Posts

When Your Identity is on the Dark Web

Dark Web Threat AlertsAs a courtesy to our existing clients and prospective clients, we have been running complementary Dark Web Summary Scans of their domains. These summary scans let us know how many email addresses from each domain currently appear on dark web and identity theft websites. We can then perform a more detailed scan and analysis to identify the specific user identities.

The results are fascinating.

Of 200 domains recently scanned:

  • 87.4% had at least one potential identity compromised
  • The average number of potentially compromised identities is 41%
  • 16% of the companies had more exposed identities than users, indicating breaches occurred from multiple sources

What does this mean?

Just because employee@yourcompany.com appears on a dark web or identity theft site does not mean that the user account on your system has been breached.

It does mean, however, that a breach is likely. And, the more exposed identities for your domain, the greater the risk.

How does it work?

Chances are, your employees are using their work email address, employee@yourcompany.com, as their login identity for other systems.  These other systems are often work related services like Uber, Dropbox, online banking, credit cards used for business expenses, etc. Studies show that about 80% of people use the same or substantially similar passwords across systems.

If there is a data leak or breach at one of these third party services, hackers will test the identity on other systems.  If you have an employee whose email and password were leaked in one of the Dropbox incidents, for example, cyber criminals will test that email address and password, along with similar passwords, across common services like G Suite, Office 365, Facebook, LinkedIn, Instagram, and others.

A compromised identity on a third party service can easily lead to a breach of your systems.

What to do:

  • Get the Details:
    Get a detailed scan on your domain to clearly identify which user identities are exposed and at risk.
  • Mitigate Your Risk:
    Work directly with identified staff to reset passwords. Run additional scans on their systems for malware.
  • Communicate:
    Educate, train, and guide users on the risk of identity breach and how to avoid becoming a victim. Provide guidance, coaching, and policies around the use of company email addresses on other systems and best practices for password selection and management.
  • Challenge:
    Periodically test your employees using “honeypot” and “sandbox” methods to determine who is following best practices and who remains susceptible to attack.
  • Monitor:
    Monitor your domain, and personal accounts of key executives, for future issues and respond accordingly.

Next Steps

Your best next step is to contact us (email or web) to

  1. Request a detailed Dark Web Scan
  2. Discuss security education and testing services
  3. Setup on-going monitoring for your domain

 

 

Yet Another Yahoo! Breach

Yahoo Mistreats CustomersFor the second time this year, Yahoo! acknowledges a major security breach.  This time, the breach occurred in 2013, resulting in the data loss of roughly 1 billion, (Yes, BILLION) accounts.  More than usernames and passwords this breach included security questions and answers.

But, here are the scary facts:

  1. Yahoo! was unaware of the breach until a third party notified them that their user information was for sale on the “dark web”
  2. Yahoo! admits it was unaware of the breach and does not know how it happened

Because Yahoo! accounts are used behind the scenes in multiple services, and you may be using your Yahoo! identity for other sites and apps, the potential impact of the breach is just plain scary.


Maybe it is time to Move From Yahoo!.  Contact us to learn how.


 

Security Alert: Protect Your Google Apps Account from Being Hacked

Data Protection
Over the past 4 to 6 weeks, we have seen an alarming increase in the number of Google Apps accounts that have been “hacked” across both our business and education customers.

Google Apps security is NOT the issue.  ALL of the hacked accounts are due to compromised user identities.

In every case we have encountered, the users have used their Google Apps email address and password with another service that has had a breach, or has had malware on their computer that provided username and password keystrokes to the hackers.

In both types of incidents, hackers then log in as the user and cause mayhem.

We strongly recommend the following actions:

1) Educate your users that they are not to use their Google Apps password for any other account not explicitly authorized. Users should also not use their Google Apps email address as the username for personal accounts with other services.

2) Check Your Systems for malware and make sure your endpoint protection is up to the task. If not, we recommend Webroot Endpoint Protection and Web Security Services (the link is to our edu site, but the service is available to business and government customers as well).

3)  Implement Two-Factor Authentication (2FA).  In business environments, users should be using 2FA to secure their accounts.  Implementation can be involved if you have other services linked to Google Apps, as you will need to generate service-specific passwords.

In education environments, 2FA is not practical for all users, as students and many faculty members may not have mobile devices available to access the Authenticator.  For schools, we recommend any user with partial or full administrative privileges have 2FA active.


Activating 2FA is covered by our support agreements.

For customers and others without support agreements, mention this blog post and we will discount our hourly support fee by 10%; W

We will discount Webroot deployment fees by 50%.  

Both offers expire on December 31, 2014.

Please contact our Service Desk for 2FA assistance; contact Sales regarding Webroot.

 

USPS Data Breach: What SMBs Can Learn


As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service.  You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.

You are wrong.

The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.

Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.

Malware is the inbound marketing tool for hackers and identity thieves. 

When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.

Your business needs protection in place, and awareness of the scope of the problem is the first step.  Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.


Please contact us for a complimentary review of your current data protection coverage.