Category Archives: Data Security

Top 10 Overlooked Security Risks: 3 of 10

Data Destruction and Disposal

Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.

Top 10 Overlooked Security Risks: 2 of 10

Shared or Weak WiFi Passwords

Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Once a person has your WiFi password, they can access your network at any time, even from outside your building’s locked doors, or potentially after you have terminated them, leaving you with no control. Users should always connect to WiFi using a unique username and strong password that company staff can enable and disable as needed. Company policy should always enforce users to use strong passwords so your Wifi password cannot be guessed or compromised.

Top 10 Overlooked Security Risks: 1 of 10

Screen Locking

Once a user logs into a computer, they potentially have access to sensitive company information. If they get distracted or leave their computer unattended, it leaves your company data open to potential theft or exploit. Ensure that all company computers are set to automatically lock the screen after a defined time interval, e.g. 15 or 30 minutes and then require a password to log back in.

Breach Exposes Sensitive California State Employee Data

Data Breaches occur almost on a daily basis. You may not know that your IT Security problem is. We will find it and we’ll develop and implement real-world solutions.  Read on to learn more about the data breach that leaked state government material.

News has surfaced of a breach of sensitive data of California state employees.

As reported by The Sacramento Bee, it appears thousands of Social Security numbers have been exposed at the Department of Fish and Wildlife, with the department confirming so in a memo sent to its staff.

It is alleged the breach was discovered in December last year but was only disclosed to employees this week. The California Highway Patrol is thought to be investigating the incident, which is believed to have been brought about as a result of a former state employee downloading data to a personal device before taking the device outside of the state’s network. Read more »

The most common type of data breach in hospitals? Paper records, study suggests

Our HIPAA risk assessment includes a comprehensive review of your current IT and data security policies, procedures, networks, systems, and configurations. Adsero Security can help your company or practice improve its security and HIPAA compliance. Read on to discover what type of data breach is most likely to happen in a hospital and how this could lead to a HIPAA disaster.  Read more »

FedEx data breach: 119,000 passports or photo IDs found on unsecured server

We are solutions, builders who provide comprehensive, complete, IT security management programs. In an IT security solutions initiative involving many vendors, we are the project managers who pull it all together and make sure it works as planned- for the long term. Breaches such as the one afflicting FedEx could have been avoided if Adsero Security were involved. Read on to find out how this happened.

Thousands of FedEx (FDX) customers’ private information was exposed after the company left scanned passports, driver’s licenses and other personal documentation on a publicly accessible server.

The incident was first discovered by researchers at a German-based security center called Kromtech earlier this month.

According to the security firm, the server belonged to Bongo International, a company that helped customers with shipping calculations and currency translations. FedEx purchased Bongo in 2014 but renamed the company FedEx Cross-Border International a year later before discontinuing the service in April 2017.

FedEx said on Thursday that it has secured some of the customer identification records that were exposed earlier this month and added that so far it has found no evidence that private data were “misappropriated.” The company, however, said it continues to investigate.

“After a preliminary investigation, we can confirm that some archived Bongo International account information located on a server hosted by a third-party, public cloud provider is secure. The data was part of a service that was discontinued after our acquisition of Bongo. We have found no indication that any information has been misappropriated and will continue our investigation,” a spokesman confirmed to FOX Business on Friday.

The data breach could affect anyone who might have used Bongo’s services anytime from 2009 to 2012, and it’s possible the data were exposed online for several years,” according to Bob Diachenko, Kromtech’s head of communications.

Japan’s Coincheck set to report to regulators over $530 million cryptocurrency heist

With a combined  45 years experience, Adsero’s principals have seen it all. We can solve any problem. Prevention is pivotal in cases like this. Read on to find out how over $530 million in cryptocurrency was taken in a heist.

Japanese cryptocurrency exchange Coincheck, stung by the theft of $530 million of digital money last month, is expected to file a report with regulators on the hacking on Tuesday.

The Financial Services Agency ordered Coincheck to raise its standards after the hack and gave the exchange until Feb. 13 to submit a report on the heist, the safety of its systems, and measures it would take to prevent a repeat.

Coincheck said on Friday it would allow customers to restart yen withdrawals on Tuesday. The exchange, which froze all withdrawals of yen as well as digital currencies following the theft, said it had confirmed the integrity of its system security.

Coincheck has received withdrawal requests from customers totaling about 30 billion yen ($280 million), a person with direct knowledge of the matter told Reuters last week.

Still, the exchange said it would keep restrictions on cryptocurrency withdrawals until it could guarantee the secure resumption of its operations. It did not give further details.

The Coincheck heist exposed flaws in Japan’s system of regulating cryptocurrency trading, and raised questions over the country’s dash to oversee the industry – a move that was in sharp contrast to clampdowns by policymakers in countries such as South Korea, China and India. Read more »

Viewpoint: Equifax breach is a reminder of society’s larger cybersecurity problems

Our society is faced with an array of opportunities of being hacked. This is why Adsero Security’s specialty in writing IT security policies and training your staff on policy adherence thus developing a culture of compliance is so important. Read on to discover why cybersecurity issues affect society as a whole.

The Equifax data breach was yet another cybersecurity incident involving the theft of significant personal data from a large company. Moreover, it is another reminder that the modern world depends on critical systems, networks and data repositories that are not as secure as they should be. And it signals that these data breaches will continue until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures.

Although this specific incident is still under investigation, the fact that breaches like this have been happening – and getting bigger – for more than a decade provides cybersecurity researchers another opportunity to examine why these events keep happening. Unfortunately, there is plenty of responsibility for everyone.

Several major problems need to be addressed before people can live in a truly secure society: For example, companies must find and hire the right people to actually solve the overall problems and think innovatively rather than just fixing the day-to-day issues. Companies must be made to get serious about cybersecurity – at a time when many firms have financial incentives not to, also. Until then, major breaches will keep happening and may get even worse.

Finding the right people

Data breaches are commonplace now, and have widespread effects. The Equifax(NYSE: EFX) breach affected more than 143 million people– far more than than the 110 million victims in 2013 at Target, the 45 million TJX customers hit in 2007, and significantly more than the 20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incidentYahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.

Read more »

Uber says hackers behind data breach were in Canada, Florida

Hackers can strike from anywhere. This means that any organization is vulnerable. Adero’s penetration testing allows clients to detect their areas of vulnerability. Read on to discover how easy it was for two people to hack into Uber’s system.

The two people behind a 2016 data breach at Uber Technologies Inc. were found to be in Canada and Florida, an Uber cyber security executive told the U.S. Congress on Tuesday.

About 25 million users affected by the breach are users located in the United States, John Flynn, chief information security officer at Uber, said in written testimony to a Senate Commerce Committee panel.

Uber announced the breach of 57 million worldwide users last November. Of those impacted in the United States, 4.1 million were drivers, according to the testimony.

Uber Canada announced late last year that 815,000 Canadian riders and drivers may have been affected.

The testimony from Flynn is the most comprehensive public account to date of the Uber hack, the handling of which prompted newly appointed Uber chief executive Dara Khosrowshahi to fire two of the company’s top security officials.

Reuters reported in December that a 20-year-old man was primarily behind the massive data breach, and that he was paid by Uber to destroy the data through a so-called “bug bounty” program normally used to identify small code vulnerabilities.

Flynn confirmed the man who obtained data from Uber was in Florida and that his partner, who first contacted the company on Nov. 14, 2016, to demand a six-figure payment, was located in Canada.

The company’s security team made contact with both people and received assurances the pilfered data had been destroyed before paying the intruders $100,000, Flynn said.

Read more »

Consumer Reports finds Samsung, Roku TVs vulnerable to hacking

You may not know exactly what your IT Security issue is. We will find it and develop and implement a solution. The more reliant on technology that we become, the more prone to hacking our society is. Listen to how easily Roku TVs can be hacked.

We’ve written in the past about how your TV is probably tracking you, and now Consumer Reports, as part of a broad privacy and security evaluation, has has found that millions of smart TVs are vulnerable to hackers and “raise privacy concerns by collecting very detailed information on their users.”

According to the report, the problems affect Samsung televisions, plus models made by TCL and “other brands that use the Roku TV smart TV platform, as well as Roku’s popular streaming devices.”

“We found that a relatively unsophisticated hacker could change channels, play offensive content or crank up the volume, which might be deeply unsettling to someone who didn’t understand what was happening,” Consumer Reports said. “This could be done over the web, from thousands of miles away.”

The good news is these TVs’ security vulnerabilities apparently won’t allow hackers to spy on you or steal your information, according to Consumer Reports.

The report singled out Samsung, TCL and other Roku TVs as being vulnerable, but smart TVs from LGSony and Vizio were also evaluated. While they were cleared from a security standpoint, the testing found “that all these TVs raised privacy concerns by collecting very detailed information on their users.”

As CNET’s David Katzmaier wrote last year, Vizio was slapped with a $2.2 million fine by the FTC for failing to properly disclose how it shares its tracking information, and in previous years Samsung and LG have both faced similar scrutiny. Streamers from Roku, AppleAmazon and Google haven’t yet made any major privacy missteps, but their policies are generally less intrusive than those of TVs. Read more »