Tag: cyber attacks

Between 2011 and 2017 there were an estimated 4,732 cyber attacks carried out against American businesses. However, only 24 of those breaches were reported to the SEC by the affected company. Those numbers are surprising, but the fact that companies are tight lipped is not.

Data breach reporting is a highly-sensitive process. Companies know it’s their obligation to inform victims. But going public about the breach can make it harder to clean up the problem and catch the perpetrators. It’s also a major public relations blow to the brand. And since the SEC has guidelines but not federal rules about reporting, delays and excuses are common.

That may be understandable, but that doesn’t make it acceptable. Reporting is an ethical obligation and also a legal liability for companies. Companies that wait weeks, months, or even years to report breaches potentially compound the damage done to victims. If and when those victims choose to go to court, they have grounds to demand much larger settlements. The growth of the cybersecurity insurance industry is largely due to the growth in size and frequency of these settlements.

It’s easy to conclude that companies should report the breach as quickly and completely as possible. Unfortunately, it’s not that easy when so much is at stake. Following these best practices to approach breach notification systematically:

1. Understand Your Legal Obligation – All states have laws requiring reporting, including the District of Columbia, Puerto Rico, and the Virgin Islands. There may also be other local, state, or federal laws that inform the reporting process. Study these laws in advance of any breach, and determine exactly when they apply and what they mandate. In some cases the breach must be reported within 72 hours of discovery.

2. Notify Law Enforcement – This is mandatory ASAP after a data breach. Even if the extent of the breach/victims is unknown, law enforcement must be aware of the incident. Once law enforcement is involved there are professional investigators pursuing the hackers. Contact local officials first. If they cannot help they will recommend you to state or federal officials.
   

3. Coordinate the Response – An inconsistent and disorganized response is just as bad as a late response. Pick someone to be the spokesperson, and make sure the message is consistent in public statements, on social media, and in official documentation. It’s possible to make the situation worse if victims are notified but not notified completely or accurately.

4. Consider Notification Options – The preferred way of notifying victims is through traditional mail. In special circumstances, however, companies are allowed to send out email notifications. Look at the cost of notifications based on the scale of the incident. Then determine how to directly notify victims and how to publicize the incident generally, Most companies also include resources on their website, issue a press release, and make spokespeople available to the media.

If the data breach notification process sounds unpleasant your interpretation is accurate. It’s a necessary evil for companies that suffer from a cyber incident. Unfortunately, avoiding these incidents is almost impossible. The strategy that more companies are taking is to plan for the worst early. Make a plan for responding to an incident, including in-depth details about notification. It may not be able to spare a company embarrassment, but it can spare them expense.

Consumers are being cautioned to be exceptionally careful of public WiFi hotspots and fake apps.

With shoppers out by the millions today, trying to find the best deal, Black Friday mobile security efforts will be critically important. Cybercriminals know that consumers will be downloading mobile commerce apps and will be tapping into public WiFi hotspots. This provides them with the perfect opportunity to launch their scams.

Anyone planning to use their smartphones should be aware of these types of fraud so they can protect themselves.

Anyone hoping not to have to deal with Black Friday mobile security problems will need to inform themselves. They will also need to take precautions. Fake m-commerce apps are expected to abound, as will fake Wi-Fi hotspots in busy locations such as malls. A growing number of security firms have been reminding consumers to take care before blindly trusting an application or internet connection.

Hackers love opportunities such as Black Friday mobile security breaches to grab private information.

Two of the companies that have tried to warn consumers of the types of mobile security threats that can occur on days like today are RiskIQ and Skycure.

Mobility strategist Brian Duckering of Skycure blogged that “Cyber criminals are increasing our risk of using mobile devices while shopping, whether it is Black Friday or Cyber Monday.” He added that “Going to physical stores and connecting to risky Wi-Fi networks, or shopping online both pose increasing risks we should all be aware of.”

RiskIQ, an enterprise security firm, said that there is a greater cyber security risk for smartphone users this year than there was in 2015. Due to the larger number of mobile device users, there are also more active cyber criminals. They target shoppers using their mobile phones to discover products or even make the purchases while using in-store WiFi.

This year, RiskIQ predicts that nearly a third (30 percent) of online Black Friday and Cyber Monday spending will be over mobile devices. At the same time, Skycure’s forecast is that mobile payments will be used three times as much this year as last year. These open the doors to more Black Friday mobile security issues and it’s up to consumers to protect themselves.