5 May

Report: 30 Percent of Consumers Wouldn’t do Business After Security Breach

Posted

A new report indicates roughly 30 percent of consumers would abandon a business or organization after a security breach.

The report focuses on the financial, healthcare and retail industries, reflecting concern across the board.  Data was compiled through surveys conducted in October 2013 by Javelin Strategy and Research.

Respondents to the survey indicated they would be most distrustful of the retail industry after a security breach, with 33 percent saying they would not likely do business with the entity again.

Thirty percent of respondents indicated they would not return to a healthcare provider after a security breach, and 24 percent said they would no longer trust a financial institution.

“Today, regardless of whether they occur in the financial, healthcare, or retail industries, data breaches have an undeniable impact on a business’s image, and in turn, both the revenue and expense side of its bottom line,” the report’s conclusion states.

 

For information on how to assess possible IT security threats to your business or organization, contact the Citon IT security team:





Your Name (required)

Your Email (required)

Your Message

 

1 May

IT Security Breaches Reach Nearly 200 Million in 3 Months

Posted

The latest SafeNet Breach Level Index indicates nearly 200 million records were stolen from January through March of this year, representing a more than 230 percent increase in IT security breaches over this time last year.

black security_vector_icon_368

.

The latest round of reports shows 58 percent of IT Security attacks came from malicious outsiders – malicious insiders accounted for nearly 13 percent of attacks.

Top industries for IT security compromises included financial, technology, retail, government and healthcare sectors.

“Not all breaches are created equal. Breaches are no longer a binary proposition where an organization either has or hasn’t been breached,” the SafeNet website states. “Instead, they are wildly variable – having varying degrees of fallout – from breaches compromising global networks of highly sensitive data to others having little to no impact whatsoever.”

The Breach Level Index is measured by publicly disclosed breaches and individual organization risk assessments.

For information on how to assess possible IT security threats to your business or organization, contact the Citon IT security team:





Your Name (required)

Your Email (required)

Your Message

28 April

Internet Explorer Bug Leaves Browser Users Open to Attacks

Posted

 

xpocalypse-now-nologo

Security Firm FireEye announced this weekend the discovery of a “zero day” vulnerability in most versions of Internet Explorer.

The vulnerability allows a malicious website or advertisement to use Adobe Flash with Internet Explorer to run code on users’ machines. Hackers are able to lure users to click on a link directed at an attack website, which then gives hackers control over the user’s PC, according to a Microsoft security advisory.

“An attacker who successfully exploited this vulnerability could gain the same user rights as the current user,” the Microsoft security advisory states. “Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

This is the first major bug in Windows XP that will not be patched by Microsoft.

This is the start of the “XPocalypse.” Those still running XP are urged to stop using Internet Explorer. Installing Chrome or Firefox won’t keep users safe forever, but it will buy time.

For supported versions of Windows, Microsoft should have a patch out no later than May 12. In the meantime, you can protect yourself by:

  • Using an alternate web browser like Chrome of Firefox. Internet Explorer may be needed for some internal applications that only support Internet Explorer.
  • Disabling Adobe Flash in Internet Explorer.
  • Installing the Enhanced Mitigation Toolkit, version 4.1, from Microsoft: https://support.microsoft.com/kb/2458544

 

Have a question? Contact us!





Your Name (required)

Your Email (required)

Your Message

23 April

Protecting Your Digital Assets

Posted

 

The numbers don’t lie. Businesses are under attack as criminals work to compromise systems and steal intellectual property. Here’s a short video that will help you understand the current threat landscape and assist you in your decision to protect your digital assets.





Your Name (required)

Your Email (required)

Your Message

22 April

A Frank Discussion About Password Security

Posted

beat-a-dead-horseYou, dear reader, are a responsible password user with perfect password hygiene:

  • You always use a password with a mix of letters, numbers and special characters.  You never use a pet’s name, an anniversary date or “password123.”
  • You never write your password down and leave the note in an unsecured location.
  • You never use the same password twice. You would never use the same password for a banking site as an online newsletter.
  • You strictly follow all password policies handed down by your business, organization and other entities.
  • You never enter your password into anything but a trusted login window that you are certain has not been hijacked by a guy named “l33t PETE.”

Congratulate yourself on your mastery and discipline in the area of password security! If you do not adhere to the list above, we have some work to do. Each point above has thousands of cautionary tales. Did you know…

  • Passwords used online since early March have the potential to have been stolen by a HeartBleed attack.
  • Password guessing (brute force) attacks steal millions of accounts on the Internet every year.
  • Insider threats from coworkers and untrustworthy janitorial services can turn that password on the post-it under your keyboard into a disaster.
  • Once a big site like LivingSocial gets infiltrated and has passwords stolen, the hackers turn around and try those same passwords on banking sites, shopping sites, etc.

Your internal dialogue is probably saying, “What’s the big deal with password security? No one wants access to my Facebook page or work email anyway.” Instead of trying to shame you into protecting against a threat that is hard to predict, here are three useful tips that will make you more secure and make passwords a little less awful:

Use a pass phrase and not a password. Instead of  “d0gFLEA$,” use, “My dog ROGER has no fleas!” There is no doubt which one is easier to remember, but which one is more secure? According to the Brute Force Password “Search Space” Calculator, the “dogFLEA$” password could be discovered within 18.62 hours through an online dictionary attack. “My dog ROGER has no fleas!,” on the other hand, would take 47 hundred trillion trillion centuries to discover through an offline dictionary attack. (Note: There are dictionary attacks that would be faster.)

Use a secure password manager. Instead of writing passwords down or storing them in an unprotected file, use one of the many secure password tools like KeePass. As long as the app uses encryption to save the password and makes you enter a password to unlock, it is much better than a post-it.

Separate passwords by the importance of what they protect. Your bank account should have a unique password, as should your corporate email account. If you are going to be lax, be lax with the things that are not important. Perhaps the password for your free newsletter account and the warranty site for your toaster can be the same.

Passwords are an annoying fact of life.  There are better ways to prove to computers you are who you say you are, but that is for another article.

Paul Hirsch is a Senior Network Engineer for Citon Computer Corp. If you have a question for Paul, use the form below. 





Your Name (required)

Your Email (required)

Your Message