Do you have data breach fatigue?

View this email in your browser

When you read about yet another data breach, class action lawsuit or fine, does it conjure up the adage “that can’t or won’t happen to me”. We identify this as data fatigue.

Data is a commodity. So, when malicious cyber-attacks on organizations result in breaches, it takes time for that data to make its way to professional hackers that make money from it. Personal data is a valuable commodity. Even if credentials aren’t stolen, it can still be sold as marketing information.

Yet there is a specific piece of identity then that can kick-start cybercrime because it helps bad actors create your profile and use social engineering to obtain more information to log into your banking system or compromise your medical records. And it can be something you consider minor like your mobile phone number and whether you are a male or female.

The information obtained by a cyber-attack is then sold on the Dark Web to hackers who are building phishing sites designed to get the additional credentials they need to get into bank accounts and steal money.

The problem is so widespread that experts across all verticals are targeted regularly. Many of these attempts come via phishing scams to YOUR mobile phone where fraudulent messages purportedly from large reputable companies are actually being sent by cybercriminals attempting to get even more valuable information such as online banking logins, credit card details or passwords.

We acknowledge that it’s sometimes hard for the public to know what communications they can trust. Phishing attacks continue. They aren’t stopping and in fact they are getting ever more innovative.

Ever get those types of messages which say something like, ‘This is Wells Fargo and your password is about to expire’. The cybercriminals know that almost so many Americans use Wells Fargo (or any financial firm) for their banking needs, so they have a good chance of getting your attention.

People fall into the trap of clicking on the link and giving out their information. More education is needed. In Australian NAB Bank touts all it is doing in this identity theft niche – https://omny.fm/shows/3aw-afternoons/nab-group-general-manager-reveals-online-scams-to

It’s also hard to know what is real and what is fake.

I also get some legitimate messages from my providers and suppliers, and I don’t click unless I can see the full address and then only after I have made a phone call. We work with a CPA firm who were expecting a client email. When he clicked the link, their services went down for a week in the middle of tax season because unbeknownst to them someone hacked the sender’s email.

What we do is ensure we are trying our best to minimize the attacks, and if they happen make sure we are resilient enough to deal with them and recover.

As such we say that companies should be doing more to keep personal data safe from hackers but acknowledge that as information and communications technology systems get more and more complicated, that means that points of weakness are always likely to exist.

And attacks are unlikely to decrease while there is a lucrative market for stolen credentials.

Yet some systems need to be more secure than others. If you take down the power grid then you could take down the whole country, and the banking system is another.
We think companies in general can do a lot more to protect people’s privacy. If a new system is deployed, do proper testing and check integration with other systems in case it causes a possible vulnerability in terms of security.

In addition, keep track of any vulnerabilities that are reported. And monitor cyber threat intelligence from reliable sources to check if your system is at risk.

Another good measure is regularly scanning and sanitizing the system – all of these are protocols that build up strong security.

And the easiest step, beef up your training – this is not a one off. It MUST be part of an ongoing process.

We know that humans are the weakest link and if you are sincere in your efforts to protect user, and employee data, create a cyber security culture from the top down.

LEAD BY EXAMPLE!

We can help you set up those protocols. If that is not part of your expertise, do what I always did as a profitability consultant – OUTSOURCE IT! YOU’LL BE HAPPY YOU DID!

Richard Freiberg
Profitability Consultant
Richard Freiberg CPA PC
Phone (980)339-3352
Cell (914)393-0033
www.rmfreibergcpa.com
LinkedIn
to subscribe to Cyber Insights Today
to subscribe to LinkedIn Newsletter Cyber Security

Providing valuable counsel to help boost your company’s bottom line, while navigating competitive forces, industry, and economic risks in today’s challenging environment
 
 

Copyright © 2024 Richard Freiberg CPA PC, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.