BOSTON IT SERVICESCall us at (781) 933-9300

The cost of money is this month’s topic  Money is certainly always in the news but this month, there are many newsworthy cyber security money topics. I’d like to share some takeaways from the Capital One breach, the QuickBooks hack and related online banking stories.

 “Who’s in your wallet?” The Capital One Breach

106M consumers and small businesses had data from their credit applications stolen of which, 140k SSNs and 80k bank account numbers were revealed. Note: If you were one whose data was revealed Capital One claims they will reach out to you directly and offer free credit monitoring and identity protection.

This breach appears to have occurred from an internal employee via a trusted vendor.  They gained access and then copied sensitive data.  The data was posted/exposed on a server on the internet which was later found and reported to Capital One.

As often is the case, the thief was not caught in the act but was discovered months afterward.

On a positive note, Capital One had a breach process/policy and followed it.  It was not all scramble; they had previously taken the time to plan for and were able to act.  Kudos to them for such.

Action items for you:

  1. Who are your partners? What access do they have to your resources? Are you at risk?
  2. What is your breach and recovery process? Your communication process during such?

Do you use QuickBooks?  How would you fare if you could not get in for 3 days?

Part of the QuickBooks SaaS offering is hosted on different provider networks.  One of those networks was encrypted with ransomware on July 16th.  In an effort to try and control the infection, they took their network offline resulting in QuickBooks users not being able to access their data for 3+ days.

Often cloud vendors will tout their superior security but in fact, they are susceptible as well.  You need to plan accordingly.

Action items for you:

  1. Have a strong, TESTED recovery process and plan.  If you as an executive have not reviewed and ensured this is in place it is squarely on your shoulders.
  2. Communicate with your clients/employees/partners.  People will assume the worst – manage through this.  Hire a PR firm if necessary, to help with this.

Hacked accounts on random websites are being used against your bank

Thieves are constantly hitting bank websites with usernames and stolen passwords from other internet sites.  Logic is – most people use the same password for several accounts so why not hit a bank hoping for success.  And it works.

For your best protection, you need unique strong passwords for all your accounts and your financial data – bank, investment, etc.… should have the highest security around them.  If you use online banking, you need to make sure they have dual-factor authentication.  For example – you log in, you then get a confirmation email or text with a unique code and you enter the code.  If your bank is able protect you then you should consider one that cares enough about you to do so.

Action items for you:

  1. Only use an online bank portal if it has dual-factor authentication
  2. Use unique strong passwords!  Use a password manager such as Dashlane or LastPass to help you.

Once again, stay safe –

-Dan
Dan Adams
CEO
NENS

shares