As you have already heard, cyber-thieves from Russia have compromised the IRS Get Transcript website and were able to get records of previous years’ tax filings in order to file fraudulent returns and collect refunds. What was special about this heist is that the IRS servers were not breached directly, but that the attackers were able to use data gathered elsewhere, from lists of identity information bought on the ...
The new Ponemon Institute 2015 Cost of Data Breach report was released recently. This report looks at the costs of 2015 large enterprise class data breaches, but there are some salient pieces of information for small business owners to consider when formulating their cyber security risk management plans.
The average cost per record lost in a data breach increased from $201 in 2014 to $217 in 2015. Different sorts of records had different costs associated to them. For instance, more detailed ...
Continue Reading →
One of the relatively easy ways to create longer, stronger, more complex, and totally unique passwords for all your online accounts is to use a password manager service. Some of the more popular ones include RoboForm, KeePass, and LastPass. These services create unique bits of gibberish for each site, and automatically apply them to ...
The recent break of the Office of Personnel Managment has been all over the news, but we haven’t written about it because we like to focus on issues our clients are facing that they can actually do something about. But if you currently have or ever received a government security clearance, this issue affects you. This is going to prove to be one of the most serious identity theft operations of all time. The information acquired by the attackers was impressive ...
Continue Reading →
We usually limit our discussion in this blog to cybersecurity articles that would be of interest to average users, and this is not really one of those topics. But because the exploit is getting some press, and the exploit name, “venom,” is attention grabbing, we thought we would discuss it here.
The Venom exploit only matters to those of us who are using virtual machines. A virtual machine is created using ...
Continue Reading →We recently presented a one-hour Lunch and Learn seminar of cybersecurity on behalf of St Paul SCORE. This event was video recorded and can be found on YouTube, on the WyzGuys Computer channel. Here is the video:
Continue Reading →
As we have mentioned several times, humans represent the weakest link in cybersecurity. This means we are terrible at creating strong passwords, and we are bad at remembering them, too. So all of our online service providers have password reset systems that usually include a series of “secret” questions that are supposed to be both hard for an attacker to guess, but easy for the account holder to remember. Unfortunately, ...
One of the early steps a small business needs to undertake is the creation of a cybersecurity policy. This is not a trivial undertaking, and taking a look at the information below will undoubtedly make this project look daunting to the average small business owner. A good solution would be to find a cybersecurity professional with experience in policy creation ...
We have been relying on the trusty password for years, but as password cracking technologies improve, even longer and more complex passwords are being solved and sold on rainbow tables. So passwords are for the most part over. Two factor authentication is possibly a solution, but biometrics are becoming a big part of what is next in the field of user authentication. We have already seen fingerprint scanners on some ...
US-CERT (The United States Computer Emergency Readiness Team) has released a report listing the top 30 exploited software vulnerabilities. This shows that one of the biggest problems is still that software is not being patched and updated in a timely manner, if at all. And the HP Cyber Risk Report explores this issue further, and offers four strategies ...