Tag Archives: data breach

If we have learned anything over the last few years about data breaches, it is that they are likely to happen.  However, data breach frequency can be reduced and its impact minimized with some key strategies. Both response and prevention efforts are greatly impacted by organizational culture.  Organizational culture is formed over years as certain values and behaviors are reinforced or discouraged through a series of successes and failures.  Security is seen as important and vital to organizational success in positive security cultures while it is ignored or even discouraged…

Continue reading

Some breaches require notification such as those involving patient data or customer information, but sharing is optional. Of course, notification is just one form of information sharing. For example, February’s executive order encourages private sector companies to share information on cybersecurity threats. There are advantages and disadvantages of sharing information with others, and here to talk about it are two information security influencers and Eric Vanderburg and Bev Robb. Vanderburg will be arguing for information sharing and Robb will discuss potential sharing woes that may arise from government and private-sector…

Continue reading

The largest internet security breach in history has just been discovered. Hold Security, a small cybersecurity firm, first reported the details of the incident around August 5th, 2014. A group of Russian hackers of approximately ten men is suspected of the crime. What was Stolen and from Where? The thieves stole roughly 1.2 billion login user IDs and passwords from over 420,000 different websites as well as 500 million email addresses. The Target data breach of 70 million addresses dwarfs in comparison to this incident. At this time, the names…

Continue reading

Security breaches and identity theft are becoming an increasing concern for consumers as hackers continue to target large retailers. Target, Sally Beauty Supply, Neiman Marcus, Home Depot, Michaels, Dairy Queen and Kmart are among retailers recently hacked. These incidents have resulted in stolen personal information such as phone numbers, addresses, emails, and credit card information. As a result of these breaches, affected consumers are more likely to fall victim to identify theft. The following is a summary of retailers who recently suffered a data breach. Reports suspect hackers were able to infiltrate…

Continue reading

Twas the night before the breach, when all through the place Not an alarm was ringing, nor even a trace That data was being pilfered, with the greatest of care In hopes that its access would none make aware The employees were off early, out for the day Some to go shopping and others to play Leaving the office empty, ‘cept for one man Filling a thumb drive as fast as he can The passwords he had, some from Susan, others Paul One under the keyboard, another on the wall…

Continue reading

Security remains a complex discipline.  This ever-changing challenge grows in complexity daily as new threats emerge and compliance requirements increase.  Several regulations including HIPAA require organizations to have a person whose role is to ensure compliance within the organization.  This is why organizations need a designated person with primary responsibility for security and compliance.  This person is the Chief Security Officer (CSO). The Role of a Chief Security Officer A Chief Security Officer or CSO is first and foremost a business leader in the organization.  He or she sets the…

Continue reading

The Florida Department of Juvenile Justice (DJJ) had a mobile device containing 100,000 youth and employee records stolen on January 2, 2013.  The device was unencrypted and not password protected despite a policy by the DJJ requiring both encryption and password protection on mobile devices. This latest breach further demonstrates the importance of encrypting mobile devices but more importantly, it shows that a policy alone is not enough.  Organizations and government agencies need to make sure that employees are aware and adhere to their policies.  Without this, such policies are…

Continue reading

Salem State University in Massachusetts issued a data breach warning to faculty and students on March 11.  The warning informed them that information for over 25,000 persons including social security numbers had been breached.  The breach was caused when malware, identified as Vobfus, infected the university’s human resources database. Malware is often seen as a nuisance or a productivity inhibitor but an infected computer can pose a much great risk to organizations and it should not be overlooked.  Malware gets behind the organization’s perimeter and it can act with the…

Continue reading

On March 8, 2013, a contractor working for North Carolina’s Department of Health and Human Services (HHS) billing department stored unencrypted data of 50,000 Medicaid providers on a thumb drive that was to be transferred between facilities.  However, the drive was lost along with the data it contained which includes names, social security numbers, dates of birth and addresses of the 50,000 providers. In last week’s article titled, data breach threats of 2013, we cited breaches by third parties as one of the top three highest rated threats in the…

Continue reading

A recent study by Deloitte, titled Blurring the lines: 2013 TMT global security study, shows that 59% of Technology, Media, and Telecommunications (TMT) companies suffered a data breach.  88% of these companies do not believe that they are vulnerable to an external cyber threat such as hacking.  Rather, the three highest threats were: Employee errors and omissions Denial of service (DoS) attacks Security breaches by third parties Employee errors and omissions Awareness is a critical factor here, and Deloitte lists it as one of the top three security initiatives of…

Continue reading