Are you using Facebook because it is free?
How much are you paying to use Facebook each month? “Haha Mark, trick question,” you may say. "It's free. I am paying nothing.” I beg to differ.
You are paying with your personal information. Let me introduce Tanya, one of my fellow Michigan State University alums. I found her on Facebook. I sent a friend request and she accepted within 24 hours. We both told Facebook we graduated Michigan State University. On the UP side, sharing that information helped us connect. On the DOWN side, we shared information Facebook monetizes.
Highly targeted and branded MasterCard
We both checked Facebook one day and saw ads for a Michigan State University branded MasterCard. The advertisers created the MSU branding and then purchased (or ... Read More
2-factor Authentication helps protect your identity.
You should deploy 2-factor Authentication. This increases your security and reduces your chances of becoming an identity theft victim. Most services encourage 2-factor Authentication and let you deploy it at no additional cost.
Here's a quick question for you.
When attempting to access a website, the website can challenge you based on:
A) What you know (e.g. password).
B) Who you are (e.g. fingerprints).
C) What you have (e.g. phone).
D) All of the above.
Correct answer: D.
How it looks in real life.
Daisy runs a dental office in Folsom, CA. Keeping the practice up and running is her top priority. She runs most of her patient, insurance and vendor communications through her Gmail account. She deploys 2-factor Authentication with the steps at https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome. She keeps her smartphone nearby. ... Read More
Did you know your multifunction printer has its own backdoor WIFI?
Allen called me one day and said his printer was printing nonstop garbage. He wasn’t printing anything, but somebody was printing through WIFI. This print job was consuming his toner and paper. How did this happen?
I told Allen that in addition to joining your multi function printer to your office or home WIFI, you’ll find the printer broadcasts its own WIFI signal. You, or anybody close enough to the printer, can hop on that printer through that WIFI. A hacker could then cause mischief, including changing the printer’s IP addresses or printing large print jobs that consume paper and toner. I am showing you how to identify your printer’s WIFI, and how to secure it.
Assumptions
... Read More
Water utilities are popular targets
It wasn't the first time the Fort Collins-Loveland Water District and its wastewater counterpart had been hit by "ransomware," a type of malware that encrypts victims' computer files and demands online payment to unlock them.While operations weren't harmed, the infection prompted the water district to switch out its information technology service provider and call in the FBI. The case, first reported by the Coloradoan, remains under active investigation. FCLWD and the South Fort Collins Sanitation District treat and distribute water to 45,000 customers in northern Colorado.Colorado water officials aren't alone in their cybersecurity woes. The nation's nearly 70,000 water and wastewater utilities are struggling to keep their heads above a rising tide of online threats, based on interviews with security experts ... Read More
Cyber attacks are dirt cheap
Deloitte says the cost of committing a cyber attack is so surprisingly low that anyone can afford to be a bad guy. When you picture a cybercriminal organization today, you should be thinking about a group of individuals who run their operations like a business; concerned with profit and loss, looking for ways to execute as inexpensively as possible, while yielding the largest return. But what you don’t necessarily need to have in that vision is an organization with a large cash reserve.
According to Deloitte’s newest report, Black-market ecosystem: Estimating the cost of “Pwnership”, the cost of running a campaign is so low, it’s downright reasonable as a business model for even the smallest cybercriminal business.
Some cyber attack examples from the report ... Read More
Healthcare data under attack
As the healthcare industry continues to be an attractive target in cyberattacks, the latest data shows that cybercriminals are taking more patient health data than ever.
When the number of breaches doesn’t materially change from year to year, it’s a natural assumption that the impact of those breaches is equally similar.
According to new data in the 2019 Annual Breach Barometer Report from patient privacy monitoring vendor Protenus, the number of breaches rose from 477 breaches in 2017 to 503 in 2018, with the number of records nearly tripling year over year – from 5.6 million to a little under 15.1 million.
With breached records costing healthcare organizations an average of $408, the massive jump in the number of total records breaches incurs a significant cost.
Also according ... Read More
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities
Cyber thieves seeking sensitive data on high net-worth individuals will pay an average of $360,000 per year to target executives, lawyers, doctors, and other prominent figures, researchers discovered. The money comes through extortion
The Digital Shadows Photon Research Team today published "A Tale of Epic Extortions," a deep dive into the ways cybercriminals prey on individuals' online exposure. Extortionists take advantage of compromised credentials, sensitive data (documents, intellectual property), and technical vulnerabilities on Internet-facing applications to convince their victims to pay up.
Extortion has a human element
"The extortion landscape is broader and more diverse than any of us thought before we started," says Rafael Amado, senior strategy and research analyst with Digital Shadows.
Oftentimes, he continues, the technical ... Read More
European-level GPDR becomes California law in CCPA
Governor Brown signed into law California Assembly Bill 375, the California Consumer Privacy Act of 2018 (CCPA) in June, 2018. The law is new in the United States. It applies European-level compliance obligations akin to the now infamous General Data Protection Regulation (GDPR). The CCPA law takes effect on January 1, 2020.
What CCPA means for organizations doing business in California
CCPA includes new disclosure requirements, consumer rights, training obligations, and potential penalties for noncompliance, among other things.
Below are some of the key provisions:
Right to Transparency – Similar to the GDPR, the law creates a right to transparency regarding personal information. The law defines personal information very broadly, also like the EU definition, to include information that identifies, relates to, describes, is capable of being associated with, or could ... Read More
You can’t have privacy without security
California clearly agrees and may test the applicability of Larry Page's advice with new legislation signed by California Governor Brown in September, 2018.
Internet of Things legislation takes effect 1/1/2020
With the ink barely dry on the infamous California Consumer Privacy Act (the CCPA)—a first-of-its-kind data privacy bill in the United States—Brown signed a new Internet of Things cybersecurity bill into law, SB 327. Perhaps not so coincidentally, both laws will take effect on January 1, 2020, marking a substantial compliance deadline for technology companies big and small.
SB 327 will require that a manufacturer of a “connected device” equip the device with a defined minimum amount of security. “Connected device” is defined quite broadly and as written encompasses “any device, or other physical ... Read More
Oath fined $4.95 Million for violating Children’s Online Privacy Protection Act (“COPPA”)
In December, 2018, the New York State Attorney General announced a $4.95 million settlement with Oath Inc., the result of an investigation into Oath's violations of the Children’s Online Privacy Protection Act (“COPPA”).
The NYAG found that Oath’s ad exchanges transferred persistent identifiers and geolocation from website users to DSP bidders in its automated auction process. While that may be fine for websites directed to grown-up audiences, COPPA includes persistent identifiers and geolocation in its definition of “personal information.” And under the law, companies must obtain verifiable parental consent before collecting or using children’s personal information.
But instead of seeking verifiable parental consent, Oath treated all websites (and therefore all user information) the same, despite knowledge that some ... Read More
- Previous
- 1
- 2