As Social Media Usage Soars, How Can Your Business Mitigate Risk?

By |August 3rd, 2016|

social sharing mitigate riskThe Internet is dominated by social media sites, and Ofcom reported in 2015 that 72% of adult Internet users had some form of social media profile.

People are using social media to tell the world who they are and who they work for, posing a risk of a data breach for businesses. IBM have stated in their 2014 Cyber Security Intelligence Index report that cyber criminals are targeting employees on social media sites in a bid to exploit the businesses that they work for.

Amidst all of this, what can you do to try and prevent your business being attacked?

Plan

Be sure to have a breach preparedness plan in place in case of a cyber attack. This plan can help keep customer relationships intact and reduce business reputation damage. CSID can guide you through the necessary steps to mitigate the effects of a data breach and provide comprehensive identity theft protection products for those that have been affected. We customize solutions to your level of risk, the type of data exposed, the severity of the breach and your budget.

Educate

As the saying goes, ‘prevention is better than a cure’. The same can be said about cyber attacks. Educate your employees and highlight the importance of digital security. Have policies and guidelines in place to allow employees to make secure decisions.

Do your employees have a VPN they can use if working in a public area? Are there guidelines in place if your employees use their own devices for work purposes? Are employees allowed access to social media whilst on work premises? Ensure you can answer these questions.

Teaching employees about the latest phishing scams, best password practices and social media risks can help them better identify suspicious activity both personally and within your business.

Insure

Cyber insurance coverage is just one piece of the puzzle when it comes to data breach mitigation, but a robust policy can help weather the storm in the event a data breach occurs.

According to leading global insurance companies, such as Beazley and PwC, the demand for cyber insurance coverage is expected to increase 300% by 2020. Most commonly, a cyber insurance policy can help businesses temper the costs of the following breach mitigation activities:

  • Reputation management post-breach – eg. work with a PR agency
  • Legal costs, fines and compensation claims
  • Website reconstruction and intellectual property rights infringements
  • Network security liability such as damages for the loss of data on third-party systems
  • Service interruptions and related consequences
  • Notification of affected parties

We take a deeper dive into the topic of cyber insurance coverage in our recent podcast episode, where we sit down with Alessandro Lezzi from Beazley.

Do you want to share any of your best practice tips on how to stay safe online? Let us know on Facebook, Twitter or LinkedIn.

One of the worst habits of Internet users

By |June 8th, 2016|

shutterstock_226282561How many online accounts do you own? Your banking account, your shopping account, your smart phone account, the pizza delivery service… the list goes on.

It’s likely each one of these accounts require a username and password. Unless you have a superhuman memory, you’ve probably reused the same account credentials across several of them. This is one of the biggest mistakes that you can make online, and it can leave you — and the businesses you patronise — incredibly vulnerable to cyber attacks. Here’s why.

Say a hacker gains access to your online account with your hairdresser. You may not care if he knows about your appointment for a cut and blow dry at 10am on Friday with Emma, but he does care about the account credentials that he’s now in possession of. If you have used the same password for another online account that stores more sensitive information, such as your online banking account, he can now find out a lot more about you than just your hair preferences, and use that information as he pleases.

How does this common bad habit affect the businesses you patronise, or your place of work? If employees utilise their work credentials on personal online accounts and reuse the same credentials across multiple accounts — and one of those accounts is hacked — a business can be left exposed.

Besides kicking that nasty habit of account credential reuse, one of the easiest ways to reduce your online vulnerability is to utilize strong, unique passwords across your online ecosystem.

For the strongest passwords:

  • Make sure your combinations are at least 12 characters long, and are a cryptic combination of letters and numbers.
  • Take care to avoid your name, birthday, or pet’s name.
  • Create a unique password for each site.
  • Change your passwords a few times a year, and especially after being notified after a breach.
  • Implement two-factor authentication for sites whenever possible.

For more on this topic, listen to our latest podcast here or download our white paper, “Mitigating the Risk of Poor Password Practices,” here.

Why is cyber crime everywhere nowadays?

By |May 24th, 2016|

industrialization-cyber-threatCyber crime is no longer a cottage industry like it once was. You don’t need thousands of pounds to afford malware software. You don’t need specialist knowledge. You don’t need to be part of a massive criminal organisation.

Cyber crime has hit the mainstream and is now one of the biggest risks to businesses and individuals. The rise in commercial cyber security businesses and packages is a very visible sign of this.

The Financial Fraud Action group UK estimates that financial fraud cost the UK nearly £755 million in 2015, which is an increase of 26% on the previous year. The fraud prevention organisation Cifas state that 125,000 individuals were affected in 2014.

But why are we seeing this increase?

It’s simple. In the same way that music or film piracy has become mainstream, so has the software needed to carry out fraud attacks on your data. The malware software used to cost thousands of pounds but can now be found for free. Forums and YouTube videos are easily accessible with instructions on how to carry out attacks. It has become easy to access software and information for anyone whether you are seven years old or 70.

The news is littered with new breaches on a daily basis. One of the biggest breaches in the past 12 months was Talk Talk. We saw Talk Talk compromised last year by one individual who accessed the data of thousands of UK consumers. This attack was allegedly carried out with someone with limited cyber fraud knowledge or experience.

Medium sized businesses have become targets with regards to a new type of attack called ransomware. This is a type of malware software that is installed onto a computer without the users knowledge. It then infects the system and restricts access, demanding a ransom from the user before the restrictions are lifted. It is a lucrative business. But it is accessible and the usability of it is surprising.

Smaller businesses also experience this risk as they struggle to afford the security infrastructure those larger organisations like the banks can. Lots of these smaller businesses do not think that they carry interesting enough information for attackers, but these attackers are not fussy. They treat every hack as a win. It is a game and one we need to start getting better at winning.

Find out more on our podcast here.

Securing All the Things: IoT Myths and Realities

By |September 4th, 2015|

IoTThe Internet of Things isn’t a new concept – but it’s certainly one that has gained momentum, particularly within the last year. Recently, we’ve seen more and more connected devices come to market. While connecting our world may bring added convenience to our everyday lives, it’s important to question what we may be sacrificing from a security perspective.

Back in April, news broke around a software glitch that enabled hackers to take control of a Jeep Cherokee while on the road. Cybersecurity experts Charlie Miller and Chris Valasek, working from laptop computers at home, were able to break into the Jeep’s electronics through the entertainment system. The experts were then able to change the speed of the vehicle, alter its braking capability, and manipulate both the radio and windshield wipers. The two described the hack as “fairly easy” and “a weekend project.”

It was recently discovered that not even Tesla Motors is immune to being hacked. This, again, was an attack orchestrated through the car’s entertainment system, though it took closer to a year to pull off. Researchers were able to apply the emergency hand brake, remotely lock and unlock the car, and control the touch screen displays. There is good news – Tesla has already developed a fix, which has been sent to all of the affected vehicles.

Something rarely discussed that warrants consideration from both security professionals and consumers alike is the danger brought on by seemingly innocuous connected products (think: “smart fridge” or “connected toaster”). While the thought of a hacker gaining control of a refrigerator is perhaps less daunting than the idea of them taking control of your steering wheel while on the highway, the reality that these products may serve as a gateway to more sensitive information is something that cannot be ignored.

Just a few weeks ago, a team of hackers uncovered a man-in-the-middle vulnerability in a Samsung smart refrigerator that showed it could be exploited to steal Gmail users’ login credentials. What’s most concerning about this is hackers were able to access a sensitive network, containing users personally identifiable information, through hacking into the refrigerator.

There has been a lot of fear around smart medical devices – but this is one area that may be considered more IoT “myth” than “reality.” Most medical devices don’t currently appear to be connected to the Internet, but rather through Bluetooth. Additionally, because most medical appliances are smaller scale, it’s virtually impossible to integrate a mobile phone connection into devices of this size. Consumer fears around having cellular waves inside the human body have also kept these devices from operating on a mobile phone connection.

Fears around connected smart watches may also be considered an IoT “myth,” at least at this stage, as most are not directly connected to the Internet. That being said, last month HP did discover some major areas for concern, finding that most smart watches did not have two-factor authentication, were vulnerable for man-in-the-middle attacks, and had poor firmware updates.

It’s an interesting debate – and one that will undoubtedly continue as more companies introduce products to compete in this space. What do you think about security risks with the Internet of Things? Weigh in with us on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Global News Recap: Cybercrime Education Takes Off in the UK

By |July 2nd, 2015|

Cyber SecurityWe’ve seen some exciting initiatives underway internationally that encourage important cyber security education.

Just this past month a Scottish secondary school implemented a groundbreaking new course on cybercrime that gives students insight into real-world cybercrime cases. The program is the first of its kind and The Daily Record reports that it has attracted widespread attention from police forces and schools around the UK.

Kyle Academy in Ayr offers this ten-week program to first year students that want to learn about cybercrime. “We worked with police to create a Police Scotland Cyber Security Open Badge – much like you would get in the Scouts,” described Scott Hunter, principal computer science teacher at Kyle Academy. “The police supplied us with real case studies – like extortion on the web – so pupils could relate to what goes on rather than me just saying, ‘This is dangerous’. This had a great impact.”

Continuing Scotland’s focus on cybercrime education, Andrew Denholm of The Herald Scotland reports that Police Scotland has recently increased its collaboration with educators to boost young people’s interest in cyber security. These efforts are to combat a decline in student participation in computer science programs.

Martin Beaton, from Edinburgh University’s School of Informatics said, “The subject is withering and we need to establish why the number of pupils taking it and the number of teachers teaching it are in decline when it is such an important growth area.”

Detective Superintendent Stephen Wilson, from Police Scotland, added, “Crime is going down, but cyber crime is on the increase and it is something of which we all need to be aware. We are now seeing businesses of all different sizes being hit by various forms of cyber crime and there is a desperate need for experts in this field in the future.”

Cybercrime educational initiatives aren’t limited to Scotland. Cyber Security Challenge UK, a series of national competitions and learning programs, has also made headlines over the past few months. In a recent competition finale, amateur cyber security enthusiasts raced to stop a simulated cyber-terrorist attack against London City Hall.

“Both government and business need skilled and talented people to feed the demand for better cyber security in the UK,” said Francis Maude, Minister for the Cabinet Office with responsibility for the Cyber Security Strategy and National Cyber Security Programme, whose department was one of the original founders of the Challenge.

“This competition is the biggest and best yet and events like this play an important role in helping provide the next generation of cyber professionals.”

Should other countries create similar programs for students? Will programs like these help foster the next generation of InfoSec professionals? Let us know what you think on Twitter and Facebook. Be sure to check out our Tumblr for the latest industry news stories.

Digital Wallets in the Crosshairs

By |May 15th, 2015|

Digital WalletsDigital wallets have been a hot topic for us lately. Their use is growing and like all things when it comes to cyber security, online criminals always follow the money. Kaspersky Labs said it best:

“Enthusiasm over this new payment platform (Apple Pay) is going to drive adoption through the roof and that inevitably attracts many cyber criminals looking to reap the rewards of these transactions.”

This “follow the money” mentality was exhibited this week after news came to light of a brute force attack against individual Starbucks mobile wallet accounts. Thieves have been taking advantage of two things to hack in to Starbucks app accounts: consumers’ bad password habits and the ability to try different passwords on the Starbucks app without being locked out. Thieves have been purchasing email addresses and passwords on the underground black market and then using programs to try out these passwords on high-value sites like the Starbucks app. These programs can try hundreds of login combinations in a matter of seconds, and they only need one consumer that has reused credentials to cash in.

We saw a similar process happen to Jomoco – a fictitious small business we created to see just how quickly a small business can be brought down by hackers. Fictional Jomoco employee, Rachel, was guilty of reusing email addresses and passwords across multiple accounts. When we leaked her email address and password for her personal email account on the online black market one of the first things the hackers did was try it out on other sites. They quickly discovered that they could also access her business email account, which happened to host sensitive business information. Long story short, Jomoco was compromised in every way possible in less than an hour – all because Rachel reused passwords. You can read more about Jomoco on our website.

If you use a mobile wallet – whether it’s the Starbucks app or Apple Pay – always use a unique, secure password and turn on two-factor authentication if it is offered. Similar to how we saw a rise in POS breaches in 2013 and 2014, we fully expect to see a growing number of incidents and breaches involving mobile wallets in 2015, especially as consumers and businesses continue to figure out best security practices for this new technology.

Are you hesitant to use digital wallets? How do you combat reusing passwords across multiple sites? Let us know what you think on Facebook, Twitter and LinkedIn!

Load More Posts