Facebook-f Twitter Linkedin-in

securewebsite

This Week in Breach: Marriott

by

data breachMarriott: The largest hotel chain in the world, “30 hotel brands now fall under the Marriott umbrella to create the largest hotel chain in the world with more than 5,800 properties and 1.1 million rooms in more than 110 countries. That’s more than 1 out of every 15 hotel rooms around the globe.”

Risk to Small Business: Extreme: Considering how damaging this breach will be to Marriott, the largest hotel chain in the world, it is safe to say that the ramifications of a breach as severe as this one has the potential to cripple a small business. One of the most damaging parts of this breach is that there has been unauthorized access to the Starwood network since 2014, meaning a bad actor, or group of bad actors, has been siphoning off data for years without being detected.

Individual Risk: Severe: Those affected by this breach are at an increased risk of phishing attacks. Identity theft is also a very real possibility due to the amount of information accessed, including passport numbers. The passport numbers alone could fetch a good price on the Dark Web.

Customers Impacted: Approximately 500 million.

How it Could Affect You:The length of time information was being accessed is one of the most damaging parts of this breach, as well as the massive scope. The largest hotel chain in the world has been compromised since 2016 (although Starwood, the compromised subsidiary has been compromised since 2014, Marriott purchased the brand in 2016). Those who were affected by the breach are likely to avoid the chain in the future and those who are not will certainly be more hesitant.

Read more

In Other News:

IranIran SamSam Goes ByeBye

Two Iranian men living in New Jersey were indicted for using the infamous SamSam ransomware to collect over $6million USD and causing over $30 million USD in damages. SamSam is well known for its targeting of infrastructure, including hospitals. Here is a list of some of the targets during their spree:

City of Atlanta, Georgia; the City of Newark, New Jersey; the Port of San Diego, California; the Colorado Department of Transportation; the University of Calgary in Calgary, Alberta, Canada; and six health care-related entities: Hollywood Presbyterian Medical Center in Los Angeles, California; Kansas Heart Hospital in Wichita, Kansas; Laboratory Corporation of America Holdings, more commonly known as LabCorp, headquartered in Burlington, North Carolina; MedStar Health, headquartered in Columbia, Maryland; Nebraska Orthopedic Hospital now known as OrthoNebraska Hospital, in Omaha, Nebraska and Allscripts Healthcare Solutions Inc., headquartered in Chicago, Illinois.

Read more

Scam of the Week: Think Before You Shop!

by

The bad guys are taking advantage of mobile shoppers this holiday season! By using mobile apps, they can trick you into giving your personal information or installing malware onto your smartphone. This can give them access to your credit card information or lock your smartphone with ransomware, forcing you to pay a fee to unlock it. To stay safe this year, never download apps from offers that sound too good to be true, never download from unofficial app stores, and do your research. Make sure to check for any fake reviews, the number of downloads the app has, spelling errors, or strange logos. When in doubt, only use retailers you trust through their official sites or apps.

Stop, Look, and Think. Don’t be fooled.

Is your data safe?

by

The basics of data protection from monitoring to backup and recovery

You’re at work getting things done when it happens. Your computer crashes and everything you were working on is gone. How long does it take to recover that data before you can get back to work? Or can it even be recovered at all?

Data is what keeps business moving which makes this scenario incredibly scary yet it is repeated day after day, year after year. Despite the fact that data is a business’s most valuable asset, this disaster situation and others like it keep playing out. That’s where proper data monitoring, backup, and recovery come in to help modern business.

Data Monitoring
A crucial component of business is to have data monitoring in place. This allows your data to be regularly checked against quality control rules to ensure data meets or exceeds established standards for formatting, consistency, and usage. With data monitoring, data is quality checked as it is created and used.

How It Works
Every piece of information serves a purpose. Data monitoring is a proactive approach to checking and evaluating data to certify that it meets quality standards and achieves its purpose. Businesses and organizations establish data quality metrics or criteria that are tied directly to its goals and objectives. Once the quality guidelines are established, monitoring allows data to be checked over time, allowing informed improvements to be made in data systems. It also allows companies to best use the data they have available.

Each time data is created or accessed, the data monitoring software kicks in to measure and track information. Such software uses dashboards, alerts, and reports so you can watch what is happening with valuable data. Some of the attributes many organizations monitor data for include:

• Completeness
• Uniformity
• Accuracy
• Uniqueness

With such monitoring, problems with inaccuracies and unusual data behaviors can be detected immediately. If there are data quality issues, an administrator is sent an alert with information about the problems detected. This allows system administrators to check the data and prevent issues before they can become a real problem. It also lets business leaders determine where to focus data quality initiatives.

Additionally, data monitoring can save time and money by making it easier to change quality regulations to adapt to the company’s changing needs. With consistent data monitoring, businesses can also implement new initiatives regarding data without a preparation phase as well. That means fresh data initiatives can be put into place immediately with no wait time.

Backup Monitoring
The next step to the best in information management is data backup. This is where files and folders containing important business data are copied and/or archived so they can be restored in the event of a data loss. Recall the scenario at the beginning of this piece where your computer shut down. Without backup monitoring, you may have lost your work permanently.

Data loss can occur for a number of reasons from computer viruses and breaches to flood or file corruption. With a data monitoring system in place, you’ll be able to replace your lost data, thanks to backup services that occur automatically without any further thought from you or your staff.

While you may already have a backup in place, a single system is not enough should a failure occur. Additional backup systems are necessary in case of natural or man-made disasters or even to keep you covered in the event of data corruption in your original backup. Other reasons for employing a data backup system include:

• Tax Audits
• Client and Investor Relations
• Archiving
• Competitive Advantage
• Improved Productivity and Processes
• Peace of Mind

Data Recovery
Whether natural or man-made, disasters happen. From floods and breaches to ransomware and file corruption, all organizations need a plan in place to recover their data.

Just a few days ago, Anchorage, Ala., suffered an earthquake that hit 7.0 on the Richter scale. Such a major earthquake can cause serious damage including the loss of data. This is just one example of where disaster recovery can come in handy.

In addition to such natural disasters, the number of breaches each year continues to climb. In the first half of this year, breaches have led to 4.5 billion records being comprised, according to the latest findings of the Breach Level Index.

Thanks to data backup software, today’s businesses are able to overcome the loss of important or proprietary information. In the event of an emergency, system administrators can quickly recover from such data loss. Rather than a permanent loss of information, businesses can experience a short-term, temporary loss that can be rectified in a short time. With the right backups in place, data recovery allows you to retrieve everything from documents in Word or Excel to images and video.

If you would like more information about data monitoring, backup, or recovery software and services, contact Oram online or call us directly at (617) 933-5060. Our experts are here to help your business ensure continuity in the event of a breach or disaster.

Scam of the Week: Stop Reusing Old Passwords!

by

Multi-factor authenticationIf you’re using the same password for multiple accounts, you’re making yourself vulnerable! If the bad guys have your credentials for one site, they can use tools to automatically test those credentials on other sites. So, if you are using the same password for multiple accounts, change that password immediately!

Here are some tips for creating new passwords:

  • Create complex passwords that are at least eight characters with a combination of upper and lowercase letters, numbers, and symbols.
  • Use passphrases as a password such as a phrase or a sentence. Make sure it is unique but make it something you can remember.
  • Use a password generator, such as LastPass and 1Password to generate your passwords for you.
  • Don’t use variations of your old passwords.

Stop, Look, and Think. Don’t be fooled.

This Week in Breach: The Southwest Washington Regional Surgery Center

by

The Southwest Washington Regional Surgery Center: A Vancouver-based surgery center specializing in orthopedic, spine, podiatry, pain management and plastic surgery.

Risk to Small Business: Extreme:An organization that fails to secure the sensitive payment and medical data of its customers will lose both its standing with customers and a significant amount of money when handling the result of a damaging breach.

Individual Risk: Severe: Those affected by this breach have an increased risk of identity theft and having their medical data sold on the Dark Web.

Customers Impacted:2,393 Patients.

How it Could Affect You: The Organization did a good job reacting to the breach, offering identity monitoring services to victims and setting up a hotline for questions. This breach is like another breach in the region with another health organization in the same building as the Regional Surgery Center. Whether or not these breaches are related is unclear, but health organizations should stay alert, especially with what is allegedly the SAM SAM ransomware being sold openly on the Dark Web.

In Other News:

A Match Made in The Web
Dating profiles are being bought and sold on the web, but not on the Dark Web. There are organizations that are selling the data over the clear-net. Someone interested in this data could purchase a bundle of dating profiles on an online auction. The data is sold in ‘packs’ categorized by race, sex, sexuality, and other factors. What is done with these profiles is up to the buyer.

Read more

protect online shopping securityHands Off My Data!
Magecart is a credit card skimming malware, used by different unrelated groups that attack in a similar fashion. Magecart is defined by targeting online retailers and has been in the spotlight recently due to several high-profile breaches such as Ticketmaster and British Airways.

With Black Friday and Cyber Monday coming up, there will be a huge bump in online purchases. This time will be open hunting season for hackers trying to get a shot at the billions spent on those days. Here are statistics about Magecart to put into perspective how dangerous the threat is this holiday season.

1/5 = how many breached organizations by Magecart became infected again.
127 Days = Average number of days skimmers remained active on a site.
5,400 = Number of domains found to be infected with Magecart in August, September, and October.

Stay alert when shopping online this Friday and next Monday. For a comprehensive guide on how to keep your credit card data to yourself while shopping this season, take a look at this list of tips from ID Agent.

Scam of the Week: Black Friday & Cyber Monday Alert

by

online shopping scamIt may be the start of the Holiday Season but don’t think that means the bad guys are on vacation! Black Friday and Cyber Monday are the busiest online shopping days and the bad guys are out to get rich with your money. After all, ‘tis the season for scams and phishing.

So how do I stay safe this holiday season?

  • Always type in the address or use bookmarks to navigate to your favorite shopping sites.
  • Never click on links in emails with special offers.
  • Watch out for alerts via email or texts from FedEx, UPS, or the US mail asking for personal information.
  • Don’t download fake mobile apps that promise big savings.
  • Be wary of online discount coupons. Remember to only use credit cards online, never debit cards.

If you think you might have been scammed, stay calm and call your credit card company immediately. Ask them to cancel your card and mail you a new one.

Happy Holidays!

Stop, Look, and Think. Don’t be fooled.