December 30, 2016

Blog

Information Technology (IT) is a major support function for any business. All too often business will overlook a strong secure IT component of their organization, mainly because of the cost to develop and maintain an

Equifax Testimony

Yesterday (10/3) was a busy news day. The tragedy in Las Vegas and the ongoing recovery efforts in Puerto Rico have overshadowed a very important event in its own right.

The mess that was the Equifax data breach has been explained from the perspective of the former CEO Richard Smith in the form of Congressional testimony. Many questions were asked of the embattled previous chief of one of the country’s largest credit reporting agencies. The biggest and most often asked question was, “How did this happen?”

Here’s the short answer:
Inadequate security and a complete lack of oversight.

There were three key factors involved. These factors are easily avoided with purposeful and a competent approach to infrastructure security.

1. Equifax’s patching procedures were completely insufficient.
A patch was issued to cover the breach. Simple scans would have found the hole and fixed the problem.
2. Equifax stored very sensitive information in plain text.
Plain text. This is not a misprint or misrepresentation. According to Smith, all of your data, my data, every working adult’s data was stored in plain text. If the data was encrypted, with proper encryption, it could take years to decipher the information.
Encryption is the key. If there’s information, sensitive information, any business does not want falling into the hands of thieves, then it must be encrypted.
3. Equifax security reviews were set for once a quarter.
Lack of oversight is unacceptable and inexcusable. This is our information and deems protection to best of Equifax’s ability. The best of Equifax’s ability was not enough.
The take away:
There were many lessons learned because of the breach, tough lessons that need illumination. Many steps should’ve been taken to protect your data; simple, inexpensive steps.
• Security patches- Information stored on secured servers are not necessarily secured. Constant updates are available from vendors and experts. It is imperative to stay on top of these.
• Encryption is crucial- Sensitive information needs critical attention and heavy security. It doesn’t matter how many layers upon layers of security in your infrastructure. If that fails, the data needs to be unreadable by anyone accessing it through nefarious means.
• Competent Technology Staff- Having the right people in the right places is paramount. Equifax’s staff did not apply a patch in a timely manner and the breach happened and wasn’t discovered for months. Timely scans were not happening, data was not encrypted, breaches went unnoticed (for months). Make sure your staff or outsourced partner is securing your infrastructure.
Keep these steps in mind when securing your infrastructure. The hackers are everywhere and businesses big and small are targets. Information is bought and sold in many places, open or closed. The right technology partner will keep your data safe.

Major storms have a devastating effect on your business. Not only is your business closed during and after the storm the damage done can cause further delays. If your business’s location is severely damaged or

Hospitals, major companies and government offices have been hit by a massive wave of cyberattacks across the globe that seizes controls of computers until victims pay ransom. Cybersecurity firm Avast has identified more than 75,000

Much has been made about encryption lately. And on some level, you probably have a vague idea about what it means. Maybe. 

You might recall, for instance, that the FBI and Apple have tangled over it. (Apple won.) Most large companies such as Google and Facebook support Apple's position. And that encryption stuff keeps your "stuff" safe from unwanted eyes.

The problem is that the idea of privacy is just that these days - an idea.  

"The way technology is woven into our daily lives, you can't do without it." Amy Danker, an employee at Epic Wines and Spirits, told the Oakland Tribune in a recent interview. " So what's your other option? Ae you gonna go back to a pager? I just assume that all my private information is already available through my IP address. You don't even think privacy exists, because it doesn't anymore,right?"

Natalie Plotnikova agrees, saying the arm of the law is getting too long. " I don't really like it," Plotnikova told the Oakland Tribune as she waited to be cleared through the Federal Building in San Jose. "I don't want the government to be able to use my phone to see my information." 

This, say experts, is why encryption is necessary and important- especially in our current 24/7-connected environment where everything is necessary when everything is done on a smartphone. By having your information scrambled so that only the person  you are sending it to can see it, your privacy is maintained and your information remains secure. 

To that point, technology from VirnetX- a company that created an app called Gabriel,  which uses encryption technology derived from a CIA national security program- may be the answer. 

The Gabriel app available at the Apple App store and the Google Play store, was designed and built with personal privacy and security as a foundational principle.

For only $10-$15 per year, users can take advantage of the Gabriel app and benefit from uncompromising encryption security when talk, video chat, text, email or share photographs or documents. 

No one will be able to see, hear, or intercept your communications except for the party you're in contact with because Gabriel does not transmit or store data with any third party. It's person-to-person encryption that all but eliminates hacking possibilities. 

Other benefits include:

  • Making free voice or video calls or sending instant messages to other Gabriel members.
  • Receiving spamless email.
  • Sharing pictures or files that can't be intercepted.

For more information, or to download Gabriel, please visit www.gabrielsecure.com. 

 

"The problem is that the ideal of privacy is just that these days- an idea"