September 18, 2019
The Week in Breach: 09/11/19 – 09/17/19
This week, phishing scams continue to trap employees, weak passwords put company data at risk, and the consequences of a breach are higher for SMBs.
Read MoreInside the Ink
September 11, 2019
The Week in Breach: 09/04/19 – 09/10/19
This week, a company loses competitive edge due to breach, healthcare providers struggle to protect PII, and compromised email accounts top the list of cyber insurance claims.
Read More
September 05, 2019
HIPAA 101
Maintaining compliance in today’s ever-changing environment is no easy task, particularly within the healthcare space. In the past, hackers opportunistically targeted providers due to poor security networks and infrastructure. Over time, however, cybercriminals have realized the true value of personally identifiable information (PII) and protected health information (PHI), which can be leveraged for identity theft, financial fraud, and other lucrative attack types. Exposed patient data is quickly becoming a sought-after commodity on underground marketplaces such as the Dark Web, forcing companies and MSPs to take notice. Follow the ID Agent team as we provide a snapshot of the Health Insurance Portability and Accountability Act (HIPAA) today and discuss its implications for your business. History of HIPAA Established in 1996, the Health Insurance Portability and Accountability Act was introduced by the Department of Health and Human Services (HHS) to set standards for data security and privacy in the healthcare sector. The legislation was passed with good intentions but designed for a world that still operated using paper records. As technology drastically shifted market dynamics, some of the provisions quickly grew outdated, Nevertheless, the Security Rule has passed the test of time in many ways, providing administrative, physical, and technical safeguards for protecting individuals’ electronic personal health information. Cybersecurity Guidelines In December of 2018, HHS issued new cybersecurity guidelines in an effort to drive voluntary adoption of best practices. Such guidance could signal impending legislation to come in the near future, so our experts curated some key takeaway: 1) Risk Analysis Organizations must assess all potential risks and vulnerabilities affecting the confidentiality, integrity, and availability of PHI across their ecosystem. This is easier said than done. Many companies underestimate how far PHI travels inside or outside their networks, which have led to costly HIPAA violations in the past. Determining the need for business associate agreements is a key element of a risk analysis, since they govern how entities handle PHI. 2) Social Engineering As evidenced by recent events, healthcare organizations are often subject to phishing and ransomware attacks. Even though employee training and simulated phishing attacks have been recognized as the best defense to mitigating social engineering hacks, they are rarely facilitated (see graph below). Thankfully, BullPhish ID™ offers robust security awareness training campaigns to educate employees and demonstrate the cybersecurity posture of your organization. Employee training – 2019 Security Metrics Guide to HIPAA Semi-Annually Yearly Never train Don’t know how often they train 8% 60% 10% 13% 3) Insider Threats Whether it’s born out of innocent curiosity or malicious intention, employee snooping is a serious vulnerability to PHI. Even worse, it can not only result in HIPAA violations, but also be identified as criminal activity by state attorney generals. As public vigilance of security and privacy continues to increase, being featured in headlines as the victim of an insider attack poses serious consequences for brand equity and customer loyalty. 4) Enterprise Risk Management Iliana L. Peters, Former Acting Deputy Director for HIPAA at HHS, recommends that organizations partner with solution providers that can perform comprehensive risk management and offer expert counsel. Given that the majority of Office for Civil Rights settlements are related to risk management, organizations have a financial incentive to enlist in IT security best practices and training. Solutions Although ongoing HIPAA compliance may seem like an arduous undertaking, it can greatly benefit your organization from a strategic perspective. Far too often, it’s the simple, easy-to-patch vulnerabilities that slip through the cracks and lead to expensive violations or breaches. Even those with advanced defenses can be inadvertently compromised by bad passwords or employee phishing. However, we’re not here to spell out doom-and-gloom. Find out how our experts and solutions can help you: Proactively monitor the Dark Web for compromised employee or patient data Transform your employees into the best defense against cybercrime with simulated phishing attacks and security training Consider implementing Compliance Process Automation Also, download our guide below to see how HIPAA compliance varies by state and region.
Read More
September 04, 2019
The Week in Breach: 08/28/19 – 09/03/19
This week, customer loyalty programs are compromised, employees continue to fall for phishing scams, and data breach costs continue to increase.
Read More
August 29, 2019
Thank You from our CEO: ID Agent Crosses 2,000 MSP Partner Mark and Continues to Expand Globally
A couple weeks ago, I received an email from Matt Solomon, our VP of Business Development, that caused me to stop what I was doing and take a moment to reflect… with a big smile on my face. The email was addressed to ID Agent’s Management Team and simply stated, “As of today, we’ve officially crossed the 2,000-Partner mark!” For some vendors in the channel, this number is comparatively small, but we reached that number in just over two years, as a self-funded startup in a new industry. I think that is pretty amazing! To say I am proud and grateful would be an understatement. We’ve been welcomed into the channel by MSP Partners who value protecting their small and midsized customers’ credentials as much as we do. We’ve used Dark Web ID™ to keep their customers’ data off the Dark Web, and we are so appreciative that each one has trusted our solution. We’re dedicated to helping MSPs grow their businesses and Dark Web ID is a crucial part of that process. As of today, our platform monitors roughly tens of thousands of domains and has reported nearly 10 million compromised records on behalf of our partners! Part of our mission is to extend that protection and revenue-building service we provide beyond North America. We currently have active Partners offering Dark Web monitoring in 22 countries, and we continue to expand that footprint, We’re invested in our Partners’ businesses, and we strive to do all we can to help them succeed. This past year we looked at other ways we can help MSPs to protect their customers, and the logical next step for us was to develop a Security Awareness Training and Anti-Phishing platform. With lots of input from our Partners, we launched BullPhish ID™ and have received excellent reviews from our Partners. With a wide range of phishing templates and training topics, MSPs can help develop employees into the front line of a company’s defense. Speaking of developing new products, we were beyond excited to announce earlier this year that we joined Kaseya. The vision Kaseya has shown in developing their IT Complete platform made them the perfect partner to help us get to the next level. With the backing of the leading provider of IT infrastructure management solutions, we are able to drive bigger and better improvements to our existing products and continue to innovate new security offerings to complement them. The feedback from our MSP Partner community speaks for itself. Every day, I receive emails and messages on LinkedIn raving about our Customer Success team and how they have in some cases literally saved a business, our world-class marketing materials that enable demand generation for MSPs who don’t have a marketing staff, and the educational presentations provided by our Business Development team that expand the value we bring far beyond the products themselves. Those emails make every early morning and late night at work, along with countless hours traveling the globe, totally worth it for me and the ID Agent Team. By the way, our team has grown to more than 50 full-time employees, and we are adding more every week! As we continue to grow, we thank each of you for your loyalty, your insight, and your friendship. Sincerely, ID Agent Awards to Date 1. ASCII 2018: Best Revenue Generator, Charlotte 2. ASCII 2018: Best Revenue Generator, Ann Arbor 3. ASCII 2018: Best Revenue Generator, Toronto 4. ASCII 2018: Best Revenue Generator, Seattle 5. ASCII 2018: Best Partner Involvement, Seattle 6. ASCII 2019: Best Educational Presentation, Orange County 7. ASCII 2019: Best Partner Involvement, Orange County 8. ASCII 2019: Best Partner Involvement, Dallas 9. ASCII 2019: Best Educational Presentation, Bethesda 10. ASCII 2019: Best Partner Involvement, Bethesda 11. ASCII 2019: Best Educational Presentation, Charlotte 12. ASCII 2019: Best Revenue Generator, Denver 13. ASCII 2019: Best Revenue Generator, Toronto 14. ChannelPro SMB Forum 2017: Best New Solution, Newark 15. ChannelPro SMB All-Star Vendor 2018 16. CRN Emerging Vendors 2017 17. CRN NexGen 2017: Best Technology Solution 18. CRN NexGen 2017: Best Tech Talk 19. CRN Emerging Vendors 2018 20. CRN Women in the Channel 2018 21. CRN Xchange 2018: Best Boardroom Execution, Orlando 22. CRN Xchange 2018: Best Xchange Newcomer, Orlando 23. CRN Xchange 2018: Best Boardroom Execution, San Antonio 24. CRN NexGen 2018: Best Technology Solution 25. CRN NexGen 2018: Best Tech Talk 26. CRN NexGen 2018: Best Boardroom Execution 27. CRN Channel Chiefs 2019 28. CRN 100 People You Should Know 2019 29. CRN Security 100 2019 30. CRN Xchange 2019: Best Boardroom Execution, Las Vegas 31. DattoCon 2018: Most Innovative Product 32. DattoCon Barcelona 2018: Best in Show 33. E-Channel News: Best New Solution 2018 34. IOTSSA 2019: Best Security Presentation, Salt Lake City 35. IOTSSA 2019: Best Security Solution, Columbus 36. SMB TechFest: Best Product Q2 2019
Read More
August 28, 2019
The Week in Breach: 08/21/19 – 08/27/19
This week, malware makes networks unusable, gamers lose control of their personal data, and employees are stunningly resistant to improving their account passwords.
Read More
August 21, 2019
The Week in Breach: 08/14/19 – 08/20/19
This week, ransomware threatens a company’s financial future, online shoppers have their payment information stolen by MageCart, and Canada promotes cybersecurity for SMBs.
Read MoreAugust 15, 2019
The link between GDPR and the Dark Web
Over a year after its widely anticipated debut on May 25th, 2018, the General Data Protection Regulation (GDPR) is still a point of confusion for many SMBs. Although our European partners have been keeping a pulse on developments for quite some time, privacy regulations are quickly pervading into the global security landscape across the US, Canada, Australia, and New Zealand with cascading consequences and implications. In order to prepare MSPs and business owners for upcoming change, the ID Agent Team will unravel how the Dark Web and GDPR are inextricably connected. But first, let’s refresh on the basics: A GDPR Crash Course Designed to protect the data security and privacy of EU citizens, the GDPR was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights including the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. Or even worse, 4% of global revenue. Dark Web + GDPR So where does the Dark Web fit into this? Just this past week, we covered a recent report by the Federation of Small Businesses (FSB) proclaiming that UK-based SMBs were suffering nearly 10,000 cyber attacks per day. Although the majority of these are serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These manifest themselves as vulnerabilities caused by password recycling, lost devices, accidental website updates/ emails, and even rogue employee behavior. Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency, and then leverage leaked information to orchestrate crippling fraud tactics. In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches, and will also be held liable for such accidental leaks. For example, the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimization of impact. The Solution The global standards for data protection may be rising, but so have the solution sets for SMBs. By partnering up with MSPs who have enlisted in proactive Dark Web monitoring solutions (like Dark Web ID!), you can future-proof your company from facing GDPR fines or dealing with business process interruptions. Case dismissed. Need more proof? See what Ryan Markel, President of Take Ctrl, LLC, has to say about working with our team: “My clients are so grateful that they are not aware when their passwords are compromised that they are telling their colleagues at other companies they have to work with us”. Sources: https://www.parkersoftware.com/blog/gdpr-dark-web https://www.law.com/legaltechnews/2019/01/23/could-the-gdpr-right-to-access-make-personal-data-more-vulnerable/?slreturn=20190712111548 https://cybersecuritysummit.co.uk/wp-content/uploads/sites/29/2017/10/White-Paper-GDPR-Data-Breaches-the-Dark-Web-June-2017.pdf https://www.swknetworkservices.com/dark-web-breaches-compliance-gdpr/ https://gdpr.report/news/2017/07/03/growing-threat-dark-web/ http://www.securityeurope.info/the-eus-gdpr-and-crime-throwing-some-light-on-the-dark-net/ https://mashable.com/article/how-gdpr-changed-internet-2018/ https://lmgsecurity.com/should-your-data-breach-response-plan-include-dark-web-scanning/ https://cyansolutions.co.uk/monitor-dark-web-stop-security-breaches-fast/ Cybersecurity and GDPR: https://www.ncsc.gov.uk/information/GDPR UK’s Cyber Essentials certification: https://www.cyberessentials.ncsc.gov.uk/advice/
Read More
August 14, 2019
The Week in Breach: 08/07/19 – 08/13/19
This week, a data breach causes travel delays, ransomware compromises the first day of school, and small businesses are enduring an unprecedented number of data breaches.
Read More
August 13, 2019
Just Announced: ID Agent To Deliver Cyber Security Certification at GlueX
ID Agent will be offering a Pre-Day MSP Security Certification at GlueX! Taught by our very own Senior Threat Analyst, Duncan Miller, those in attendance will learn the fundamentals for offering an effective core security program.
Read More