Recent Posts

Data Breach Breakdown 12-2-2015

Written by Spencer Heckathorn in data breach,Security,Threat

Crazy stuff as we are hearing details about some 4.3 million adults’ and some 200k children’s’ accounts have been compromised by compromising 1 company

I had no clue about this but Experian releases annual data breach prediction.

If you used to play poker you might be interested to know about this data breach that happened in 2009-10. Neteller (3.6 million accounts)… Yup that very payment processor that we sent our money or made withdraws using is implicated in this one. Also skrill 4.2 million accounts, something I have heard of somewhere but don’t remember what it was for or how it was used. However, this story is reporting that the people in this breach are “safe”… Basically, they are saying that only 2% of these customers were actually active and had card data on their accounts… I say that’s dumb a lot of information can be gathered from a little data. Not many more details in this story.

This looks like an interesting article on “How you can predict” data breach at your own company.

Seems late to the game but the League of Women Voters is looking into the Georgia data breach. Basically, they are asking someone else to take a look…

 

 

 


Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 20

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 21

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 22

Rouge Employee – Steals Customer Data

Written by Spencer Heckathorn in Blog,Security,Threat

Data Breaches, Stolen Contacts, Stolen Personal Info, Stolen Processes, Deleted Customer Lists on and on…

Something that none of us want to hear, but it happens everyday somewhere someone steals, deletes, loses, or otherwise access data they should not. It is not always due to a rouge employee but that happens a lot, and comprises the majority of incidents I have seen at small to medium sized businesses, with those that have 2-40 really seeming to be a sweet spot. It’s like before you are a cretin size it doesn’t happen. So you don’t think about it and how to mitigate the risk.

(setup a google alert for “data breach”) Sorry to all of those looking for some juicy bits it didn’t happen here (fingers crossed), but I will tell you about where it did happen.

Take the data and Delete the email Rouge Employee in real life

One of our customers called in a panic about 3 years ago, an employee, that thought he saw greener pastures on the other side, took the companies complete customer list and deleted all of his emails upon leaving. This was devastating in many ways to the company. Not only was their customer list out “in the wild” but they could not finish the jobs and quotes and other support items that this guy had started. They had to email all of the customers they knew he was working with and explain the situation. Then they had to sit with a special kind of anxiety knowing that when a customer would call it could be to complain about “why haven’t I heard from ____” or “why didn’t you guys get me taken care of here” and the worst one “Our crew is here, where are the materials and your crew?” That last one caused some real damage to the tune of $20,000 or more. Eventually things calmed down and after the dust settled it became a lesson well learned and from that point on, no more employee personal email addresses for business stuff. All email is now backed up from each computer, but also each email is automatically duplicated and sent to a central account where the owner can look any time. This came in handy later when they needed to sue someone else for payment on a job. As a trivial side note the guy went to a competitor, but only lasted 2 weeks just enough time for him to enter all the customer data in their system, they let him go for fear he would do the same… My customer estimates he only lost about 5% of business from that débâcle.

The solution is Simple

Now I will not go into all of the possible scenarios and details of how you can protect yourself in this post because it would just be a long (tldr) post. However, I will tell you I heard some great advice that has me thinking about this a lot more. A question was asked of a busi0ness mentor: “How do I find employees I can Trust?” I thought I was going to hear something long and drawn out about how to evaluate someone, and how it is important to “get to know” someone so you don’t end up with that rouge employee, but what I heard was so simple it was shocking and it drew things into perspective.

You can’t find employees you can trust, that’s why you have to build systems

It may not be so obvious to everyone, or you may be saying “I knew that, and have for a long time,” but I was floored by the simplicity and obvious correctness of what was being said. Every instance that I have been called to clear up one of these incidents or to investigate the extent of the damages, no systems were in place.

It’s like before you are a cretin size it doesn’t happen. So you don’t think about it and how to mitigate the risk.

Honestly it doesn’t have that much to do with size, it’s a combination of luck, and other factors. If you don’t have a system in place but you already have 200 employees, you got lucky! But trust me I have been out to those places and it gets very expensive to say, “we have 300 computers, 70 laptops, and 8 servers”, “now figure out how much to clean up the malware and stop our ex-employees from accessing their machines”… Now we are already talking about 10’s of thousands of dollars. Where if they took the time at 50 employees or sooner they wouldn’t have an issue or would have a much better way to deal with anything already in place.

Taking a Different Approach

Start thinking about how to stop the problem before it starts or to minimize the damage and risk. This is in fact where I exit and get to work on this very thing! As I figure it out I will post what I have and we both hopefully can grow from there.

By: Spencer Heckathorn


Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 20

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 21

Warning: Trying to access array offset on value of type bool in /srv/users/ftpihreplacerftp/apps/ihreplacer/public/wp-content/themes/acabado/inc/content-post.php on line 22

First Sign You are on a Bad Site – Clickbait

Written by Spencer Heckathorn in Advertising,Security,Threat

It’s the new thing for cyber bad guys and it’s really not that new. However, clickbait has taken on a whole new life in the age of digital friendships and sharing of content. If you need an authoritative definition you can check out Wikipedia – clickbait.

The biggest thing you can see is when you are on your phone and you click a link but when you get to the page instead of seeing the content you had hoped for, you instead see a screen full of ads. Unethical bad guys use machine learning to optimize titles or find the just right picture to get you to click on the content, from there they can automatically share the content on your Facebook or twitter account. They also hope that you will hit that share button if you like what they have, you have been caught by clickbait.

Even I get caught all the time by clickbait, I will be on Facebook and something interesting looking will popup, I click it and then I am looking for the close button cause I can’t click it fast enough.

The other annoying part is that many normal sites move to a model of posting the same kinds of ads in mass thinking that we will just deal with it.

I make a device that can block ads on your home network for all your devices, however, it won’t come out until later this year and it will only work while you are at home or work where you install the device.

I think everyone hates these types of ads, and content in general. That is why I say the first sign you are on a bad site is tons of ads that block the page or make impossible to see the content that brought you to the site in the first place.

Another trend we see that only seems to be growing is the infection of many computers via advertising. We see this over and over. Even this morning before I knew I would write about this topic I was click on news stories to see what is going on in the world of cyber, and I was served a suspicious ad, my computer was able to block the payload, but most computers are not set up like mine. Just remember as part of our yearly service we block all ads on your computer or laptop.

Quick News Recap 11-20-2015

Written by Spencer Heckathorn in Blog

China still hacking into Business Computers – China Didn’t Stop which is a great reason to get our service for your business. ISIS should watch out for Anonn. Today I saw this story about criminals hacking is more like “paint by numbers” these days.

Now it seems Georgia is giving away user info through some error or flaw against their voters, they blame clerical error, but a lawsuit is now in the works. This may be an interesting story by Trend Micro about data breaches and the damage they cause.

Something cool about a new tech that promises to remove that annoying snow and dust from your videos. Also, some more new tech that claims it will make winter roads safer.

Thank you for taking a look, in our own quick recap we have our store working. Thanks to woocommerce for making something that works so darn easily, Please check it out and order our PC Cleanup Service and/or a Year of Service. Get the 2 together for an Easter Egg style discount.