What You Should Know about the Equifax Breach

What: Data collected by Equifax, one of the three credit report giants, was hacked. “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” said Richard F. Smith, Equifax CEO, in a statement. 

When: In early August, Mandiant (a cybersecurity firm) was approached by Equifax to figure out what was going on, according to CNN News. Mandiant aided in the investigation and determined from May 13 through July 30 a spate of hacks occurred.

Who: 143 million Equifax customers have been affected. Their information, including social security numbers, addresses and birth dates were accessible by hackers.

Soon after the breach was announced to the public, Susan Mauldin, former chief security officer and Dave Webb, former chief information officer, retired.

How: Like many of these cases, the how is still a mystery. But Apache Struts, a tool used for Equifax’s online dispute portal, has become the scapegoat, being blamed for vulnerabilities, making the breach easier for hackers.

Apache Struts released this statement:

“We as the Apache Struts PMC want to make clear that the development team puts enormous efforts in securing and hardening the software we produce, and fixing problems whenever they come to our attention. In alignment with the Apache security policies, once we get notified of a possible security issue, we privately work with the reporting entity to reproduce and fix the problem…”

What you can do: If you believe you might have been impacted, visit Equifax’s Cybersecurity Incident & Important Consumer Information page: https://www.equifaxsecurity2017.com/.

Your Dog’s Name is Not a Good Password

Buster and Champ are great names for dogs. But neither of them make a good online password – especially when those are the names of your dogs!

Password Trust GuardOne of the most annoying things you’ll come across on the web is when a website forces you to create a complicated password. You’ve had to do it before—with capitals, and numbers, and special characters. You end up with something like “Beth@ny12”, which looks more like a 12-year-old’s screen name than a password. The worst part? Those passwords aren’t secure. Here’s why.

Dictionary Attacks

Brute force is usually what people think of when hacking comes to mind. That’s when hackers guess every possible combination of every letter and character. It’s a technique that’s used, but only as a last resort. Hackers start, instead, with dictionary attacks. These involve taking a very large and comprehensive list of common passwords, characters, and substitutions, and then using them to guess your password. So, yes, they’re going to guess “password”, or even “p@ssw0rd1”.

The problem, here, is that people pick passwords out of habit. The computers have been forcing us to when they make us turn “Scruffy” into “$CruFfy89”. We use short, familiar words because it’s the only way we can remember those ridiculous passwords. But that only makes them easier to guess for the dictionary attacks. Online bullies know all of the words we pick, and all the substitutions we’re going to use. And heaven forbid we forget our password. Then we just reset it to a password we already use somewhere else…which is another cardinal password sin.

Better Passwords

So how do we protect ourselves? The best option is to add more letters, preferably in the form of a random word (or words), as words are easier to remember than substitutions. If you have the option, instead of “$CruFfy89”, do a few random words, like “correcthorsebatterystaple”. You’ll get way more bang for your security buck that way. There are online password creation and storage companies like LastPass that can create and store unique passwords for you. That way, you only have to remember one password in order to access all of your accounts.

Online security should be a big deal for you! It seems like every other day we hear about another big company that got hacked. So before you give some online business your personal information and unique, non-personal password, make sure the website has a Trust Guard trust seal on it, verifying that it is secure.


Special thanks to writer Stephen Porritt.

Gambling with Your Website’s Security

Let’s face it. We love gambling. There is a thrill in risk taking that isn’t found anywhere else. The anticipation of possibly guessing right gives us an emotional high. The possibility of failure outweighs the possibility for success. Many entrepreneurs and their investors have made millions on just such gambles while others have lost almost everything.

Some gambles are meaningless, others are life-changing. Gambling $50 to bet that our favorite team will win the Superbowl isn’t a big deal. If they don’t win, we’re often more upset at the loss of the game than we are at the loss of the $50. However, when we win big games like that, even though monetarily we may have only doubled our risk, we feel like millionaires as we celebrate our winnings.

Gambling with Online Website Security

But how many of us, as online business owners, knowingly or unknowingly, risk opening up our websites up to hackers? We gamble that out of the 30,000 websites that are destroyed or debilitated every day, for some reason, hackers will continue to leave us alone – even though we’ve done nothing to keep them out.

There is an online service that monitors for more than 75,500 vulnerabilities used by hackers to make a mess of online businesses. During the monitoring process, if any vulnerabilities are found, the company sends a report to the business owner with instructions on how to fix the issue. Once fixed, the website is safe from unfriendly visitors trying to ruin the lives of business owners and their online visitors.

Trust Guard, the leader in websites security, runs security scans for thousands of websites for owners from all over the world. These business owners don’t gamble when it comes to their website’s security. They understand the risks associated with malware, trojans, and viruses that hackers can leave. They have spent too much and effort to risk losing it all to a hacker. They don’t want to face the economic, legal and/or reputational consequences that would come if their website were hacked.

The truth is, however, that there are still hundreds of thousands of website owners that are still gambling unnecessarily with their website’s security. Are you one of them? If you are, you have two choices: Continue to trust your luck or ask Trust Guard to scan your website on a daily basis against online security threats.

 

 

 

Yahoo Hack Calls for Improved Passwords and Security

Although the Yahoo hack took place in 2014, it was just yesterday, the first day of Autumn 2016, that they fessed up to it.

Yahoo acknowledged that hackers stole the account information of at least 500 million users. Information intercepted by the Yahoo hack included names, email addresses, telephone numbers, birth dates, passwords, and security questions.Yahoo Hack

Security experts say the incident could have far-reaching consequences for users beyond Yahoo’s services. This is because access to Yahoo could also provide login information (including passwords) to other sites as well. This could include access to social sites, sure. But it could also include bank accounts and domain and hosting accounts for small business owners.

If you had/have a Yahoo account, you should assume that your PII (Personally Identifiable Information) was stolen. Changing Yahoo passwords will be just the start for many of you. Comb through other services — especially those for which you provided a Yahoo email address to create an account — to make sure passwords used on those sites aren’t too similar to what you were using on Yahoo. Change passwords for sites that contain sensitive information like financial, health, business, or credit card data.

Never use the same password across multiple sites. Protect your username and passwords – even from friends or co-workers that you think you trust. Try a password manager like 1Password or LastPass. These sites create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers reduce the risk of reused passwords or those that are easy to decode.

You should already be treating everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information. Looking for links to SSL-protected websites is a start. Don’t click on any links without knowing where they go.

When on a website, look for trust seals from trusted third-party vendors like Trust Guard who can verify the site’s privacy policy, legitimacy as a business, and even its safety by running periodic security vulnerability scans. These scans can detect issues the company might have and help the business resolve them before hackers get the chance to mess things up. Sites using these services go the extra mile, making every possible attempt to keep your PII safe and secure.

Security Risks and How to Fix Them

security risksThe best way to protect your e-commerce business is with a comprehensive protection plan against security risks.

But knowing the security risks to your site and how to fix them will help save you time and money, not to mention the chance of any mistrust from your customers. Here are four different risks that can make you a target for hackers. And, how to fix them.

Weak passwords – A strong password is one of the first lines of defense against hackers. Many website owners use the same password for multiple sites. This leaves customer data vulnerable to hacking. What should you do? Experts recommend using a password that is at least eight characters long and a combination of capital letters and symbols. It’s even better if you pick a password that isn’t a real word.

Phishing – Phishing can come in the form of legitimate looking emails with an attachment or links to a virus, malware, or spyware. Phishing attacks are rising each year. What should you do? Don’t ever click on a link without knowing what it is first. Copy and paste the link to a URL rather than clicking on it. Keep your operating system and software up to date.

Untrained staff – Even if you have an excellent internet security plan unless your employees have been trained on how to not let in hackers, it won’t do any good. What should you do? Train employees on how to create strong passwords and how to back up their work. Make sure they understand not to click on suspicious links and attachments in emails.

Social engineering – This is one of the latest tactics that hackers use and it is on the rise. This is when hackers try to get the information directly from you instead of trying to hack into software. They may try to get you to install malicious software or use you to gain access to unauthorized locations. What should you do? Be cautious about what personal information you reveal online. Beware of hackers posing as IT specialists and asking for sensitive data or passwords.

4 Security Risks To Your Ecommerce Site and How To Fix Them|Epic Ecommerce

Report Shows an Increase in DDoS & Web App Attacks

web app attacksAccording to Acamai’s State of the Internet/Security Report for Q1 of 2016, there has been an increase in DDoS and web app attacks.

For those of you who might not know, DDoS is short for Distributed Denial of Service. DDoS is a type of Denial of Service (DoS) attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a DoS attack.

According to the report, there has been a 23% increase in DDoS attacks and a 26% increase in web application attacks, compared with Q4 2015, setting new records for the number of attacks in the quarter. The rise in repeat DDoS attacks, with an average of 29 attacks per targeted customer – including one customer who was targeted 283 times.

PCI compliant security scanning from Trust Guard can help protect your website from hackers by monitoring the level of security of your site. They then send you a detailed report to inform you that your site is safe or that one or more of over 75,406 vulnerabilities that hackers use to infiltrate sites and servers are readily accessible to them.

With this report, you and/or your hosting company can quickly repair the issue. A new scan of your site from Trust Guard will show whether or not you fixed the issue. Once your site passes its scan, they will continue to monitor – since new vulnerabilities are being found every day.

If you’d like, Trust Guard can even provide you with a trust seal to display at strategic locations on your website (above the fold and on your check-out page) so that you can show your online visitors and potential customers that you take their safety and security seriously. These seals are guaranteed to increase your online sales.

For a free scan to see where you stand regarding your website’s level of security and potential for web app attacks, visit freepciscanning.com.

To view the entire report from Acamai, click here.