Wednesday, April 25, 2018

Recent Hacks & Breaches - What you Need to Know

From Ransomware to leaked user accounts, there have been some massive hacks and breaches in 2018 already. These security incidents remind us once again how important it is to:
  • Use multiple user id's and password combinations
  • Regularly change passwords
  • Create lengthy and complex passwords
  • Check credit and bank accounts often for fraudulent charges
  • Be careful when clicking links and opening emails
  • When using free WiFi refrain from entering credentials to log into accounts 
This post covers some of the larger, more recent hacks and breaches and what you need to know about them.


Recent Hacks & Breaches - What you Need to Know


Hacks

On March 22, 2018 the computer systems that run the city of Atlanta were hacked by a version of Ransomware. Computer systems were locked while a ransom was demanded of the city. Three days later the city of Baltimore suffered a similar attack that left the city's automated emergency dispatching offline for around 17 hours.

While Atlanta did not pay the $51,000 ransom, the city has been forced to set aside $2.6 million to handle recovery efforts.

Takeaway: The amount the city of Atlanta allocated for recovery is far greater than many businesses might need. However, it is important to note that small businesses are often considered easy targets because:
  • They often do not have the money to hire sophisticated IT staff to implement security systems
  • They do not consider themselves a target and therefore are more lax with security
  • They typically underestimate how much data they have and the amount of time it would take to recover from a failure or hack
No business is perfectly impenetrable in any way. The key is to have enough safeguards in place that those looking to steal your data find it more trouble than it is worth. As a business owner it is your responsibility to protect customers, regardless of the size of your business. Hiring an IT staff might not be possible, but the benefits of utilizing cloud backups and providing employee training provide greater benefits than their cost. 


Breaches

Facebook / Cambridge Analytics
It would be nearly impossible to have missed the recent news about the Cambridge Analytics breach Facebook suffered. Nearly 50 million Facebook users had personal information collected by Cambridge Analytics without their permission. While there has been some argument to whether this truly qualified as a data breach, which is a more complicated topic about 3rd-party consent, it is clear that some user information was captured by Cambridge Analytics without the user realizing it. This leaves users wondering how this happened and what to do about it.

Takeaway: Any time you are using a "free" system, there is a cost. No company, not even technology companies, can provide free services without there being some way to make money. If you use free versions of email, social media, and other apps, you are likely giving something in return. Whether it be information about yourself, access to your contacts to get more subscriptions, or to gather data to help predict trends with algorithms, there is always a cost. 

So, be aware of what you put into cyberspace and understand what you are risking when using "free" services. If a stranger offered to watch your home for free while you went on vacation, would you accept? Probably not! Instead you would pay a small fee to a neighbors kid or buy a thank you gift for a friend for checking on your home. Using this same cautious approach with digital strangers will help protect you in the long run.

Under Armour
MyFitnessPal, absorbed by Under Armour in 2015, suffered a data breach last month that exposed data from around 150 million users. While you might not care too much about someone knowing how far you ran or swam last month, this breach included user names and passwords. Most passwords were stored using an industry standard hash, but others were not and those are the ones most at risk. The biggest risk occurs when that same set of credentials is used in multiple places as this puts potentially important accounts at risk.

Takeaway: The more connected we are, the more likely it is that personal data will end up somewhere we did not intend. Keeping up with industry standards takes planning, follow through and of course money. Some upgrades require down time, staff to implement, and new systems to support higher standards all of which cost money. This is not to say it is not do-able and that we should not have expectations, but it is important to consider the whole picture to see how these things can happen.

In summary, Ransomware is likely not going anywhere anytime soon. The more businesses refuse to plan ahead, the more likely they are to pay a ransom which makes this a more effective attack. Giving away too much information via free services can also be detrimental. The best way to protect our data is to educate ourselves, our employees and our clients. It is also critical to work in cooperation with IT staff to ensure backups are a priority and that there is money in the budget for this most critical step.

As always, the more you know the better off and more satisfied you will be!

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment