“How Clean Is Your PC?”

  • 0

“How Clean Is Your PC?”

Dear Blast Readers,

 

When it comes to your PC’s Cyber security do you do everything possible to prevent Cyber-attacks and data breaches? Do you use strong passwords? Do you know what constitutes a strong password? Do you avoid any suspicious emails that could lead you into a phishing attack? Do you use two-factor authentication on the accounts that allows you to do so? Have you ever wondered if that is enough? If that is really all it takes to secure your digital information?

 

When you hear the phrase “spring cleaning” you automatically think of cleaning your home. Doing the dishes, sorting cloths, and scrubbing every inch of your home. But, “Spring cleaning” can also refer to cleaning up and separating your digital junk from your valued digital information.

 

If you think that you do not have digital junk, you do. Whether it is old and forgotten email accounts, forgotten thumb-drives, or years’ worth of information in the download folder, everyone has digital junk

 

All unwanted and forgotten files are considered liabilities, a danger to you and your valuable digital information. In the event your digital devices are hacked, stolen, and/or lost, holding onto accounts and files you do not want and/or need opens you up to all kinds of risks. So, cleaning your digital devices is important when securing them.

 

So, where do you start your digital “spring cleaning”?

  1. Address your physical devices. Devices should be cleaned, destroyed, and disposed of properly. Only after you go through all the data and back-up what you want to keep.
  2. Go through your desktop and all your documents. It is important to go through and get rid of any old documents containing personal information, such as: medical and banking information.
  3. Delete any emails you don’t need or want. With your email being the data center of your online life, secure the emails you want to keep and delete the ones that you do not want.
  4. Cancel any account you no longer use. Before deleting any software, clean out and close the account. By doing so, this makes sure the company retains the smallest amount of information as possible about you. It also prevents any more information about you from being collected.
  5. Cancel any email account you no longer use.

 

If you have any questions about Data Security, Cyber Attacks, Cyber Security, or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Your Medical Records Are Next

Dear Blast Readers,

 

Have you ever worried about your credit/debit card information being stolen by hackers? Did you ever think that by visiting your doctor’s office your identity could be stolen? Did you know that, when it comes to protecting customer information, the healthcare system is behind the financial sector by about 10 years?

 

As more hospitals, doctor’s offices, and healthcare facilities go from paper records to digital records more hacking issues are expected. More personal information can be accessed by hackers because more is accessible online.

 

One of the challenges of protecting patient data is that the data is stored digitally. By storing patient information digitally, all devices that have access to this information have access to the internet. With internet access, these devices and the information they have access to can be breached by hackers. Also, data breaches can potentially occur when the patient data is being transmitted over the internet to the cloud. Many hospitals and doctor’s offices utilize cloud servers to store patient data without the patient’s knowledge. Hackers can exploit a vulnerability on the devices, with access to the cloud, compromising millions of patient files.

 

What makes health records so valuable to cyber criminals is the personal nature and its shelf life. Health records contain information such as:

  • Policy Numbers
  • Medical History
  • Billing Information
  • Social Security Numbers

 

Even though some patient data, such as Credit/Debit card information, can be shut down when fraudulent activity is detected. Other data cannot be changed that easily, such as Social Security numbers. So, it is important to protect that information so data breaches do not occur.

 

How can Doctor’s offices, hospitals and healthcare facilities protect patient data?

There are multiple ways that patient data can be protected. Some ways include:

  • Encryption Platforms. Encrypting data makes sure that all data that is being exchanged is done so safely.
  • Back-up patient records. By backing-up patient records this gives hackers less motivation to go after those organizations and their records. All back-ups should be kept in a secure environment.
  • Employ biometric authentication. This helps control and limit access to labs and records to only authorized personnel.
  • Device Management. Device management protects devices in case of theft.

 

If you have any questions about Hacking, Data Security, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.


  • 0

“Life’s A Breach”

Dear Blast Readers,

 

Does your company use third-party vendors? Do those vendors make data security a priority? Does your company allow third-party vendors to access your companies network?

 

Third-party vendors are companies that offer services that the primary company can not support. It is considered a business necessity with most companies to outsource data management, activity processing, and storage to third-party vendors. But, did you know putting your company’s data into the hands of third-party vendors puts your data at risk of being breached?

 

It is common for hackers to try and use third-party vendors to gain access to a business’s data. Yes, businesses may have their own cyber security protocols in place, but access must be given to third-party vendors. When access to a business’s network spans out to a third-party, this is when possible network security vulnerabilities are created.

 

All businesses are responsible for the data that they collect, transmit, use and process, and they are still responsible for that data even when the data is entrusted to a third party.

 

If a third-party vendor gets hacked the consequences for your business varies, depending on the seriousness of the hack. A less serious hack can cause your business to lose vital data, and confidential employee information can be compromised. If the hack is a serious hack there are a few things that can happen, ranging from intense media attention to bankruptcy.

 

Outsourced contractors are often the primary targets of data breaches. So, it is important for the third-party vendors to takes data security seriously. But, how can you be sure if a third-party vendor is a security-conscious vendor? Some signs that a third-party vendor is security-conscious are:

  • The vendors have comprehensive security policies & disaster recovery plans in place and are updated and reviewed regularly.
  • Data Back-ups and recoveries are performed regularly. In case of hardware failure, the vendor has back-up servers to avoid interruptions.
  • Internal security audits are performed regularly.
  • Employees that have access to company data are vetted carefully (thorough background checks are performed).

 

But, as important as it is to make sure that the third-party vendors take data security seriously. It is also just as important to make sure that the data is secure on your end. To do that it is important to:

  • Have a strong internal security policy.
  • Know what data is sensitive & where it is located on your system. Never give one person access to more than one portion of your sensitive data.
  • Know your responsibilities and rights, as well at know those of your providers.

 

Another important aspect of a data breach is the reporting requirements. Reporting requirements differ depending upon the state in which the breach occurs. Additionally, if a breach involves information of clients across state or country lines, other reporting requirements will come into effect. It is vital to know your state’s cyber security breach reporting requirements.

 

If you have any questions about Data Breaches, Cyber Security, Computer Forensics, or Reporting requirements contact FDS Global. You can reach us at our office at (954)727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.



  • 13

“Printers Beware”

Dear Blast Readers,

 

Did you know that 54% of employee’s say that they do not always follow the security policies put into place by their company’s Information Technology departments? * Did you know that about 51% of employees who have a printer, copier, or a multi functioning printer (MFP) at their work place say that they have copied, printed, and/or scanned confidential documents at work before? *

 

With cyber threats on the rise, it is not a shock that even printers are not safe from cyber attacks and data breaches. If a printer is connected to a wireless network and is unsecure, then it is open to hacking. Once compromised, other devices connected to the same network are left vulnerable.

 

How can a hacker gain access to a network using an unsecure printer?

 

One way a hacker can gain access to your unsecured printer is if the firmware is out-of-date. This allows the system to accept malicious lines of code. The hacker can then use the code to gain access to:

  • Print Jobs.
  • The user’s computer.

 

Another way a hacker can gain access to your unsecured printer is using a drone. Along with a drone the hacker would need a mobile phone and two applications. The two applications would do the following:

  • The first application identifies all wireless printers
  • The second application deploys malware into the printers.

 

So how does this type of drone attack occur?

 

Firstly, the hacker would fly a drone using a smart phone into position outside of an office building. Once into position, the hacker activates the two applications. Once the first application scans for open Wi-Fi printers, the second application establishes a fake access point (one that mimics the real device). Once established, the fake access point is then able to intercept documents that have been sent to the real device. With network access gained, the hacker can then in-bed malware into the company’s network.

 

When malware is installed within the network, hackers can gain access to your servers and documents by:

  • Accessing sensitive and/or confidential information.
  • Changing the printer’s settings or LCD readout.
  • Launching DoS attacks (Denial-of-service attacks).
  • Using the printer to receive and transmit faxes.
  • To send unauthorized print jobs.
  • Retrieving saved copies of documents.
  • Eavesdropping on network printer traffic.

 

To take preventative measures against attacks on your printers Some typical prevention procedures include, but are not imited to:

  • Educating Employees on the importance of security
  • Defining what constitutes a secure password
  • User identification (with PINs and other verification) for printer usage.
  • Data encryption protocols (to prevent interception of data across the network).

 

If you any questions relating to Firmware, Network Security, Printer Security, Cyber Security or Computer Forensics contact FDS Global. You can reach us at our office at (954) 727-1957 or by email at RMoody@FDS.Global. Please feel free to visit our website at www.FDS.Global.

 

 

*(The statistics represented in this blast were identified from: Network, C. (2013, February 07). The Hidden IT Security Threat: Multifunction Printers. Retrieved April 25, 2017, from https://www.forbes.com/sites/ciocentral/2013/02/07/the-hidden-it-security-threat-multifunction-printers/#b615affb615a )*