Data breaches are unfortunately becoming an inevitable part of life. In addition to the IT headaches, reputational risk and customer churn associated with a breach, the monetary costs are also a huge concern.
A data breach typically leads to fraud, which in turn can result in monetary losses from the victim. Furthermore, the FTC can fine a business up to $3,500 per data breach violation and the state may fine the business around $1,100 per record stolen. This means that if 10,000 customer records are stolen from a business, it will cost the most than $11 million.
Most organizations are willing to help compensate victims and help prevent further fraud with free credit monitoring. However, the obligation to compensate victims can severely dent a business’ budget and may result in closure.
It’s devastating to be notified that your information has been exposed at the fault of a university, health center or business. What is even more alarming is that there is not much you can do to prevent it as it is up to the organization to protect their data.
Have you had information stolen as a result of a breach? What were the costs to you or your business? What additional preventative measures should companies take to reduce the risk of breaches and the resulting cost? We are looking forward to your comments!
At the end of last year, we conducted a survey of more than 200 CIOs and CTOs in the U.S. The survey quantified the trends and challenges IT decision makers experience when implementing remote access solutions and revealed that remote access solutions are still gaining momentum, despite the associated security risks. Below you will find a beautiful infographic that summarizes the main findings of our survey.
The complete statistics and results of the HOB survey are now also available as a free ebook. “The State of Remote Access Security in the U.S.,” and many other ebooks can be downloaded from the HOB website.
Cybercriminals have been stealing debit card information from customers of dozens of financial institutions in a phishing campaign that combines fraudulent text messages with VoIP calls.
Voice phishing, or vishing, was discovered by researchers from cybercrime intelligence firm PhishLabs while investigating a recent attack against customers of a midsize bank. Bank customers received text messages claiming their debit cards had been deactivated and instructing them to call a phone number. An Interactive Voice Response system set up at the provided phone number asked callers to input their debit card and PIN numbers in order to reactivate their cards.
PhishLabs believes that a group of Eastern European cybercriminals launched the campaign of attacks around October 2013.
PhishLabs’ blog post announcing the hacker tactic recommends for consumers, including:
- Make sure a CVV1/CVC1 is encoded on cards and validated by payment processor
- Always call your bank using a phone number that is directly printed on the back of your card
A bank account hack can be a serious headache as it poses a threat to your identity and credit. Stay aware of vishing and protect your sensitive data!
While there has been much coverage online about the Heartbleed bug, it hasn’t been clear exactly which websites have been affected by the bug. Our friends at Mashable created a list of popular websites that may have been affected by the bug as well as feedback from representatives at those companies. See our abridged version of the list below.
Websites that highly suggest you change your password as soon as possible:
Websites that don’t find it necessary to change your password:
Many websites that suggest you change your password are unclear whether their site was affected or not, but still recommend that users create new and unique passwords. For example, a Facebook representative stated, "We added protections for Facebook’s implementation of OpenSSL before this issue was publicly disclosed. We haven’t detected any signs of suspicious account activity, but we encourage people to .set up a unique password."Because the Heartbleed bug is still an unraveling mystery, we believe the mantra “better safe than sorry” properly applies here. We suggest changing your passwords for every site you have an account with.
We’ll continue to update our blog with any new information about the bug!
After we have already been to trade shows in the USA, Germany and Australia during the past weeks, we are now going to present our connectivity solutions to the Spanish audience.
HOB will be an exhibitor at the @sLAN in Madrid, which will take place from April, 23 – 24, 2014.
In the fast-paced IT industry it is especially important to always be up to date. That’s why we at HOB try to be present at as many tradeshows as possible. Being on the @sLAN in Madrid allows us to inform ourselves about the newest trends and opinions of the international IT market, without having to rely on information from a third-party.
The Spanish IT congress will host numerous IT companies, which will be presenting their latest innovations and products. This year, HOB will also present itself to the Spanish market and try to convince the visitors of its superior remote access solutions. IT trends that will be the focus of this year’s tradeshow are Cloud Computing, IT Security, Mobility, Big Data and Virtualization.
The @sLAN will take place from April 23 until 24 at the exhibition area Ifema – Parque Ferial Juan Carlos I in Madrid. If you are planning to visit the trade show, you can find HOB at booth number 22. At our booth, we will be presenting exciting live demos of our software solutions and provide you with additional information. Also, we will be having great giveaways for you. A special highlight for HOB will be the presentation of International Account Manager José Antonio San Juan Sampron, who will be talking about “Going Mobile – New Trends in the Enterprise Mobility Market.” The presentation will be held April 23, at 10:20 am in Room N110 CANAL.
We are looking forward to welcoming you at our booth and hopefully having many interesting discussions with all of our visitors!
For all of you who can’t make it to Madrid to visit us personally: HOB provides several opportunities to stay up-to-date about the newest IT security trends. On our HOB Trendtalk Blog, as well as on Google+ and Facebook, you can find information on topics about Secure Remote Access, Mobile Working, Cloud Computing and IT Security. Videos about those topics can be watched on our YouTube channel. And for those who like it short and simple, follow us on Twitter.
The Heartbleed Bug has affected websites, e-mails, and banking institutions utilizing open SSL/TLS encryption. As the story continues to unfold, IT security experts provide their thoughts on the one of the most significant internet security crises to date
· "[This] underlines the vulnerability of the username and password system as a method of authentication. Username and password is old technology that is not up to the standard required to secure the deep information and private services that we as individuals store and access online today." -- Brian Spector, CEO, CertiVox
· "Not all versions of OpenSSL are affected by the latest vulnerability. The 1.0.1 and 1.0.2-beta releases have the bug and a fix has already been implemented. This is one of the benefits of an open source software project. Changes are generally easier to detect and fixes tend to come quickly." -- Steve Pate, chief architect, HyTrust
· "Although we are just finding out about this vulnerability now, it has existed for over two years. That means attackers may have already exploited the vulnerability during that time, stealing passwords, payment card information and other sensitive data without the end-user or business even realizing...” -- John Miller, security research manager, Trustwave
In our previous blog, we mentioned that experts recommend users change the passwords for all of their online accounts to protect themselves from the consequences of the Heartbleed bug. But before changing your passwords for specific websites, first check to determine if you should first check that those sites have adopted the Heartbleed fix. Users can easily check if a site is secure by going to this website.
Dear readers, in this blog article we heard some expert opinions. Now, we are interested in your personal opinion! What do you think about the Heartbleed Bug and how did it affect you?
As a gold sponsor of RSA 2014, the HOB team was fortunate to be at the epicenter of all things IT security. Not only were we able to showcase our own contributions to the industry, RSA was an opportunity for us to join the conversation of IT security experts discussing trends and debating the future of the industry.
As part of our RSA recap, we’d like to share 5 trends we observed during the conference:
Although an atmosphere created by the exposure of NSA activity, and its subsequent fall-out, is to be expected at any IT security conference, this was especially true at RSA. Prior to the conference, Reuters reported that the RSA organizer was engaged by the NSA and was responsible for creating loopholes for the agency. As a result, several digital security experts declined to attend and speak at RSA. In opposition to this movement, Stephen Colbert, who gave the closing remarks, called Snowden, “practically a war criminal,” and encouraged the American people to take responsibility for their actions:
"We all deserve credit for this new surveillance state that we live in," he said, "Because we the people voted for the Patriot Act. Democrats and Republicans alike. We voted for the people who voted for it, and then voted for the people who reauthorized it, then voted for the people who re-re-authorized it."
Corporate firewalls with authentication services from the past created the notion of corporate security as an island fortress. The more remote the island, the more secure the company. Today, the prevalence of BYOD has created several bridges to that island, and the workforce is eager to make use of these bridges. At RSA, we saw that IT admins are less inclined to manage multiple security vendors and systems.
Along this same thread, enforcing security policies in the cloud was also heavily discussed at RSA. Overall, companies were looking for a mix of private, hybrid and public cloud services, whereby some applications remain stored in corporate data centers and others housed in a public cloud.
The many security breaches that occurred in 2013 sparked the discussion about which team – admins or hackers – is winning the security match. The several billions being spent on IT security didn’t prevent severe attacks on Target, Neiman Marcus and Snapchat, to name a few, and thousands of people suffered as their personal data was exposed.
In order to combat malicious hackers, we saw a trend toward the application of big data to IT security. The use of massive amounts of data could enable the early detection and removal of security breaches.
Which IT security trends did you discover at RSA 2014? Let us know in the comments!
Large parts of the US are being paralyzed by this year’s first blizzard “Hercules” - Happy New Year! With temperatures far too cold to get out of your house and thousands of cars being buried beneath masses of snow, having to go to work can be terribly annoying. You might even end up digging out your car from the snow, only to realize that it was your neighbor’s. In order to prevent this from happening, you have three options:
1. Call in sick.
2. Take vacation and try to catch a plane to a warmer place. Maybe somewhere like Iceland or just any other place on earth.
3. Work from home, if you are lucky enough to work for a company that allows you to access your workplace from home.
Although options 1 and 2 seem tempting, this blog article wants to concentrate on option number three. Working from home offers a lot of benefits to employees. You can more flexibly arrange your work-life-balance, save on time commuting to and from work and avoid distractions at your workplace (also, you don’t have to deal with blizzards on your way to work). For companies, home offices help save energy costs, offer their employees more flexible working hours and can secure business continuity.
Home offices seem great, but we have bad news for you. According to a study from 2012, the chances that you are able to work from home are rather low . The study found that, even though more and more companies are claiming to offer possibilities to work from home, the proportion of employees that actually work from home remained essentially flat between the mid-90s and mid-2000s. The authors found that in 2004 only seventeen percent of the working population worked for an average of six hours a week from home. Another statistic reports that in 2011 forty-five percent of the US workforce held a job that was compatible with at least part-time telework .
The good news is that the technology to enable employees to work from home is already there and ready to be implemented. At HOB, we offer various software products that can help you set up home offices. With HOB RD VPN, for example, employees are able to connect from any computer with an internet connection to company servers or their desktop computer in the office. The access doesn’t require any admin rights or installation on the client side, which makes it perfectly easy for anyone to connect with their workplace. Thanks to Wake-on-LAN, you can remotely turn on and off your workplace computer and save energy. Remote connections over HOB RD VPN are SSL encrypted, so you don’t need to worry about security issues. Since HOB products are only software, they can be easily integrated into any existing IT infrastructure.
As one can see, there really is no point in trying to fight Hercules. Instead, companies and employees should start implementing and using remote access technology to enable home offices.
Finally, please let us know how you and your work life have been affected by Hercules and what experiences you made with home offices. We are looking forward to reading your comments!
M. C. Noonan & J. L. Glass (2012): “The hard truth about telecommuting.” In Monthly Labor Review
K. Lister & T. Harnish (2011): “The State of Telework in the US.“ http://www.workshifting.com/downloads/downloads/Telework-Trends-US.pdf
For three years in succession, HOB RD VPN has been a finalist at the Golden Bridge Awards. The top-class jury has nominated HOB RD VPN in five categories as a potential winner („Access - Innovations“, „Cloud Security - Innovations“, „Network Security Solution – Innovations“, Remote Access Solution – Innovations“ und „VPN/IPSec/SSL - Innovations“).
The final winners will be announced on September 30th, 2013 in San Francisco. Till then we keep our fingers crossed!
You can find further information about the Golden Bridge Awards here: http://www.goldenbridgeawards.com/world/