Tag: breach

You’ve Been Breached: Now What?

by ID Agent

It can happen to anyone – you’ve taken steps to limit your exposure to a cyber incident. You’ve purchased and implemented top-of-the-line IT solutions. You’ve carefully thought about security best practices and strived to adhere to them. But somehow, you’ve just become the latest victim of a data breach. It might have been discretely packaged ransomware hidden in a seemingly innocent application file. Perhaps it was the result of poor password management. Maybe your employees were duped by a convincing phishing e-mail. But at this point, the only question racing through your mind is, “What do I do next?” Stop The Bleeding: Secure Your Operations Move quickly to secure your systems and fix vulnerabilities that may have caused the breach. The only thing worse than a data breach is multiple data breaches. Your first priority is to take steps to ensure it doesn’t happen again. To do this, you will need to assemble a breach response team to conduct a comprehensive review. Depending on the size and nature of your company, they may include forensics, legal, information technology, operations, or other concerned stakeholders. If you do not have an internal response team, you should contact your Managed Service Provider (MSP) immediately. A reliable MSP should be able to diagnose the source of the breach, or work with a digital forensics team to do so. Be sure to check your network segmentation. When you set up your network, you likely segmented it so that a breach on one server or in one site could not lead to a breach on another server or site. Work with your response team to analyze whether your segmentation plan was effective in containing the breach. If you need to make any changes, now is the time. Find out if measures such as encryption were enabled when the breach happened. You will also want to analyze backup data to ensure no vulnerabilities remain. Be sure to review logs to determine who had access to the data at the time of the breach. Finally, update credentials and passwords of authorized users. If a hacker stole credentials, your system will remain vulnerable until you change them, even if you’ve removed the hacker’s tools. Determine Your Legal Exposure Depending on the nature and location of your business, you may face some legal implications related to a data breach. Most states, the District of Columbia, Puerto Rico, and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. In addition, depending on the types of information involved in the breach, there may be other laws or regulations that apply to your situation. Check state and federal laws or regulations for any specific requirements for your business. The first step in determining your exposure is to verify the types of information compromised, the number of people affected, and whether you have contact information for those people. Once you have gathered this information, report the breach to your local police department immediately. The sooner law enforcement learns about the theft, the more effective they can be in thwarting identity theft. If your local police aren’t familiar with investigating information compromises, contact the local office of the FBI. If your data breach includes electronic health information, you will have additional considerations to account for. You will need to consult the Health Breach Notification Rule to see if your situation requires compliance, and if so, who you must notify, and when. Additionally, check if you’re included in the HIPAA Breach Notification Rule. If so, you must notify the Secretary of the U.S. Department of Health and Human Services (HHS) and in some cases, the media. HHS’s Breach Notification Rule also explains who you must notify, and when. Notify, Notify, Notify While you might want to sweep a data breach under the rug, it is highly inadvisable to do so – both for the above legal requirements, and for the ecosystem of other individuals and entities who depend on your disclosure to stay safe. You will need to notify individuals whose data was compromised as a result of the breach. If you quickly inform people that their personal data has been compromised, they can take steps to reduce the chance that their information will be misused. For example, criminals who have stolen names and Social Security numbers can use that information not only to sign up for new accounts in the victim’s name, but also to commit tax identity theft. People who are notified early can take steps to limit the damage through identity monitoring, among other measures. When notifying compromised individuals, the Federal Trade Commission (FTC) suggests that you: consult with your law enforcement contact about the timing of the notification so it doesn’t impede the investigation designate a point person within your organization for releasing information consider offering a year of free credit monitoring or other support such as identity theft protection or identity restoration services Most states have breach notification laws that tell you what information you must (or must not) provide in your breach notice. Unless your state law says otherwise, you’ll want to clearly describe what you know about the compromise, including how it happened, what information was taken, how the attackers have used the information (if you know), what actions you have taken to remedy the situation, and what actions you are taking to protect individuals and how to reach the relevant contacts in your company. Learn From Your Mistakes A comprehensive review of your information systems will eventually reveal the vulnerability that was used to compromise your data. However, in most cases data breaches are statistically caused by two key attack vectors: stolen user credentials and human error. To ensure that your organization is not breached again, you can get ahead of the hackers by regularly updating passwords and enrolling in a Dark Web Monitoring service. This will ensure that you are alerted any time your credentials are for sale in the marketplaces cybercriminals depend on to gain access to your critical resources. Lastly, you can take steps to transform your employees into your first and best line of defense. Consider a Security Awareness Training platform to execute simulated phishing campaigns and educate vulnerable users about security best practices. Otherwise, your organization is only one click away from yet another breach. ID Agent provides a robust suite of services to address the risks faced by MSPs and that of their SMB clients. BullPhish ID™ delivers security awareness training and phishing simulations created specifically to help employees recognize and avoid phishing traps. Dark Web ID™ monitors the dark web for employee and supply chain credential exposure, which most often results from using those credentials on third-party websites. SpotLight ID™ provides comprehensive personal identity protection and restoration services for employees and customers, mitigating risk and providing peace of mind.

Read More

Winner Announced in Dark Web ID Contest!

by dana

We are excited to announce the winner of our “Tell Us Your Story” contest! Jeff Reiter of RWK IT Services in Frankfort, IL submitted our winning testimonial, as voted on by a committee of 10!

Read More

Stay Cyber-Safe When Shopping Online

by dana

We were thrilled to see how many of our MSP Partners utilized the resources we provided to help educate their customers during National Cybersecurity Awareness Month in October.

Read More

The Week in Breach

by Kevin Lancaster

Breaches are flying high this week thanks to Air Canada! China’s hospitality industry targeted and the data shows up on the Dark Web. And, in an effort to cut out Google’s cut, the creators of the game Fortnite create massive security challenges for unwitting gamers.

Read More

Big Data Big Breach

by Kevin Lancaster

Your name, the gender of your kids, your interests, your religion and a lot of the things that make you… well YOU, have been exposed. In the last couple of years, the idea of one’s personal information being obtained by hackers has become more than familiar to the general public. If a website you use is compromised, you change your password. If your credit card was skimmed while filling up your car, you get a new card and contact your bank. One’s digital identity is constantly under attack and most of us have come to accept this. This kind of breach can be countered with identity monitoring, good password hygiene and general attentiveness to one’s activity online. The kind of data that the Florida-based marketing firm Exactis has left exposed, sourced from millions of Americans and businesses, is much more… intimate.

Read More

The Week in Breach: 6/04/2018 – 6/10/2018

by Kevin Lancaster

Breach news to share with your customers! This week shows no shortage of targeted attacks designed to extract large datasets from a broad range of consumer sites. Travel, finance and entertainment sites were targeted, impacting more than 100,000,000 unsuspecting victims. If anything, this week clearly demonstrates why individuals need to proactively monitor for their compromised data with tools like ID Agent’s SpotLight ID – Personal Identity & Credit Monitoring Solutions. The events of this week also clearly demonstrate why businesses must monitor for compromised credentials that can be used to exploit internal systems and to compromise or takeover customer accounts.

Read More

The Week in Breach: 5/21/18 – 5/27/18

by Kevin Lancaster

Breach news to share with your customers! Highlights from The Week in Breach: - You’d better reboot your router… NOW! - Nation states injecting malicious apps into play stores to steal your stuff. - Malware infects healthcare system impacting 500,000 Marylanders. - Time from detection to acknowledgment and response getting slower and slower and slower.

Read More

The Week in Breach 4/23 – 4/30

by Kevin Lancaster

Breach Updates and News Small Business Can Use! Not Worried About that Public Data Breach? You Should be! Credential Stuffing Bots are on the rise and working overtime to exploit you!

Read More

The Week in Breach: 4/2/18 – 4/8/18

by Kevin Lancaster

There is a storm brewing over at Facebook. I will reserve summary and comments for next week - after Zuckerberg testifies. I will say however, the simple fact is that you did not/do not need to be a data analytics firm to harvest data and profile millions (potentially billions) of Facebook users. More to come...

Read More

I Now Have Everything I Need to Exploit You.

by Kevin Lancaster

MSPs should read this, then enroll themselves and every customer in SpotLight ID NOW Chances are, you’ve come across cleverly-crafted ads on sites like CNN.com, Facebook, Yahoo and others that say something like, “Use this site to find out anything… about anyone.” If you are like most good citizens, you probably passed up on the opportunity to use one of these sites to dox, or to search for and publish private or identifying information about an individual on the Internet, typically with malicious intent. Good for you!

Read More