Cryptowall Alert

Ransomware, in this case “Cryptowall”, is a type of malware which restricts access to the computer system (your files) that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
Please take a moment of your time to read this attached document.  It contains valuable information about the evolution of this particular ransomware. Most importantly, learn what you can do and what you should look for to protect your files and your business from becoming another victim. <READ MORE>
Questions? Call 407-678-8300

 

4 Top Online Security Concerns for Small Businesses

From: Intuit QuickBooks, by Brian Penny on September 16, 2014

Cloud security is in the hotseat following a massive leak of celebrity photos that were stored on Apple’s iCloud service. Apple initially issued a statement that its servers are secure, but conceded that several prominent celebrities had their accounts compromised.

Your business may not be as well-known as Jennifer Lawrence, but this doesn’t mean your data is safe in the cloud. In fact, with the financial nature of your business data, you could be even more at risk. If your business has an online presence, you need to proactively defend yourself against these common digital attacks. <READ MORE>

Home Depot reveals details of data breach

By Chris DiMarco September 22, 2014 – Inside Counsel Magazine

The incident underscores the risk of cybercrime not only for customers but for executives.

Rumblings of a breach of Home Depot’s information systems began in early September; however, the company was slow to reveal the extent to which customers were affected. After an initial warning from banks and a report from cybersecurity newshound Brian Krebs on Sept 2, confirmation of the incident was not released until almost a week later on Sept 8. Details of the breach were not made available by the company until Sept 18, when it announced that the cyberattack put payment card information at risk for approximately 56 million unique cards and that the malware linked to the attack was believed to be present between April and September 2014. Every store in North America is believed to have been involved.

With so many people involved, it can be easy to fault the home improvement giant with the glacial speed at which it gave out information. But Home Depot says that the investigation uncovering those details began on the same day as bank issued warnings and that the infection has now been contained.

The malware in question is believed to be similar to that used in the Target breach, which affected over 40 million customers in late 2013. The malware affects point-of-sale kiosks and checkout lines, and in the Home Depot case, may have specifically targeted self-checkout lines.

In response to the issue, Frank Blake, chairman and CEO of Home Depot has said, “We apologize to our customers for the inconvenience and anxiety this has caused, and want to reassure them that they will not be liable for fraudulent charges. From the time this investigation began, our guiding principle has been to put our customers first, and we will continue to do so.”

_______________________________________________________________________________

Related Stories:

Boards need to oversee cybersecurity risk says SEC official

Data security gets more attention following Target breach

Target’s cybersecurity event may have been preventable

_______________________________________________________________________________

Given the increasing frequency of massive data breaches like this, though, customer anxiety is no longer easily assuaged by increased security standards, free credit monitoring software and a promise to do better. That in turn manifests as anxiety for the C-suite. Following the Target incident, multiple high-level executives were terminated or stepped down for lack of proactivity in shoring up Target’s cyber defenses. While there has been no word yet on similar moves at Home Depot, it’s an inevitability that someone will need to pay the piper.

Even more worrisome for both customers and executives is a New York Times report out today that cites multiple former and current Home Depot employees who witnessed negligent customer data handling throughout its stores. According to that article, “several people who have worked in Home Depot’s security group in recent years said managers failed to take such threats as seriously as they should have. They said managers relied on outdated Symantec antivirus software from 2007 and did not continuously monitor the network for unusual behavior, such as a strange server talking to its checkout registers.”

While experts have warned that cybersecurity should be a priority for corporations, the events of the last two years have proven that even considerable investment can be foiled by innovative hackers. And as the causality role call begins to look more like the average American’s weekend errand list, you can expect it to continue to be a topic of conversation,

Facebook Working on Private Sharing App, Report Says

From: Mashable – Tech – by Adario Strange, September 17, 2014

Facebook is reportedly working on a new app designed to encourage private content sharing — by making the process even more personal.

Citing multiple sources, a report on Techcrunch claims that the current code name for the app is “Moments” and will give users a grid-style interface from which to share private moments with friends and family.

The reasoning behind the app, allegedly, is to assist Facebook users who want to share intimate content with close contacts, but have been put off by the site’s increasingly complicated privacy settings.

The report hedges on whether or not the app will ever actually be released, citing numerous past internal Facebook experiments that never became public-facing products.

But if true, the app would indicate that Facebook is continuing to work to win back the trust of some users who have been daunted by the site’s complicated and ever-shifting privacy settings and News Feed changes.

A Facebook spokesperson offered the company’s standard response: “we do not comment on rumors or speculation.”

Ditching Paper Signatures: Are All Electronic Alternatives Equal?

From: Law Technology Today, By Eliya Fishman August 28, 2014

More than 90% of the world’s digital data has been generated within the last two years. Everything around us is moving faster. Our on-demand, in-an-instant mindset has zero tolerance for bandwidth limitations and mobility constraints. And then, we suddenly find ourselves facing a stack of paper that should have been signed yesterday…

Paper might be dying, but the tried and true process of ‘printing to sign’ continues to linger. In fact, according to a recent ALM Media online reader survey on signature-dependent processes and the use of digital signatures, 49% of all documents are printed for the sole purpose of adding signatures. And with 47% of respondents signing documents at least four times per week, you can quickly figure out what that means in terms of wasted resources, precious time, and money. Speaking of time, the survey also revealed that processes involved with obtaining physical signatures were extended by 1.24 days on average, spelling potential disaster for time-sensitive transactions. <READ MORE>

 

Fake Cell Phone Towers Could be Intercepting Your Calls

From: The Hacker News: Thursday, September 04, 2014 Swati Khandelwal

A notable number of cell phone towers around the United States are rogue that, according to latest report, could spoof legitimate towers and intercept calls. The research carried out by ESD America, a defense and law enforcement technology firm based in Las Vegas, shows that a rogue cell phone towers, also known as “interceptors”, may process the call.

ESD America, the company that makes the super-secure CryptoPhone, makes one of the oldest and most expensive high-security cell phones in the market. It provides equipment and training to more than 40 countries with a goal to provide technical security assistance to government and corporate clients across Asia.<READ MORE>

3 Steps to Producing Powerful Passwords

From: Law Technology Today – Posted by: Craig Huggart  September 4, 2014

What do you do when that dreaded moment comes when you have to come up with another password? Maybe they are out there but I don’t know anyone who thinks coming up with passwords and remembering them is fun.

On the one hand, if you use a password that is easy to remember it will likely be easy to hack (and probably won’t meet the password requirements). On the other hand, if you use a complicated password it will be difficult to remember. Let’s take a look at how you can easily balance these two tensions by using a proven 3 step method.

What are the goals?

To create reasonably secure passwords. First off, it is impractical to memorize unique passwords for all the places you need them. That why I recommend using a password manager. Instead, the goal is to create secure passwords for your “master password” and for those places you can’t use a password manager. I am not a security expert but I trust Steve Gibson. His general recommendations are: <READ MORE>

One of the best password managers for your PC, devices, and the cloud

FromPC World – Security – by Lincoln Spector, Posted August 25, 2014

Everyone who uses the Internet absolutely must have a password manager. Without one, you’ll forget some of your passwords. Or you’ll use the same password for different sites, which allows a thief who’s hacked one password to know them all. Or you’ll use simple passwords that are easy to remember but also easy to hack.

A password manager program stores your passwords and other login information in an encrypted database. If you need to log into a website or a secure application, you open the password manager, type the password to your password manager (which is the only password you’ll ever have to memorize), and get the information that you need.

But which password manager should you use? <READ MORE>

Top 10 New Technologies That Will Change Small Business

From: Intuit QuickBooks, by Nicklas Prieto on June 26, 2014

The digital age has brought with it innumerable innovations that continue to change the way the world does business. Buzzwords abound on the internet, bringing to light terms that often fade into obscurity as quickly as they rise to prominence. But some innovations occasionally stick, and the 10 new technologies discussed in this list are definitely here to stay, at least until new tech comes out that makes them obsolete.

Until then, follow along to learn how these new innovations can help change the way you conduct business. <SEE TOP 10>

HIE goes live with eHealth Exchange

From Healthcare IT News, Erin McCann, Associate Editor, July 28, 2014

A new state health information exchange has officially signed on with the eHealth Exchange, bringing an additional 16 million patient records into the national HIE pool.

Georgia Health Information Network announced this past week that it was joining the already 70 participants live with the eHealth Exchange, formerly the Nationwide Health Information Network, a non-profit public-private initiative created by the Office of the National Coordinator for Health IT to spur healthcare quality and efficiency by establishing a platform for exchanging health data across borders. The participants, which include more than 1,000 hospitals and 6,000 medical groups and 60 million patients, exchange millions of transactions each year.

[See also: Nation's eHealth Exchange stands up.]

Officials say the new partnership will allow the some 16 million patient records in the Georgia network to be readily exchanged across the continuum of care, ultimately leading to improved care, a decline in readmissions, reductions in duplicate testing, prescription compliance and continuity of care.

“With GaHIN’s national connectivity comes Georgia’s ability to share medical information immediately and securely with neighboring states, and eventually more states across the U.S.,” said Denise Hines, executive director of GaHIN, in a July 24 press statement. “This expanded connectivity allows for the delivery of the right health information to the right place at the right time – no matter where the patient is receiving care – across a robust national network.”

Currently, GaHIN, established in 2009, has connected members consisting of regional HIEs, hospital systems, physician groups and individual practitioners that currently reach counties across the state.

[See also: HIE network sees record participation.]

Officials note that GaHIN members have access to all existing and future services, including lab routing; admission, discharge and transfer alerts; referral requests; and secure messaging.