Device Security Risks for the Internet of Things

Database Hacks – Are Banks Required To Notify You?

Ever wonder if banks are required to tell customers when their systems are hacked? You may be shocked to learn that they are not. The only exception to this standard has been database hacks that effect California residents. Companies doing business in California are required to give such notice under the California Security Breach Information Act. The situation is changing quickly on the federal level.
Regulations have been issued by federal finance agencies that now force banks to tell customers when their personal data has been exposed to unauthorized third parties. The regulations are issued pursuant to the Gramm-Leach-Bliley Act, which contains language requiring financial institutions to prevent unauthorized access and use of consumer information.
The new regulations appear to be a reaction to several recent high-profile data leaks. They include incidents such as Bank of America losing data tapes containing information for over 1 million government employees and the breach of databases for LexisNexis and ChoicePoint. It is well known that numerous other banks have also been hacked over the years, but the information has been hushed up.
The new regulations require financial institutions to notify account holders if the institution becomes aware of unauthorized access to sensitive customer information. The directives apply to banks and savings and loan companies, but not credit unions.
There are two serious loopholes in the regulations. First, a financial institution that discovers a database breach must only notify account holders if it is “reasonably possible” that personal details will be misused. Second, the regulations only apply to personal data, not business or commercial accounts.
While these new regulations are a positive step, one could drive a truck through the two loopholes. Determining whether it is “reasonably possible” that your information will be misused is a vague standard that many financial institutions will use to withhold information. Put bluntly, the notification regulations are gutless.
The best method for keeping an eye on database breaches is to look for stories in the news. Under California law, companies are required to give notice to California residents when breaches occur. If you see a story about your bank giving notice of a hack to California residents, your personal information may have also been exposed. Hackers do not restrict their attacks to California residents.

Security in Life

In life, the basic necessities for living are food, shelter and clothing. These still apply today theoretically, but try applying it and I doubt if you would survive a year with just those three basics. In this day and age, food, shelter and clothing just don’t cut it anymore. With the advent of technology, our lives cannot depend solely on the three basics anymore.

And as life gets more complicated with each passing day, a growing concern that arises with this complexity of surviving is security. Security comes in many forms. You may seek security in a friend; you may look for it for personal safety, you may seek security against cyber fiends, or you may look for it to protect your belongings, you can do a “Linus” and look for security in a blanket even. Whatever form it may take, and whatever form you may need it for, security is surely something that can’t be ignored lest we lose the value of life. Who knows what evil lurks in the hearts of some men where threats abound. They are everywhere, those heinous hoods of hellish intent. We can never feel secure enough in whatever we do. Whether to be secure about our belongings, financial status, cyber safety, our bikes, our cars, our friends, our family, our lives… whatever we have and whatever we do, security is something we can never take for granted. Otherwise, regret and loss surely follow.

Hoping of course that lives are not lost, after a breach in security against something personal, we can take measures to ensure that our security will not be infringed again. A simple padlock can make a world of difference. But of course a multi-camera security system with police support and a pack of rabid Dobermans and snipers on every corner of the roof with laser detectors in the area and pressure sensitive flooring that triggers a hail of rubber bullets to render an intruder immobile and tear-gas deployment for further shock-still treatment is WAY better than your simple padlock. But against a threat to your computer system, all those do not work. You would need its cyber equivalent to make sure that your computer system is safe and secure!

So whether it be security in a material setting or security in a cyber setting, we can never underestimate the importance of it. How often we hear crimes committed because of a lack in security? – A lot

HIPAA: Requirements for intranet collaboration software

Sharing private health information over the internet can be a risky business. Unfortunately, as people become accustomed to doing most if not all of their personal business online, the demand for accessing this information online will grow to the point that health care providers will have no choice but to either provide access to this private health information or lose their customers.

The Health Insurance Portability and Accountability Act (HIPAA) was enacted to assure the confidentiality of patient information. This requires that health care providers employ stringent measures to assure that information shared on the internet is protected from unauthorized access.

The HIPAA Act requires health-providing entities to:
• Assign responsibility for security to a person or organization.
• Assess security risks and determine the major threats to the security and privacy of protected health information.
• Establish a program to address physical security, personnel security, technical security controls, and security incident response and disaster recovery.
• Certify the effectiveness of security controls.
• Develop policies, procedures and guidelines for use of personal computing devices (workstations, laptops, hand-held devices), and for ensuring mechanisms are in place that allow, restrict and terminate access (access control lists, user accounts, etc.) appropriate to an individual’s status, change of status or termination.
• Implement access controls that may include encryption, context-based access, role-based access, or user-based access; audit control mechanisms, data authentication, and entity authentication

This law has serious implications for organizations that allow unauthorized access resulting in a breach in confidentiality.

Security is the key

Since the HIPAA law provides for both civil and criminal penalties for violations, data and access security is of the utmost importance. To assure HIPPA compliance, online document management on company intranets and extranets must include a number of security features:

• Secure web server – a server running secure socket layers is the minimum needed.
• Encrypted database – all data must be encrypted. Software is available that will encrypted all data sent between two computer over the internet.
• Secure access control — in addition to a traditional user id and password, it may be a good idea to use a strong password or smart card as additional security.
• Session timeout – this assures that confidential data is not left on an unattended screen.
• Server monitoring – the secure web server needs to be strictly monitored to detect break-in attempts.
• Regular security audits – regular audits are required to make sure all security precautions are working properly.
• Personnel – system maintenance should be in the hands of qualified personnel familiar with HIPPA requirements

Computer security and encryption becoming more vital

One of the greatest miscalculations a business owner can commit is by not prioritizing how he will protect his computer system from unauthorized intrusions and data theft.

There is a common belief among business owners especially those that do not operate a big business that their small size makes them safe from the malicious intent of computer phreakers and data thieves. They think that in a sea full of big fishes a small fish will be ignored, secure in the fact they are not worth the exertion and computer time for notorious data thieves.

Nothing can be farther from the truth. In fact, smaller businesses are far more vulnerable to internet security threats and all manner of data theft and electronic sabotage. Based on a study made by research firm AMI-Partners, almost half of all small and medium sized businesses have failed to implement even the most rudimentary security precautions – which includes the installation of antivirus and anti spyware programs. This oversight could be the main reason why when the Mydoom worm hit a few years back, one in three small and medium sized businesses were affected compared to just one in six among the larger companies were affected. This was discovered by the Internet Security Alliance, a non profit organization that deals with information security issues.

In fact, now more than ever data and network protection should be given more attention because of the ever evolving sophistication of data thieves. They are now more equipped with the software and hardware necessary to break into security measures instituted by data managers. What could the chance be for a company to weather an attack if the owner forgets or ignores putting in place data security and encryption policies for his business because he thinks it will just be an additional cost? Practically zero and the untold cost to his business would be far more greater.

It is for this reason that data security and encryption should be one of the priorities of a business. Anyone is vulnerable to an attack whether that business is an international conglomerate or a new start up. In fact, a big business will have more chance to recover compared to a small business because a big company will have the read funds available to rebuild the business. A small business, on the other hand, will not have the necessary funding to start the business all over again – making an attack quite catastrophic.

These facts are not lost on many software providers who are now coming up with many types of solutions that guarantee the safety of data in an office’s network. There are also software that bring security to a higher level by incorporating encryption technology in order to safeguard not only sensitive data but also to make it harder for hackers to get into networks or intercept data being transmitted from the corporate network to devices outside of the network. Encryption technology can, in fact, be seen as one of the highest levels of protection that a business can employ in order to ensure the integrity of its data and its computer network.

Business Analyst for the Small Business

Small business owners may not think they need a business analyst. Small businesses are sometimes caught up in trying to survive and overlook a key element in their success. The business analyst can actually come in and determine what the small business owner can do to expand his or her business. The small business owner can benefit just as much from a business analyst as a large corporation. There may be times when the business analyst sees the big picture when the small business owner can only see the bottom line. The new small business may not feel the added expense of a business analyst is worth justifying. In fact this is just the case.

The small business can benefit from the business analyst in many ways. The business analyst may be able to offer an unforeseen income generating avenue. Advertising techniques the small business is using may be proving fruitless. The business analyst may be able to implement bluetooth advertising. The small business could target specific clients instead of a general population with his or her advertising dollar. The business analyst may be able to suggest point of sale income not thought of by the small business owner. Other elements the business analyst could suggest would be repackaging in different sizes, where appropriate. Offering complimenting sales items may have not occurred to the small business owner. The business analyst is there to show a different perspective.

The business analyst will be able to assess the small business and determine what business decisions should be made. He or she can instruct the small business owner of new programs available. The business analyst will be able to offer advice as to new technology the small business owner is not taking advantage of. The small business is able to be aided in several ways by the business analyst.

The business analyst is a visionary. He or she can show the small business how to implement innovative business techniques. These techniques may have never been before thought of by the small business owner. The business analyst can view the broad scope of things to determine a need by the customer. The small business owner may have no idea these areas of opportunity exist. It is up to the business analyst to show the small business what will work and what will not work for the business.

Building profits and customer relations are the two key components that make up what the small business is focused upon. A good business analyst will be able to integrate these key elements into a plan of action for the small business. The business analyst can act as the liaison between the small business and the customer to determine if the needs of the customer are being met. A report can then be generated to determine how the small business can use this information.

The small business and it’s customers can benefit from the knowledge a business analyst brings to the table. The added expense of a business analyst can significantly raise the profits of a small business. It is worth researching whether a business analyst will be able to use his or her skills when it comes to a small business.

Cyber Security Degrees Online Respond To Increasing Demands And Needs

A few years ago, movies and the media enthralled people with the high-tech, fast-paced drama of a world threatened by cyber security terrorists and hackers. Film after film played upon the notion of governmental databases and computer systems being breached by small groups of savvy individuals seeking to bring down countries and nations. At the time, people thought this world of intrigue was amazingly thrilling and entertaining. Now, protecting sensitive information and thwarting off insidious attacks to computer systems are commonplace. In fact, anyone can study in the field and what’s more, individuals can even attain their cyber security degree online.

Whether filmmakers and producers knew of the computerized, technological explosion about to hit the world or whether reality simply learned from imaginative and creative ideas that were seen in the movies is irrelevant. Our capacity for using computers to increase production, save time and manage multi-million dollar projects has increased beyond proportions. Even more important is the need to protect systems in place from those who would carry out stealth attacks and steal valuable information. Government offices, large corporations, medium-sized businesses and even small entrepreneurs are looking for individuals skilled in protecting their computer systems from hackers, viruses and hardware crashes.

Instruction for cyber security degrees online is readily and easily available. Educational facilities have come forth with solid programs that allow students to earn credits at their own pace and from their own home, which increases the ability for individuals to combine work and study. Corporations and human resources departments recognize that online education is just as valuable as instruction received on site at college campuses, and perhaps even more so. Studying via the Internet requires dedication, determination and motivation. Applicants interested in obtaining these positions who’ve received their cyber security degree online show they are serious about pursuing their career. Also, college curriculum offered in an online environment are more honed and precise than lectures offered before a group. The student receives instruction in specific information that isn’t reduced in quality by distractions from public lectures.

Job placement for individuals who’ve received their cyber security degree online is very strong, with demand for highly skilled employees increasing every day. Eighty-one percent of private sector business owners rate cyber security as being the top priority of their company. United States budget allocations for Homeland security increase every year, the amounts of money numbering in the billions. To meet critical requirements, students who enter the field of computer security train in forensics, cryptography, intrusion, cyber law and cyber terrorism, as well as instruction in administration, security, viral activity and compliancy. Most educational facilities use real life simulations for hands-on learning and training, honing individuals’ quick thinking and reaction time, vital to this industry.

Reports show that the demand for individuals skilled in cyber security will continue to rise. From now through 2014, protecting sensitive information and multi-million computer systems will be one of the top ten jobs in the world. While obtaining enough credits to practice psychology, individuals focusing on earning a cyber security degree online can usually expect their position to bring in an excess of $60,000 per year. Job security is virtually guaranteed and the availability of positions to work in executive corporations is vast. Industry needs are only going to increase and require even more skilled individuals to protect crucial information and ward against threats to security, making cyber security an extremely solid career choice.

As every business becomes more interconnected across the state, cybersecurity is no longer just an information technology (IT) problem, it is a business problem.

Cybertech and the State of Indiana will hold its kick-off Cybertech Midwest event on Oct.  23, 2018 for executives, managers, critical infrastructure owners and operators to learn how to strategically prepare, respond, and recover from a cyber attack.  Sentree Systems, Corp. will host a booth at this awesome event, so come out and see our latest solutions.

 

“We are absolutely thrilled to bring the Cybertech to Indiana for our flagship U.S. event,” said Amir Rapaport, founder of Cybertech. “We see Indiana as the ideal location for our Cybertech event due to its vibrant cyber eco-system, with incredible involvement and passion from the state, industry, academia and local government when it comes to cybersecurity, protection and innovation.”

This thought-provoking conference and exhibition will present on global cyber threats, solutions, innovations, and technologies. Speakers and panelists will focus on cyber threat and strategies for meeting diverse challenges in sectors such as healthcare, utilities, small businesses and local government.

Attendees will also meet decision-makers from the leading companies, startups, government officials, investors, academics, and other professionals changing the global cyber landscape.

Speakers will include Indiana Governor Eric Holcomb, Indiana Lt. Governor Suzanne Crouch, Secretary of State Connie Lawson, Director of the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST) Rodney Petersen, as well as speakers from Eli Lilly and Company, Purdue University, Indiana University, KSM Consulting, Indiana Department of Homeland Security, Indiana Office of Technology, and more.

 

For more information or to register, visit midwest.cybertechconference.com.  

International cyber wars have been in the news a quite a bit lately. Countries are attacking other countries. Computer servers are being hacked by sophisticated government operations. Identity theft is now so rampant that the theft of an American person’s identity happens once every few seconds. A study conducted by Javelin Strategy & Research found that during 2017 about 16.7 million Americans were subject to identity theft. This caused over $17 billion in losses from the data breaches. Businesses are not immune to these attacks either.

North Korean cyber attackers are thought to have hacked cryptocoin currency exchanges in South Korea and Japan. They got away with stealing the equivalent of tens of millions of dollars. Then, the perceived technical vulnerabilities of the cryptocurrency exchanges caused the value of all of the cryptocurrencies to decrease rapidly. About half of the value of all the cryptocurrencies disappeared in less than a few weeks, which represented more than $42 billion in lost value that evaporated during June 2018. The most popular one, Bitcoin, suffered the greatest loss of value.

Other cyber-criminal hackers distribute a vicious form of malware called “ransomware” that infects computers, encrypts the files, and then the hackers demand payment in anonymous cryptocurrency for the key needed to unlock the files. They promise to send the unlock keycode for payment; however, they may not send it, even if the ransom is paid.

Businesses that make use of bank wire transfers are seeing attacks that divert funds from their business account. Hackers get the information they need by doing “spearfishing” with keyloggers to capture personal information. They get the passcodes to bank accounts or simply use an email that seems to come from the boss to instruct a worker in the company to make a payment to the criminals.

This is an important warning for the big businesses, as well as for the small-to-medium-sized businesses, which are located in the service area for Sentree Systems in Indiana. This includes the cities of Avon, Carmel, Fishers, Indianapolis, Noblesville, Plainfield, and the surrounding areas. You need Sentree Systems on your side to fight this menace.

World War III has already started and it is a cyber war. The attacks do not even need to directly focus on your company to cause great harm. They can be against critical infrastructure, electrical power grids, banking networks etc. All of these attacks can be disruptive and damaging to every business that uses these systems.

Having high-defense IT security and a comprehensive plan for disaster response for your business is no longer something that can be left to do some time in the future. In fact, this needs to have already been done and regularly updated for the ongoing and upcoming threats. Contact Sentree Systems at 317-939-3282 or email info@sentreesystems.com to set up an appointment for a comprehensive IT security review to help mitigate the serious risks that all American businesses are now facing.

Some cybercriminals operate a fraudulent scheme that is called a Business Email Compromise (BEC). In this crime, funds are stolen by convincing a person to send a bank wire to a dummy bank account for what the criminals claim is a legitimate transaction. Businesses that conduct operations that frequently make use of bank wires are the main targets for these criminals. Senior citizens and individuals may be targeted as well, especially if they are involved in a real estate transaction.

Under a program called “Operation Wire Wire,” federal law enforcement, with the cooperation of international authorities, were able to make a total of 74 arrests of alleged criminals. 42 were arrested in America, 29 arrests were made in Nigeria, and one arrest was made in each of the countries of Poland, Mauritius, and Canada. The law enforcement efforts in the United States were a coordinated investigation by the Department of Homeland Security, the Department of Justice, the Department of the Treasury and the U.S. Postal Inspector’s Office.

The investigation lasted six months. In addition to making the arrests, the investigation captured $2.4 million of stolen funds and authorities also blocked the illegal transfers of $14 million.

How does a business email compromise scheme work?

The BEC scheme is financial cybercrime. It is a sophisticated fraud that attacks employees with the authority to transfer company funds by bank wire. Businesses that work with foreign suppliers and those that regularly send bank wires are especially vulnerable. This fraud is usually achieved by obtaining the email account of a senior level employee for a company and impersonating this person to direct other employees to send a bank wire to the criminal’s account. Besides stealing money, the criminals may also try to obtain confidential information such as the employee tax records.

This fraud began in Nigeria. Now, through the involvement of transnational criminal groups, it spread across the globe. The use of Americans increased the success of this fraudulent scheme in the United States.

Conclusion

Companies continue to lose millions of dollars each year due to this scam. Consult with the security experts at Sentree Systems Corp. in Indianapolis, serving central Indiana and the surrounding cities of Avon, Carmel, Fishers, Noblesville, and Plainfield. They will help implement a more secure approval process for bank wire transfers, improve email security, and can create an ongoing employee education program to help employees spot criminal business email compromise attempts.

For many industrial and commercial purposes, there are tremendous benefits, in terms of system management, for increased connectivity with the technological innovations of the Internet of Things (IoT). This also brings many new security issues to consider. A new level of security risk comes from the expansion of the IoT to connect devices. These risks come from connected devices that are communicating in less-than-secure ways. Every piece of equipment that is connected through the IoT may create a security breach.

Risks Caused by Medical Devices

An example of this new type of risk is experienced by healthcare organizations that are becoming aware of the cyber vulnerabilities of medical devices. The U.S. Department of Homeland Security (DHS) issued six alerts since April 2018 advising major healthcare organizations about the security risk of medical imaging equipment and patient monitoring devices. The DHS has a special Industrial Control System Emergency Response Team that is tasked with the goal of discovering vulnerabilities in all types of equipment.

Recent security alerts from DHS include notices about devices with these problems:

  • Improper authentication procedures
  • Personal information exposure
  • Missing encryption
  • Memory read/write vulnerability
  • Denial of service potentials

These risks can cause harm to patients if they are exploited.

Risk Mitigation

Healthcare companies now are encouraged to conduct security audits that include an evaluation of connected medical devices. These organizations must also track and record any security risks found in their operations caused by devices and the remediation steps taken to remove the risk.

The challenges include finding things with vulnerabilities that the organization can update with software security patches, checking for proper configurations, and adding system architecture controls. Other things may need to be fixed by the vendors. There should be an ongoing effort to identify vulnerable devices. Taking them offline to fix them or relocate them may cause operational problems. There is a balance between managing the devices to improve security and understanding the effect on operations when the equipment is not available for clinical procedures.

Conclusion

Companies, especially those in the healthcare industry, need to be aware of the risks caused by devices used in their operations. Contact Sentree Systems Corp. for a security review and to get advice about how to manage security risk caused by devices that are connected to the IoT. Sentree serves Indianapolis, Avon, Plainfield, Carmel, Fishers, Noblesville, and the surrounding areas in Indiana.

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!

GET YOUR FREE DARK WEB SCAN TODAY!!!

Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282