by Brian Thompson | Feb 5, 2021 | Breach, Identity Theft
According to a recently released report by Risk Based Security (2020 Sees Huge Increase in Records Exposed in Data Breaches), “the volume of publicly disclosed data breaches fell by 48% in 2020 compared with the previous year, leading to 3,932 in total.” That’s the good news. But the total number of breached records skyrocketed in 2020.
“…the volume of records that were compromised by these breaches jumped by 141% to a whopping 37 billion records. This was the largest number ever seen by Risk Based Security since 2005.” That’s the bad news.
Security experts say this can be explained by criminals getting more targeted in their efforts. Now they are focusing on ransomware and business email scams which require little data to be successful. The staggering increase in breached records can be also be attributed to the COVID-19 pandemic. Many organizations were forced to relax their security policies. Businesses for employees to work from home and students to study remotely, unwittingly exposed their networks to compromise.
“While it is encouraging to see the number of data breaches, as well as the number of people impacted by them, decline, people should understand that this problem is not going away,” says Eva Velasquez, ITRC’s president, and CEO. “Cybercriminals are simply shifting their tactics to find a new way to attack businesses and consumers. It is vitally important that we adapt our practices, and shift resources, to stay one step ahead of the threat actors.”
As the pandemic and the threat to your personal information continues in 2021, here are some tips to consider:
- Cut your cyber and identity theft risks by learning about the Internet of Faking and Extortion occurring through social media. This has become a new profit center for ID theft criminals.
- The Internet of Things adds can add tremendous benefits through devices and apps. But these “things” also create opportunities for hackers and ID theft criminals to steal and use your information. (Internet of Things is Exposing You)
- While IT and hacking are the sizzle that continues to create data-breach headlines, most data-breach events are caused by lost devices, human error, and malicious intent. Only 50 percent of breaches are caused by IT and hacking.
- As the use of Telehealth and remote health-related services technologies increase, medical ID theft will continue to increase. Be more vigilant in securing and monitoring your medical information. (Telehealth Creates Cyber Risks)
- The use of apps and social media are priority targets for cybercriminals. Be careful with the information you share and who you share it with.
- No password is “unbreakable,” but do not make it easy for ID theft criminals. Overused and weak passwords put you at much greater risk.
Lastly, The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation (FBI Warns of Vishing Attacks Stealing Corporate Accounts).
Because breached records skyrocketed in 2020, it is imperative that you are diligent in 2021 and beyond. Be mindful of how and what you share and think before you click on links.
Looking for more tips…check out this article: Data Privacy Day, January 28th!
by Mark Pribish
by Brian Thompson | Jan 28, 2021 | Breach, General, Identity Theft, Uncategorized
Data Privacy Day, January 28th is a day that highlights what we can do in our personal and professional lives to ensure we are aware of the risks and doing our best to keep our data safe.
We all feel an increased exposure of our personal data. In fact, 79% of adults have concerns about how companies are using their information, according to a Pew Research Center study. But if we are serious about safeguarding ourselves and our customers there are some things we can learn about the data we create, how it is collected and ultimately used.
Here are a few simple but critical tips to consider when managing your personal data.
- Our personal information is a currency. We need to value and protect our personal information like money because it has a true value in the market. This data is valuable to companies as well as bad actors who are buying and selling our information on the dark web for profit. Our advice is to consider the benefits vs consequences of all the information you are providing online.
- Passwords, Passwords, Passwords… have you ever seen one of these lists without the reference to passwords? NO, and that is because we still have poor password habits. Make your passwords long and complex. Do not use the same password for multiple accounts and PLEASE do not use a post-it note with passwords stuck to your computer! Consider using a password vault app.
- 2-Factor Authentication. Great passwords are a start but 2-factor authentication for key accounts should also be used. Turn on these features for all of your financial accounts and any other account where it is available.
- Apps and Privacy Settings! Apps are more intrusive than you think! Many ask for your location, contact information, and access many other things before you can even use them. We suggest you manage your privacy settings to adjust them to your comfort level, NOT what they suggest or want. Every app you use has different privacy settings and features but the NCSA’ Manag Your Privacy Settings Page is very helpful in getting you started: https://staysafeonline.org/stay-safe-online/managing-your-privacy/manage-privacy-settings/
- Think before you CLICK! One-click can do so much damage to your privacy, customer data or create opportunities for Breach. If you are at home or at work, make sure you only click on links you are familiar with. If you are unsure, ask your IT team or leave it alone.
BONUS: What you share on social media may last forever. Think about what you are posting, who will see it, and how it could be used.
Data Privacy Day, January 28th gives us an opportunity to consider how to view our data and how we use it. More importantly, it gives us a chance to look at how we let others use it.
More Tips HERE:
by Brian Thompson | Dec 30, 2020 | Breach, Identity Theft
I was recently asked, “Is Your Digital Identity Safe?” The short answer is “no”.
Two aspects of the issue
One, take a look at today’s threat environment for businesses. There is a huge discrepancy between the marketing of information technology security and the reality of data breaches.
Two, look at the threat consumers must deal with. Again, a huge discrepancy between the marketing of identity theft protection services and the reality of ID theft Victims.
Unfortunately, cybercriminals are getting better at hacking, and data breaches can happen to anyone, just look at the recent headlines:
A worldwide hacking campaign with ties to Russia has cybersecurity experts trying to figure out what happened. Further, how much of the United States government may have been affected and how badly it is/was compromised.
The affected government agencies include:
- US Treasury Department,
- US Department of Commerce’s National Telecommunications and Information Administration (NTIA),
- Department of Health’s National Institutes of Health (NIH),
- Cybersecurity and Infrastructure Agency (CISA),
- Department of Homeland Security (DHS),
- US Department of State.
But there is more. Austin, Texas-based SolarWinds (an IT management company) reported a compromise of its servers earlier this year (between March – June 2020). The incident may have affected nearly 18,000 business clients including Fortune 500 companies, healthcare providers, and many other industry verticals.
The is just more proof that cyber-attacks and data breaches can hit any organization and affect any individual anytime, anywhere.
What does this mean for individual consumers?
- It means that hospitals and telehealth companies that are on the front lines of the COVID-19 crisis could be compromised relating to the personal privacy of patients.
- That the personal privacy of employees working from home and students studying remotely could be at a higher risk of identity theft.
- And that the IT managers of the 300,000 clients of SolarWinds are scrambling to understand the impact of the hack.
So to answer the question again, “Is Your Digital Identity Safe?”, again the answer is “no”. Consumers and businesses need to know that data breaches and identity theft are inevitable. ID theft criminals are focused on leveraging social engineering tactics to steal personal and business credentials to gain access to personal and corporate networks/data.
We recommend that both consumers and businesses be more vigilant than ever in the coming year. The bad guys are taking advantage of fear and uncertainty during the COVID-19 crisis but education and protections can lower the risks drastically.
by Mark Pribish and Brian Thompson
by Brian Thompson | Dec 1, 2020 | Breach, Identity Theft
The Cyber Threat Landscape Will Get Worse Before (and if) it Gets Better!
Based on the three “headline news” articles below, I believe no one organization can prevent a data breach event:
To prove this point, while the total number of data breaches was down in the first six months of 2020, over 27 billion records have been exposed so far this year (please see here) which is more than four times higher than any previously reported equivalent time period.
This leads me to believe two things:
- All the financial and IT resources of the U.S. government and private industry – no organization can prevent a data breach.
- Cyber threats and attacks are no longer just a technology risk – but a business and consumer risk.
So what can be done?
We need to create a new security culture with a new sense of urgency for both business and consumers.
If you are a business and you are not proactively monitoring the ongoing risk associated with cyber threats and attacks across your entire enterprise, including the Board/C-Suite level, you’re putting the viability of your business in serious jeopardy and creating liability by not adequately protecting your business assets along with your customer information.
And if you are a consumer – especially with employees working from home and students studying remotely – and you are not proactively monitoring your and your family members’ Personally Identifiable Information (PII), then you are increasing your risk to hackers and online scammers especially during the COVID crisis.
As the cyber threat landscape gets worse and COVID working environment changes, employers and consumers become more reliant on technology. We need to have a plan to respond and recover from a data breach and/or identity theft event.
When life is perfect and there are no data breach and identity theft events, we can relax. Unfortunately, life is not perfect. Recent FBI cybersecurity warnings reveal, a broken cybersecurity market, and a shortage of cybersecurity workers, we need to be careful.
So an important question to ask the organization you work for is what is the formal response and recovery plan that is in place in the event of a data breach or hacking event?
And as an individual consumer, the question to ask yourself is, are you doing everything you can to protect yourself and your family members against hackers and online scammers?
By Mark Pribish
Vice President and ID Theft Practice Leader
More Articles here: ID Theft Criminals Never Rest, Online Students are Targeted, Fraud in the Midst of COVID-19
by Brian Thompson | Oct 9, 2020 | Breach, General, Identity Theft
The Internet of Things (IoT) is exposing you more than you may think! The IoT allows smart technology products such as gaming devices, home appliances, medical wearables, sports equipment, cars, and toys to send and receive data over the internet and to be controlled remotely
After hearing the phrase “uncertain times” for the last six months, I believe that it may be overused. Most consumers tune out the meaning of overused words and phrases relating to risk and danger.
Unfortunately, words such as cybersecurity, data breach, identity theft, personal privacy, and stolen credentials are still not understood by consumers.
Consumers continue to read that weak passwords and phishing emails as common access points for hackers and they are!. But, the new access point is the IoT as hackers are taking advantage of unsecured access to smart technology.
Two IoT exposure examples:
- Two recent examples include Why the Garmin Data Breach Should Be a Wakeup Call for Every CEO (please see here)
- Amazon Ring Leaks Thousands of Customer Data (please see here).
According to Chief Executive Magazine, “Garmin confirmed it had been the victim of a cyberattack that caused a days-long outage in late July, during which users worldwide were unable to upload their fitness data from the company’s sports devices. Garmin reportedly paid a sizable ransom to get its data back.”
And according to Threatpost – which is a leading source for IT and business security – “2019 saw an explosion of privacy issues and scandals for Amazon-owned Ring. Researchers found several flaws in the IoT device, including one that allowed attackers to spy on families, or one that exposed Wi-Fi network passwords.”
The good news is that smart technology has the potential to improve our lives from home security, energy conservation, to physical fitness. The bad news is that it increases exposure with poor security features and places the responsibility of security on the consumer.
The fact is smart technology devices collect, store, process, and use personal information. For example, information such as names, addresses, phone numbers, email addresses, payment account information, GPS-based location, and activity patterns.
A new security report from Palo Alto Networks states that “57% of IoT devices are vulnerable to cyberattacks of medium to high severity.”
The Palo Alto report offered best practices to protect IoT devices from cyberattacks including:
So, yes, the Internet of Things is exposing you but as described above, there are ways to mitigate that risk. Enjoy your smart technology devices, stay safe, change your default passwords, and stay up to date on the latest IoT updates.
By Mark Pribish
Vice President and ID Theft Practice Leader
An additional article about the Internet of things: PERSONAL PRIVACY AND THE INTERNET OF THINGS (IOT)
or… How public Wifi is putting you at risk: Public WiFi is Putting You at Risk
by Brian Thompson | May 29, 2020 | Breach, Identity Theft
Credit Freezes vs Credit locks, what you should know is that they are not exactly the same thing.
Credit freezes are now free, but credit bureaus are pushing you to lock your credit instead.
Why you want to know the difference
Consumers, in general, are more worried about identity theft than ever before and they should be. Identity theft is one of the fastest-growing crimes in the past years and will see a significant spike this year. According to a May 22, 2020 ComputerWeekly.com article titled Covid-19 will leave organizations exposed to higher cyber risks (please see here https://www.computerweekly.com/news/252483503/Covid-19-will-leave-organisations-exposed-to-higher-cyber-risks), “hacking attacks and phishing emails could become the new norm.”
The fact is the risk of a data breach event is now higher than ever based on the “increase in phishing email attacks, malicious keylogger attacks and the distribution of password-stealing software.” This means that consumers are more exposed now more than ever and might not know for months or even years that their Personally Identifiable Information (PII) was stolen.
Since the COVID-19 crisis began, state and federal law enforcement has reported on numerous cybersecurity attacks and phishing scams including:
- Sophisticated COVID-19 related phishing attacks that use PDF attachments to bypass software security defenses
- Fake shipping emails pretending to be from FedEx and UPS to trick customers into downloading malware
- Phony LinkedIn “connect” and Facebook “friend” requests to trick users into downloading malware
- Fraudulent small business lending emails targeting small business owners including small law firms
- New and innovative “vishing” phone scams impersonating government organizations and charities to solicit donations
With the increase in cyber scams, breaches, and ID theft during the current COVID-19 crisis, consumers might consider placing a credit freeze on their credit report.
However, be careful as Consumer Reports Magazine states (please see here https://www.consumerreports.org/credit-protection-monitoring/why-a-free-credit-freeze-is-better-than-a-credit-lock/) that “even though credit freezes are now free, credit bureaus are pushing consumers to lock their credit instead.”
What is the difference?
A credit lock and a credit freeze are similar forms of protecting your credit reports from being accessed by identity fraudsters. The two are often used interchangeably but they are different.
Freezing your credit with each of the three credit bureaus, Equifax, Transunion, and Experian restrict access to your credit for anyone attempting to access it. Access is granted only when you unfreeze your credit. Freezing and unfreezing your credit is free, by law, and requires you to use a password-protected account or pin number.
Locking your credit accomplishes the same restriction to your credit. But unlocking your credit is very easy and can be done immediately at any time. Unlocking can be done on your computer or your phone. This is beneficial because it is far easier to lock and unlock than it is to freeze and unfreeze. You will pay for the convenience of this service.
Both Freezing and Locking your credit prevent others from accessing your credit information, eliminating the possibility that a fraudster could open a new credit account in your name.
CREDIT FREEZES vs CREDIT LOCKS…The choice is yours but both options are worth considering to protect you and your family members.
Looking for more protection? Here are 14 features of Identity Theft Protection Monitoring and the Most Important Feature!
