fbpx

What is a Data Breach?

The term breach has different legal definitions based on state law. There are states that have breach notification laws and Ohio is one of them. The Ohio Revised Code (ORC) 13449.19 “Private Disclosure of Security Breach of Computerized Personal Information Data” defines what a breach is, and what must be done in Ohio if a breach occurs. It is important to understand that if you are doing business in other states, you must understand each state’s laws and comply with them. It gets even trickier if you have information for individuals in foreign countries.

From the ORC: “Breach of the security of the system” means unauthorized access to and acquisition of computerized data that compromises the security or confidentiality of personal information owned or licensed by a person and that causes, reasonably is believed to have caused, or reasonably is believed will cause a material risk of identity theft or other fraud to the person or property of a resident of this state. It is interesting to note that it specifies computerized data and does not include paper records.

Other things that need to be clearly understood are industry or regulatory requirements that you must meet. If you are in the medical industry, you need to be compliant with HIPAA, banking (GLBA), Finance (FINRA), Energy or Power Generation (NERC) and the list goes on.

If you are concerned about your security posture and want to avoid an incident, or breach Quanexus can help. Contact us at 937.885.7272.

Posted by Jack Gerbs in Recent Posts

5 Reasons to Attend Our Network Security Seminar

5 Reasons to Attend Our Security Awareness Training

1.) KNOWLEDGE IS POWER
Learn how training your employees on how to identify and avoid cyber threats can save your company time and (lots of) money. Your employees are the first line of defense against cyber threats, investing in their training is an investment worth making.

2) HEAR FROM AN INDUSTRY LEADER
Our speaker, Jack Gerbs, is a leading expert in the IT industry and has trained hundreds of professionals on how to keep their assets secure and their network safe from cyber criminals.

3) LEARN WHAT THREATS ARE OUT THERE
You hear about big breaches in the news but are you aware of the variety of other threats that exist? From phishing emails, to what makes a strong password, and how to keep Malware and viruses out of your network, he will cover it all and then some.

4) SEE THE VALUE
During the session we will be covering our Security Awareness Training, which is why we have limited it to two representatives from each company. The likelihood that your company will fall prey to an attack decreases greatly following a formal, on-site training for your whole team.

5) IT’S JUST TWO HOURS + NO CATCH
Our goal as a company is to educate our community and help them to be safe and secure, compliant and most importantly up and running. Our events are meant to be informative and to create a forum for cybersecurity discussion and do not come with any ‘catches’.

Want to learn more about the specifics of the event? Click here or call us at 937.885.7272.

Follow us on Facebook, Twitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity.

Posted by Jack Gerbs in Recent Posts

New Season, New Website

This week we launch our newly redesigned website and we are excited to share some of the new features with you.

We offer numerous services so one of our goals was to make the information about each of these services as easy to navigate, and find, as possible. Another goal was to make it easy to get in touch with us through various forms located throughout the site.

One of the features we are most excited about is that a network assessment can now be requested through our site. Network assessments are available to current, or prospective clients and are of no charge or obligation to the recipient. Find out more details about the assessment here.

Once the form is submitted someone will be in touch with a few follow up questions and to discuss a time for the onsite assessment to take place.

Another feature we are proud to offer is the ability to either navigate our site by specific industry, or specific solution (service). We have broken our offerings down into three main industries: non-profit, financial and general business, and our solutions into voice, data, information security and physical security.

Additionally, we have also added a page to highlight our upcoming events. Throughout the year we offer several events such as lunch-n-learns and seminars, those events will now be posted to our Event’s page. On this page, people will also be able to register for the event without having to go to a third-party event site.

We hope that you take a minute to tour the new site and after you do, let us know what you think.

Follow us on FacebookTwitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

Winter Olympic Cybersecurity Threats

2018 Winter Olympic Cybersecurity Threats

The 2018 Winter Olympic Games in Pyeongchang, South Korea are in full swing and unfortunately, so are the bad guys.

Last week the official Olympic website went down for hours as it fell victim to an attack. The malware has now been dubbed the “Olympic Destroyer” and experts are on the hunt to uncover how this destructive disturbance was launched and by whom.

The bad guy’s target isn’t always so massive, as is the case with the phishing attacks and malware circulating via email and social media.

Olympic Phishing Email

Like typical phishing emails the use social engineering to try to get the reader to do something like click on a link or download an attachment. In one case, hackers are sending emails disguised as being from the country’s National Counter Terrorism Center with a malicious Word document attached to organizations associated with the Olympic Games.

After the Word document is opened the reader is told to enable content and this is where the trouble begins. Once enabled, and PowerShell is launched, a seemingly benign image becomes the vehicle for hackers to later execute malicious script directly from memory. How? A new tool called Invoke-PSImage, which hides script in the pixels of an image.

What is worse is the script is hidden within the pixels of an image and traditional antivirus solutions can’t detect it. This example is so dangerous because it does not have to be downloaded as we have seen in the past.

Social Media Targeting

Other scams to be on the lookout for circulate via social media.

There are plenty of scams that offer free tickets or tickets to fake competitions but unless you are boarding a plane for South Korea you probably won’t fall for those.

A more likely scenario is one asking you to sign up to receive breaking news, updates and/or a behind the scenes look of the games. There is also the chance you could fall for clicking on a link shared by a connection on Twitter or Instagram.

Think before you click! This cannot be stressed enough. Be it through email or social media, the bad guys are lurking and want your personal information and data. Don’t fall victim to their schemes –  learn how to identify their tactics.

Other posts help you learn more about how to steer clear of cybercriminals:

Be aware of password best practices.

Make sure the people in your organization know how to identify potential threats.

Arm yourself with knowledge.

Figure out where to begin.

Consider a risk assessment.

If you would like to speak to someone about your organization and it’s needs, we would be happy to help. Reach out to us at 937.885.7272.

 

Follow us on FacebookTwitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.

Posted by Jack Gerbs in Cybersecurity, Recent Posts