What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

Vulnerability Scanned Websites

vulnerabilityTo me, shopping on the Internet is the best thing to have ever happened to mankind since the invention of the internet itself.

According to a recent study, 51% of Americans prefer to shop online than in stores and 96% of American adults, at some point in their lives, have made an online purchase.

Impressive numbers don’t you think? That is why e-commerce is estimated to be growing at a rate of 23% every year.

The problem of website vulnerability has been a major concern for e-commerce websites.

Hackers are more and more prevalent – as seen this week in the huge Equifax data breach that saw the identity theft of 143 million people in the US, Canada and United Kingdom.

Vulnerability scanning involves the use of computer programs designed to assess computers, websites, networks or applications for weaknesses that can be exploited by hackers and identity thieves. These scans are used to discover the weak points or loopholes in website designs. Currently, Trust Guard scans for more than 75,575 of these security holes.  Unsafe websites is a very big problem for e-commerce owners because they require their customers to submit sensitive information to make their purchases. Imagine how useful this information would be in the hands of  identity thieves. From credit card information to mailing addresses, phone numbers, account details and photographs, it’s like giving these thieves the key to your home, bank account and your office.

Your customers worry about the safety of their personal information when they visit your website.

They worry about the vulnerability of your website. Ask yourself this, why should I save my money in a bank that has a massive hole on the side of its vault through which anyone can have free access? Your customers need to feel as safe using your website as they do at their bank. Look at things from the perspective of your customers. Why would they give their personal information to a website that isn’t safe?

As an online shopper, you should only shop on websites that have been thoroughly scanned for vulnerabilities by a reputable website protection company. Website protection companies like Trust Guard are able to completely uncover a website’s vulnerabilities and instruct the website owner how to fix them. How can you identify e-commerce websites that are free from vulnerabilities? Quite simple. You can check websites for security trust seals. Security scanned trust seals are an indication that the website you’re shopping on is safe.

We know that everything on the internet is hackable. However, it will take expertise and focus for hackers to attack a vulnerability-free website.


 

Identity TheftThis article was written by Emmanuel Ozigi, a biochemist in the making from Nigeria. In my spare time, I’m a science, health, and fitness blogger. I also specialize in graphic design and photo editing. I also have this insatiable hunger for information and the desire to learn new things. Visit my blog at http://sciencehealth24.com.

 

What is Vulnerability Scanning?

There are different types of vulnerability scanning as well as different software for each. But what is it exactly?

A vulnerability scanner is a software or an application developed to scan computers, networks, and even websites for possible security threats. It is responsible for the analysis of how strong or weak a computer’s or a server’s defenses are. By scanning, the users and technicians will know, or at least have an overview of, what threats or issues they are dealing with in terms of the security of a network, website, computer, or server.

Vulnerability ScanningIf you are to choose the right vulnerability scanner, then you first need to know the main kinds to understand your options better. There are at least two main categories I’d like to talk about.

Network Vulnerability Scanners

These scanners are often installed into one machine and are configured to access and scan multiple computers and networks. These are programmed to detect vulnerabilities of the devices, alerting the user or an IT person if there are mis-configured settings or if the treat is coming from either a pre-installed application or a user-installed application. The network vulnerability scanner works on anything that has to do with firewalls, networks, web servers, and system administration. They deal with high-profile information but not individual files since they are not installed directly onto the host.

Hosted Vulnerability Scanners

These scanners are installed on the host (the computer or system being scanned). These types of scanners take care of the low-profile information such as passwords, operating systems of the computers they were installed in, suspicious files downloaded, and file system checks.

Despite having technology to do all the job for the security of your computer, network, servers, and everything in the cloud, it is also crucial that you understand their limitations.

Vulnerability scanners are coded software that, at some point in time, may fail to do what you expect them to do. They are programmed to take snapshots of your system’s security status at a given time. It is highly recommended that users regularly scan their devices to get the most updated (if not the exact) security status of the systems and files therein. Trust Guard currently scans for 75,575 security holes. 


JonnaArticle written by Jonna Lindawan

Jonna is a startup VA business owner who loves helping her clients grow their businesses through her skills in writing, customer service, research, data entry, transcription, social media management, and admin support. Visit her website here.

Your Dog’s Name is Not a Good Password

Buster and Champ are great names for dogs. But neither of them make a good online password – especially when those are the names of your dogs!

Password Trust GuardOne of the most annoying things you’ll come across on the web is when a website forces you to create a complicated password. You’ve had to do it before—with capitals, and numbers, and special characters. You end up with something like “Beth@ny12”, which looks more like a 12-year-old’s screen name than a password. The worst part? Those passwords aren’t secure. Here’s why.

Dictionary Attacks

Brute force is usually what people think of when hacking comes to mind. That’s when hackers guess every possible combination of every letter and character. It’s a technique that’s used, but only as a last resort. Hackers start, instead, with dictionary attacks. These involve taking a very large and comprehensive list of common passwords, characters, and substitutions, and then using them to guess your password. So, yes, they’re going to guess “password”, or even “p@ssw0rd1”.

The problem, here, is that people pick passwords out of habit. The computers have been forcing us to when they make us turn “Scruffy” into “$CruFfy89”. We use short, familiar words because it’s the only way we can remember those ridiculous passwords. But that only makes them easier to guess for the dictionary attacks. Online bullies know all of the words we pick, and all the substitutions we’re going to use. And heaven forbid we forget our password. Then we just reset it to a password we already use somewhere else…which is another cardinal password sin.

Better Passwords

So how do we protect ourselves? The best option is to add more letters, preferably in the form of a random word (or words), as words are easier to remember than substitutions. If you have the option, instead of “$CruFfy89”, do a few random words, like “correcthorsebatterystaple”. You’ll get way more bang for your security buck that way. There are online password creation and storage companies like LastPass that can create and store unique passwords for you. That way, you only have to remember one password in order to access all of your accounts.

Online security should be a big deal for you! It seems like every other day we hear about another big company that got hacked. So before you give some online business your personal information and unique, non-personal password, make sure the website has a Trust Guard trust seal on it, verifying that it is secure.


Special thanks to writer Stephen Porritt.

Five Ways to Combat Cyber Crime

Like most theft, cyber crime tends to follow the path of least resistance.  For paid security monitoring for your website, contact Trust Guard. They’ll help you combat cyber crime by scanning your website for more than 75,500 known vulnerabilities used by hackers to really screw things up.

Here are five online hygiene tips anyone can follow, for free, to make life harder for people looking for an easy way to steal your personal or financial information – whether you’re a business owner or not.

Combat Cyber Crime1. Use multifactor authentication. This includes entering a password plus a code or a question that only you know. Google’s authenticator app is a quick download and works easily with many services including Amazon and Gmail. It’s worth checking to see if there’s a multifactor option every time a website asks you to fill out bank account or credit card information.

2. Don’t share passwords across websites. Almost everyone shares at least a couple of passwords. Don’t. There are plenty of inexpensive password manager phone apps that can help you with this, notably the open-source Password Safe and LastPass.com.

3. Refuse to give up information whenever you can. Best Buy doesn’t need your phone number. The more information you part with, the more can be used against you if the retailer is hacked. Ron Swanson from Parks and Rec didn’t have it right all of the time, but staying off the grid as much as possible is always a good idea.

4. Check your bank balance regularly. Thieves often try for a small purchase to see if the card works before they go shopping; in particular, look for easy-to-resell items like gift cards and credits on online marketplaces. When it comes to financial accounts, you also want to change the passwords to those accounts every three months at a minimum.

5. Close down services that you don’t use anymore. Do you still have a Steam account from that one time you bought a PC game all your friends were talking about? Are you sure? Is it linked to a credit card you still use? These are the easiest ways for hackers to steal in bulk, and the one-off purchase you make on impulse is probably the one you’ll unthinkingly reuse your old password on, too. For these types of purchases, it’s a good idea to get a pay-as-you-go debit card that you load from another card with only the amount you need to make the one-off purchase.

Everyone can and should do their small part to keep their personally identifiable information safe and protected. These five tips should help.


Special thanks to The Guardian for supplying much of the information found in this article.

Top Three Cyber Security Tips

Ryan Collins, 36, of Lancaster, Pennsylvania, was sentenced on Thursday to 18 months in prison for his role in leaking private nude photos of celebrities he found by illegally accessing their Google and Apple accounts.

He is one of three men who has been convicted of leaking private celebrity photos, and is personally responsible for illegally accessing more than 100 accounts, prosecutors said. In total, the nude photo leak investigation included over 600 victims.

Cyber Security

Between November 2012 and September 2014, Collins pulled off a carefully targeted cyber security attack known as spear phishing. He sent targeted emails to his victims purporting to be from Apple and Google that seemed legitimate and tricked his high-profile targets into handing over their usernames and passwords, according to the U.S. Attorney for the Central District of California.

Once Collins had his target’s username and password, he was able to access their private accounts, steal their photos and in some instances, according to prosecutors, download full backups from the iCloud.

Sometimes, even for celebrities, it is hard to tell if an email is legitimate or not.

Here are some key cyber security tips:

  1. If you receive a suspicious email from a place where you have an account, never click on any links inside of it. Instead, go to the specific service provider’s website and log in from there. You can also make a quick phone call. In any case, most companies will not ask for your username or password through an email.
  2. Once you get to the website, use different passwords for different accounts, and switch passwords often – for banks every three months at least. If you have different passwords and one account gets hacked, the other accounts should be OK.
  3. If you feel confident about opening a link in a non-business-related email – even if it appears to be from a friend – always hover over the link first to see where the link is going before clicking on it. Your friend’s email account may have been hacked.

You could fork out $14,000 or so for a military-grade-secure smartphone to help thwart hackers — but a little cyber security know-how will certainly cost a lot less. There are many, many more hackers just like Mr. Collins who haven’t been caught. Let’s do everything we can to keep them away from our personal, private information.

 

Special thanks to NBC News for their article on the subject.

Security Risks and How to Fix Them

security risksThe best way to protect your e-commerce business is with a comprehensive protection plan against security risks.

But knowing the security risks to your site and how to fix them will help save you time and money, not to mention the chance of any mistrust from your customers. Here are four different risks that can make you a target for hackers. And, how to fix them.

Weak passwords – A strong password is one of the first lines of defense against hackers. Many website owners use the same password for multiple sites. This leaves customer data vulnerable to hacking. What should you do? Experts recommend using a password that is at least eight characters long and a combination of capital letters and symbols. It’s even better if you pick a password that isn’t a real word.

Phishing – Phishing can come in the form of legitimate looking emails with an attachment or links to a virus, malware, or spyware. Phishing attacks are rising each year. What should you do? Don’t ever click on a link without knowing what it is first. Copy and paste the link to a URL rather than clicking on it. Keep your operating system and software up to date.

Untrained staff – Even if you have an excellent internet security plan unless your employees have been trained on how to not let in hackers, it won’t do any good. What should you do? Train employees on how to create strong passwords and how to back up their work. Make sure they understand not to click on suspicious links and attachments in emails.

Social engineering – This is one of the latest tactics that hackers use and it is on the rise. This is when hackers try to get the information directly from you instead of trying to hack into software. They may try to get you to install malicious software or use you to gain access to unauthorized locations. What should you do? Be cautious about what personal information you reveal online. Beware of hackers posing as IT specialists and asking for sensitive data or passwords.

4 Security Risks To Your Ecommerce Site and How To Fix Them|Epic Ecommerce

Tarrant County, Texas Latest Victim of Ransomware Attacks

RansomwareTarrant County, the third largest county in Texas, was the most recent victim of ransomware attacks.

Luckily the county reacted quickly to the attacks and damages were minimized. Ransomware is a sophisticated piece of malware (malicious software) that blocks the victim’s access to his/her files until a sum of money is paid.

There are two types of ransomware:
1. Encrypting ransomware, which incorporates advanced encryption algorithms. It is designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content.
2. Locking ransomware, which locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted, but the attackers still ask for a ransom to unlock the infected computer.

Why ransomware creators and distributors target businesses:

  • Because that’s where the money is;
  • Because attackers know that ransomware can cause major business disruptions, which will increase their chances of getting paid;
  • Because computer systems in companies are often complex and prone to vulnerabilities that can be exploited through technical means;
  • Because the human factor is still a huge liability which can also be exploited, but through social engineering tactics;
  • Because ransomware can affect not only computers but also servers and cloud-based file-sharing systems, going deep into a business’s core;
  • Because cyber criminals know that business would rather not report ransomware attacks for fears of legal or reputation-related consequences;
  • Because small businesses are often unprepared to deal with advanced cyber attacks (which ransomware is) and have a lax BYOD (bring your own device) policy.
Tarrant County, Texas noticed the issue when an employee realized files had been locked.  An emergency computer incident team was able to isolate the employee’s files, to ensure the ransomware did not spread throughout the network.  They then restored the files and had everything back up and running as normal within an hour.

It is not being disclosed what type of ransomware attacked Tarrant County.  It has been reported by Star-Telegram that the county did not pay any form of ransom to recover the files. The county certainly went about the attack in the most appropriate way possible.  The response team was fast acting, and due to their quick response, the negative results were mitigated.

ransomware-discoveries-CERT-RO-2

If you find yourself victim to a ransomware attack, we encourage you to follow these five steps:

  1. Do not pay the ransom – If you do, you’re just giving the hackers a reason to keep hacking.  Use your backup files to restore your systems.  Again, don’t pay!!
  2. Inform the FBI – By informing the FBI they can investigate to potentially bring legal action against the hacker.  All cyber criminal activity should be reported to the federal IC3 agency.  You can file a complaint with them here.
  3. Communicate with your current security software companyTrust Guard, the leader in website security, helps thousands of companies keep their websites safe from ransomware and other malware attacks by providing business owners with scheduled vulnerability scans and accompanying detailed reports. If you don’t have an online security partner, you’re just asking for trouble. Companies like Trust Guard also provide seals – small images that you display on your site to show online visitors that you care about your website’s security. Such trust seals have been proven to increase sales and conversion rates by an average of 15%!
  4. Educate yourselves and your employees – Many times we attend one training, or listen to one webinar and consider ourselves educated on the matter.  This cannot be further from the truth.  Continued education on current cyber-security threats is imperative.
  5. Reevaluate your security software protection – If your security software has failed you, perhaps you should look for an alternative, more dependable security option.

Special thanks to Tech Talk for some of the information provided in this article.