breach Tag

Holiday Season brings Security Risks – how to stay safe

The folks behind all sorts of online threats know that the holiday season is their most wonderful time of the year. As people are participating in unprecedented e-commerce, introducing new hardware into their environments, and rushing around with easily-skimmed cards it can be hard to defend yourself from all angles of attack.

 

Security Risks while Shopping

Online shopping can be a huge time-saver but it’s also a big risk. Amazon has done a pretty good job of securing customer data, but big firms like Target and Home Depot have been the victims of cyber attacks. Here are a couple of easy tips to keep yourself safer while shopping:

  • Use strong passwords and change them often
  • Don’t use the same password across multiple accounts
  • Pay in cash when shopping in person
  • Only order over a secure connection (when you can see the little lock in the URL bar)
  • Don’t shop on open wireless networks (like those at a college or a coffee shop)

 

Changing Hardware Environments

New kinds of tech get introduced around the holidays, but they aren’t always the safest things to bring into your ecosystem. Google Home and Echo Dot are cool toys, but they can store your searches. Web-connected devices like cameras or robots can be hacked to turn your device into part of a botnet. Even gifts like backup drives or a new phone for the office can pose a threat. Here are some things to keep you new hardware from becoming a headache:

  • Manage the settings on your home assistant devices to prevent them from collecting data
  • Change the default passwords on your IoT devices to prevent them from being hijacked by botnets
  • Keep an up-to-date antivirus to prevent infections from new hardware like hard drives or flash drives
  • Be cautious about downloading new apps for you phone – many of them are phishing scams or keyloggers

 

Defending Yourself can be difficult

There are all kinds of threats out in the world, but you can lower your personal risk by taking simple steps like updating programs and changing passwords frequently. Everyone should be running a strong, regularly-updated antivirus (we recommend ESET and you can call us if you’d like to purchase a license), and everyone should learn how to identify and avoid phishing attacks.

But what do you do to protect your business? What do you do to keep your work devices safe?

 

Business Protection is Priority One

Maybe more people are accessing your site this time of year, maybe your employees are handling heavier loads. There are a million things that can go wrong during this busy season and at PMCS we pride ourselves on preventing those problems. We take security very seriously and are proud of the ways that we can minimize risks to your business. PMCS relies on a suite of tools we can use to help you keep your business safe, including:

  • Enterprise-grade SonicWall Firewall devices
  • ESET Endpoint Protection Advanced – Antivirus for five or more users with an up-to-date threat console and remote monitoring
  • Proactive Maintenance Plans that check your systems for security risks
  • Backup Assist to keep your data safe and protect you from downtime in the event of an attack.

Don’t let yourself or your business be brought down by online threats this holiday season – call PMCS at (818)957-5647 for a free system assessment to identify any security risks. We’ll make sure your network is secure, your backups are stable, and that no downtime will plague you during this busy season.

Most businesses think their IT companies have done a great job of securing them, but when we come in with our tools we find gaps in coverage and all the flaws from previous systems. Give us a chance to explore your network and you’ll be shocked by the ways we can improve your security and protect your business and your customers.

Call to schedule your free assessment today!

(818)957-5647

Tarte Cosmetics exposes data of 2 million customers

There’s yet another story in the endless cycle of companies who have exposed their customers to ID theft and today it’s popular makeup brand Tarte Cosmetics.

In September Tarte came under fire for exposing 1400 customers’ names, addresses, email addresses, shopping history, and partial credit card numbers in an email that linked its recipients to a visible part of the brand’s customer database.

Now the same database appears to have been facing the open internet all along. Data from about 2 million customers from 2008-2017 has been found to be visible on Tarte’s servers. Researchers from Kromtech Security Center confirmed that the customer information was exposed, but they weren’t the first to find the database. Members of the ransomware group “CRU3LTY” had left a warning file in the database, though they hadn’t deleted the information, which is standard for CRU3LTY.

It’s easy to make jokes about this breach in particular because it’s a bit silly. Tarte isn’t the sort of brand you picture when you think of security risks and the data lost isn’t especially serious. Though Tarte customers will want to replace their credit cards and be on the lookout for phishing scams in the next few years this kind of loss pales in comparison to the massive September Equifax breach. Which would be okay, if both breaches weren’t symptoms of the same problem: a lack of focus on security.

We’ve seen the targeting of large financial institutions, medical facilities, military organizations, but it’s important that all online consumers realize that they’re at risk for data breaches and thefts. It doesn’t matter if you’re just buying from a single brand or participating in the ACA healthcare exchange, your data is at risk and you need to hold companies accountable for it so that they get serious about protecting your information.

Where do we go from here?

If you own a business that stores customer data it’s time to get serious. Tarte didn’t take the risk seriously and their customers will suffer as a result. Tarte is a large company that didn’t believe it had to test its security because its customers were low-value targets. But in the current climate all targets are high value.

If your company keeps client records it’s time to take a good, long look at your practices. PMCS can help – give us a call for an assessment of your security protocols and data environment.

In the meantime practice good netiquette, make sure everyone in your office has macros disabled on their email programs, and make sure everyone has their antivirus up to date.

But more than that, take your customers’ privacy seriously. Never store your customers’ data in a way you wouldn’t want your own data stored.