

Cisco CEO – John Chambers

Law firms cannot take the head in the sand approach to cybersecurity anymore. It’s time for law firms to start assessing their vulnerabilities and planning for a sound cybersecurity infrastructure.

How was the data leaked?

In late 2014, an anonymous whistle-blower contacted the German newspaper Suddeutsche Zeitung stating that they had “more data than you have ever seen” in relation to crimes that the person wanted to make public. At this time, it is not publicly known how the whistle-blower was able to send so much data undetected over such a period of time however Bastian Obermayer, the reporter for Suddeutsche Zeitung who was contacted by the whistle-blower, stated that he “learned a lot about making the safe transfer of big files”.

Obermayer indicated that he communicated through various encrypted channels with the whistle-blower who sent the data in chunks until the 2.7 TB were amassed. Suddeutsche Zeitung contacted the ICIJ and the ICIJ created a secure portal where journalists could research the data. Over 400 journalists kept the information a secret until Sunday when over 100 news outlets published the first articles about the data leak.

Earlier in the day, the Mossack Fonseca website told its customers that their email server suffered an unauthorized breach. The company denies any wrongdoing and has published a lengthy rebuttal to the media reports. A spokesperson has stated that the company may pursue legal action against the news agencies for using the information that was obtained illegally.

It appears that you have had unauthorized access to proprietary documents and information taken from our company and have presented and interpreted them out of context. We trust that you are fully aware that using information/documentation unlawfully obtained is a crime, and we will not hesitate to pursue all available criminal and civil remedies.

Carlos Sousa – Public Relations Director, Mossack Fonseca & Co. (Panama)

The one thing that has not been mentioned yet is the data protection liability suit that the 4th largest offshore law firm in the world may have coming in the near future. Target settled its data breach for $100 million… this one is going to be much larger.

Doom and gloom?

While the Cisco CEO says that there are two types of companies, ones that have been hacked and ones that know they’ve been hacked; the cybersecurity future is not completely doom and gloom for businesses. There are some basic things that businesses can do to better protect themselves.

  • Use endpoint (anti-virus and anti-malware) software on all devices and keep it up-to-date
  • Protect the business with a firewall that inspects traffic both in and out of the business
  • Get a vulnerability and penetration assessment

 

Worried about cybersecurity? Axiom Cyber Solutions can help!

Let our cybersecurity experts secure your business against today’s threats and those of tomorrow. Axiom Cyber Solutions offers vulnerability and penetration assessments, managed firewall services, and cybersecurity & disaster recovery strategic planning services.

Axiom Cyber Solutions strives to make cybersecurity affordable to small businesses that may not have a large IT budget. Starting at just $199 per month, with no long term obligation, Axiom Cyber Solutions has developed a managed cybersecurity program to give small businesses the same protection as large enterprises. We provide a fully configured enterprise class next generation firewall (NGFW) that is plug & play to the business and begins to monitor, manage, and update the firewall as soon as it comes online.

Law Firms : Beware of Cyber Criminals

Law Firms : Beware of Cyber Criminals

“There are two types of law firms: those that know they’ve been hacked and those that do not”, according to Vincent Polley, attorney for the American Bar Association.

What an incredibly powerful statement considering the fallout of cyber attacks amongst businesses these days. The numbers of cyber crimes have only increased for those working in the healthcare and financial field, but due to reluctance from many law firms to report cyber crimes, we do not know if the same can be said for law firms.

1 in 4 law firms are victims of a data breach according to a 2015 study done by the American Bar Association.

law

Many law firms view cyber breaches as something to be ashamed of and many lawyers are hesitant to openly admit to their clients that they have become victims of a data breach. As hard as it may be to report these things, law firms need to report cyber breaches when they happen. A 2015 study by Citigroup’s cyberintelligence unit reported that,

“Due to the reluctance of most law firms to publicly discuss cyber intrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise.” The report when on to say that law firms are very appealing to cyber criminals, considering the incredibly confidential data on corporate deals and business strategies. These days, data = money, so it comes as no surprise that cyber criminals are after this data.

Earlier this year, there were reports of fraud related to law firms in where a hacker intercepted important instructions between the closing attorney and the buyer’s agent. The hacker sent out entirely different instructions on the wiring of the money. Unbeknownst to the victims, they then wired their money straight into the hacker’s account. These types of scams are only continuing.

The fallout from a data breach for a law firm can be huge. Not only does it become a huge legal liability, a law firm may even be sued depending on what kind of data was released. If a law firm ignores their cybersecurity issues and refuses to take proactive measures, they can be subject to fines by the FTC.

A law firm could also lose their reputation, as well as the trust their customers and clients have given them. The amount of confidential information that people entrust their lawyers with is insurmountable. Class action lawsuits will follow. The time and money dealing with a cyber security data breach is a huge headache of inconvenience and there’s no guarantee that a law firm will even be able to continue to stay open.

Law firms, no matter the size, must take their cyber security seriously. By getting into the mind of a hacker and mapping out vulnerabilities in your network, you will be taking the necessary proactive steps to protect yourself and your business from cyber criminals. Taking steps to protect your business will make the difference in whether or not a law firms is successfully attacked.

Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own. Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

The Top 5 Cyber Hacks of 2015

The Top 5 Cyber Hacks of 2015

2015 was a busy year for cyber criminals. As the year comes to a close, we are reviewing the top 5 cyber attacks. Unfortunately, by the looks of it, this seems to be just the beginning.

office-of-personnel

1. Office of Personal Management (OPM)
The United States Office of Personal Management announced that they were victims of a data breach in June, 2015. The breach began in March, 2014 and remained undetected until April, 2015. This is one of the largest data breaches to occur in the federal sector, affecting approximately 18 million government employees. Information such as Social Security numbers, names, birth dates, addresses, military records, pension information, and more was leaked. 5.6 million sets of fingerprints were also stolen, putting secret federal agents in harms way. The Wall Street Journal reported that US government officials suspected Chinese hackers were responsible for the data breach. Since this hack, China and the US have had numerous discussions on this issue and are currently their discussing cybersecurity issues.

2. Vtech
Hong Kong toy manufacturer VTech was hit with a very serious data breach in November 2015. VTech is known as a children’s toys manufacturer. Their items include tablets, phones, and baby monitors. This hack was reported by the hacker himself. who gave his findings to Motherboard. Approximately 10 million VTech customers were affected by the data breach. According to VTech’s website, a total of 4,854,209 customer (parent) accounts and 6,368,509 children’s profiles were affected. Customers around the world were affected but the USA saw the highest number of parent accounts, approximately 2 million. The hacker was able to collect photos of children and their parents, including audio recordings, by breaking into VTech’s servers through a SQL injection. VTech immediately began a thorough investigation for this cyber crime. As of December 16th, the authorities in the UK arrested a 21 year old man in connection with the VTech data breach. The investigation is still ongoing.

ashley-madison

3. Ashley Madison
Perhaps the juiciest data breach of 2015, the Ashley Madison website was hacked by a group named the Impact Team. More than 32 million users had their personal e-mail addresses leaked. Ashley Madison, a website that encourages extramarital affairs, found itself in the middle of a huge headache. According to the hackers, the reasoning behind the breach was simple: to prove that Ashley Madison was corrupt and lied to their users for money. Ashley Madison charged their customers a $20 fee for those who wanted to have their profile deleted fully. The hackers were able to prove that the $20 fee did nothing to protect customers and was just a scam for more revenue. This specific hack raises many ethical questions on user data and how companies are handling the user data. Currently, as of December 2015, Ashley Madison hack victims are starting to receive blackmail letters and people are still being affected.

4. T Mobile
This past October, T-Mobile announced that they fell victim to hackers by way of Experian, a credit reporting service. 15 million applicants applied for credit at TMobile and ended up having critical data such as social security numbers, license information, passport info, and more stolen. While no banking or credit card information was leaked, the information that was released can easily allow for identity theft. Although TMobile is offering two years of free credit monitoring to those affected, any cyber criminal could simply wait for the those two years to pass before attempting to do anything.

5. Hacking Team
In July 2015, the Hacking Team, a company who sells surveillance software to law enforcement agencies, had over 400 gigabytes of crucial information stolen. Surveillance data, contracts, emails, and invoices were leaked. Revealed in the leaked data showed the Hacking Team used poor passwords which only assisted the hackers to gain access into the Hacking Team’s servers. Much worse however, was the data that showed the Hacking Team was not afraid to sell their surveillance software to any government worldwide, creating lasting effects by giving cyber criminals better tools to commit their crimes.

How can Axiom Cyber Solutions help your business?
Axiom Cyber Solutions is offering Managed Cyber-Security Protection for Small Business starting as low as $199 per month. We realize that most small businesses do not have a dedicated IT team and business owners may be handling their cyber security matters on their own.

Let us take over and provide you with peace of mind. Axiom will provide your business a firewall and manage it so you don’t have to worry about securing your business. We will assess the security risks for your business and will help implement the right cyber security service for your business.

Axiom’s solutions come in different sizes and all our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come. For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Why the FTC Ruling on Cyber Security Affects Every Business Owner

Why the FTC Ruling on Cyber Security Affects Every Business Owner

In late August, the United States Court of Appeals for the Third Circuit unanimously affirmed the Federal Trade Commission’s (FTC) power to regulate cybersecurity under the unfairness prong of the FTC Act (15 U.S.C. §45).FTC v. Wyndham, Case, No. 14-3514. The ruling states businesses must have cybersecurity protection for their customers or be subject to fines. This ruling is especially important for those businesses who keep customer data such as financials.

Philadelphia judges ruled 3-0, giving the FTC the authority to sue Wyndham Worldwide, for cyber breaches in 2008 and 2009. In this case, over 619,000 customers had their personal financial information endangered. It has been reported that more than $10 million of fraudulent charges came after.

 

FTC, 2012. Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL.

FTC, 2012. Photo by Diego M. Radzinschi/THE NATIONAL LAW JOURNAL.

The FTC argued that Wyndham Worldwide was guilty of numerous unfair practices. Not only was Wyndham not storing their payment card information in a safe manner, they were also using easily guessed passwords in their property management systems. The FTC stated that the business lacked cyber security policies, including prevention and incident response plans.

Companies really need to think about the following 5 things when it comes to their cyber security, lest they be subject to fines and headaches:

  1. Businesses should analyze their data and how they collect it, use, and store it. This is especially important for businesses who withhold financial information.
  2. Is the business taking reasonable steps to secure their data? Are they limiting administrative access, assigning secure passwords, limiting access to the network, and regulating access to data?
  3. Companies need to compartmentalize the network and oversee who’s trying to gain access. Firewalls and intrusion detection mechanisms need to be in place to prohibit cyber criminals from gaining access to your network.
  4. Do my service providers offer me cyber security measures? Companies need to do their research on what is offered by their service provider when it comes to information security risks.
  5. What procedures do I have right now that are keeping our security up-to-date? Frequent updates and patches to software should be priority, ignoring these things or going into denial about cyber breaches does not do anyone any good.

The bottom line is, any company that has experienced a cyber security data breach is required to take proactive measures to avoid future breaches. If a company does not take some sort of precautionary steps, they will be subject to fines by the FTC.

And it doesn’t stop at fines. A business can lose their reputation, the trust their customers and clients have given them, Even after all of this, it is still not done. The doors have been opened for class action lawsuits. The years of time and money that have to be spent to deal with the fallout of a cyber security data breach is a huge inconvenience and there’s no guarantee that a business will even be able to continue to stay open. Axiom Cyber Solutions can help businesses of all sizes stay safe from hackers.

Data breaches will continue to rise and will evolve with new social and technological attack vectors. It’s important for any organization or individual with sensitive data to exercise caution and deploy best practices in securing your network. Axiom’s solutions come in different sizes and all of our solutions are designed to deal with the attack vectors of today while being adaptive and flexible enough to continue to secure your network for years to come.

For more information, check out our website at axiomcyber.com or give us a call us at (800) 519-5070. #FightBackWithAxiom

Attention Healthcare Organizations: Get Ready For Some Serious Cyber Security

Attention Healthcare Organizations: Get Ready For Some Serious Cyber Security

2015 has been inundated with cyber-attacks against the healthcare industry. In recent headlines, Excellus Blue Cross Blue Shield stated that approximately 10 million of its customers had their healthcare records compromised.

Not only did critical information such as names, Social Security numbers, addresses, and birthdays get leaked but financial data such as credit card information was also compromised. Additionally, this puts their customers at risk for fraud and identity theft.

Criminal cyber-attacks are rising amongst the healthcare community and despite strict HIPPA guidelines and regulations, many hospitals and healthcare providers are grappling with keeping their patients’ data safe.

Cyber-attacks and data breaches cost the U.S. healthcare system approximately $6 billion annually, according to security research firm, The Ponemon Institute.
KPMG polled over 200 healthcare providers and found that four out of five providers had been hacked.

44% of healthcare organizations have been attacked 1-50 times while 38% have been attacked between 50-350 times in the last year. 13% were attacked more than 350 times.

It doesn’t take a stretch of the imagination to realize just how many additional attacks are left undetected and unreported such as the case with Excellus, wherein hackers first accessed patient records in December of 2013 but weren’t discovered until August of 2015. This gave the attackers nearly two years of running data collection. In the same study, KPMG also found that only 53% of healthcare providers are ready to defend against a cyber-attack.

They listed five issues that healthcare organizations are facing.

1. The adoption of digital patient records and the automation of clinical systems.

2. The use of antiquated electronic medical records (EMRs) and clinical applications that are not designed to securely operate in today’s networked environment — and software vendors who push that problem to the provider.

3. The ease of distributing electronic personal health information both internally (via laptops, mobile devices, thumb drives) and externally (third party firms and cloud services).

4. The heterogeneous nature of networked systems and applications (i.e. network-enabled respirator pumps on the same network as registration systems that can browse the Internet).

5. The evolving threat landscape, where cyberattacks today are more sophisticated and well-funded, given the increased value of the compromised data on the black market.

“Patient records are far more valuable than credit card information for people who plan to commit fraud, since the personal information cannot be easily changed. A key goal for executives is to advance their institution’s protection to create hurdles for hackers”, according to Michael Ebert of KPMG’s Healthcare & Life Sciences Cyber Practice.

These data breaches and security vulnerabilities cannot and should not be underestimated and there severity and frequency is a cause for concern. Healthcare providers must make cyber security a priority. No longer is this an issue that companies can ignore.

Protecting patient data is critical and the healthcare industry must start preparing and implementing a strategy to prevent these hacks before the U.S. Government begins to levy heavy penalties and fines on those who do not step-up to today’s threats.