data breach Archives – Brain Trust Technologies LLC

Is your data safe from the Facebook data breach?

May 1, 2018 admin Security 2018may1security_c, cambridge analytica, data, data breach, facebook, global science research, social, social media, this is your digital life

Businesses have made lots of money using social media to engage with current and potential customers for years now. But after a recent breach, some users are reevaluating Facebook’s reputation. Read on to know how this concerns you and if you must do something about it.

Last month, news broke that a firm known as Cambridge Analytica collected private data from over 50 million Facebook users. The British company supposedly used this information in 2016 to influence voter behavior during the US presidential election and UK’s Brexit campaign.

How did they harvest the data?
In 2015, a Facebook personality quiz app called “This is Your Digital Life” was created by Cambridge psychology professor Aleksandr Kogan. Around 270,000 Facebook users signed up and gave information about themselves in exchange for humorous results.

What users didn’t know was that Kogan’s firm, Global Science Research, struck a deal with Cambridge Analytica to share the information that was gathered. Aside from collecting information about the Facebook users, the app also mined some data about the users’ friends.

Information collected was based on:

Data from other platforms that are also owned by Facebook, including Instagram and WhatsApp
Advertisers and other third-party partners
Apps and websites which use Facebook services
Your location
The devices you use for Facebook access
Payments handled by Facebook
Your Facebook connections and networks
Messages, photos and other content that other users send to you
The information you disclose to Facebook
Your activities on Facebook

What happened to the sourced information?
Cambridge Analytica analyzed the collected data to create psychological profiles and invent better political drives to influence whom people would vote for. Although there is still a huge debate about how effective this plans were, there’s no doubt that tens of thousands of users were manipulated into signing away their data without knowing it.

What can I do to keep my information safe?
Remove third-party apps that use your Facebook account. Visit your “Settings” menu and go to “Apps”. You should see the list of all the services that are using information about your Facebook profile. Check on each app, and if you don’t need it or use it anymore, delete it to revoke its access.

If you need more information on how to keep your data secure, feel free to give us a call today!

Published with permission from TechAdvisory.org. Source.

Equifax finds more users hit by major breach

March 14, 2018 admin Security 2018march14security_c, credit freeze, dark web monitoring, data breach, equifax, fraud alert, security

Everyone thought the worst was over when credit-reporting agency Equifax revealed that the credentials of 145.5 million people in the US were leaked. However, the company recently discovered that there are more victims from the major breach. Here’s everything you need to know.

What happened?
On March 1, Equifax reported that the names and driver’s license numbers of approximately 2.4 million Americans were stolen. According to the company, sensitive information like home addresses, home states, or the license issue and expiration dates were not leaked. Equifax said these breaches were discovered only recently because their forensic investigations primarily focused on stolen Social Security numbers.

In response, the company said that anyone affected would be notified directly. They’re also now offering a security program designed to prevent identity theft and credit tampering. However, given the company’s poor track record, not many are willing to enroll.

When the company first announced the breach in September last year, the tool used to check whether an account had been hacked didn’t work and came up with false positives. Fortunately, there are other things you can do to protect yourself.

Monitor your credit
Consider looking through your credit reports for any suspicious spending. If you spot any new accounts, loans, and other payments you don’t recognize, contact your credit card company to report fraudulent transactions.

Check the dark web
Compromised data is often sold to the highest bidder on the dark web, so most Equifax data can probably be found there. To see whether your personal information has indeed been compromised, sign up for dark web monitoring services. Then consult with a security professional to discuss your options.

Place a credit freeze
One way you can prevent hackers from opening credit cards and making payments in your name is to freeze your credit. When you implement this, anyone masquerading as you will be required to provide a PIN to unfreeze your account. Contact the credit bureaus (Equifax, Experian, TransUnion) to activate this service.

Set fraud alerts
When you set a fraud alert, credit card companies and businesses must verify your identity before opening an account or making any payments. Together with a credit freeze, alerts will make it extremely difficult for hackers to steal your identity.

Learn to identify phishing scams
Because Equifax is notifying data breach victims directly through email, hackers could take this opportunity to send fake messages that direct users to dangerous websites. As such, knowing how to identify phishing scams (suspicious URL links, attachments, and spelling errors) is vital.

Dealing with data breaches is a long and frustrating process, especially for businesses that just want to focus on growing their operations. So if you have any security concerns, call us today. We have the cybersecurity expertise to protect you.

Published with permission from TechAdvisory.org. Source.

Google releases year-long security study

November 21, 2017 admin Security 2017november21security_c, account hijacking, data breach, google, keylogging, multi-factor authentication, Passwords, phishing, research

Your passwords are the gateway to your files, money, and identity, so it’s no surprise that hackers are constantly trying to steal them. Most cybercriminals will use malware to do the trick, but they also have other means at their disposal. Google’s year-long security investigation provides the details.

The results
From March 2016 to March 2017, Google and UC Berkeley researchers examined three main ways hackers hijack accounts:

Keylogging software – a malicious program that records computer users’ keystrokes
Phishing emails – to lead people into dangerous websites
Stolen passwords – available to the highest bidder

In just one year, Google found 788,000 successful keylogging attacks, 12.4 million victims of phishing attacks, and 1.9 billion accounts exposed via login credentials sold on the black market.

Researchers suggest the reason so many accounts are hacked is because people tend to reuse their passwords, which means if one set of login credentials is exposed, other accounts could be compromised.

Phishing is also a big threat because it targets users — the weakest links in your cybersecurity. The strongest password or security system won’t mean anything if your employees constantly fall for online scams.

Protecting your accounts
There are several things you can do thwart account hijacking. For starters, you should set strong and unique passwords for each account to minimize data breaches.

While the general rule in the past was to set a complex password — a mix of letters, numbers, and symbols — recent studies suggest that longer, 20-character “passphrases” are much tougher to crack. If you find it difficult to remember several passwords, consider using a password manager, which not only stores all your passwords, but can generate strong passwords, too.

To deal with phishing attacks, you should activate multi-factor authentication on your accounts. This adds an extra layer of identity verification to your password (e.g., a fingerprint scan or a temporary security key sent to your phone), making your login details ‘unphishable.’

Security training is also crucial. This includes teaching your employees about what phishing attacks look like and instructing them on password protection best practices so they never fall victim to account hijacking.

The bottom line is not only that strong password security requires strong defense mechanisms; you and your employees must be vigilant, too.

Need more advice on keeping your business safe? Call us today! We provide critical security updates and comprehensive support services to help you stay well ahead of cybercriminals.

Published with permission from TechAdvisory.org. Source.

Equifax sheds light on incident response

October 3, 2017 admin Security 2017october3security_c, cybersecurity, data breach, equifax, incident response, security

What would you do right now if you discover that your business’s database is hacked and a huge number of your customers’ data gets leaked? Speechless, with dismay, but you need to act, decently. In this case, it helps to have a good incident response plan in place, so your business won’t suffer the same fate as Equifax, which is an interesting story we’re about to tell.

What happened to Equifax?

Equifax, the huge American credit agency announced in September 2017 that its database was hacked, resulting in a leak of tons of consumers’ private data, including personally identifiable information of around 143 million US citizens. It included names, social security numbers, addresses, birthdates, and credit card and driver’s license numbers.

Equifax responded by setting up a new site, www.equifaxsecurity2017.com, to help its customers determine whether they had been affected and to provide more information about the incident.

Soon after, Equifax’s official Twitter account tweeted a link that directed customers to www.securityequifax2017.com, which is actually a fake site.

Fortunately for Equifax’s customers, the fake phishing site was set up by a software engineer who wanted to use it for educational purposes and to expose flaws in Equifax’s incident response practice. So, no further harm was done to the already-damaged customers, and Equifax is left with even more embarrassment.

So what did Equifax do wrong?

One of the huge mistakes Equifax made in responding to its data breach was setting up a new website to give updated information to its consumers outside of its main domain, equifax.com.

Why? You first need to know that since the invention of phishing scams, phishers have been creating fake versions of big companies’ websites. That’s why so many major corporations buy domains that are the common misspellings of their real domains.

You should also know that phishers can’t create a web page on the company’s main domain, so if Equifax’s new site was hosted there, it’d be easy for customers to tell whether the new page was legitimate and not be fooled by a fake domain name.

What’s obvious from this embarrassing misstep is that Equifax had never planned for a data leak. And this is an unforgivable oversight by a company that handles the information of over 800 million consumers and more than 88 million businesses worldwide.

Don’t repeat Equifax’s mistake

Whether your business is a small startup or as big as Equifax, it needs to prepare for a data breach. Besides having a comprehensive network defense plan, you also need to have the right incident response plan in place.

So what you should do after you’ve discovered the leak is, first of all, be upfront with your customers and notify them as soon as possible.

You also need to establish a message that includes the following information:

How the leak occurred
How the leak could affect your customers
How you will prevent future attacks
What your company will do to support affected customers

You should also create a web page to keep your customers up to date. But remember, the new web page should be under your company’s primary domain name.

As we’ve seen from Equifax, an incident response plan that’s robust is a must. Feel free to talk to our experts about how you can come up with an acute one — so you won’t have to repeat Equifax’s apologetic statement, since it doesn’t help the company redeemged reputation at all.

Published with permission from TechAdvisory.org. Source.

Get fat savings with thin and zero clients

July 6, 2017 admin Hardware 2017july6hardware_c, cooling, data breach, desktop, energy consumption, hardware, hardware cost, management, thin client, virtual desktop, zero client

When you have several cost-effective options like cloud computing and managed services providers, IT spending should never get out of control. And if you want to cut back even further, trade in your expensive desktops for thin and zero clients.

What are thin and zero clients?
Thin clients are stripped-down computers with minimum processing power and memory. They rely on a basic operating system and a network connection to access a more powerful system where almost all computing processes take place.

Zero clients work the same way. The only difference is that there’s no local storage or operating system installed on the device; all the software, storage, and processing power sits on a server until you need it. This setup makes it ideal for cutting costs, and here’s why.

Reduced hardware costs
When it comes to upfront costs, thin and zero clients are the obvious choice. Conventional desktops start at $300 per user, while thin clients can go for as low as $90 per user. And since they have no hard drive or other moving parts, lean devices tend to be more durable and have a longer lifespan than their traditional counterparts.

Simplified IT management
Another benefit of thin clients is that they can be managed from a server. Suppose a new software update was released. Instead of manually downloading the patch on each computer, you can simply install the update on your server and roll it out to all thin clients. Apart from upgrades, you can make backups, security configurations, and application deployments in the data center. This quickens setup, reduces downtime, and increases employee productivity.

Minimized security risks
Thin clients also help you avoid costly malware attacks and data breach incidents. Your employees and poorly managed endpoints are the biggest vulnerabilities with traditional desktops. Thin and zero clients reduce these problems by limiting direct access to the operating system. This prevents employees from copying sensitive data to removable media and installing software, malicious or otherwise.

If your thin client is damaged or corrupted, you don’t have to worry about your data, as it’s originally stored in an impenetrable server.

Decreased energy consumption
Because processing is done locally, traditional desktops generate a lot of heat and require more power, which results in huge power and cooling bills at the end of the month. By contrast, thin and zero clients consume only 4-6.5 watts of power, almost 1/50th of thick client requirements. What’s more, they require little to no cooling, allowing you to enjoy significant cost savings.

When looking for cost-cutting solutions, thin and zero clients should never be overlooked. The reduced hardware costs, power bills, and security risks are just too good to pass up. But if you’re still unsure about this technology, give us a call. We’ll assess your tech needs and determine whether or not thin or zero clients can help you succeed.

Published with permission from TechAdvisory.org. Source.