Back to Top

Tech, Web, Cloud & Cabling Services

Category: Internet Security

BigBeagle.com / Internet Security Category

Hacker collects 272m email addresses and passwords, some from Gmail

Security firm announces it has persuaded fraudster to give up database of email addresses along with passwords users use to log in to websites

hacking gmail

The internet on Wednesday gave you another reminder that everyone has been hacked.

Hold Security, a Wisconsin-based security firm famous for obtaining hoards of stolen data from the hacking underworld, announced that it had persuaded a fraudster to give them a database of 272m unique email addresses along with the passwords consumers use to log in to websites. The escapade was detailed in a Reuters article.

It might sound bad, but it is also easily mitigated.

The passwords and email addresses, which include some from Gmail, Yahoo and Russia’s mail.ru service, aren’t necessarily the keys to millions of email accounts. Rather, they had been taken from various smaller, less secure websites where people use their email addresses along with a password to log in.

People who use a different password for both their email account and, say, Target.com, won’t be affected. But those who tend to use the same password for multiple sites as well as their email should change their email password.

“Some people use one key for everything in their house,” Hold Security founder Alex Holden says. “Some people have a huge set of keys that they use for each door individually.”

Holden said there is no way for consumers to check if their emails were included in his firm’s latest find. In 2014, when his firm tried to set up such a service after obtaining a billion hacked login credentials, his site crashed.

The hacker appears to have been largely targeting Russian users. Some 57m of the email addresses were for the country’s largest email provider mail.ru, which claims 100 million monthly users. Around 40m of the addresses were Yahoo Mail, 33m Hotmail and 24m for Google’s Gmail service.

In this case, the hacker had been bragging on internet chat forums that he had a treasure trove of login credentials that he was trying to sell. Holden, who is fluent in Russian, said he wouldn’t pay for the data but would give him “likes” on various social media posts in exchange.

The hacker, who apparently is quite young, agreed. “We kind of call him the collector,” Holden says in a heavy Russian accent. “Eventually, almost everyone gets breached.”

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Ransomware-as-a-service is exploding: Be ready to pay

RaaS has outgrown smaller targets and now threatens governments, NGOs, and SMBs.

ransomware

It starts with a fast click on a link in a harmless-looking email. Then your PC slows to a crawl. A message suddenly pops up and takes over your screen. “Your files and hard drive have been locked by strong encryption. Pay us a fee in 12 hours, or we will delete everything.” Then a bright red clock begins counting down. No antivirus will save your machine. Pay the fee or lose everything.

You’re the latest victim of a ransomware attack. The scary thing is, you’re not alone. The ransomware market ballooned quickly, from a $400,000 US annual haul in 2012, to nearly $18 million in 2015. The average ransom—the sweet spot of affordability for individuals and SMBs—is about $300 dollars, often paid in cash vouchers or Bitcoin.

The ransomware market scaled up so quickly, claims a recent report by Imperva, due to the rise of ransomware-as-a-service, or RaaS. Here’s how it works:

  • Ransomware authors are marketing on-demand versions of code, using traditional malware distributors in a classic affiliate model.
  • The ransomware author collects the ransom and shares it with the distributor.
  • Malware is distributed through spam email messages, malicious advertisements, and BlackHat SEO sites.
  • According to the Imperva report, “in classical affiliate marketing, the larger cut goes to the possessor of the product. In RaaS … the ransomware author gets a small cut of the funds (5%-25%) while the rest goes to the distributor (affiliate).”
  • Using the deep web, TOR, and Bitcoin, the report says, “this model, based on TOR and Bitcoins, is designed to keep the identity of the author and the distributor hidden from law enforcement agencies.”

Phishing in particular, is a highly effective tactic for malware distribution.

The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with a demand for money for an arbitrary service, along with a link that purports to be an “overdue invoice.”

Click that link and open the file (which looks like a Word document), and you’ll become the latest victim of ransomware — that is, malware that encrypts your files and locks you out of your computer until you pay a ransom.

Phishing attacks have also helped ransomware move into the enterprise. In 2015 the medical records system at Hollywood Presbyterian Medical Center was attacked. The hospital paid $17,000 in Bitcoin to unlock the sensitive records. In early 2016 the Lincolnshire County Council was snagged by a phishing scheme and held up for 500 dollars.

To prevent your business from attack, make sure the IT department and communication team are in sync, keep your company’s security systems updated, and remind employees to use caution when clicking on email links from unknown addresses.

If you’ve been hacked, the ransomware rescue kit provides a suite of tools designed to help clean particularly pugnacious malware.

Businesses that suffer ransomware attacks face a tough choice. Paying the fee could restore access to mission-critical data, but there’s no guarantee the extortionists will honor the deal. And of course, paying a ransom provides incentive to hackers and validates the attack.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Beware downloading some apps or risk “being spied on”

Popular apps on your smartphone can be convenient and fun, but some also carry malicious software known as malware, which gives hackers easy access to your personal information.

A security firm found that between 75 and 80 percent of the top free apps onAndroid phones or iPhones were breached. The number jumps as high as 97 percent among the top paid apps on those devices.

Whether these apps help advertisers target you or help hackers rip you off, you’ll want to do your homework before downloading apps, reports CBS News correspondent Anna Werner.

California’s Susan Harvey said she was a victim after she used a debit card to download a slot machine game app to her cell phone through a Google Play store account.

“It was something you purchased once, for like $15,” Harvey said.

When she went to reload the game, she found hundreds of purchases had been made — by her math, more than $5,000 worth of transactions.

“My heart sank, I just sat there looking at it… I physically, I was sick, because I didn’t know what they were,” Harvey said.

That story’s no surprise to cybersecurity expert Gary Miliefsky, whose company SnoopWall tracks malware. He said certain apps are designed to steal your personal information.

“What are the consequences for me as a consumer?” Werner asked.

“You’re gonna lose your identity. You’re gonna wonder why there was a transaction. You’re gonna wonder how someone got into your bank account and paid a bill that doesn’t exist,” Miliefsky said.

Milifesky said when you download an app, you also give permission for it to access other parts of your phone, like an alarm clock app that can also track phone calls.

“You think an alarm clock needs all those permissions? Access to the Internet over wifi, your call information, calls you’ve made, call history, your device ID? This to me is not a safe alarm clock,” Miliefsky said.

And there’s the weather and flashlight apps that he says exploit legitimate banking apps to capture information, as he showed us in a demonstration of what could happen when someone takes a photo of a check to send to their bank.

“The flashlight app spies on the camera and noticed the check and grabbed a copy of it. Shipped it off to a server somewhere far away,” Miliefsky said.

Last year the group FireEye discovered 11 malware apps being used on iPhones that gathered users’ sensitive information and send it to a remote server, including text messages, Skype calls, contacts and photos Apple fought back by removing the apps and putting stricter security measures in place.

“They get at your GPS, your contacts list…to build a profile on you,” Miliefsky said.

Some apps are simply collecting information for advertising purposes. In 2014, the Federal Trade Commission settled a lawsuit with a company over its popular Brightest Flashlight app, alleging it transmitted consumers’ personal information to third parties without telling them.

But Miliefsky said he’s found another flashlight app that can do much more troubling things.

“This one turns on your microphone in the background, listens in on you, and sends an encrypted tunnel to a server we discovered in Beijing,” Miliefsky described.

“You’re saying that they’re actually listening to people’s conversations and sending that audio back to Beijing?” Werner asked.

“Yeah, we’ve tracked it. I can show you where it does it,” he said.

Miliefsky said it can be traced to a few blocks from Tiananmen Square on Information Drive in Beijing.

He gave a report on that app to the FBI.

“Because to me, it’s spyware at the nth degree,” Miliefsky said.

His recommendation?

“We really have to look at our phone and say, ‘This is really a personal computer that fits in our pocket. Let’s shut down all the apps we don’t use. Let’s delete apps that don’t make sense and reduce the risk of being spied on,'” Miliefsky said.

The creator of the Brightest Flashlight app settled with the FTC, agreeing to change its policy and delete all the information it had gathered.

Harvey sued Google over her alleged hack, but a judge recently dismissed it, saying she and her attorney filed too late. Google said fewer than one percent of Android devices got bad apps in 2014.

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Apple CEO Tim Cook: FBI asked us to build a back door into iOS

The most important Tech Case in a Decade

Customer Letter – Apple

February 16, 2016

A Message to Our Customers

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

The Need for Encryption

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and other technology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers’ personal data because we believe it’s the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

The San Bernardino Case

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the government’s efforts to solve this horrible crime. We have no sympathy for terrorists.

When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software — which does not exist today — would have the potential to unlock any iPhone in someone’s physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.

The Threat to Data Security

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In today’s digital world, the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

A Dangerous Precedent

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by “brute force,” trying thousands or millions of combinations with the speed of a modern computer.

The implications of the government’s demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBI’s demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBI’s intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

Tim Cook

Answers to your questions about privacy and security

Have questions?

Get answers from Microsofts Cloud Solutions Partner!
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

Safari on iOS and Mac crashing, bug related to Safari Suggestions, here’s how to fix

A strange bug is affecting many Safari users today, causing crashes on iPhone, iPad and Mac. For many users, simply tapping in the URL bar will cause the browser app to crash completely.  The exact issue causing the crashing has not been locked down, but it appears to be related to Apple’s Safari Suggestions service. It’s a very annoying bug that is affecting a lot of people all of sudden today.

sjt-blog-safari-crash-ios

When you type a URL, Apple sends what you type to its servers, returning a response with autocomplete search queries, Top Sites and other info. There appears to be a bug in this server request that is causing Safari to randomly crash. Users are discovering some potential workarounds until Apple fixes the problem properly …

Disabling Safari Suggestions seems to be helping resolve the bug for many people on iOS. On your iPhone or iPad, go into Settings, tap Safari, and toggle off the ‘Safari Suggestions’ switch. This will fix the crashing, obviously its only a temporary fix until Apple sorts its servers out as it will disable the Safari Suggestions functionality.

Another option is to enter Private Browsing mode. In private browsing, by design Safari does not contact the suggestions server for intelligent completion options, so the server is never contacted and the crash never arises.

The bug is affecting users in many countries, but not all. It also depends on the state of your Safari, whether it has certain data cached already. The crash has been seen on iOS 8, iOS 9 and OS X 10.11. The bug could be even more widespread beyond these platforms however. It is pretty crazy flaw that is affecting so many people this morning, with many reports across European iOS customers.

We have contacted Apple about the issue for clarification, but it’s such a serious functional flaw that we expect a fix very shortly. Please note: this is an unrelated incident to the prank site CrashSafari.com.

Update: The Safari crash bug has now been fixed, according to Apple.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

CES 2016: Fitbit launches $200 Apple Watch competitor

Step aside, Apple, there’s a new watch in town. At CES 2016, Fitbit unveiled the Blaze, a smartwatch that does things the Apple Watch can’t, and at a lower price point.

fitbit-blaze

The new Fitbit Blaze is a smart fitness watch unveiled at CES 2016. Image: Fitbit

The basic utilitarian look of Fitbit is so last week, with today’s CES 2016 debut of Fitbit Blaze, a smart fitness watch with a color touchscreen that heralds in the next generation of the company’s popular fitness device line.

Fitbit Blaze does many of the same things as more expensive smartwatches, such as the Apple Watch, but it does it at a lower price point. The basic Fitbit Blaze comes with an elastomer band and will be available for retail sales in March 2016 with a $199 price tag. It tracks fitness and sleep stats and provides notifications for calls, texts, calendar alerts and music control. It’s compatible with Windows, iOS, and Android platforms.

One of the main features of the watch is how the bands are interchangeable to go from the gym to the office and out for the evening. Accessories will include additional elastomer bands for $29.95 each, leather bands for $99.95 each, and a steel link band for $129.95 each. The device is available for presale beginning today at Fitbit.com and tomorrow at various major retailers. For those who want to see the watch in person before ordering, on February 20 customers can go into Best Buy to try on the watch and pre-order.

“The product is about the balance of fitness and style. While it may look like a smartwatch, we think we’ve gotten it right. It has a distinct focus on fitness. That’s why we’re calling it a smart fitness watch. It puts fitness first,” said James Park, CEO and co-founder of Fitbit, at the CES 2016 press conference.

Fashion and style have long been a sore spot in the world of wearables and smartwatches. Because, even if a device has a stylish appearance, oftentimes it’s not feasible to wear the same product 24/7 for every occasion. The Fitbit Blaze eliminates this issue with the range of affordable interchangeable bands.

Fitbit Blaze includes many of the same features as previous Fitbit wearable fitness devices, such as all-day activity stats, but it also includes a color touchscreen, along with a partnership with FitStar for an onscreen workout. It also includes connected GPS for real-time exercise stats and PurePulse wrist-based heart rate tracking, which the company introduced last year.

The watch has a substantial battery life, lasting up to five days and nights, according to Fitbit Chief Business Officer Woody Scal.

Park said the Fitbit Charge, which was introduced last year, is the number one selling activity tracking device in North America, and the Fitbit Surge is the number one selling GPS tracking watch. On Christmas Day and the day after, Fitbit was the number one free app download.

“We are one of the larger technology IPOs of 2015. We are still trading about offering price which we think is rare. We’re pretty proud of that,” Park said.

Park took the opportunity at the press conference to point out how Fitbit is mentioned in the media, such as numerous photos with President Obama wearing a Fitbit Surge.

“For me it’s been really fun to see Fitbit mentioned on popular TV shows such as Big Bang Theory,” he said.

One of the biggest challenges that Fitbit faces is that its products have a 50% abandonment rate, compared to 6% for the Apple Watch. That makes the Blaze a strategically important move for Fitbit. The early reaction to the Blaze has been mixed as Fitbit’s stock dropped 13% following the announcement.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LL C is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 10 most important lessons IT learned in 2015

Every year brings with it new challenges, and new lessons, for IT in the enterprise. Here are 10 of the lessons IT learned this past year.

IT lessons

 

The end of a year is always a good time for reflection, especially so if you’re evaluating what your business did right and what you can improve upon. In an increasingly digital world, IT has quickly become one of, if not the most, important aspects of an organization. So, it should be with great care that executives and admins look back on their year and try to glean some wisdom about what can be done differently in the year to come.

Here are 10 of the most important lessons that IT learned in 2015.

1. BYOX is here to stay

As smartphone use grew to near ubiquity in the enterprise, it brought with it the trend of BYOD, or, bring your own device. While that originally referred to mobile devices such as smartphones and tablets, it spawned as host of “bring your own” everything else.

“BYOX is the new mantra with consumers bringing their own applications, cloud sharing tools, social media into the enterprise; essentially bringing their own expectations of which technology they want to use and how and where they want to work in a corporate environment,” said Chuck Pol, president of Vodafone Americas.

2. DevOps is no longer just a buzzword

The term “DevOps” gained huge popularity in 2015 as a reference to an agile method that stresses the collaboration of development and operations. The goal is to connect the writers of the code with those who maintain the systems that run it. However, DevOps continues to evolve and, although it has its own set of challenges, it could be poised to become the method of choice for enterprise IT starting in 2016.

3. Data is currency

Data, especially as it relates to big data has been steadily growing in value but 2015 felt like a tipping point. Tools for both structured and unstructured data exploded in popularity and major data service providers went public, adding credibility to the field and likely creating a better inroad into the enterprise. Also, businesses got better at distinguishing between relevant and irrelevant data.

“It is no longer credible to look at data as big static objects in a deep lake, but rather be considered a set of fast moving assets in a raging river,” said Neil Jarvis, CIO of Fujitsu America. “In 2016 and beyond, companies need to look at the data that creates business-relevant information for today and tomorrow.”

4. Finding talent is problematic

Talent shortages don’t just affect startups on the West Coast. CompTIA CIO Randy Gross said that current estimates suggest there are more than one million IT job opening across the US alone, ranging across skill level from support specialists to network admins. Enterprises are going to have to work harder to attract and retain talent.

“Wise employers with IT jobs to fill have engaged in a self-examination of the tactics and strategies they’re using to attract new talent—and adjusting accordingly,” Gross said. “For some companies, new telecommuting and remote work options have helped them fill their talent gaps.”

5. SMAC is still relevant

The SMAC stack, which stands for social, mobile, analytics, and cloud, is also known by some as the “third platform.” As all of these individual components continue to grow and thrive in the workplace, their interdependencies will grow along with them.

“Senior management must become well versed about these technologies and their possibilities to create new value and new competitive advantages in their own business and markets,” Pol said.

6. Cloud lost its fear factor

Cloud acceptance was a mixed bag for a long time, but 2015 brought a more widespread embrace of cloud technologies and services in the enterprise. In fact, some trends are making it almost a necessity.

“The complete adoption of virtualization, as well as investigation into cloud and other strategies, is far more advanced than expected—particularly amongst SMBs,” said Patrick Hubbard, technical product marketing director at SolarWinds. “Making operating systems and applications truly mobile is redefining how companies think about their IT infrastructure.”

7. The security mindset is changing

Anthem BlueCross BlueShield and Harvard University were among the major organizations that dealt with a public security breach in 2015. With today’s social media, you can almost guarantee any data breach that occurs in the enterprise won’t stay a secret. And, with the risk of a breach high, Intel Security CTO Steve Grobman said that teams must adopt a new way of thinking.

“IT must embrace the mindset that they have already been breached, now how do you protect your environment with this new default outlook?,” Grobman said.

8. Shadow IT is a line item

Shadow IT carries nowhere near the same amount of scorn it once did in the enterprise. Some organizations are even openly embracing it, and making it a foundational part of their IT strategy. And, as shadow IT continues to grow, Pol said, it needs to be properly accounted for in the budget.

“As technology continues to transform business, IT infrastructure will become more complex and more difficult to have a complete view of technology across the business,” Pol said. “The role of IT will need to become more strategic and set clear lines of accountability between IT and line of business budget holders.”

9. Employees are the biggest security risk

When most people think about security risks to their organization, the image of the hooded hacker furiously typing away in a dark room. However, employees themselves pose a real threat to the security of an organization as well. Issues such as poor password practices and using unsecured networks with company devices are a real problem. Kelly Ricker, senior vice president of events and education at CompTIA, said mobile, while helping with agility and productivity, is a cybersecurity nightmare.IT

“Every device that employees use to conduct business—smartphones and smartwatches, tablets and laptops—is a potential security vulnerability,” Ricker said. “Companies that fail to acknowledge and address this fact face the very real risk of becoming a victim of cyber criminals and hackers.”

10. Commoditization is a threat

With the plethora of tools available to build and replicate popular tech, it is increasingly important for organizations to guard against the threat of commoditization.

“As development cycles become shorter and the potential for intellectual property to be recreated and copied increases, it is becoming more difficult to create a sustainable competitive advantage for your products and services,” Pol said.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

BYOD and the danger of litigation

BYOD means you must make a few extra preparations to protect your organization in cases of litigation and eDiscovery.

BYOD devices

It’s a fact that we live in a litigious world. Bring Your Own Device (BYOD) and even corporate-owned mobile devices often are caught up in legal cases. Chris Gallagher, national director for Adecco eQ, a nationwide eDiscovery firm gives an overview of how businesses can navigate eDiscovery when a business has BYOD devices seized as part of a court case.

eDiscovery and mobile devices

BYOD and corporate-owned devices can be put a litigation hold (sometimes called a “preservation order”) when an organization must preserve all forms of relevant information when there’s the anticipation of litigation.

Gallagher’s firm helps legal counsel with data forensic collection, acquisition on mobile devices and PCs. His company processes the data on these devices and uses advanced analytics to locate information pertinent to the litigation

eDiscovery and BYOD: The blurred line

BYOD is still, from a legal perspective, in its infancy, Gallagher said. He said every time his firm does a customer survey, they still hear about strong BYOD activity in the market.

He said, “Of course, from a discovery perspective, from a litigation hold perspective, it makes both the general counsel’s life that much more difficult as well as the law firm’s life more difficult because number one, there’s that blurred line, what is corporate data versus what is personal and individual data, where does that line cease?”

Gallagher points out that anytime you have devices entering and leaving a network there’s a control factor. Companies who master that control have a better (but still not perfect) time when they get called into discovery.

“When you have a device that is not a corporate-owned device that is accessing corporate information, the ownership of that information always comes into question,” Gallagher said.

“When dealing with eDiscovery, part of discovery requests are information that is under your direction and control,” he said. “It’s on a personal device, it’s not owned by the corporation, but it’s corporate-owned data, so is that under your control? Absolutely.”

Litigation holds on BYOD devices can be an added nuance and one more gray area that corporation have to deal with when it comes to BYOD in their enterprise.

Gallagher said you need to ask, ” How do you get that data back? How do you ensure that you’re not losing, not only from a litigation perspective, but the other major issue is corporate information, trademark secrets, corporate secrets, confidential information that you wouldn’t want to enhance?”

He further explained that a litigation hold over a BYOD devices means going beyond the normal things like a desk drawer, files, email, and shared devices. It means you have to ask “Okay, what else have you used to access the corporate network in the last year?

Wearables and eDiscovery

Wearable tech would have minimal impact on eDiscovery. Gallagher said, “Now, if you’re a corporate attorney, if you’re a defense counsel, one of the things you’re going to argue is “Well, the watch, everything that’s available on the watch, it’s just email, weather, that’s available on the server anyway, so you have another place to get it.”

The wearable is a highly discoverable type of device because most of that information is just replicating from somewhere else, Gallagher said. Usually, you are replicating wearable data from your phone so if you have the phone then everything’s replicated.

“For smaller cases, for cases at a location, for criminal cases, or matrimonial cases, where location is important, wearables could come into play,” he said.

Onboarding BYOD devices and eDiscovery

Much of what Gallagher said around BYOD policies is standard fare. I asked Gallagher how a company could protect themselves in the cases of salespeople (the “original BYOD”users) contracts and non-compete agreements. Competitors in highly competitive industries sue each over this kind of stuff all the time.

Career salespeople have their contacts (built from years of selling in an industry) that they keep on their phones. They may have sold to these customers over the years.

From a legal perspective in this scenario, Gallagher recommends that corporations have an addendum added to their standard employment agreement. The addendum should state, “I certify that I am not bringing anything from my former employee. We are hiring you for your knowledge of the industry in general and not any specific contacts that you may or may not have from former employees.

Gallagher said this sort of contract boilerplate puts the responsibility on their shoulders and that you aren’t hiring them for a particular contact.

He also advised that you want to make sure that they abide by their previous non-compete, but you don’t want them downloading or taking anything with them from their previous employer. Gallagher cautioned that you should not place any data from their previous employer on your corporate-owned system. Take, for example, syncing a personally owned smartphone to a corporate-owned laptop. Along with that sync can come corporate data from your competitor. eDiscovery can detect that data.

He further recommends that you have that new sales rep come to you with a clean slate of a cell phone.

Bringing contacts along on a personal device has become much easier legally speaking according to Gallagher. He said, “One of the recent things that’s come out of court cases is if you look at LinkedIn profiles, if you look at customer information but the sales rep proved that most of the information that he had from his ‘client’ was available publicly on their LinkedIn profiles.”

You don’t want them backing up their tablet to their new computer that could result in a breach of their non-compete, and now it’s backed up on your servers according to Gallagher.

Conclusion

Above and beyond the usual BYOD and challenges that enterprises face each day, you may also be navigating a blurred legal line so prepare yourself accordingly with BYOD policies and advice from your counsel to ensure that you are prepared if and when BYOD devices get put on a litigation hold.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

The 15 most frightening data breaches

data breaches

 

Ashley Madison (2015)

All data breaches are scary, but some just have that extra scream factor.

In arguably the most embarrassing data breach of the bunch, a group calling itself “The Impact Team” stole 37 million records from adultery website Ashley Madison, including many records that customers had paid to have deleted.

Virtually all of the company’s data was stolen in the hack, including records that suggest most female accounts on the site are fake, and that the company used female chat bots to trick men into spending money.

LivingSocial (2013)

Daily deals company LivingSocial had its network compromised in 2013, with hackers stealing roughly 50 million names, email addresses, birthdays, and encrypted passwords from its SQL database.

Sony PlayStation Network (2011)

Game over, man. In April 2011, hackers raided Sony’s PlayStation Network (PSN) service, stealing personally identifiable information from more than 77 million gamers.

Sony was further criticized for delaying the release of public information about the theft and for storing customer data in an unencrypted form.

The attack took Sony’s PSN out of service for 23 days.

Internal Revenue Service (2015)

Nigerian scammers pilfered more than $50 million from the U.S. Treasury via an embarrassingly simple 2015 hack of the Internal Revenue Service website.

Information scraped from previous data hacks was used to steal Americans’ identities and request copies of past tax returns on the IRS website. The crooks then filed new tax returns with falsified data, requesting big refunds.

The hack caused massive nightmares for the estimated 334,000 people whose records were stolen before the IRS shut down the transcript request service.

Target (2013)

Hackers installed point-of-sale malware on Target’s computer network sometime in 2013, resulting in the theft of more than 70 million customer records. Stolen data included payment card numbers, expiration dates, and CVV codes.

The retailer reached out to affected customers by offering free data monitoring (standard practice) and a 10% off discount on a future shopping trip. But it was too little, too late; same-store sales slid in the quarter following the hack.

Anthem (2015)

Anthem, the United States’ second largest for-profit health insurer, disclosed in February 2015 that it had lost 78.8 million unencrypted customer records to criminals. Names, social security numbers, email addresses, and income data was stolen.

The rare piece of good news: Financial and medical records were not affected.

Adobe (2013)

Adobe revealed in October 2013 that hackers had stolen 38 million active customer IDs and passwords, forcing the company to send out a wave of password reset warnings.

Weeks after, the news got worse for the company: The thieves also made off with the source code for its popular Adobe Photoshop software.

eBay (2014)

Talk about an inside job: In 2004, online auction house eBay suffered the largest hack in U.S. history, losing 145 million login credentials to a hacker using an internal eBay corporate account.

Names, email and street addresses, phone numbers, and birth dates were compromised, but thankfully, passwords were stored in encrypted form.

Home Depot (2014)

In September 2014, Home Depot admitted that it fell prey to hackers who installed antivirus-evading malware on its self-checkout registers. An estimated 56 million sets of customer payment card data were stolen in the attack.

The company’s losses related to the event are expected to top $1 billion when all of the lawsuits are finally settled. Only $100 million of that will be covered by insurance.

JP Morgan Chase (2014)

The September 2014 breach of JP Morgan Chase proved that even the largest U.S. banks are vulnerable to data theft. Online banking login details were not stolen, but crooks did get their hands on 76 million sets of names, emails, addresses, and phone numbers of bank customers, creating serious phishing concerns.

A group of Russian hackers is believed to be responsible for the attack.

PNI Digital Media (2015)

PNI Digital Media, the company that handles online photo printing for CVS, Walgreens, Rite Aid, Costco, and many more national chains, lost an unknown number of customer records to hackers in 2015.

Given that the company boasted more than 18 million transactions in 2014, it’s likely that this breach affected tens of millions of Americans.

Heartland (2008)

Credit and debit card processing firm Heartland Payment Systems became one of the largest data breach victims in U.S. history when hackers compromised more than 130 million accounts in 2008.

The criminal ring involved in the Heartland data theft was also found to be responsible for the 2005 hack of TJX Companies involving 94 million records.

TJX Companies (2005)

In a 2005 scheme dubbed “Operation Get Rich or Die Tryin,” a group of hackers used an unsecured Wi-Fi network at a Marshalls store to break into parent TJX Companies’ computer system and steal 94 million customer records, including payment card data.

Albert Gonzalez, the ringleader of the hack, is serving a 20-year sentence in Leavenworth.

U.S. Office of Personnel Management (2015)

Earlier this year, the United States Office of Personnel Management admitted that hackers had taken 21.5 million records belonging to those who had undergone government background checks or otherwise applied for federal employment. The hackers stole a wealth of sensitive data, including security clearance information and fingerprint data belonging to secret agents.

The Washington Post reported that the attack is believed to have originated in China.

Zappos (2012)

In January 2012, online shoe retailer Zappos stated that cybercriminals had stolen data of 24 million customers, including names, addresses, and the last four digits of their payment cards.

After the announcement, Zappos had to disconnect its phone lines to keep upset customers from calling in and overloading its phone system.

Have questions?

Get help from IT Experts/Microsofts Cloud Solutions Partner
Call us at: 856-745-9990 or visit: https://southjerseytechies.net/

South Jersey Techies, LLC is a full Managed Web and Technology Services Company providing IT Services, Website Design ServicesServer SupportNetwork ConsultingInternet PhonesCloud Solutions Provider and much more. Contact for More Information.

To read this article in its entirety click here.

CALL US NOW!