What do cybercriminals do with stolen data?

What do cybercriminals do with stolen data?

You’ve likely heard the stories of major data breaches that expose the personal information of millions of people. Perhaps you’ve even been a victim of this. But what actually happens to exposed data? How do cybercriminals actually use the data?

They sell it on the dark web. Credit card numbers, national ID numbers, email addresses, and passwords all fetch certain prices on the underground economy.

They launch spear phishing campaigns. With enough information, cybercriminals increase their chances of successful phishing attacks because they’re able to target specific individuals or organizations while sounding legitimate.

They pretend to be you. Identity theft is a top concern. If attackers gain access to your personal info, they can open accounts in your name, attempt to claim tax refunds, and file insurance claims, etc.

They attack even more accounts. In the case of stolen usernames and passwords, criminals use “credential stuffing,” which is an automated attack using those same usernames and passwords to gain access to other accounts.

Accidental data breach by clicking ‘Send'

Merely having a HIPAA-compliant email service isn’t enough to keep a clinic or agency within the regulations. The organization still needs to train its employees to use the Health Insurance Portability and Accountability Act compliant service properly, as well as implement the necessary policy and administration measures to guard its Electronic Protected Health Information (ePHI) records. If these aspects aren’t addressed, an organization could easily find itself suffering from a significant breach, the resulting fines, penalties and possibly failure.

Data breaches have become one of a medical clinic or insurance agency’s greatest fears. If you study the reparations, penalties, recovery costs and the ensuing investment in new security measures, data breaches are unbelievably expensive. That is aside from accounting for the interruption to regular business or the long-term damage to their brand reputation. 60% of all organizations that experience a data breach fail within the next 120 days … 120 days!

A clinic in Michigan closed its doors on April 1^st, 2019 just months after a ransomware attack deleted EVERYTHING. http://www.startribune.com/all-of-records-erased-doctor-s-office-closes-after-ransomware-attack/508180992/

Only 3 weeks ago, Eye Care Associates in Ohio had a trojan virus attack that severely affected their ability to do business and as of today (8/16/19) they are still struggling to recover and keep doors open https://businessjournaldaily.com/eye-care-associates-hit-by-ransomware-attack/

In both of these examples the clinics did not lose any patient data but Where the attack succeeded was interrupting business operations, Loss of reputation, loss of company data, costing it patient bookings and eventually, for Dr. Scalf and Dr. Bizon, the closure of their clinic.

Analyzing all breaches over the past 5 years will tell you that encryption is the most suitable way to make data confidential both in transit and at rest.

When organizations evaluate their need for email security, they all come to the conclusion that they need better access control, encryption, measures to ensure data integrity, documentation that the email is secure and much more. Some will find that they need more advanced mechanisms than others, such as opt-out email encryption to reduce the chances of employees accidentally causing data breaches. Ultimately, some businesses may decide that they have the capabilities to make their emails HIPAA-compliant in-house.

Others will choose to go with a HIPAA-compliant provider, like 10D Tech, that understands how to mitigate the problem in this complex regulatory world. This approach is generally easier and helps to spread the risks onto the provider, as long as a Business Associates Agreement (BAA) is signed. When audited, a clinic or organization simply refers to their provider for the documentation and reports of compliance. The end result of either method will be more than just HIPAA compliance. If your company has been judiciously following HIPAA’s recommended path of performing security reviews and implementing mitigation strategies, then it will end up with a secure email system as well. With the right systems in place, an organization will reduce its chances of suffering a data breach.

Accidentally causing a data breach is as easy as clicking ‘Send.’ Are you prepared?

10 reason to use 10D Tech

Our partners have discovered the benefits of having 10D Tech maintain and support your work stations, your network and your staff. 

Our Standards, Process Alignment, Business Impact and IT strategy is the recipe for our great results.

Our results for owners and managers:

1. Lower costs mean Higher Profit Margins. Using 10D Tech is like having an employee that never goes on vacation, doesn't require health insurance, is never sick, needs no profit sharing, no further company-based training, no desk, no chair, no phone ... etc.  
2. Increased Functionality as the staff is not spending 22 minutes a day working on some tech issue. 22 minutes a day is over 7 hours a month, or 11.5 days every year.
3. More Productive Employees They are not messing with the newest application or scouring their social media pages.
4. Better Morale amongst the staff knowing they don’t have to stress the Blue Screen or that they are downloading a virus.
5. A Reduced Risk as we back up your work stations, servers and overall network on a regular schedule all but eliminate the scary RansomWare notice everybody is talking about.
6. Installing a firewall, securing work stations with endpoint protection, instigating the password manager rules Enhances Security.
7. A stable network and protected work stations allow you to be More Competitive in the market without the added wasted time.
8. Looking at your current network and building a 3-5 year plan will Lower your Overall Technology cost. Instead of replacing things as they break, we help you purchase, according to a plan when prices are lowest.
9. A better balance of your Work vs. Life focus.  Nobody needs to stay late trying to figure out why the printer doesn’t work.  We already have it taken care of.
10. In general, a Peace of Mind that we have you covered and you can focus on what you do best.

Call us if this sounds like the solution you've been looking for. 541.243.4103  www.10dtech.com

Buying a Fur Lined Bathtub?

SPAM! Most of the time we don’t really fall for it, but sometimes an email looks interesting enough to open and read.  This morning I received this email that said it could deliver 5 phone system quotes to me in CORVALLIS  - OR, which is where our main office is located. So, my curiosity peaks and I check it out. (See the Note)

It’s probably not an email that interests you, unless you are looking for a new phone system. What you may not know is the same organization that collects your request for a phone system quote in “CORVALLIS - OR” will call me later this month and offer to sell me a list of businesses that want phone systems in “CORVALLIS - OR”

The same thing happens for other products. An email arrives that says they have a great price on something you have been looking to buy, it gets your attention and you think “Sure, I’d like to get 5 quotes for fur lining my bathtub” and you respond with the affirmative to the sender.  Who then calls a local bathtub fur liner and offers to sell your contact info along with “hundreds more.”  It’s a reasonably legitimate business model in that the spammer has offered you something, “5 quotes” and us something, “contact requested a quote,” but in reality, they have been deceitful on both ends.  They are building a list of contacts but can't really quote you a new phone system and then they are selling that list of contacts to companies under false pretense.  

As a note: 10D Tech does not buy these lists.

We feel your pain

Unsolicited emails, also called Spam, works because of the high volume the spammers send results in a tiny amount of success There are different kinds of spam, but in every case, sending spam is so cheap that it doesn’t take much for a spammer to pronounce that a spam campaign a big success.

For example, say a spammer sends 15 million emails pushing a knock-off of the latest wonder gizmo. If only a tiny percent, perhaps even just one person out of fifteen million, purchases the gizmo through him, the spammer has made a profit. It doesn’t matter if it’s fake purses, body-part enhancement aids, knock-off watches or discounted computer software. If even the tiniest percentage of spam emails produce a sale, then that spam was successful, they will continue.

Tired of Spam? Tired of sifting through a hundred emails a day that has nothing to do with your work? Call us and we can help 10D Tech 541.243.4103

Buying local?

When you buy local, your money stays local, and it strengthens the local economy in two ways. First, buying local fuels new employment and job opportunities for people within the community. Studies show, locally owned businesses employ more people per unit of sales, and retain more employees. Further, the expansion and growth of local businesses helps create a more stable, recession-resistant local economy and community alike.

Second, buying local keeps money circulating within the local economy. Cash flow is vital for prosperity and local businesses recirculate a greater share of every dollar, as they create locally owned supply chains and invest in their employees. An additional study found that local retailers return a total of 52 percent of their revenue to the local economy, compared to just 14 percent for the national chain retailers. Money circulating through the local economy benefits everyone who receives a transaction. 

We are disappointed our local city and county decided to buy from a chain that have no local employees or presence other than the phone systems they have installed.

City of Corvallis and Benton County buy new phone system.

#1 of 7 CyberSecurity Tips

We all now rely on technology. Our businesses rely on technology, big or small. Our clients find us online and use the 10D Tech website. We store confidential information and communicate via email. We download documents and research and file forms online. We manage other businesses networks.

10D Tech IS a target for bad guys. WE know IT and how to protect ourselves so that we can help our clients protect themselves. 

Numerous reports reveal that more than half of all small businesses are hit with a security breach. The financial consequences can be significant and for many, devastating. Right out of the gate, you’ll have to pay to have the systems recovered, get the data back, loss of reputation and potentially loss of your clients. 

Every organization needs to take responsibility and enable security measures to protect their business as part of the monthly reoccurring costs, like phone bills and rent. You can’t just set it up and forget it because the attack protocols change daily.  The Hollywood version of fending off a hacker attack, with streams of data scrolling across the screen is unrealistic. The image of a computer genius pounding away on a keyboard like they are replying to a political Facebook post is just comical. Most hackers are in a business network for 68 days before being discovered. They sneak in through emails, phishing links and EBKAC (Error Between Keyboard And Chair)  The bad guys are good, really good, BUT beatable with the right tools, properly configured firewalls and staff training.

Here is the first of 7 important cyber security tips.

#1. Create a clear set of security protocols.

How will you protect your business? Take some time and write it out with your IT team (10D Tech). You know your business, the IT team knows theirs. They’ll help you with the details for protecting your network, hardware and client information.   Don’t skimp here because the cost of a security failure can close your doors.

Evaluation items you should regularly ask your IT Team:

• How often do you run system updates, patches and network scans?
• Do we need to protect and back up all of our data?
• Does the staff have access to all of our sensitive data?
• What software and applications are critical, and which are optional?
• Where does the buck stop? The one throat to choke or the one back to pat?

Review the security plan every 6 months, and remember to include employee training in the security equation.  Your cybersecurity plan only protects the business if everyone knows it and follows it.

Next Tip: #2 Business Email Compromise (BEC) protection

540,000,000 - The news has become noise

Security Alert: April 3, 2019: 540 Million (540,000,000) FaceBook profiles exposed! It has become to common to keep track of them all.  

Security Advice: Stop using Facebook to log into websites & apps. Using a password manager is the single most effective tool to guarding your privacy online. Facebook is just the vehicle criminals use to loot your information. We use LastPass because it is simple.

We wonder how many Facebook profiles have NOT been exposed.  

https://www.extremetech.com/internet/288907-540-million-facebook-profiles-exposed-by-2-insecure-databases