Remember Heartbleed, that age-old bug that only surfaced last year and left more than half of all internet servers around the world exposed? Looks like we might have yet another Heartbleed on our hands. This one has been codenamed Shellshock. Experts are already saying the Shellshock exploit could impact millions of Unix systems that operate on Linux or Mac iOS. And may even threaten consumer devices including home routers.
Category: Cybersecurity News Page 9 of 10
Most businesses hang on to too much data for too long. And it’s often data that they don’t need. Or worse, didn’t realize they even had. So do a spring-cleaning. Do an inventory of all your data and everywhere you keep it. Identify what you don’t need, then get rid of it forever. And not by simply hitting the Delete key, but overwriting it to military standards or shredding it. When it comes to data breaches, you can’t lose what you don’t have.
2. What You Do Keep, Know Where It Is
So many data breaches result from data being in the wrong place at the wrong time. Like highly sensitive customer or employee information being carried around town or across the world on an unprotected laptop. As part of your inventory you need to know where your data is at all times so that you can protect it at all times. That means checking servers, desktops, laptops, websites, tablets, phones, removable storage, filing cabinets, storage lockers, warehouses, third parties and anywhere else it might be hiding.
3. Classify Your Information
Not all information is created equal. And understanding that you can’t protect all data all the time, you have to focus on the stuff that’s worth protecting. That’s where data classification comes in. There are a number of different ways to classify data, but they’re usually a series of three to five categories of importance – from top secret to simply private and confidential. By assigning a security classification to your data, you make it easier for employees to instantly understand how they need to handle that data.
In most states, you get an almost free pass on data breaches if the breached data was encrypted. That’s how good encryption is at making data useless to hackers. Encryption is getting much easier to implement and afford. Encryption isn’t just for credit cards and online transactions. In any business you can easily encrypt files, folders, hard drives, texts, phone calls and emails, photos and videos, and just about any kind of data.
5. Comply With PCI
The credit card companies are pretty good when it comes to protecting information, which is why PCI compliance is a great baseline. It’s not perfect and not a guarantee, but you should never be without it.
6. Lock Down Your Website
Many of today’s breaches start with the exploitation of poorly protected and patched websites. Which is really a shame because it’s so easy to protect your website. Make sure you’re using some kind of web scanning or monitoring service that will find and fix security holes before hackers do.
7. Turn Every Employee Into a Data Sentry
Technology only goes so far when it comes to preventing data breaches. People fill that gap, and the most important people are your employees. Every employee needs to understand the value of data, the risks of breaches, and how their choices can make all the difference
8. Try Not to Move It
If you know where your data is and you don’t plan to move it any time soon, then it’s very easy to lock it in place. But data is at its most vulnerable when it’s on the move – like stored on a traveling laptop or phone, sent on tape to a third party like a payroll processor, or even being emailed between employees.
9. Don’t Forget Paper Records
It’s estimated that one in every five data breaches involves paper records. That means documents stolen from a briefcase or in a burglary, dumped without shredding, or simply mislaid. So as part of your inventory you need to go through the piles of information in every office, pick what you have no more need for, and shred it.
10. Use Layers of Security
While antivirus software is important, it’s not enough. While website security is essential, it’s not enough. While good passwords are a must, still not enough. Hackers after your data are relying on the fact that you might be relying on just one or two layers of security between them and your data. Good security is about creating multiple security perimeters that convince hackers that you’re just not worth their time and energy.
Securing your website can be a daunting challenge. Contact a SiteLock consultant today to learn how to quickly and easily secure your site.
Seems like just about everyone thought that the massive Target data breach earlier this year would be the biggest for a while. Yet only a matter of weeks later, eBay announced a data breach that was even bigger.
Now we’re learning of a hacker haul that makes those earlier breaches look like chump change. Security researchers in Milwaukee revealed that they’ve been monitoring a hacking gang operating from a small Russian town, and found the gang had managed to amass a database of more than 1.5 billion stolen credentials.
Here’s just a sample of what the investigators learned about the hackers, and the implications of their haul:
When the Federal government starts rolling out legislation that requires all federal websites to make sure they’re a secure place to visit, it’s worth speculating whether regulating business websites for the same purpose might not be very far behind.
The Safe and Secure Federal Websites Act was first introduced as a bill in 2013 and was finally passed into law in July of this year. The law requires that any federal agency that launches a new website, or that has launched any website since 2012, has to certify that those websites are safe.
It’s bad enough to get a bunch of calls from irate suppliers wondering why you haven’t paid bills that are months overdue. But it’s even worse if you have no idea what they’re talking about. That’s how one small business owner found out what it was like to have his entire business hacked and cloned by people he never met and never caught.
So you’re thinking about finally launching your first website. Or you’ve had a website up and running for years but it’s time for an upgrade, an overhaul, and brand new chapter in your online presence.
You’ll have plenty of things to think about and to get right, so just make sure you don’t leave security as an afterthought.
It seems a no-brainer that the recent massive eBay data breach should be a much bigger story than the Target breach. After all, the Target breach “only” affected 110 million customers where the eBay breach impacted closer to 150 million customers.
What’s worse than being recognized as the biggest data breach in history? How about finding out that the culprit responsible for a major hit on your brand and reputation that will eventually cost you billions of dollars was a teenager?
That’s exactly the news Target is dealing with, as security researchers suggest that at least one of the hackers behind the malware used to attack Target is barely 17 years old. Yet this teen was apparently able to develop a pretty sophisticated piece of malware, known as BlackPoS, that was used to infiltrate Target’s systems undetected. And in spite of his young age he’s reported to have already earned a reputation for developing lots of advanced malware. It’s not believed that the teenager is personally responsible for the attacks on Target, but instead sold his malware to dozens and possibly even hundreds of hackers and criminal groups. And one of those groups was behind the Target breach.
With the Target data breach and its endless repercussions still on most people’s minds, next week’s Data Privacy Day (January 28th) is well-timed to pause and think about data privacy and what it means to your business and customers.
The idea behind Data Privacy Day has been around for a number of years, but began to really catch on in 2009 with the U.S. Congress declared the very first National Data Privacy Day. So every year around this time, privacy and security advocates use this annual event to raise consumer and business awareness about privacy, what it does and should mean to us, and why it’s so important for all of us to recognize.
It’s been less than a month since mega retailer Target announced that a little more than 40 million customer debit and credit cards had been stolen by hackers. Not long after that, we saw the first of those cards being sold a few hundred thousand at a time, in a variety of underground hacker forums. Although not that underground, since I was able to register on the most notorious hacker sites and see for myself how easy it was to buy an identity.