When it comes to security risks and errors, businesses often fall victim to assumptions and oversights. The reality is that the protection of information and applications is always evolving and, as criminals find new ways to exploit weaknesses, it's tough to stay one step ahead.
It seems we can’t go more than 24 hours without hearing about the latest and greatest data breach that affects millions. So we ask ourselves, “What can we do better?” After all, if the “bad guys” can hack into the federal government, Home Depot, and Target, what hope do small and medium-sized businesses have?
Has anyone at your organization ever received an e-mail that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns, but in the month of August; or a note from what appears to be your accounting firm, indicating they need you to confirm Social Security Numbers in order to send employees paychecks?
As we all work through our holiday gift giving lists this "Cyber Monday," it's important to be cyber aware of "the Grinch" lurking in the corners waiting to steal our private, and what we hope and think is secure, information. So, before you begin to cross the names off your list while experiencing that great sense of accomplishment, take a few moments to read through these "cyber shopping" best practices to protect yourself and your information. Nobody wants to spend the holidays recovering their data and identity.
The "Goldeneye" or "Petya" ransomware attack is spreading across Europe and the United States and exploits the same vulnerability as WannaCry (the recommendations we made in the initial SE Alert still apply).
What’s different about this attack is that it has a second method of infecting networks. This method attacks networks via a compromised Microsoft Office or PDF attachment. Here are some good practices to follow when dealing with an attack such as this:
Please be advised that DocuSign, one of the largest agreement/signature technology providers, suffered a breach earlier this year. According to DocuSign, “a complete forensic analysis has confirmed that only a small list of email addresses were accessed; no names, physical addresses, passwords, social security numbers, credit card data, or other information appeared to be accessed. No content or any customer documents sent through DocuSign’s eSignature system were accessed; DocuSign’s core eSignature service, envelopes, and customer documents and data remain secure.”
On Friday, May 12, one of the largest malware attacks known as "WannaCry," struck Russia, China, the United States, and over 100 other countries. Organizations were initially infected through emails and possibly compromised websites.
Data breach attacks are only getting more sophisticated and gaining more traction. They're happening to individuals at home, employees within organizations who click on the wrong link, CEOs who are targeted in a Business Email Compromise, and the list goes on. What's even worse is that small- to medium-sized businesses are more of a target than the large corporations. According to Verizon's 2017 Data Breach Investigations Report, 61% of all data breach victims are businesses under 1,000 employees.
Businesses nationwide are experiencing a flood of phishing emails containing a virus. The virus in question pops up as an email with the subject line “documents" and appears as though it comes from a Google.com domain with a link to a Google document. Do not open or click on this email or its links.
It's always a good time for organizations to assess and maintain a healthy cyberdefense in today’s ever changing cyberthreat landscape. In years past, if you had a good firewall, intrusion detection system, and an up-to-date anti-virus solution, you could be fairly certain that you were in a good place to keep the bad stuff out of your network. Today, the threat landscape has changed and adjustments should be made to create an effective cyberdefense, otherwise, your business could become a statistic like those seen in this video.