Tag: PII

October 24, 2019

How to Stop Credential Stuffing Attacks

A quick glance at recent reports or news headlines paints a dismal picture of the data breach landscape in 2019. Both by the measure of the number of companies compromised and the number of records accessed, breach incidents are occurring at a record-setting pace, with over four billion records exposed for misuse and abuse this year.

Read More
October 03, 2019

NCSAM 2019: Cybersecurity is a shared responsibility

If we were to record a time-lapse of cybersecurity awareness over time, it would reveal an exponential curve driven by news headlines of privacy breaches and data misuse. In today’s fast-paced digital environment, the most practical solutions for securing organizations and users are often clouded by bright shiny objects. Recognizing this trend, the theme for this month’s 16th annual National Cybersecurity Awareness Month (NCSAM) is: “Own it, Secure it, Protect it”. Follow along as the ID Agent team breaks down the basics and outlines how cybersecurity is truly a shared responsibility for us all, as consumers, SMBs, and MSPs. You are what you consume In the wake of the heavily publicized Facebook and Cambridge Analytica scandal, it’s no secret that even seemingly innocuous information in our digital profiles is incredibly valuable to hackers. To make matters worse, it is constantly being exchanged on the Dark Web in order to be exploited in the near future. Social media is a double-edged sword, enabling us to innovate and communicate at rapid speeds, but also inviting cybersecurity threats that can compromise personal data. How can we strike the right balance? OWN IT. By understanding your digital profile, keeping privacy settings updated, and monitoring applications, you can take control of your personal information. Vigilance becomes increasingly relevant as we begin to see more social engineering methods, where fraudsters will take the guise of someone you trust in order to siphon your friend’s, family’s, or company’s data.

Read More
September 26, 2019

Best Practices for GLBA and FINRA Compliance

When it comes to security compliance and regulatory oversight across America, no verticals or functions are being spared. The financial services industry is one that has recently come under scrutiny, as stakeholders begin to realize the sensitivity of data flowing through their processes and organizations. Keep reading for a breakdown of Gram-Leach-Bliley Act (GLBA) compliance, along with a checklist of the top 10 cybersecurity best practices as reported by the Financial Industry Regulatory Authority, Inc. (FINRA). Financial Privacy and Safeguards The Gram-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, requires financial institutions to explain how they share and protect their customers’ private information. Additionally, these rules apply to entities outside of the financial services industry that process or receive such information, which can range from real estate companies to tax preparers and more. Below are the two key components to the GLBA, with the second holding specific implications for data security: Financial Privacy Rule – In order to be compliant, organizations must communicate how they share sensitive data, inform customers of their right to opt out of information-sharing agreements, and explain how they protect customer data. Safeguards Rule – Regulating the confidentiality of customer information is separated into three main initiatives: employee security awareness training, information systems, and system failure. Although there are many steps and requirements, we’ve got you covered. With BullPhish ID™, you can check security awareness training off the list and move one step closer to compliance. The ROI of Compliance At this point, you may be wondering why you have to be compliant. The threat of non-compliance penalties may seem enough, amounting to $100,000 per violation, but it barely scratches the surface. Individuals can face additional charges that include prison time, and although the risk of reputational damage is not easily quantifiable, it is often even more crippling. In a world where customer loyalty and trust are king, unauthorized sharing or leaks in customer data can result in brand erosion and revenue loss. Practice Makes Perfect As your go-to solutions provider, we’re not here to spell out doom-and-gloom, but instead to help solve your problems. Click the link below to download the Small Firm Cybersecurity Checklist by FINRA: https://www.finra.org/compliance-tools/cybersecurity-checklist. Ready to take the first step to being GLBA compliant? Learn how BullPhish ID can help you easily manage the recommended security awareness training:

Read More
September 05, 2019

HIPAA 101

Maintaining compliance in today’s ever-changing environment is no easy task, particularly within the healthcare space. In the past, hackers opportunistically targeted providers due to poor security networks and infrastructure. Over time, however, cybercriminals have realized the true value of personally identifiable information (PII) and protected health information (PHI), which can be leveraged for identity theft, financial fraud, and other lucrative attack types. Exposed patient data is quickly becoming a sought-after commodity on underground marketplaces such as the Dark Web, forcing companies and MSPs to take notice. Follow the ID Agent team as we provide a snapshot of the Health Insurance Portability and Accountability Act (HIPAA) today and discuss its implications for your business. History of HIPAA Established in 1996, the Health Insurance Portability and Accountability Act was introduced by the Department of Health and Human Services (HHS) to set standards for data security and privacy in the healthcare sector. The legislation was passed with good intentions but designed for a world that still operated using paper records. As technology drastically shifted market dynamics, some of the provisions quickly grew outdated, Nevertheless, the Security Rule has passed the test of time in many ways, providing administrative, physical, and technical safeguards for protecting individuals’ electronic personal health information. Cybersecurity Guidelines In December of 2018, HHS issued new cybersecurity guidelines in an effort to drive voluntary adoption of best practices. Such guidance could signal impending legislation to come in the near future, so our experts curated some key takeaway: 1) Risk Analysis Organizations must assess all potential risks and vulnerabilities affecting the confidentiality, integrity, and availability of PHI across their ecosystem. This is easier said than done. Many companies underestimate how far PHI travels inside or outside their networks, which have led to costly HIPAA violations in the past. Determining the need for business associate agreements is a key element of a risk analysis, since they govern how entities handle PHI. 2) Social Engineering As evidenced by recent events, healthcare organizations are often subject to phishing and ransomware attacks. Even though employee training and simulated phishing attacks have been recognized as the best defense to mitigating social engineering hacks, they are rarely facilitated (see graph below). Thankfully, BullPhish ID™ offers robust security awareness training campaigns to educate employees and demonstrate the cybersecurity posture of your organization. Employee training – 2019 Security Metrics Guide to HIPAA Semi-Annually Yearly Never train Don’t know how often they train 8% 60% 10% 13% 3) Insider Threats Whether it’s born out of innocent curiosity or malicious intention, employee snooping is a serious vulnerability to PHI. Even worse, it can not only result in HIPAA violations, but also be identified as criminal activity by state attorney generals. As public vigilance of security and privacy continues to increase, being featured in headlines as the victim of an insider attack poses serious consequences for brand equity and customer loyalty. 4) Enterprise Risk Management Iliana L. Peters, Former Acting Deputy Director for HIPAA at HHS, recommends that organizations partner with solution providers that can perform comprehensive risk management and offer expert counsel. Given that the majority of Office for Civil Rights settlements are related to risk management, organizations have a financial incentive to enlist in IT security best practices and training. Solutions Although ongoing HIPAA compliance may seem like an arduous undertaking, it can greatly benefit your organization from a strategic perspective. Far too often, it’s the simple, easy-to-patch vulnerabilities that slip through the cracks and lead to expensive violations or breaches. Even those with advanced defenses can be inadvertently compromised by bad passwords or employee phishing. However, we’re not here to spell out doom-and-gloom. Find out how our experts and solutions can help you: Proactively monitor the Dark Web for compromised employee or patient data Transform your employees into the best defense against cybercrime with simulated phishing attacks and security training Consider implementing Compliance Process Automation Also, download our guide below to see how HIPAA compliance varies by state and region.

Read More
August 29, 2019

Thank You from our CEO: ID Agent Crosses 2,000 MSP Partner Mark and Continues to Expand Globally

A couple weeks ago, I received an email from Matt Solomon, our VP of Business Development, that caused me to stop what I was doing and take a moment to reflect… with a big smile on my face. The email was addressed to ID Agent’s Management Team and simply stated, “As of today, we’ve officially crossed the 2,000-Partner mark!” For some vendors in the channel, this number is comparatively small, but we reached that number in just over two years, as a self-funded startup in a new industry. I think that is pretty amazing! To say I am proud and grateful would be an understatement. We’ve been welcomed into the channel by MSP Partners who value protecting their small and midsized customers’ credentials as much as we do. We’ve used Dark Web ID™ to keep their customers’ data off the Dark Web, and we are so appreciative that each one has trusted our solution. We’re dedicated to helping MSPs grow their businesses and Dark Web ID is a crucial part of that process. As of today, our platform monitors roughly tens of thousands of domains and has reported nearly 10 million compromised records on behalf of our partners! Part of our mission is to extend that protection and revenue-building service we provide beyond North America. We currently have active Partners offering Dark Web monitoring in 22 countries, and we continue to expand that footprint, We’re invested in our Partners’ businesses, and we strive to do all we can to help them succeed. This past year we looked at other ways we can help MSPs to protect their customers, and the logical next step for us was to develop a Security Awareness Training and Anti-Phishing platform. With lots of input from our Partners, we launched BullPhish ID™ and have received excellent reviews from our Partners. With a wide range of phishing templates and training topics, MSPs can help develop employees into the front line of a company’s defense. Speaking of developing new products, we were beyond excited to announce earlier this year that we joined Kaseya. The vision Kaseya has shown in developing their IT Complete platform made them the perfect partner to help us get to the next level. With the backing of the leading provider of IT infrastructure management solutions, we are able to drive bigger and better improvements to our existing products and continue to innovate new security offerings to complement them. The feedback from our MSP Partner community speaks for itself. Every day, I receive emails and messages on LinkedIn raving about our Customer Success team and how they have in some cases literally saved a business, our world-class marketing materials that enable demand generation for MSPs who don’t have a marketing staff, and the educational presentations provided by our Business Development team that expand the value we bring far beyond the products themselves. Those emails make every early morning and late night at work, along with countless hours traveling the globe, totally worth it for me and the ID Agent Team. By the way, our team has grown to more than 50 full-time employees, and we are adding more every week! As we continue to grow, we thank each of you for your loyalty, your insight, and your friendship. Sincerely, ID Agent Awards to Date 1. ASCII 2018: Best Revenue Generator, Charlotte 2. ASCII 2018: Best Revenue Generator, Ann Arbor 3. ASCII 2018: Best Revenue Generator, Toronto 4. ASCII 2018: Best Revenue Generator, Seattle 5. ASCII 2018: Best Partner Involvement, Seattle 6. ASCII 2019: Best Educational Presentation, Orange County 7. ASCII 2019: Best Partner Involvement, Orange County 8. ASCII 2019: Best Partner Involvement, Dallas 9. ASCII 2019: Best Educational Presentation, Bethesda 10. ASCII 2019: Best Partner Involvement, Bethesda 11. ASCII 2019: Best Educational Presentation, Charlotte 12. ASCII 2019: Best Revenue Generator, Denver 13. ASCII 2019: Best Revenue Generator, Toronto 14. ChannelPro SMB Forum 2017: Best New Solution, Newark 15. ChannelPro SMB All-Star Vendor 2018 16. CRN Emerging Vendors 2017 17. CRN NexGen 2017: Best Technology Solution 18. CRN NexGen 2017: Best Tech Talk 19. CRN Emerging Vendors 2018 20. CRN Women in the Channel 2018 21. CRN Xchange 2018: Best Boardroom Execution, Orlando 22. CRN Xchange 2018: Best Xchange Newcomer, Orlando 23. CRN Xchange 2018: Best Boardroom Execution, San Antonio 24. CRN NexGen 2018: Best Technology Solution 25. CRN NexGen 2018: Best Tech Talk 26. CRN NexGen 2018: Best Boardroom Execution 27. CRN Channel Chiefs 2019 28. CRN 100 People You Should Know 2019 29. CRN Security 100 2019 30. CRN Xchange 2019: Best Boardroom Execution, Las Vegas 31. DattoCon 2018: Most Innovative Product 32. DattoCon Barcelona 2018: Best in Show 33. E-Channel News: Best New Solution 2018 34. IOTSSA 2019: Best Security Presentation, Salt Lake City 35. IOTSSA 2019: Best Security Solution, Columbus 36. SMB TechFest: Best Product Q2 2019

Read More
August 15, 2019

The link between GDPR and the Dark Web

Over a year after its widely anticipated debut on May 25th, 2018, the General Data Protection Regulation (GDPR) is still a point of confusion for many SMBs. Although our European partners have been keeping a pulse on developments for quite some time, privacy regulations are quickly pervading into the global security landscape across the US, Canada, Australia, and New Zealand with cascading consequences and implications. In order to prepare MSPs and business owners for upcoming change, the ID Agent Team will unravel how the Dark Web and GDPR are inextricably connected. But first, let’s refresh on the basics: A GDPR Crash Course Designed to protect the data security and privacy of EU citizens, the GDPR was introduced as a replacement to the Data Protection Directive of 1995. As an overview, the regulations empower consumers with greater ownership over their personal information; highlights including the “right to be forgotten”, a fortified consent process, and more stringent breach notification protocol requirements. Aside from expanding the definition of “data processing” to include collection, retention, deletion, breaches, and disclosures of personal data, the penalties associated with infractions are no laughing matter. Since its implementation, multinational corporations have seen fines amounting to $23M. Or even worse, 4% of global revenue. Dark Web + GDPR So where does the Dark Web fit into this? Just this past week, we covered a recent report by the Federation of Small Businesses (FSB) proclaiming that UK-based SMBs were suffering nearly 10,000 cyber attacks per day. Although the majority of these are serious security breaches, some are slipping through the cracks as “leaks” that go unnoticed. These manifest themselves as vulnerabilities caused by password recycling, lost devices, accidental website updates/ emails, and even rogue employee behavior. Unlike more overt incidents, data compromises are much more difficult to detect, especially for small businesses with minimal security measures in place. Therefore, sensitive information collected from such leaks ultimately finds a home on the Dark Web, without anyone being the wiser. As we know, cybercriminals will exchange valuable credentials for cryptocurrency, and then leverage leaked information to orchestrate crippling fraud tactics. In the past, companies were able to sidestep any ties back to them due to loose privacy regulations and limited feedback loops. However, those days are soon coming to an end. The GDPR mandates that companies of all shapes and sizes must disclose consumer data breaches, and will also be held liable for such accidental leaks. For example, the Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) of the UK has published specific guidance for risk management, data protection, detection, and minimization of impact. The Solution The global standards for data protection may be rising, but so have the solution sets for SMBs. By partnering up with MSPs who have enlisted in proactive Dark Web monitoring solutions (like Dark Web ID!), you can future-proof your company from facing GDPR fines or dealing with business process interruptions. Case dismissed. Need more proof? See what Ryan Markel, President of Take Ctrl, LLC, has to say about working with our team: “My clients are so grateful that they are not aware when their passwords are compromised that they are telling their colleagues at other companies they have to work with us”. Sources: https://www.parkersoftware.com/blog/gdpr-dark-web https://www.law.com/legaltechnews/2019/01/23/could-the-gdpr-right-to-access-make-personal-data-more-vulnerable/?slreturn=20190712111548 https://cybersecuritysummit.co.uk/wp-content/uploads/sites/29/2017/10/White-Paper-GDPR-Data-Breaches-the-Dark-Web-June-2017.pdf https://www.swknetworkservices.com/dark-web-breaches-compliance-gdpr/ https://gdpr.report/news/2017/07/03/growing-threat-dark-web/ http://www.securityeurope.info/the-eus-gdpr-and-crime-throwing-some-light-on-the-dark-net/ https://mashable.com/article/how-gdpr-changed-internet-2018/ https://lmgsecurity.com/should-your-data-breach-response-plan-include-dark-web-scanning/ https://cyansolutions.co.uk/monitor-dark-web-stop-security-breaches-fast/ Cybersecurity and GDPR: https://www.ncsc.gov.uk/information/GDPR UK’s Cyber Essentials certification: https://www.cyberessentials.ncsc.gov.uk/advice/

Read More
August 13, 2019

Just Announced: ID Agent To Deliver Cyber Security Certification at GlueX

ID Agent will be offering a Pre-Day MSP Security Certification at GlueX! Taught by our very own Senior Threat Analyst, Duncan Miller, those in attendance will learn the fundamentals for offering an effective core security program.

Read More
August 01, 2019

Thank You New Zealand and Australia!

As I reflect on the last 2 weeks I spent traveling through New Zealand and Australia for a series of MSP roadshows, one word comes to mind. Grateful. ID Agent has been in the channel since May 2017 and we’ve grown from a handful of early adopters to over 2000 active MSP Partners today. We first ventured Down Under last summer. Matt Solomon, our VP of Business Development, brought ID Agent to ANZ and had tons of success growing that market quickly. Since then, our Kiwi and Aussie Partners have really hit the ground running selling Dark Web ID and have become huge advocates and friends of the Team. Our roles in Channel Development are often exhausting, hectic and stressful, but getting to fly across the world and bring this product to a new batch of MSPs makes all the flight delays, early mornings and late nights, and the inevitable jet lag totally worth it! Dark Web ID is a best-in- class solution that provides our Partners the ability to educate and inform their clients when employee credentials have been exposed. This actionable data allows our Partners to become trusted advisors who provide valuable insight into employee behavior, In each of these 5 roadshows with our friends at Datto, I was able to speak to the success stories our Partners share every day and provide educational content they can turn around and present to their prospects. Having the right approach and not just using the data to scare people into buying something is key and we share the “tried and true” messages that have proven to work. In Sydney, Robert Brown even got up on stage with me and shared his own success stories. When I thanked him profusely for the kind words and recommendation, his response was simply, “I just spoke about my experiences. It’s a good product which makes it easy.” This mindset is prevalent throughout New Zealand and Australia, and it really was amazing to see how welcoming, thoughtful and energetic our current (and soon to be) Partners are on that side of the world. Our small but mighty business development team is on the road every week in various cities presenting and meeting with prospects and current Partners. We love what we do – and love getting to meet our Partners on the road. Whether it’s laughing over a cocktail (pr a kangaroo dinner), strategizing how to use Dark Web data to drive new revenue or just exploring a new city, the MSP community has been nothing short of amazing. Once this jet lag subsides, I can’t wait to hop back on a plane and head to the next city! Check out our events page to see when we’re heading your way!

Read More
July 31, 2019

Capital One Suffers Massive Data Breach

There was a time when bank robbers resembled the stereotype of a bandit or a pirate. In reality, modern bank robberies are much less like an Ocean’s Eleven movie and more of a person sitting behind their desk eating yogurt and probing networks for vulnerabilities. While we can’t verify the type of food that was eaten during the recent Capital One Financial Corporation breach, we do know what was taken and how. Paige Thompson, AKA “erratic,” a former software engineer, stole more than 100 million Americans’ information and another 6 million Canadians’ sensitive information in the breach. Capital One was made aware of a configuration vulnerability on July 17th when an ethical hacker discovered the data on Github and reported it to the bank. While investigating and fixing the vulnerability, the bank revealed that a third party had gained access to their system in March of this year. Capital One immediately fixed the vulnerability and contacted the FBI to conduct a criminal investigation. The list of information stolen is not pretty and is quite long. Compromised data includes: Names, dates of birth, phone numbers, email addresses, home addresses, zip codes/postal codes, self-reported income, credit card application data, credit scores, credit limits, balances, payment history, transaction data, US Social Security Numbers, bank account numbers, and Canadian Social Insurance Numbers, It should be noted that Capital One responded immediately to this breach and has since strengthened its cybersecurity defenses, but one cannot help but wonder how that much sensitive data was exposed on a popular public website from March to July without the bank realizing it was missing. Not only that, but what if the hacker decided to sell the information in a more secure location such as the Dark Web. Fortunately, the main suspect behind this digital bank heist was apprehended quickly. Today’s robberies may use less dynamite and guns, but the catastrophic effects are typically long-lasting and far-reaching. Now more than ever, individuals and businesses need to take responsibility for proactively protecting their digital credentials and assets. ID Agent provides monitoring and alerting for businesses when their employees’ credentials have become exposed on the Dark Web by offering Dark Web ID™ through the MSP channel. We also offer personal identity monitoring through our MSP Partners so that individuals can have peace of mind that they are covered when data breach occurs. SpotLight ID™ can be purchased directly from MSPs by individuals, or by business owners as a tax-free employee benefit. Contact sales@idagent.com to learn more.

Read More
June 27, 2019

How to Spot a Phishing Attempt

Phishing is one of the most common, yet dangerous methods of cybercrime. Despite cybersecurity experts’ warnings over the years, it seems that internet users still consistently fall prey to these simple but effective attacks.

Read More

Please fill in the form below to subscribe to our blog