Data Breaches – What Do They Mean To You?

Data breaches are happening all the time. Every month another story breaks.

How do you react when you hear them?

Do you shrug and think ‘it won’t happen to me’, or does it make you sit up and think about your data security?

Here’s an interesting post we found on BullGuard’s blog that we wanted to share with you.

Data breaches are real

Mega data breaches come so thick and fast and the numbers are so large they become abstract. It’s reached a point where we can’t help but glaze over and often because the numbers are impossibly huge.

It’s easy to visualise 100, 5,000 and even 50,000 hacked data records because we can picture that many people.

Verifications.io data breach

The latest data exposure affected 808,539,849 records and while the preciseness of the number is helpful it’s still an impossibly large number for most people to make sense of.

But wait for it; the exposure figures were revised and now it is believed that 2,069,145,043 total records from all over the world were exposed. That’s over two billion.

The exposed data belonged to a company called Verfications.io. Four databases were compromised. Verfications.io describes itself as an email marketing firm with a particular specialisation in circumventing spam traps and bouncing emails.

We can also describe it as one of those companies that operate in the shadowy data economy, trading in huge quantities of personal user data.

Why it happened

The exposed data breakdown figures from just one database are as follows:

  • Email records – 798,171,891 records
  • Email with Phone – 4,150,600 records
  • Business leads = 6,217,358 records

The records were not encrypted but stored in plain text, and it appears the data, from multiple clients, had been pooled. At the time of writing, Verifications.io website is unavailable which isn’t too surprising.

While it is a leak, rather than a hack, the data could well have been downloaded for future devious use such as phishing emails, scams and payment fraud scams. The data could also be sold on hacker forums in a couple of months from now.

Two billion is still an impossibly large number to grasp but the moral of this data exposure is that cyber security is still far too much of an afterthought for many organisations.

What can you do to protect yourself?

In the face of this relentless deluge, we have to protect ourselves because clearly many of the myriad organisations that hold our personal data don’t do enough to keep it safe.

With this is mind BullGuard Premium Protection is the best form or protection available. It safeguards all your personal information, notifying you immediately if it appears on the internet.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich, Bury St Edmunds, and surrounding villages.  

Source: BullGuard

Are iOS Devices Threatening Your Business?

mobile phone security

 

Did you know that only 20% of Apple iOS devices are running on the latest operating system?

Running outdated iOS systems leaves you open to well-known vulnerabilities such as Ins0mnia and Quicksand. A report by security provider Duo Security estimates that more than 20 million devices connected to enterprise networks are no longer supported by the device manufacturer. And, because they can’t be upgraded, they pose a real problem.

This issue is compounded by the fact that there are numerous devices still on the market that can’t receive updates, so potentially, even new devices could be a security threat.

It’s not just iOS

This isn’t a problem that’s just confined to Apple. It is estimated that there are more than 90% of Android devices running out-dated operating systems too.

With the number of personal mobile devices being used in the workplace, Duo Security warn that IT professionals must be aware of the risks and how to sort them quickly.

Education, education, education

The only way this can be addressed effectively is for the device users to take some responsibility.

Henry Seddon, head of European Operations at Duo Security told Computer Weekly:

“Users need educating, but organisations need to put in place systems that not only educate users, but can also encourage them and make it easy for them to upgrade to the latest versions of software. It’s up to everybody in the company to take responsibility for the company’s security and their own, and organisations need to prove the tools that stop them at key points, and encourage and enable them to follow past practice.”

Failure to do so can potentially open up organisations to malware and other forms of attack.

Security recommendations

Here are some of Duo Securities recommendations:

  1. Establish basic mobile device security policies for the company and get buy-in from business managers
  2. Enable all employees to use passcode and fingerprint screen locks to prevent trivial access to sensitive data on mobile phones
  3. Consider excluding phones that are jail broken
  4. Provide helpful tips and reminders to users to check for updates on personal devices accessing company data
  5. Update or replace outdated hardware in use in the enterprise that may no longer be supported with security updates by the manufacturer
  6. Recommend that employees using Android devices consider Nexus handsets with more frequent and direct platform update support
  7. Address common update issues up front with guidance on problems related to updating mobile devices, such as providing tips on freeing space for updates
  8. Use free tools to detect devices with particularly concerning vulnerabilities (e.g. X-Ray for Android)

This is no longer something that can be ignored by businesses. Management and employees must work together to ensure the security of data and avoid embarrassing breaches.

MPM Computer Consultancy provides IT Services, Support and Training to sole traders and small businesses in Ipswich. Bury St Edmunds and surrounding villages.

Source: Computer Weekly