Topics:Internet Security Identity Theft 101 Data Breach News Business Security Tax Identity Theft Medical Identity Theft Scams
Guest Post by Dan Matthews What is your company doing to prevent the next big cyber attack? If you don't have a good answer to that question, then you are putting your business at risk. Every year, cyber attacks from all around the globe are infiltrating the computers of businesses and consumers alike, and the companies that take the biggest hits are finding it harder to bounce back. The fact is that you never know when the next big data breach will occur, but if you prepare accordingly, you can prevent your business from becoming a victim. Know the risks As sad as it is to think about, every business big and small is at risk of cyber attacks. In fact, there is a hacker attack every 39 seconds, and 43 percent of attacks are dealt to small businesses. Large corporations often have vast IT departments to fight off these threats, but smaller businesses usually have to fight on the local level with smart security decisions. Don’t worry. It can be done. The key is to be vigilant in your efforts to prevent cyber attacks because the damage done can often bring a business to its knees, as 60 percent of companies close their doors six months after an attack. The cost to bring your business back after a major breach can often reach around $250 for every record that is stolen. But that’s not it. When customers realize their information has been compromised, they will blame your business and lose trust in your services, putting your reputation at risk. Once they feel slighted, they may never return. Diligence is needed from day one, so if you haven’t already, it is time to create a risk assessment. Think about your company and the products you produce. Then think of all the potential threats that could happen to your business, everything from cybercrime to natural disasters. What precautions do you have in place to prevent the damage from these issues, and if they do occur, what are the steps you have lined out to remedy the issue? These are all important answers that you must have in writing and make sure every individual that is part of the plan knows their assignment. Keep your customers safe The next step is to seal any holes in your current digital armor. Start with your website. Ensure that you have a proper firewall that is set up correctly to block attacks. Then, put a lot of attention into the antivirus software that monitors your site. Make sure your software is regularly updated and that you scan your system regularly. During these scans, take note of any vulnerabilities and work to safeguard those leaks. You should also have all essential information backed up on secure and dependable servers. Backups should occur weekly or daily so that you can access the necessary files if you are the victim of any number of intrusions, including ransomware attacks that can corrupt your current systems. It is wise to keep your backup servers in a secure location that is not connected to your main system so they can not be likewise corrupted. If you use mobile devices around the office, including phones or tablets, you need to keep that equipment secure as well. Mobile devices should be encrypted so that stolen data cannot be used by those without authority. You could also consider a private network, so your devices are “hidden” from people who are not meant to see them. If tablets are only used on company premises, then ensure that they stay there and that they are properly locked up at the end of the day. Finally, make sure that all security software is updated regularly. Educate all employees While your business leaders may be on board with a stronger stance on cybersecurity, if the employees aren’t on the same page, they may unknowingly open the door to attacks. The threat of cybercrime is so high that many companies are requiring mandatory security awareness training sessions that keep everyone abreast of current threats and how to fight them. Such training shows employees the bigger picture, including how attacks happen, what hackers can do with the data they steal, and how an attack affects not only the business but also their well-being. Many common-sense solutions can make a big impact on data protection, and it starts with passwords. A good password should be difficult to guess and include a combination of letters, numbers, and special characters. On top of passwords, two-factor authorization should be implemented, which has the employee use a hardware token or even biometric identification in addition to a password. Computers should never be left unattended, and screens should be locked whenever the employee leaves the desk. One of the most frequent hacker schemes that can catch employees and consumers off guard is an email attack. One popular method is spear phishing, which is a targeted attack that usually occurs in the form of an email that looks like your standard communication.. However, it often includes a link or attachment, that when clicked or opened, actually creates a hidden door into your organization. Users are lured into clicking the links because the emails are set up in such a way that they look like they are from an authority, like your bank or employer, so they create a sense of urgency. There are common signs of phishing emails that employees need to look out for: It comes from an email address that looks official but is off by a letter or two. The body of the email contains many spelling errors. It is written with a sense of urgency along with a link you were not expecting. In the end, it is every company's responsibility to protect their data against cyber attacks. Although hackers are always getting smarter, they still need to gain access to your systems, so heed these tips and stay a step ahead. Dan Matthews is a writer with a degree in English from Boise State University. He has extensive experience writing online at the intersection of business, finance, marketing, and culture. You can find him on Twitter and LinkedIn.
Guest Post by Lori Wade The current business environment is incredibly competitive and relentless. With excessive competition, companies will take any measure necessary to surpass the competition. That includes stealing sensitive information from their competitors. This is a serious offense that could cost the company millions in fines, while CEOs get prison time for several years. Nevertheless, companies still take that risk. However, companies are not the only threats that you face in this industry, as hackers can hold your private and confidential information ransom. Hence why your company must protect its confidential information, especially since all it takes to hack into a company is an internet connection and a laptop.To preserve the integrity of your business, here are a few ways that you can protect and improve the protection of your confidential information: 1. Limit access The first thing that you can do to secure your company better is to limit the access of confidential information to a handful of people. And although transparency is vital to building trust within the company, it should not come at the cost of the company’s secrets. For this, we recommend using virtual data room security. Keep employees on a need to know basis and keep a handful of people that you can trust with sensitive information. Giving only a few people access to sensitive information can reduce the risk of information spreading. Furthermore, when fewer people know, the easier it will be to track down the leak in the system. 2. Notify the new employer Employees leave their jobs to move on and develop their careers elsewhere; it’s a part of their journey and happens all the time. Whether it is because of disputes over the locale, payment, or travel times, it is not uncommon for employees to go for better jobs; especially when they are in higher positions. And if that employee had access to confidential information, you can send a letter to your competitor, informing them about the legal obligations that their new employee has. While this may not be news to the recipient, it shows that the former company is aware of its legal bindings. This makes for a chilling legal effect, which can stop the new company from enticing your former employees. 3. Conduct an exit interview Speaking of your employees leaving, it is always important for you to conduct an exit interview before they leave. The exit interview is not just a formality; it is a reminder that your employee should return any tangible confidential information to the company. This is also the time that you should remind them of their legal obligation to your company about the disclosure of company secrets. Of course, the exit interview should not be a threat to your employee; treat it instead like a friendly reminder of their agreements. 4. Review NDAs of all your employees NDAs, or non-disclosure agreements, are paramount in the information age. They legally bind your employees to keep company secrets; otherwise, the company can take them to court. However, these NDAs are only valid until a certain period, after which confidential information is no longer subject to the contract. You will have to look out for this, as the end of the NDA means that employees can freely share confidential information without any consequence. So be sure to check this timeframe on your NDAs before signing them. 5. Add a confidentiality policy to your employee handbook If you do not already have a confidentiality policy in your employee handbook, now would be a good time to include one. This clause also has to spell out how your employees will be handling this confidential information. A good example of this is the disposing of documents. Instead of simply placing documents in the recycling bin or the garbage, employees handling sensitive information should shred tangible evidence and permanently delete files. This agreement will also have to be consistent with other employment agreements as well as other legal obligations. 6. Add non-disclosure provisions to employment contracts Now, this is not necessary for every employee in a company. After all, not everyone will have access to confidential information. That being said, this should be a part of any employment contract in which the employee will be allowed to access company secrets. The contract should also be clear on what the company considers confidential or not. The contract should hold the employee accountable for returning tangible company secrets to the rightful owners. And even though there are laws regarding confidentiality among employees, these provisions show that your company takes this matter very seriously. 7. Label the information In court, employees who violate their NDA and disclose company secrets can claim that they did not know the information was confidential. And if proved to be correct, the employee will not have to face any charges. Therefore, putting distinctly visible labels on classified documents can save your company a fortune and can avoid mistakes like your employees accidentally disclosing company secrets. Labeling should be on both hardcopy documents and softcopy files, and the label can be something simple like "Property of XYZ Company" or "Classified." 8. Develop confidentiality training Other than spelling out confidential proceedings for your employees in their handbook, a training program can also prove to be very beneficial for them. As part of an onboarding process, employees will be able to learn how to handle classified information. Of course, seminars held in the office are not necessary, as online training and videos can also make for great learning experiences. The benefit of online videos is also that employees can access it at any time. The bottom line All of the different points and suggestions above can be summarized to train your employees, to handle classified information and inform them of confidential policies. These two alone are possibly the best ways to improve the security of company secrets and will allow your company to protect its assets better. The best part about these steps is that none of them violate your employee’s trust, while still allowing you to maintain a healthy relationship with your employees. In conclusion, taking active steps to protect your confidential information is a necessity in the age of a digital workplace. Lori Wade is a writer who is interested in a wide range of spheres from business to entrepreneurship and new technologies. If you are interested in M&A or virtual data room industry, you can find her on Twitter and LinkedIn or find her on other social media.
Guest Post by Kerry HarrisonIt seems that a day does not go by without news of a data breach. From small local businesses to the big players, like Yahoo and Home Depot, no one is immune to the threat. To understand just how damaging a data breach could be, it is important to look at how much this could cost your company. And, of course, the costs aren’t just monetary. In this article, we are going to take a look at some of the statistics that have been gathered regarding the true cost of a data breach, as well as assessing the impact such a scenario could have on the future of your company. The true cost of a data breach There have been a number of studies regarding the cost of a data breach. However, most would agree that one reliable resource is the “Cost of a Data Breach” study, which is conducted by the Ponemon Institute and IBM. The 2018 survey is the 13th addition of this annual report. It revealed the average worldwide cost of a data breach is $3.86 million, representing a 6.4 percent increase on the year before. In the United States specifically, the average data breach is much higher than the worldwide average, coming in at around $7.9 million. The survey also revealed that there has been an increase in the average cost per each stolen or lost record that contained confidential and sensitive information. This has increased to $148 per record, which is a 4.8 percent increase when compared with 2017.The fact that the average data breach cost in the world is found in the United States is a reason to be concerned. The U.S. took this title by a very wide margin. The second most expensive country in terms of data breaches is Canada, with an average of $4.74 million per incident. This was followed by Germany ($4.67 million), France ($4.227 million), and the United Kingdom ($3.68 million). There has also been an interesting study conducted by Kaspersky, which delved into how these data breach expenses are made up. The survey, which involved interviewing over 6,000 employees working across the globe for various businesses, concluded that the biggest expense in the event of a data breach is spending money on the emergency improvement of software and infrastructure. The average cost of this is $193,000, which represents a one-and-a-half times increase on the year before.The second biggest expense for businesses is reputational damage. The average spent on this is $180,000, and this money can be attributed to increased insurance premiums and damaged credit ratings. Of course, this merely scratches the surface of the different costs. You then have to factor in the fines that are often imposed on firms that have been deemed irresponsible for failing to protect their customers’ data. Aside from this, large sums of money are also spent on security-awareness training. The impact a data breach will have As mentioned in the introduction, while the monetary impact of a data breach is huge, you will also suffer in terms of reputational damage too.Trust is incredibly difficult to build in any relationship, especially that of client and business. If you break your trust through giving away your client’s private data, this is going to be incredibly difficult to repair. It is going to take significant time and money, and many businesses are never able to come back from this. When you search your company’s name online, the news of the breach will flood the web. Counteracting this can be almost impossible. Spending money to save money Needless to say, you will want to make sure that these figures do not become a reality by protecting your business and preventing a data breach. This involves spending a bit of money to save your company millions in the future. Here are some essential steps to take to prevent a data breach from happening at your business: Start with all of the basics, such as a secure firewall and VPN. Avast VPN is a recommended choice. This will work to mask your IP address. Enforce restrictive data permissions. Classify your business data. Provide employees with training. Did you know that insider attacks are the most common? Typically, they aren’t malicious, yet occur due to a lack of knowledge regarding safe practices. Update your software whenever prompted. Enforce two-factor authentication. Back up your business’ data with a secure provider. Hopefully, you now have a better understanding regarding the true cost of a data breach. One thing is for sure: sums of money like this aren’t something you can simply turn a blind eye to. Many businesses have had to close their doors for good because of a data security incident. To make sure you don’t fall into this category, use the advice that has been provided above. Kerry Harrison is a full-time freelance content writer, with a First Class Hons degree in Multimedia Journalism BA. She currently writes for VPN Geeks.
Businesses and employees are often major targets of identity theft and cybercrime. And there are three reasons why. When it comes to cybercrime, businesses are easy targets. They typically hold a massive amount of both employee and consumer data as well as banking and partner information. If a hacker can breach a company's system and can get their hands on the data the company is storing, then they have the potential to not only put the company out of business, but also cause major damage. A good amount of damage can also come from business identity theft. According to businessidtheft.org, "...business identity theft involves the actual impersonation of the business itself. It can occur through the theft or misuse of key business identifiers and credentials, manipulation or falsification of business filings and records, and other related criminal activities intended to derive illicit gain to the detriment of the victimized business; and, to defraud creditors and suppliers, financial institutions, the business' owners and officers, unsuspecting consumers, and even the government." Lastly, business employees are regular targets of identity theft because they often lack security training, have personal information to steal, and they often know company passwords and other vital company information that can also be stolen. Cyber criminals and identity theft criminals can target employees via email, websites, and even phone calls. So, what should you do to protect both your identity and the company's identity while working? We asked a few identity theft and cybersecurity experts to give some tips. Here's what they said. Keep an eye on emails "Be mindful of calls, emails, or texts asking details about your workplace, or your personal life. Some try to fake HR divisions of employers or management companies such as ADP payroll or WageWorks for other benefits; always ensure the numbers and email correspondences match the official website and have 'https' as the URL prefix." — Dennis Chow, CISO of SCIS Security "Phishing and the more specifically tailored spear phishing are the most common ways that malware that can lead to identity theft is downloaded. Learning to recognize spear phishing emails, using security software intended to screen out phishing emails (although the software is far from perfect) and refraining from clicking on any links unless they have been confirmed to be legitimate are crucial steps in protecting yourself from identity theft. In addition, people should consider limiting the personal information that they make available through social media which can provide information to be used to fashion spear phishing emails." — Steve Weisman, Identity Theft and Scam Expert "Report any suspicious emails to your company's IT or Cybersecurity team. The team will be able to confirm the phishing attempt and prevent any additional attempts from that email." — Cameron Williams, Co-founder and CTO of OverWatchID Don't skip out on training "Get security training. Often, employers provide education about security vulnerabilities, like e-mail phishing, ransomware programs, and social engineering." — Mike Brengs, Managing Partner of Optimal IdM "Staff should be trained on identifying and disposing of phishing emails. Never click on links or attachments in unsolicited emails, always double check the sender's email address — not just their display name — and never give anyone private information over email." — Paul Bischoff, Privacy Advocate at Comparitech.com Be careful when giving out information "Use secure methods of communication when having to transmit sensitive or confidential details to your workplace office such as encrypting your documents with a password, and then giving the password over a separate medium such as text or phone (do not use passwords that you use for yourself)." — Dennis Chow "Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person's authority to have the information. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email. Don't send sensitive information over the Internet before checking a website's security." — Mike Brengs “The first step is to know your rights as an employee. Depending on where you live, you may be protected from granting your employer access to your social media accounts, for example. Employers are also limited as to what information they can request as part of a background check. Employees in the US are generally protected by law from wiretapping and other communication monitoring while at work without consent." — Paul Bischoff Pay attention to passwords "Create the best passwords that are hacker-proof but easy to remember. Bonus if there's a trick to making a different password for different accounts but a way to remember them all. The best passwords contain at least 12 characters. Mix up the letters, numbers, and symbols as much as possible. For example, consider using a $ instead of an S or a * instead of a vowel. The newest trend in password safety is the use of password phrases. Instead of simply using a word with a mixture of letters, numbers, and symbols, use a relatively long phrase but one you can remember." — Justin Lavelle, Chief Communications Director of BeenVerified "Password Maintenance. By password maintenance, I mean, regularly updating your passwords across your life (accounts, phones, etc.) with a minimum of yearly review. Most users I run across use the same password across all of their portals, which is scary because using the same password now becomes a threat vector to the workplace and can compromise the employer too. Password managers can help with this. As a security professional, I prefer 1Password because I can control the database across my devices and no other entities have access to it, for a one-time/lifetime fee where many password managers have subscriptions etc. I also get asked what is a good best practice/industry standard for passwords and I mention 8-64 character length with complexity and the use of password managers." — Derek Iannelli-Smith, vCIO and Founder of Outsourced CIO, LLC Be smart with security questions "Use nonsensical answers for security questions. Common security questions have answers that can be readily found online by a determined identity thief; however, there is no rule that requires you to use your mother's actual maiden name as the answer to the security question as to what is your mother's maiden name. Instead, you can use something nonsensical like 'firetruck' which is silly enough to remember and will never be found by an identity thief." — Steve Weisman "If you’re answering security questions on a website, social media account, etc.—never simply answer a question with one word that can be easily hacked. If you’re asked for the name of your first pet and the pet’s name is 'Ben', instead of simply typing 'Ben,' make it harder to crack by using 'B*n#1.' This would take a tremendous effort for decoding." — Justin Lavelle Get the right protection "Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. Take advantage of any anti-phishing features offered by your email client and web browser." — Mike Brengs "Whatever cloud service you are using, enable threat protection. Because I am an Office 365 fan, many of the products and feature of the subscription, accommodate 2FA, Password maintenance, and policies that can be pushed down an organization based upon industry standard templates (PHI, PII, PCI DSS, HIPAA, GDPR, etc.). These policies can be pushed throughout the entire ecosystem (OneDrive, Email, Azure, etc.)." — Derek Iannelli-Smith "Install a good firewall and anti-virus software, enforce a strong password policy and limits on who has access to your systems." — Justin Lavelle "Use ad blockers to prevent malware from being downloaded merely by employees going to infected sites." — Steve Weisman Key Takeaways: Protect your identity in the workplace with these steps • Keep an eye on emails • Don't skip out on training • Be careful when giving out information • Pay attention to passwords • Be smart with security questions • Get the right protection Regardless of where you work, you should always strive to secure both your information and your employer's information. Identify theft is an advancing crime and continues to be a major threat to employees and businesses alike. It's highly recommended that you follow the tips above and do your own research on avoiding identity theft in and out of the workplace.