News Recap: FCC Wants Communication Companies to Take Security More Seriously

By | June 13th, 2014|Uncategorized|

FCC postFCC Chairman Tom Wheeler recently addressed the agency’s cyber security plans. IDG News’ Grant Gross reports that Wheeler stated the “FCC will take steps to encourage cyber security in the coming months, acting first as a promoter of company-led initiatives instead of a regulator… But if that doesn’t lead to improvements, the agency is prepared to act.”

TechCrunch’s Alex Wilhelm reports that the purpose of this new effort is to “identify what constitutes risk, create tooling to combat the highlighted risk, deploy the tools, and then keep an eye on their performance.” The cyber security efforts will begin in the coming weeks, when the agency will audit network operators to see whether they have implemented 2011 cyber security recommendations, Gross reports.

“We cannot continue on a path that lets individual networks put other networks, American businesses and consumers at risk. We need to develop market accountability that doesn’t currently exist,” Wheeler said. “Cisco forecasts that by 2020, over 50 billion inanimate devices will be interconnected. Expressed another way, that’s 50 billion new attack vectors.”

Do you think the FCC will have to step in with more regulations to better control cyber security efforts? How will communication companies respond to the FCC’s new cyber security plan? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

cyberSAFE Webinar Series Recap: SMB Security for Every Phase of Growth

By | June 10th, 2014|Uncategorized|

CS_Infographic_SMB2014_FINALweb3Small businesses are in a tough position when it comes to cyber security. They face a growing number of threats and attention by cyber criminals and don’t have the time or resources that larger enterprises have to devote to cyber security. As instances of data theft, malware and other risks grow, it is going to become increasingly important for small businesses to be aware of the threats they face and learn how to address them effectively and with limited resources.

This is the topic that Byron Acohido, The Last Watchdog and The Securitist, Aaron Hanson, Symantec and CSID’s own Bryan Hjelm tackled in our most recent installment of our cybeSAFE webinar series.

Panelists took an in-depth look at the different threats SMBs face in different phases of growth and provided solutions for how best to tackle them. You can watch a recording of the webinar when available below. The group also summarized findings from CSID’s most recent SMB survey.

This year’s SMB survey found that there is a disconnect between awareness and action when it comes to SMB security. In the survey 63 percent of small businesses reported that they are worried about undetected malware, 38 percent are worried about phishing attacks and 41 percent are concerned about breaches causes by human error. Despite these worries, 31 percent of responding businesses are still not doing anything to protect against these threats.

To bridge this gap, SMBs need to focus on the security basics:

  • Awareness – Know and understand the threats that can impact your business.
  • Education – Educate employees on the importance of workplace security and choose vendors with superior security reputations. The more well-educated your workforce is on the importance of security, the more likely they will be to employ better online habits at work and in their personal lives.
  • Monitoring – Take advantage of software solutions that can help monitor the security of your business. Anti-virus solutions can help protect against malicious malware and VPNs can help secure business data when conducting business outside of the company network.
  • Damage Control – Have a breach preparedness plan. While a plan may not reduce the cost of repairing a data breach, it certainly helps keep your customer relationships intact and reduces business reputation damage.

If you have any questions about SMB security, we encourage you to check out the resources linked to on this page and our corresponding infographic. You can also reach out to us via Twitter and Facebook. Find out more about CSID’s cyberSAFE webinar series and watch previous recordings.


News Recap: Online Activity Declines Following Data Breaches

By | June 9th, 2014|Uncategorized|

blog_060514It’s no surprise that small businesses would be impacted by recent retailer data breaches, including Target and eBay. A recent USA Today survey shows just how these breaches have affected online spending and account monitoring of individuals.

Elizabeth Weise and Jessica Guynn of USA Today, shared the results of the USA Today survey that found nearly a quarter of Americans have altered their online purchasing habits due to security concerns brought on by recent data breaches in major retailers.

“A full 24% of those surveyed said they had stopped buying anything online in recent weeks because they were concerned about the safety of information they might put online,” Weise and Guynn state, “Most surprisingly, 56% said they had cut back on the number of Internet sites they used and were only going to large, well-known companies they were confident were safe.”

Helen Leggatt of BizReport also shared findings from the USA Today survey that examines how individuals’ online behavior has changed to protect information that is already online. Leggatt writes, “The survey found that those with lower education and incomes were among those most likely to cease making online purchases while those with higher levels of education and income were more likely to continue shopping but take more precautions.” Leggatt points out that the USA Today’s survey results are similar to those of a Harris Interactive survey conducted earlier this year,” that prove consumers are more cautious when shopping online.

How do data breaches – even breaches that are not directly connected to your business – impact your business’ reputation and security? What measures are you taking to ensure you don’t encounter a breach of your own? How can your company reassure consumers that might be concerned about their online security? Let us know what you think on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Customer Alert: Heartbleed SSL Vulnerability

By | April 9th, 2014|Uncategorized|

heartbleedOn the morning of April 8, 2014, the OpenSSL community revealed a security vulnerability in recent versions of the OpenSSL software. Dubbed Heartbleed, the vulnerability poses a serious security concern because cyber criminals could exploit the vulnerability to expose site users’ Personally Identifiable Information (PII).

What does this mean, exactly?

OpenSSL is an open-source encryption technology used by a approximately 75% of web servers. This technology safeguards site visitors who are sharing PII and financial information to make a transaction. Sites that employ OpenSSL are typically indicated with a lock icon and live at an HTTPS address. In other words, an OpenSLL site may be at the core of your business, and you probably use sites that incorporate this technology daily.

How do I mitigate risk?

The only way for businesses to avoid Heartbleed is to upgrade their site with the latest, patched version of the OpenSSL software, which addresses the vulnerability.

CSID customers should be assured that CSID has done this to its servers, and strongly recommends that they take the same action and immediately renew their SSL Certificates used with CSID services. As an additional security precaution and due to the breadth of this vulnerability, CSID joins other security professionals in recommending that businesses patch any instances of OpenSSL in their environments, and renew any SSL certificates immediately.

Further details surrounding the Heartbleed vulnerability and its disclosure can be found here.

Security Insights: 93% of large organizations had a security breach last year

By | January 13th, 2014|Uncategorized|

Security-BreachIn an article from Naked Security by Lee Munson: A new survey commissioned by the UK Government’s Department for Business Innovation and Skills (BIS) has revealed the scare of cyber attacks on UK companies. The 2013 Information Security Breaches Survey, which collected data from 1,402 respondents, presented results for large organizations (in excess of 250 employees) and small firms (less than 50 members of staff).

One of the key findings of the report was the level of attacks sustained by businesses – with breaches reaching record levels. The survey discovered that 93% of large organizations experienced a security breach last year, a figure that is broadly in line with 2012 reports. Smaller businesses, however, saw a marked increase in the number of attacks levied against them. Some 87% of smaller firms reported experiencing a data breach last year, which is up significantly from 76% the previous year.

Average of 113 security breaches:

The number of security breaches within each of the affected companies also showed a sharp increase too. Larger companies experienced an average of 113 breaches and smaller firms reported 17 such incidents, an increase across the board of almost 50% in one year.

The survey determined that the attacks faced by businesses over the last year came from both outside and inside the organization.

A whopping 78% of large organizations reported attacks from outsiders over the last year with 39% of those incidents being denial of service attacks. Smaller companies fared slightly better in both regards with 63% reporting outside attacks. The number of smaller firms that experienced a DoS attack was 23%.

The survey respondents did not just experience random attacks though – 14% of larger businesses reported the theft of confidential data or intellectual property by external attackers, while 9% of smaller firms experienced such losses too.

36% of the worst breaches down to human error:

Insider threats also pose a risk to organizations through. The survey found that technology, people and processes were to blame in several cases. Of the worst security breaches during the year, 36% were attributed to human error. Alarmingly, an additional 10% of the reported security breaches were pinned on staff and their misuse of systems.

On a more positive note the survey discovered that attitudes towards information security are generally good and continually improving too.

The survey found that 76% of larger organizations believe that senior management places a high level of priority on information security. Interestingly, smaller firms were better, with 83% placing a strong emphasis on security.

Another contributory factor with regards to internal breaches could be a lack of staff training. Survey respondents indicated that many large organizations only prioritized training after a breach. At the time of the induction 10% of new staff were given no security training whatsoever and 42% of large firms failed to employ any kind of ongoing training in terms of security awareness.

Larger organizations expect to spend more next year in customer data protection and compliance, but just how much a business spends on security seems highly depended on the outlook of senior members of the management team.

The survey ends by saying that the majority of firms believe that the number of security breaches newt year is likely to be higher. As per this year, attacks are expected in every industry though the public sector and financial services showed more concern than other sectors.

Source: Naked Security

How to protect yourself from a breach:

As an employee, you have a crucial role in the security of your company whether you realize it or not. A company cannot be secure without the help of every single employee. Below are some tips that you can follow in order to help your company avoid a security breach:

  • Stay informed
  • If you do not understand or are not sure, ask
  • Follow your companies password policies
    • Do not reuse passwords
    • Do not write down passwords
    • Do not share passwords under any circumstance
    • Create strong passwords consisting of the following:
    • NEVER use passwords less than 8 characters
    • Reset your password as prompted every 90 days
  • Ensure proper validation of one’s identity is obtained before releasing ANY data
  • Follow your companies Clean Desk Policy
  • Only browse websites to fulfill your job duties
  • If something seems “shady” it probably is
  • Do not submit confidential data on insecure HTTP websites
  • NEVER enter confidential data on a pop-up screen
  • Pay attention to your web browser warnings
  • Report suspicious activity to the Information Security Officer

– Kristin Badgett, CSID Information Security Officer

What steps are you taking to help your company avoid a data breach? Let us know on Twitter and Facebook, and be sure to check out our Tumblr for the latest industry news stories.

Load More Posts