Tag: Managed Service Provider

December 12, 2019

The Relationship Between Healthcare & The Dark Web

A data breach is disastrous for any company in any industry, but the healthcare sector is an especially high-stakes arena where data security is of utmost importance and under continual attack. Few types of data are as valuable as Personal Health Information (PHI) and other health-related data like prescription information, health insurance login information, or insurance data. There is a ready market for this information on the Dark Web where healthcare provider information is known to sell for as much as $500 per listing. While patient information goes for significantly less money, as little as $3.25, hackers can make up the difference by selling in bulk, which is part of the reason that today’s hackers are more ambitious than ever, and they are taking the fight to healthcare providers’ digital front doors. Indeed, no one has been spared from the scourge of data breaches afflicting the healthcare system. In October, we reported on a data breach at Tu Ora Compass Health, a national health service that implicated the personal data for more than a million New Zealanders. However, hundreds of smaller healthcare providers, lab service providers, and other healthcare SMBs managing copious amounts of patient data are also under attack. McAfee Labs identified the healthcare sector as one of the most frequently targeted sectors today, far outpacing finance, media, retail, technology, and many others. In total, more than 38 million healthcare records have been exposed this year alone, and this trend shows little sign of abating, which means that defense is the only option. Keep reading to gain a better understanding about the current state of data security in healthcare, which serves as a cautionary tale for companies in every sector striving to keep their data secure. The Current State of Data Security in the Healthcare Sector Never ones to miss an opportunity, cybercriminals have been upping their game in 2019, adapting their techniques to extract data from healthcare providers. A recent survey by Malwarebytes identified a 60% increase in trojan malware detections in the first nine months of 2019, compared to all of 2018. At the same time, ransomware attacks are inflicting costly damage on patient records. In the first quarter alone, hospitals saw a 195% increase in this attack strategy. These data breaches are more than just a costly inconvenience. In the health care sector, it can cost patient lives. Hard data is emerging that connects data breaches and patient outcomes. For instance, researchers found that, after a data breach, “as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined in the new study.” In a very real way, data security is a life or death issue that relies on many moving pieces to ensure data security and patient well-being. For better or worse, not all data breaches occur in house. Third-party software vendors continue to be a top attack point; however, in many cases, it’s not the software that’s to blame. According to a report on the state of cybersecurity in the healthcare industry, staff negligence provides an open door for phishing and spear phishing attacks that ultimately compromise patient data. With a robust market for patient data and other healthcare-related information, hackers will continue to innovate their methodologies, making it increasingly difficult to identify their tactics. That doesn’t mean that your business is defenseless. How You Can Protect Yourself Despite a complicated cybersecurity environment, healthcare providers aren’t powerless to protect themselves against costly data breaches. Notably, malware attacks – both ransomware and otherwise – require employees to engage with the malicious material for it to be effective. Simply put, bad actors may be able to target healthcare providers with copious amounts of harmful material, but, without an adequate response, much of their efforts are fruitless. Similarly, phishing and spear phishing campaigns can’t compromise credentials unless users hand them over. It’s estimated that 80% of data breaches are attributable to employee negligence, as scams and other malicious emails routinely make their way to employee inboxes causing breach fatigue that puts patient data at risk. Therefore, healthcare providers who offer comprehensive employee awareness training improves their chances of successfully defending against these attacks. In an ever-evolving threat landscape, this training prepares all employees to become a defensive asset in the quest to protect patient data. At the same time, simple security upgrades like two-factor authentication and strong, unique passwords across all accounts can minimize risk exposure while placing barricades in the way of anyone trying to steal patient or company data. Conclusion In 2019 and beyond, providing the best patient care will require a revised take on the Hippocratic Oath. Simply put, first doing no harm will require intentional efforts to protect patient data. It’s a difficult task, but it’s not impossible. Rather than leave it up to chance, partner with ID Agent, which offers an array of products and services that support your data security initiatives: Designed to protect against human error, BullPhish IDTM simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. When paired with AuthAnvilTM, you can protect your employees’ password integrity by offering integrated multi-factor authentication, single sign-on, and identity management solutions to protect your credentials and your data. With a robust market on the Dark Web, cybercriminals have millions of reasons to continue attacking healthcare IT, which means that defensive maneuvers need to begin right away.

Read More
November 26, 2019

4 Phishing Attack Trends of 2019

Few cyber threats are as prevalent and costly as phishing attacks. In 2018, Microsoft documented a 250% increase in phishing campaigns, which masquerade as legitimate products or services but actually carry malicious payloads that steal credentials and compromise IT integrity. To no surprise, the rise of phishing attacks continues to trend upward and is wreaking havoc for SMBs and enterprises alike. Even as companies implement automated defenses intended to keep phishing attacks out of employee inboxes, many inevitably make their way through. A recent survey found that nearly half of respondents reported malicious emails reaching employee inboxes every week, and 20% indicated that they experienced a data breach as a consequence of a phishing vulnerability. In fact, Verizon’s 2019 Data Breach Investigations Report concluded that ⅓ of all cyberattacks begin with a phishing scam. To maintain an edge, hackers are continuously evolving their strategies and improving their attack methods, making their efforts increasingly difficult to detect. In other words, employees may not be fooled by phony emails from a foreign leader or celebrity, but they could be compromised by a call or IM from their manager or CEO. Follow along as the ID Agent team outlines four of the latest phishing attack trends that you’ll want to know in order to protect your business. #1 Increased Personalization The past several years have seen billions of records compromised, and the consequences far exceed the immediate media scrutiny and consumer backlash that follows in the wake of breach. Cybercriminals are repurposing exposed information to craft sophisticated phishing campaigns that are camouflaged with authentic-looking information purportedly from known and trusted sources. For example, we recently reported on an Ocala City employee who transferred $640,000 to a fraudulent bank account in response to a spear phishing campaign that contained a legitimate invoice amount from one of the city’s construction contractors. Similarly, Italian precision engineering companies are facing a slew of phishing attacks that seem to originate from potential clients. Such emails will include company and sector-specific details and be embedded with a Microsoft Excel document that hosts malicious, credential stealing code. #2 Multi-platform Approaches Phishing scams are commonly associated with email messages, but today’s cybercriminals are taking advantage of diverse communication platforms to posit messages in our various inboxes. Often hackers leverage SMS and social media accounts to reach their victims. SMS phishing attacks, colloquially known as “smishing,” are targeting users’ reflexive instinct to trust and respond to text messages on their phone. Targeting users on their social media is no different and can have a similar result. In 2019, Facebook is the most impersonated social media platform, with a 176% year-over-year increase in phishing URLs. To be effective, hackers rely on the perception of authenticity, and reaching users on these familiar platforms can trick unsuspecting victims into handing over the keys to their accounts. #3 HTTPS Encryption In addition to reaching users in familiar territory, hackers are deploying the internet’s sign posts of security to elicit the trust of their victims. Specifically, cybercriminals are manipulating HTTPS, the internet protocol that denotes encryption and security, to trick users into a false sense of security. It’s estimated that 58% of all phishing campaigns use HTTPS, which both makes it less likely that users will identify the fraudulent website and that internet browsers will flag the unsecured connection. This tactic has become so prevalent that the FBI issued a public warning this summer urging people to take special care to evaluate their digital communications for intent rather than relying on traditional representations of internet security. #4 Dynamic BEC Campaigns Between the treasure trove of data available on the Dark Web to the information readily published on company websites, hackers can effectively impersonate higher-ups or IT administrators with staggering effectiveness. Business Email Compromise (BEC) scams rely on personalization, and today’s hackers dialogue directly with their victims to gain trust. Once achieved, hackers send a simple request, like editing a document or filling out a form that ultimately directs victims to a phishing website. To increase their efficacy, many cybercriminals include these links in attachments, which makes them both harder to detect by software and less likely to be identified by readers. Staying one step ahead It’s evident that phishing scams will continue to keep IT admins up at night for years to come. However, there is a silver lining. Unlike other cyber attacks, phishing scams are only effective if they are acted upon, and companies can mitigate such threats with regular, comprehensive awareness training to their employees. With the right solutions provider, you can equip your employees to stay abreast of emerging threats, report potential misuses of data, and transform themselves into the first and best line of security against cybercriminals. Whether you’re a small business or large enterprise, you have the power to stop phishing attacks from stealing employee credentials or proprietary information. Our BullPhish ID™ program simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started: https://www.idagent.com/bullphish-id.

Read More
November 11, 2019

The Unseen Consequences of Data Breaches

It’s no secret that the costs associated with data breaches are trending upward at alarming rates. Just this year, IBM’s annual Cost of a Data Breach Study found that the average cost of a single data breach is approaching $4 million. Although IT repair, identity monitoring services, and regulatory fines quickly make their way to financial statements, others covertly chip away at the bottom line over time. Simply put, it’s not enough to add up the quantifiable costs of a breach when assessing the ROI of cybersecurity in the equation. Companies must also factor in the unseen consequences of a data breach, which can often result in even more damage than initial costs. Patching up vulnerabilities and offering free credit monitoring as a post-breach response only treats the symptoms, while the underlying disease continues to progress. Keep reading to learn about four cascading consequences of data breaches that can impact your company in the long run. #1 Reputational Damage Reputational damage and brand erosion in the wake of a breach is not easily measured, as it is carries on for years after news of an attack. The Ponemon Institute estimates that 65% of data breach victims lose their trust in a brand after a data breach. Even worse, consumers voice their displeasure within their circles, a phenomenon that is magnified with the advent of the internet. Interactions Marketing notes that 85% will tell others about the breach, and more than 30% will take to social media to complain about the company. For today’s consumers, a data breach is akin to a scarlet letter that can brand a business for years. Whether it’s an SMB or large corporation, the efforts to overcome this stigma greatly outweigh the costs of protection, since companies often don’t always have a say in whether or not customers will give them a second chance. #2 Customer Attrition As frightening as it may sound, today’s consumers do not forgive companies that cannot protect their data and are increasingly more likely to stop spending altogether after a breach. A recent study by Business Wire found that 81% of consumers would stop engaging with a brand online following a breach, destroying years of relationship-building and promotional efforts. In fact, 80% of customers are willing to take their business elsewhere. Ultimately, customer rejection can be the proverbial nail in the coffin that prevents companies from ever truly recovering from a data breach. It’s estimated that 60% of SMBs fold within six months of a data breach. As one enraged Equifax consumer told The Wall Street Journal, “if I can’t trust Equifax to do their own job, I’m not going to hand them my money and say, ‘Hey, watch this for me.’” This customer’s sardonic take serves as an eerie warning to all businesses: data breaches have lasting effects. #3 Continued Attacks Companies compromised by a data breach can find themselves or their customers victimized again in the future. The rise of credential stuffing attacks makes it increasingly likely that hackers will apply previously stolen data to easily access accounts and IT infrastructure, often without detection. Nearly a quarter of all data breaches occur due to stolen credentials, and successive attacks only make reputational recovery and renewed customer confidence more difficult to achieve. Find out how Dark Web ID™ can shield your organization from credential stuffing attacks here: https://www.idagent.com/dark-web/ #4 Increased Premiums Cybersecurity insurance are becoming a widely adopted practice within the industry, yet their value can be easily skewed. As we reported last month, such plans do not holistically cover the cost of a data breach. As more customers cash in on these insurance plans, the costs increase and companies that file a claim can expect their premiums to rise. Moreover, many businesses discover that their policies provide insufficient protection against financial loss, as insurance companies battle to restrict payouts. In one case, a cyberinsurance company only agreed to pay $50,000 on damages to a company that exceeded $2 million. Cybersecurity insurance is by no means a “silver bullet” and could even invite additional costs after a data compromise. Applying the best solution Although the unseen consequences of a breach may appear worrisome, we’re not here to spell out doom and gloom. By being proactive, you can protect your institution from being victim to a breach, and future-proof yourself in the event of an attack. Cybersecurity needs to be a bottom-line, top priority at every company. Especially for SMBs who often lack the financial and personnel resources to recover from a breach, partnering with a managed service provider can provide the oversight and protection needed to navigate today’s digital environment. ID Agent provides a comprehensive set of people-centric cybersecurity solutions to private and public sector organizations worldwide. See how you can leverage solutions for Dark Web Monitoring, password management, and employee training to safeguard your customers, employees, and organization from breach. Resources https://www.ibm.com/security/data-breach https://www.centrify.com/media/4772757/ponemon_data_breach_impact_study_uk.pdf https://www.interactionsmarketing.com/press-releases/interactions-finds-45-percent-of-shoppers-dont-trust-retailers-to-keep-information-safe/ https://www.businesswire.com/news/home/20191022005072/en/ https://www.forbes.com/sites/forbestechcouncil/2017/12/08/mind-the-trust-gap-how-companies-can-retain-customers-after-a-security-breach/#2235b64f6c95 https://www.inc.com/joe-galvin/60-percent-of-small-businesses-fold-within-6-months-of-a-cyber-attack-heres-how-to-protect-yourself.html https://www.wsj.com/articles/the-capital-one-hack-life-in-the-time-of-breach-fatigue-11564824600 https://info.idagent.com/blog/stop-credential-stuffing-attacks https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf https://info.idagent.com/blog/the-week-in-breach-09/25-10/01/19 https://slate.com/technology/2018/07/cyberinsurance-company-refuses-to-pay-out-full-amount-to-bank-after-hacking.html

Read More
October 24, 2019

How to Stop Credential Stuffing Attacks

A quick glance at recent reports or news headlines paints a dismal picture of the data breach landscape in 2019. Both by the measure of the number of companies compromised and the number of records accessed, breach incidents are occurring at a record-setting pace, with over four billion records exposed for misuse and abuse this year.

Read More
October 03, 2019

NCSAM 2019: Cybersecurity is a shared responsibility

If we were to record a time-lapse of cybersecurity awareness over time, it would reveal an exponential curve driven by news headlines of privacy breaches and data misuse. In today’s fast-paced digital environment, the most practical solutions for securing organizations and users are often clouded by bright shiny objects. Recognizing this trend, the theme for this month’s 16th annual National Cybersecurity Awareness Month (NCSAM) is: “Own it, Secure it, Protect it”. Follow along as the ID Agent team breaks down the basics and outlines how cybersecurity is truly a shared responsibility for us all, as consumers, SMBs, and MSPs. You are what you consume In the wake of the heavily publicized Facebook and Cambridge Analytica scandal, it’s no secret that even seemingly innocuous information in our digital profiles is incredibly valuable to hackers. To make matters worse, it is constantly being exchanged on the Dark Web in order to be exploited in the near future. Social media is a double-edged sword, enabling us to innovate and communicate at rapid speeds, but also inviting cybersecurity threats that can compromise personal data. How can we strike the right balance? OWN IT. By understanding your digital profile, keeping privacy settings updated, and monitoring applications, you can take control of your personal information. Vigilance becomes increasingly relevant as we begin to see more social engineering methods, where fraudsters will take the guise of someone you trust in order to siphon your friend’s, family’s, or company’s data.

Read More
September 26, 2019

Best Practices for GLBA and FINRA Compliance

When it comes to security compliance and regulatory oversight across America, no verticals or functions are being spared. The financial services industry is one that has recently come under scrutiny, as stakeholders begin to realize the sensitivity of data flowing through their processes and organizations. Keep reading for a breakdown of Gram-Leach-Bliley Act (GLBA) compliance, along with a checklist of the top 10 cybersecurity best practices as reported by the Financial Industry Regulatory Authority, Inc. (FINRA). Financial Privacy and Safeguards The Gram-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, requires financial institutions to explain how they share and protect their customers’ private information. Additionally, these rules apply to entities outside of the financial services industry that process or receive such information, which can range from real estate companies to tax preparers and more. Below are the two key components to the GLBA, with the second holding specific implications for data security: Financial Privacy Rule – In order to be compliant, organizations must communicate how they share sensitive data, inform customers of their right to opt out of information-sharing agreements, and explain how they protect customer data. Safeguards Rule – Regulating the confidentiality of customer information is separated into three main initiatives: employee security awareness training, information systems, and system failure. Although there are many steps and requirements, we’ve got you covered. With BullPhish ID™, you can check security awareness training off the list and move one step closer to compliance. The ROI of Compliance At this point, you may be wondering why you have to be compliant. The threat of non-compliance penalties may seem enough, amounting to $100,000 per violation, but it barely scratches the surface. Individuals can face additional charges that include prison time, and although the risk of reputational damage is not easily quantifiable, it is often even more crippling. In a world where customer loyalty and trust are king, unauthorized sharing or leaks in customer data can result in brand erosion and revenue loss. Practice Makes Perfect As your go-to solutions provider, we’re not here to spell out doom-and-gloom, but instead to help solve your problems. Click the link below to download the Small Firm Cybersecurity Checklist by FINRA: https://www.finra.org/compliance-tools/cybersecurity-checklist. Ready to take the first step to being GLBA compliant? Learn how BullPhish ID can help you easily manage the recommended security awareness training:

Read More
September 05, 2019


Maintaining compliance in today’s ever-changing environment is no easy task, particularly within the healthcare space. In the past, hackers opportunistically targeted providers due to poor security networks and infrastructure. Over time, however, cybercriminals have realized the true value of personally identifiable information (PII) and protected health information (PHI), which can be leveraged for identity theft, financial fraud, and other lucrative attack types. Exposed patient data is quickly becoming a sought-after commodity on underground marketplaces such as the Dark Web, forcing companies and MSPs to take notice. Follow the ID Agent team as we provide a snapshot of the Health Insurance Portability and Accountability Act (HIPAA) today and discuss its implications for your business. History of HIPAA Established in 1996, the Health Insurance Portability and Accountability Act was introduced by the Department of Health and Human Services (HHS) to set standards for data security and privacy in the healthcare sector. The legislation was passed with good intentions but designed for a world that still operated using paper records. As technology drastically shifted market dynamics, some of the provisions quickly grew outdated, Nevertheless, the Security Rule has passed the test of time in many ways, providing administrative, physical, and technical safeguards for protecting individuals’ electronic personal health information. Cybersecurity Guidelines In December of 2018, HHS issued new cybersecurity guidelines in an effort to drive voluntary adoption of best practices. Such guidance could signal impending legislation to come in the near future, so our experts curated some key takeaway: 1) Risk Analysis Organizations must assess all potential risks and vulnerabilities affecting the confidentiality, integrity, and availability of PHI across their ecosystem. This is easier said than done. Many companies underestimate how far PHI travels inside or outside their networks, which have led to costly HIPAA violations in the past. Determining the need for business associate agreements is a key element of a risk analysis, since they govern how entities handle PHI. 2) Social Engineering As evidenced by recent events, healthcare organizations are often subject to phishing and ransomware attacks. Even though employee training and simulated phishing attacks have been recognized as the best defense to mitigating social engineering hacks, they are rarely facilitated (see graph below). Thankfully, BullPhish ID™ offers robust security awareness training campaigns to educate employees and demonstrate the cybersecurity posture of your organization. Employee training – 2019 Security Metrics Guide to HIPAA Semi-Annually Yearly Never train Don’t know how often they train 8% 60% 10% 13% 3) Insider Threats Whether it’s born out of innocent curiosity or malicious intention, employee snooping is a serious vulnerability to PHI. Even worse, it can not only result in HIPAA violations, but also be identified as criminal activity by state attorney generals. As public vigilance of security and privacy continues to increase, being featured in headlines as the victim of an insider attack poses serious consequences for brand equity and customer loyalty. 4) Enterprise Risk Management Iliana L. Peters, Former Acting Deputy Director for HIPAA at HHS, recommends that organizations partner with solution providers that can perform comprehensive risk management and offer expert counsel. Given that the majority of Office for Civil Rights settlements are related to risk management, organizations have a financial incentive to enlist in IT security best practices and training. Solutions Although ongoing HIPAA compliance may seem like an arduous undertaking, it can greatly benefit your organization from a strategic perspective. Far too often, it’s the simple, easy-to-patch vulnerabilities that slip through the cracks and lead to expensive violations or breaches. Even those with advanced defenses can be inadvertently compromised by bad passwords or employee phishing. However, we’re not here to spell out doom-and-gloom. Find out how our experts and solutions can help you: Proactively monitor the Dark Web for compromised employee or patient data Transform your employees into the best defense against cybercrime with simulated phishing attacks and security training Consider implementing Compliance Process Automation Also, download our guide below to see how HIPAA compliance varies by state and region.

Read More
August 29, 2019

Thank You from our CEO: ID Agent Crosses 2,000 MSP Partner Mark and Continues to Expand Globally

A couple weeks ago, I received an email from Matt Solomon, our VP of Business Development, that caused me to stop what I was doing and take a moment to reflect… with a big smile on my face. The email was addressed to ID Agent’s Management Team and simply stated, “As of today, we’ve officially crossed the 2,000-Partner mark!” For some vendors in the channel, this number is comparatively small, but we reached that number in just over two years, as a self-funded startup in a new industry. I think that is pretty amazing! To say I am proud and grateful would be an understatement. We’ve been welcomed into the channel by MSP Partners who value protecting their small and midsized customers’ credentials as much as we do. We’ve used Dark Web ID™ to keep their customers’ data off the Dark Web, and we are so appreciative that each one has trusted our solution. We’re dedicated to helping MSPs grow their businesses and Dark Web ID is a crucial part of that process. As of today, our platform monitors roughly tens of thousands of domains and has reported nearly 10 million compromised records on behalf of our partners! Part of our mission is to extend that protection and revenue-building service we provide beyond North America. We currently have active Partners offering Dark Web monitoring in 22 countries, and we continue to expand that footprint, We’re invested in our Partners’ businesses, and we strive to do all we can to help them succeed. This past year we looked at other ways we can help MSPs to protect their customers, and the logical next step for us was to develop a Security Awareness Training and Anti-Phishing platform. With lots of input from our Partners, we launched BullPhish ID™ and have received excellent reviews from our Partners. With a wide range of phishing templates and training topics, MSPs can help develop employees into the front line of a company’s defense. Speaking of developing new products, we were beyond excited to announce earlier this year that we joined Kaseya. The vision Kaseya has shown in developing their IT Complete platform made them the perfect partner to help us get to the next level. With the backing of the leading provider of IT infrastructure management solutions, we are able to drive bigger and better improvements to our existing products and continue to innovate new security offerings to complement them. The feedback from our MSP Partner community speaks for itself. Every day, I receive emails and messages on LinkedIn raving about our Customer Success team and how they have in some cases literally saved a business, our world-class marketing materials that enable demand generation for MSPs who don’t have a marketing staff, and the educational presentations provided by our Business Development team that expand the value we bring far beyond the products themselves. Those emails make every early morning and late night at work, along with countless hours traveling the globe, totally worth it for me and the ID Agent Team. By the way, our team has grown to more than 50 full-time employees, and we are adding more every week! As we continue to grow, we thank each of you for your loyalty, your insight, and your friendship. Sincerely, ID Agent Awards to Date 1. ASCII 2018: Best Revenue Generator, Charlotte 2. ASCII 2018: Best Revenue Generator, Ann Arbor 3. ASCII 2018: Best Revenue Generator, Toronto 4. ASCII 2018: Best Revenue Generator, Seattle 5. ASCII 2018: Best Partner Involvement, Seattle 6. ASCII 2019: Best Educational Presentation, Orange County 7. ASCII 2019: Best Partner Involvement, Orange County 8. ASCII 2019: Best Partner Involvement, Dallas 9. ASCII 2019: Best Educational Presentation, Bethesda 10. ASCII 2019: Best Partner Involvement, Bethesda 11. ASCII 2019: Best Educational Presentation, Charlotte 12. ASCII 2019: Best Revenue Generator, Denver 13. ASCII 2019: Best Revenue Generator, Toronto 14. ChannelPro SMB Forum 2017: Best New Solution, Newark 15. ChannelPro SMB All-Star Vendor 2018 16. CRN Emerging Vendors 2017 17. CRN NexGen 2017: Best Technology Solution 18. CRN NexGen 2017: Best Tech Talk 19. CRN Emerging Vendors 2018 20. CRN Women in the Channel 2018 21. CRN Xchange 2018: Best Boardroom Execution, Orlando 22. CRN Xchange 2018: Best Xchange Newcomer, Orlando 23. CRN Xchange 2018: Best Boardroom Execution, San Antonio 24. CRN NexGen 2018: Best Technology Solution 25. CRN NexGen 2018: Best Tech Talk 26. CRN NexGen 2018: Best Boardroom Execution 27. CRN Channel Chiefs 2019 28. CRN 100 People You Should Know 2019 29. CRN Security 100 2019 30. CRN Xchange 2019: Best Boardroom Execution, Las Vegas 31. DattoCon 2018: Most Innovative Product 32. DattoCon Barcelona 2018: Best in Show 33. E-Channel News: Best New Solution 2018 34. IOTSSA 2019: Best Security Presentation, Salt Lake City 35. IOTSSA 2019: Best Security Solution, Columbus 36. SMB TechFest: Best Product Q2 2019

Read More
August 15, 2019

The link between GDPR and the Dark Web

Over a year after its widely anticipated debut on May 25th, 2018, the General Data Protection Regulation (GDPR) is still a point of confusion for many SMBs. Although our European partners have been keeping a pulse on developments for quite some time, privacy regulations are quickly pervading into the global security landscape across the US, Canada, Australia, and New Zealand with cascading consequences and implications. In order to prepare MSPs and business owners for upcoming change, the ID Agent Team will unravel how the Dark Web and GDPR are inextricably connected. But first, let’s refresh on the basics: A GDPR Crash Course Designed to protect the data security and privacy of EU citizens, the GDPR was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights including the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. Or even worse, 4% of global revenue. Dark Web + GDPR So where does the Dark Web fit into this? Just this past week, we covered a recent report by the Federation of Small Businesses (FSB) proclaiming that UK-based SMBs were suffering nearly 10,000 cyber attacks per day. Although the majority of these are serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These manifest themselves as vulnerabilities caused by password recycling, lost devices, accidental website updates/ emails, and even rogue employee behavior. Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency, and then leverage leaked information to orchestrate crippling fraud tactics. In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches, and will also be held liable for such accidental leaks. For example, the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimization of impact. The Solution The global standards for data protection may be rising, but so have the solution sets for SMBs. By partnering up with MSPs who have enlisted in proactive Dark Web monitoring solutions (like Dark Web ID!), you can future-proof your company from facing GDPR fines or dealing with business process interruptions. Case dismissed. Need more proof? See what Ryan Markel, President of Take Ctrl, LLC, has to say about working with our team: “My clients are so grateful that they are not aware when their passwords are compromised that they are telling their colleagues at other companies they have to work with us”. Sources: https://www.parkersoftware.com/blog/gdpr-dark-web https://www.law.com/legaltechnews/2019/01/23/could-the-gdpr-right-to-access-make-personal-data-more-vulnerable/?slreturn=20190712111548 https://cybersecuritysummit.co.uk/wp-content/uploads/sites/29/2017/10/White-Paper-GDPR-Data-Breaches-the-Dark-Web-June-2017.pdf https://www.swknetworkservices.com/dark-web-breaches-compliance-gdpr/ https://gdpr.report/news/2017/07/03/growing-threat-dark-web/ http://www.securityeurope.info/the-eus-gdpr-and-crime-throwing-some-light-on-the-dark-net/ https://mashable.com/article/how-gdpr-changed-internet-2018/ https://lmgsecurity.com/should-your-data-breach-response-plan-include-dark-web-scanning/ https://cyansolutions.co.uk/monitor-dark-web-stop-security-breaches-fast/ Cybersecurity and GDPR: https://www.ncsc.gov.uk/information/GDPR UK’s Cyber Essentials certification: https://www.cyberessentials.ncsc.gov.uk/advice/

Read More
August 13, 2019

Just Announced: ID Agent To Deliver Cyber Security Certification at GlueX

ID Agent will be offering a Pre-Day MSP Security Certification at GlueX! Taught by our very own Senior Threat Analyst, Duncan Miller, those in attendance will learn the fundamentals for offering an effective core security program.

Read More

Please fill in the form below to subscribe to our blog