Securing Data Collection for Associations

While much of the data security conversation falls into for-profit industries, more discussions should include non-profits and associations as well. The number of associations has nearly doubled in the last few decades, and in an era of “big data” and constant data collection it’s imperative to have the proper measures in place lest your organization falls victim to potential threats.

What types of data does your association collect? Perhaps the most critical is the data and information of an association’s members. This data may include such things as name, phone numbers, or addresses. Many association members pay dues or make consistent donations from a bank account or credit card. These days many associations store this information to be called later which allows them to automatically charge dues to members or keep track of donations/income. Some associations may even require a Social Security number or other private identification. This is the type of data that can be really vulnerable and valuable to a digital intruder.

Consider if your association had a data breach and your member’s credit card numbers, bank account information, and social security numbers were stolen. Your organization would suffer reputational damage, members would leave, and the cost to remedy the breach would be very expensive. What could you have done to prevent such a thing? How do you reassure members  that their valuable and sensitive data remains secure?

  • Evaluate the current state of your data’s security: Known as a security or risk assessment, it outlines the measures you currently take to protect your data, and the possible risks that are out there.
  • Understand your disaster recovery methods: Malicious software or even a heavy weather event could be a threat – completing consistent backups and having a disaster recovery plan is just as imperative as securing your data.
  • Business continuity: Determine who will be responsible for data backup and/or recovery, outline the steps to take and what other members of your team will be notified or involved.

Overall, data security and disaster recovery methods are extremely imperative to running a successful association and maintaining trust with your members and others in the community. If your association is unsure of how to move forward, consult with cyber security experts such as Neovera who can help with risk assessments and business continuity plans.

Sony Implements Two Factor Authentication

According to TechCrunch, Sony announced recently that two factor authentication will be available on its PlayStation network (though, to be clear, a timeline has not been released), creating a greater security presence for users around the world.

The corporation was most recently in the news for a security breach at Sony Pictures Entertainment back in 2014. Hackers released an embarrassing – in more ways than one – amount of email correspondence and other sensitive information to the chagrin of those employed at the company. And in 2011, a major breach occurred in Sony’s PlayStation network wherein the personal details of millions of users were stolen. While Sony defended themselves by saying sensitive payment and contact information was not used maliciously, the backlash was swift and continuous. It should be noted that the attack came to fruition through a lack of timely software and security updates on Sony’s part.

Plenty of other companies in the gaming world, Microsoft’s Xbox for one, added two factor authentication years ago; from financial institutions and beyond, it’s become second nature to have a code texted to your phone or answer a series of additional security questions. For those browsing the web who want that additional peace of mind, a website called twofactorauth.org actually cataloged whether sites employ two factor authentication.

Beyond the obvious reactions to news like this – a confused, “They didn’t have it already?” is up there – it begs the bigger question: how long before all websites employ two factor authentication, and in what form? Even further down the road, when will this added security become obsolete? In the short term, simple steps can be taken – if your company deals with sensitive data input, consider two factor authentication within your cyber security plan. Not only will it give your customers peace of mind, but your brand will be safe as well.

What Is Your ISP Doing With Your Data?

In today’s digital world, “data” has quickly become a top buzz word. Many don’t realize that your ISP (Internet Service Provider) is a data aggregator, collecting troves of data about each user online. ISPs and other companies collect enormous amounts of data, leading to the now-familiar term “Big Data”. Furthermore, said ISPs have been buying data analytics companies so they can analyze and use all the data they are collecting. But what’s the significance of “Big Data” and data collection? More importantly, do the pros outweigh the cons?

ISPs collect data on pretty much everything you do online. It’s gotten to the point that, if your ISP is also your television provider, they can match and combine your online and television data for marketing and advertising purposes. They know what websites you visit, what articles you read, where you shop, what apps you use, and what you watch on television. All of this information is like gold to marketers, giving them the ability to offer products to you with pinpoint accuracy all the while knowing your likelihood of purchasing the product is that much greater.

Now, for the user and company alike there are pros and cons to big data. On one hand users are well aware that they are consistently targeted by advertisements, so seeing products that are generally of interest to the consumer can be seen as a refreshing reprieve. However, there is a dark side to this as well. Cyber security is extremely important, especially when it comes to storing large amounts of data. In fact, for an ISP collecting all of this data, securing said data should be their highest priority and top concern. However, data breaches happen all the time to companies big and small. This means all of the data that has been collected about us can be stolen by someone who may wish to use it in not so appealing ways. They may also try to go after more critical information like credit card or bank information.

In the end, our personal data is everywhere, and protecting it should be a top priority. Individuals and companies alike using the Internet have hundreds of data points about them that are eventually used for marketing and other purposes. While this data collection can be harmless, the third parties such as ISPs that are collecting all this data are only one side of the cyber security spectrum when it comes to fully embracing the cyber security of a user or company at large.

Multifactor Authentication: The Time Is Now

It may not be breaking news, but this is a major announcement that companies need to embrace: passwords are out; multifactor authentication is in. In it’s simplest form, an ATM transaction is an example of multifactor authentication usage – you need to not only produce your debit card for the machine, but also input your pin to finish the transaction. After reports that a Russian crime ring stole over 1.2 billion passwords, individual users and companies nationwide need to take note that this is a serious issue and will only grow bigger as hacker syndicates become more robust in their attack methods.

At the most recent RSA Conference, a survey found that over 77% of IT professionals believed passwords are failing as an IT protection method; ironically enough, over 1 in 10 IT professionals said they don’t change their default passwords! In the past, multifactor authentication was reserved for the data deemed most sensitive or vulnerable. Now, it is used quite often but still caters to easy user accessibility. Forget your password? No problem, just type in your email or phone number and a link will direct you to the reset page. Users are able to quickly log into their accounts, reset their password, and be on their merry way.

But what happens if a hacker gets into a user’s email or phone? That multifactor authentication protection that many retailers, banks and other protected firms rely so heavily on just went out the window. However, the industry is in the throes of a new era – iPhones now use fingerprint technology to unlock themselves, and many companies have begun using everything from handprint to retina scans to gain access to a building, data, and other guarded areas. Either way, this new slew of protection against hackers and cyber attacks is coming fast.

Don’t worry, though, there is some kind of silver lining to all this extra work – with the multifactor authentication market expected to reach a valuation of $9.6 billion by 2020, now is the time for companies to act and get ahead of the curve. Learn about your organization’s current cyber security setup – is multifactor authentication in place? What steps can be taken to assess and monitor the firm’s network and data? The more you are equipped with the knowledge needed to protect your company’s assets, the better – and more secure – you will be in the long run.

Data Security, Technology and the Government

The battle continues for Apple and the FBI – while both parties are focusing on one particular case (whether to unlock the phone used in last year’s horrific San Bernadino shooting), the question posed about data security speaks to a greater question. Specifically, when it comes to particular cases such as the one being brought before the court currently, are the firms that hold the key to this kind of software beholden to the government despite a number of oft-referenced security issues that may present themselves? And if that answer becomes a “yes”, at what point are technology firms able to put their foot down and protect consumer data security from the demanding parties in question?

Meanwhile, Senators Mark Warner and Michael McCaul proposed a national commission to explore security and technology challenges in the digital age. This may just seem like another song and dance on the government’s end – I mean, how many commissions have been enacted thus far, really – but it shows that at least one group that is capable of changing the laws to roll with the constant technological innovation is paying attention. However, how this group interprets the current struggle and what they intend to do about it gives pause for concern. With the case at hand, Apple’s contention is that by creating this “back door” to their security software, no other piece of technology in their arsenal is safe. The FBI has gone as far as guaranteeing the phone in question would be unlocked by the custom-made software in a completely clean room so the technology would not escape; but how can that be completely and totally guaranteed? The FBI is saying “trust us”, and Apple is firing back with “trust no one”.

Let’s assume the court sides with the FBI and order Apple to unlock the San Bernadino attacker’s phone – then what? Despite parties insisting that this one case would not set a precedent, others believe that it absolutely will. Apple’s senior vice president of Internet Technology and Services, Eddy Cue, even went as far as declaring a future surveillance state should the court rule against the company. No one can see into the future, but Cue is probably referring to the over 200 cases currently pending in New York City alone where access has been requested to locked devices; basically, if the door is opened just a crack it can easily swing wide open.

There currently isn’t an immediate solution to this problem, nor are there many answers to begin with. As government cases tend to drag on for months, it will be an on-going and ever-changing discussion about data security and how far state-wide and national governing bodies can push before private entities have to give way. In the meantime, your security is only as secure as your weakest link. Updating and monitoring cyber security needs on personal and professional levels will keep your data that much more secure and safe in the days to come.

Online Banking: How Safe Are Your Hard-Earned Dollars?

Online banking, or simply transferring money from one online entity to another – whether through an application or website, on your mobile device or desktop computer – has become the norm. Don’t have time to go to the bank to deposit a paper check? Not a problem! Most online banking apps allow you to deposit them digitally by taking a photo. As banking becomes digital, cyber security concerns eventually come to the forefront of the discussion.

TechCrunch posted an article about a new disruptor in the online banking world – Checkbook is the creation of PJ Gupta, the former chief architect behind Visa’s network, and allows users to send a certain number of digital checks for free via email. Those that benefit the most are companies – individuals just have to deal with paying for postage and envelopes when sending a check via snail mail. Businesses deal with this overhead cost plus the amount it takes to issue the check through their brick and mortar bank (the price range is anywhere from $7 – $16). And with over 19 Billion checks sent in 2013 alone, that’s a lot of paper, time and money being spent. Checkbook cuts out the miscellaneous costs and allows businesses to send their digital checks directly to the inbox of their choosing. But what happens if it gets caught in the Spam folder? Will they get their money back if it is somehow intercepted by those with malicious intent? Sure, Checkbook may just be a startup but it’s also a startup that is asking users to trust them with their company’s money, or individual funds.

Unfortunately, hackers can get into websites and steal money and data connected to funds, with the IRS being a prime example. While it is wishful thinking that the IRS wouldn’t be the topic of conversation again this time of year, it’s sad to say that not much has changed. Reported on Twitter and by various other sources, the IRS announced that hackers were able to infiltrate their systems once again this January. The target? E-file personal identification numbers which are sometimes used to submit tax returns electronically by individuals. Over 464,000 SSNs were utilized to gain approximately 101,000 E-file PIN numbers; granted those SSNs were stolen in a previous sting but who’s counting. While this attack didn’t allow hackers to steal money directly from users, it did something much worse in giving away the very information that is needed to function in this 21st century society.

Both of these organizations have one thing in common – you can protect your identity and funds on top of the protection they afford to you as a user.

  • Assess the cyber security of all your devices – what firewalls do you have in place? Is a VPN available to use while you’re on the Internet?
  • Set account notifications for any online banking so you are alerted to any distinguishing or unusual activity.
  • Be wary of notifications and messages that look even slightly suspicious; check the return address or contact the provider in question to confirm their identity.

At the end of the day attacks will happen, but with hot, new applications coming up every day that promise to make a business’s life easier, or the now almost yearly threat of an attack on your IRS return, it’s good to make sure that your information is guarded as much as possible in order to protect your funds.

Free WiFi Is Totally Awesome – Until It Isn’t

Free WiFi sounds great considering you have to pay an arm and a leg to access it in your own home (or at least buy a cup of coffee if you’re out). However, with the potential of this newfound accessibility comes a series of fairly important questions that people should consider before logging on. How safe is their browsing term going to be? Will you be more vulnerable to hackers? Who takes the blame if your data is stolen over this free WiFi? And how does this affect other companies in the wireless world?

An initiative in New York to provide free WiFi via repurposed pay phone booths is aptly named LinkNYC and helmed by CityBridge, a joint venture between smartphone chip maker Qualcomm Inc., networking company CIVIQ Smartscapes and Intersection (backed by Alphabet Inc., Google’s parent company). Users won’t have to sit through advertisements of any kind – the advertisements will run on the repurposed pay phone structures themselves, and once logged in surfing the Internet commences uninterrupted. Obviously this creates a great alternative to burning through data on your cellular plan while outside of a reliable wireless signal – it creates a lot of additional competition in a market that, until recently, was dominated by the Time Warners and Comcasts of the Internet provider world.

Competition aside, what does this mean for the average user checking emails at a corner WiFi hotspot on their way to meet friends ? How much more of your personal information is accessed by the companies who have provided this free wireless service across one of the largest metropolitan populations in the world? Funnily enough, IT security company Avast decided to measure how trusting the attendees at Mobile World Congress in Barcelona would be if rogue WiFi hotspots were available at no cost. The answer? Even people who work in mobile and IT industries are extremely trusting when it comes to logging into free wireless networks. That trusting nature could have been to a fault had Avast not been behind the free wireless – there were 2,000 connections that logged over 8 Million data pockets from which Avast skimmed information at random. The kicker? Avast reported having the ability to identify over half the users but chose not to; hackers wouldn’t be as kind.

What does this mean for the future of wireless? Overall it’s a great step forward and brings the Internet to a larger group of people whose access may have been stilted until now. On the security side, sales of mobile VPN devices could become the norm as the world becomes more and more mobile (considering one writer’s recent hacking experience while using Gogo Wireless during a flight, learning proper wireless safety practices is something to consider!). They guard the user’s information from prying eyes and allow them to surf the Internet anonymously. Even with a mobile VPN device, users should still educate themselves on choosing wireless networks wisely.

Cyber attacks are becoming the norm and users need to keep themselves up-to-date on the latest findings in the IT security world and beyond, regardless of whether they’re using the Internet for business or personal reasons. Hackers will still continue to try and find ways to syphon data from unsuspecting people – staying one step ahead of the attacks is key in order to protect your assets and livelihood.

 

Data: The Good, The Bad, and The Ugly

It’s become apparent that many companies collect data in hopes that it’ll be helpful in the long term. Short term, however, no one really knows what to do with it, how it can be used, or ways that it can be leveraged to move a company forward. Those that are able to leverage the data collected have made great strides in better understanding their consumer base. On the flip side, what happens when the data collected gets into the wrong hands? These avenues lead to very different outcomes, and both public and private organizations are just beginning to wrap their heads around the Internet of Things (IoT); specifically, the connected devices that create it, the constant exchange of data that happens within the IoT and its implications.

It’s estimated that, by the year 2020, over 20 billion things will be connected to the IoT – that’s a lot of innovation potential, as well as information collection possibilities. Currently strides are already being made to connect more and more devices to the IoT under the guise of making everyone’s lives infinitely easier. For example, the Consumer Electronics Show in Las Vegas previewed a number of simple household appliances that are now Internet-capable. The immediate pros are obvious: making it easier to see what’s in your fridge lest you don’t want to open the door to find out, or even ordering laundry detergent with the simple click of a button located on your washer/dryer. However, it could also mean that they are using this same data to do the following – place ads on your refrigerator or any other display screen you may have active in your home, and inundating what was otherwise a personal, home life with living advertisements. When does the constant interconnectedness and need to collect data become an invasive and hurtful part of life?

A loss of data during a cyber attack doesn’t necessarily mean that it’s just erased from existence – normally, if it’s remotely valuable, it could end up on one of the many markets that pop up on the Dark Web. Sounds scary, but some startups are beginning to do the dirty work for companies and organizations that need to know what information of theirs is in the darkest corners of the IoT. Matchlight is one of those startups – when data is stolen during a cyber attack and the like, Matchlight sends a web crawler throughout the Internet to index the websites where stolen data would normally be found. Searching the Dark Web, however, is a whole other ballgame; to paraphrase, they’re trying to uncover and organize what people don’t want found. Though the information cannot be recovered once it’s on the Dark Web, this service at least gives organizations a head’s up before the rest of the world reads about it in the morning paper.

Data collection can be a great way to streamline life’s little bumps and corners – however, too much of a good thing can sometimes be taken advantage of by the wrong people and do irreparable damage. In the short-term, obviously steps can be taken to protect the data companies and organizations collect about the people that use their services over the course of time. Long-term decisions are an entirely different story – there are some who urge for groups to practice “data minimization”, like FTC Chairwoman Ramirez. However, as mentioned previously, a lot of corporations and companies are biding their time and continuing to collect as much data as possible, even if they don’t know its use just yet. As the IoT continues to grow and mature, not only will data collection views change with it but so will the otherwise neutral attitudes of its everyday users.

Ransomware Attack Hits Los Angeles Hospital Hard

Ransomware, a newer type of cyber attack, is becoming increasingly popular. A virus that infects a computer or computer system and then locks all the files and programs, hackers using ransomware are typically the only ones with the “key”, or code, that can unlock the victim’s data. Unfortunately, that key normally comes with a steep price that can range from hundreds to thousands of dollars. While some are able to escape scott-free since their data is backed up in a separate area, many are not as fortunate, as the news has recently been flooded with a number of high-profile ransomware horror stories.

According to various reports, a Los Angeles hospital noticed inconsistencies in their network, which soon led to a system-wide shutdown due to a crippling ransomware virus. Since the problem was reported on February 5, doctors have been unable to access any stored medical data or even cross-check their facts, leaving them to deal with faxing information or communicating via telephone and face-to-face interaction. The hackers originally demanded $3.6M in Bitcoin and facility staffers are working with both local law enforcement and the FBI. While they have maintained that patient care has not been compromised, a number of patients have been transferred to nearby hospitals due to the inability to access treatment records, X-rays, CT scans and other data.

At least 4 out of 5 healthcare institutions have reported some type of cybersecurity breach in the last two years, according to a study by KPMG. While ransomware attacks are mostly random – generated through mass emailings that are easily interacted with through any employee at the institution – the money that is demanded increases significantly if the hackers realize they have landed a big name, so to speak. Individual attacks can see demands of a few hundred dollars; unfortunately, once the attackers realized the group they had in their hands, the asking price greatly increased.

Ransomware attacks don’t have to completely level an individual or company – simply becoming more aware of suspicious emails or webpages is a major step in the right direction. Above all, backing up your priority system data is imperative; if the hackers hold your data hostage but you have another copy in a separate, safe location, paying them any kind of money becomes moot since the data they hold is obsolete and of no further value. However, this is absolutely the case for a regular ransomware attack – if the hackers were also going after the information itself it would be far more egregious.

Update: With the hospital reportedly paying $17,000 to release the network from the ransomware attack, it is safe to say that ransomware attacks aren’t losing popularity with hackers, especially since they may be buoyed by this particular outcome. Until the potential victims and organizations educate themselves on best practices for spotting questionable online activity, as well as creating a plan to protect and store their key data, ransomware attacks will continue to be a major weapon in a hacker’s arsenal.

Artificial Intelligence and the Cloud Are Changing Lives

Imagine you’re scrolling through pages on Amazon looking for the next great book or just ordering some more paper towels. You see that recommendation Amazon just gave you, one that’s right up your alley? That’s artificial intelligence at its finest – ever-present though many don’t realize how much it is engrained in everyday life. In this instance, AI is learning your shopping tendencies and using them to show you other products you are likely to be interested in; just one example of how it works in the consumer arena.

When it comes to businesses, artificial intelligence takes menial tasks off your plate.

For instance, there is x.ai, an artificially intelligent personal assistant who schedules meetings for you. By connecting your calendar with “Amy”, the name of your magical computer-created being, you now allow her to do your grunt work. When you receive a meeting request, you CC Amy on the email, who then takes over and schedules the meeting for you by finding an open time in your schedule. She will continue the process by emailing with your colleagues until the meeting is officially scheduled, at which point she’ll send the invite for you; your colleagues won’t even know she’s just a machine doing all the work.

Artificial intelligence is also helping engineers use their time more efficiently saving their companies millions of dollars.

GE uses artificial intelligence to build a digital “twin” of its jet engines, allowing engineers to see when a jet engine may need maintenance or inspection. Prior to this, engineers had to follow a schedule or decide on their own when to inspect an engine. This takes the engine out of use, and costs the company money and the engineer’s time, even if there ultimately isn’t anything wrong. Artificial intelligence allows these engineers to focus on the problems they actually need to solve.

These are just a few of the many examples of how artificial intelligence is changing the world. However, none of these developments would be a reality if it weren’t for the cloud.

Until the cloud came along, computing power was expensive. Constantly running an algorithm or having a machine continuously learn and organize data would be a significant cost, making it less feasible for a company to use it effectively without burning through the bankroll. Today, the cloud’s low cost computing power allows artificial intelligence to flourish.

Artificial intelligence continues to increase in sophistication, and organizations of all shapes and sizes have the opportunity to utilize the cloud to their own advantage. By working with a specialty firm that can be a guide through the process, companies and organizations can focus on their overall goals and not be sidelined by technology issues.