Category: BAI Security Blog
Cybersecurity

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords. That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own. We bring this up for a good reason: people still aren’t taking passwords seriously. A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in

Read More »
BAI Security January 19, 2017
breach security

The Final Tally: Healthcare Breaches in 2016

The healthcare sector was dealt a rough cybersecurity hand in 2016. Department of Health and Human Services’, which tracks all reported breaches in the healthcare field, recorded 310 incidents for the year (affecting a minimum of 500 people in each case). All together, these breaches added up to affect a staggering 16.1 million people. The chart below, pulled from the Department of Health and Human Services, lists the 10 biggest healthcare breaches of 2016. Business State Individuals Affected Submission Date Type of Breach Banner Health AZ   3,620,000   8/3/16   Hacking/IT Incident   Newkirk Products, Inc.   NY   3,466,120   8/9/16   Hacking/IT Incident   21st Century Oncology   FL   2,213,597   3/4/16   Hacking/IT Incident  

Read More »
BAI Security January 12, 2017
Banking

Catching Cyber Criminals

We have a habit of profiling major cyber crimes in this space. The breaches that grab our attention, foreshadow coming doom – and so on and so forth. It’s important to remember, however, that there are real people behind these attacks. Real people who can be caught red-handed. The Crime The London Metropolitan Police’s Falcon cybercrime unit recently announced the arrest of a British man for stealing up to £840,000 ($1 million) in an online banking fraud scheme. Tomasz Skowron launched a malware attack in December 2014, targeting computers around the world. Notably, several companies in Australia were affected and forced to make payments. To facilitate this, Skowron set up a “money mule” system of bank accounts to which the

Read More »
BAI Security January 5, 2017
Cybersecurity

The Biggest Threats of 2016 and Predictions for 2017

This year had its share of headline grabbing cybersecurity news. From Yahoo’s many breaches, to new threats in phishing and social engineering, 2016 wasn’t short on new threats. With the year wrapping up, we wanted to take a minute to recap what we saw as the biggest threats of 2016, what to prepare for in 2017 and what you can do right now to protect yourself. The Biggest Cybersecurity Threat of 2016 By far, the most significant cybersecurity threat of 2016 was ransomware. The Kaspersky Security Bulletin 2016 states that the rate of ransomware attacks against businesses increased this year from one every two minutes in January to one every 40 seconds in September. Kaspersky Lab detected 2,900 ransomware variations

Read More »
BAI Security December 29, 2016
Compliance

A Different Type of Phishing

Often, we see phishing schemes being perpetrated by hackers seeking to steal information. Rarely do we discover a scheme that is essentially an elaborate marketing tactic. Healthcare Info Security reports that the Department of Health and Human Services (HHS) sent a warning to organizations in the healthcare system, alerting them to an unusual phishing attempt. Phishing, as we’ve previously written about, is a scam that uses seemingly legitimate links to take you somewhere you didn’t intend to go. This can be done by subtly changing a URL address, which is exactly what was done in this case. The Scam Per the HHS, this phishing email campaign masquerades as a message regarding HIPAA compliance audits from the HHS’ Office for Civil

Read More »
BAI Security December 20, 2016
best practices

A New Domino: Ransomware on Social Media

We’ve written a fair amount about the consistent threat ransomware poses to your business, and that’s because it’s a constantly shifting threat worthy of frequent updates. Once you think you have one attack method under wraps, another one pops up. It’s a lot like trying to plug holes in a leaky dam, desperately trying to prevent the whole thing from collapsing. Unfortunately, recent news has raised the specter of a new threat, one which could potentially have wide-reaching effects on your business. Social Media Threats Healthcare Info Security recently reported some less than ideal news: ransomware may have been found on Facebook. Facebook has disputed this claim, but reports are showing that a malicious image file is being spread through

Read More »
BAI Security December 8, 2018
Compromise Assessment

Compromise Assessment: Rooting Out Hidden Attackers

We often think of data breaches as these big, climactic events. Something like the bank robberies you might see in big budget movies. One minute, everyth is fine. The next, YaPostTypes Permalinkshoo or Target’s doors are being kicked down; they’re under attack. Millions of passwords, bank account info and more are made off with in an instant. Of course, it’s not really like that. There aren’t any getaway cars out front or dramatic fight scenes as the criminals steal information. Cyber-attacks don’t normally set off alarms – it’s in cyber criminals’ best interest to quietly sneak in so they can steal as much information as they can for as long as possible. These are stealth attacks that can linger, sometimes for years. To combat

Read More »
BAI Security December 1, 2016
Breach

Update: The Yahoo Breach Keeps Getting Worse

Recently, we discussed the massive impact the Yahoo data breach was having on companies in all fields. At the time of our writing, there were rumors of Verizon beginning to get cold feed out of a proposed merger with Yahoo, potentially costing Yahoo up to a billion dollars. Things were not looking so great. News this week has warranted an update to Yahoo’s plight, however, as it appears somehow things have gotten even worse with the admission that their breach problems might have begun years ago. A Hidden Problem According to a filing Yahoo made to the Securities and Exchange Commission (SEC), Yahoo believes that the attacker who affected at least 500 million accounts first obtained access to their system

Read More »
BAI Security December 17, 2016
Banking

The Compliance Issue: Taking IT Security a Step Further

Complying with cybersecurity regulation is at the forefront of many companies’ minds. Perhaps to their own detriment, according to David Glockner, the regional director at the U.S. Securities and Exchange Commission’s (SEC) Chicago Regional Office. Quoted in SC Magazine, Glockner encouraged attendees at an SC Congress meeting in Chicago to think about cybersecurity, “divorced from the regulatory landscape.” Instead, he made the case that companies should think about their cybersecurity from a business perspective. “What is your most sensitive information? What are your most sensitive operations and what vulnerabilities do you have? And thinking about how you protect what’s critical to your business operation in most instances is going to get you most, if not all of the way, toward

Read More »
BAI Security November 10, 2016
antivirus

A False Sense of Security: How Antivirus Can Fail

It’s pretty easy to think of computer viruses and malware as someone else’s problem. You hear about big attacks in the news, about the thousands of people who have had their information stolen and the businesses who have suffered mind-numbing losses in revenue. This isn’t something you have to worry about though, right? You know what a phishing link looks like, you avoid suspicious websites and you don’t open strange emails. Unfortunately, taking all the precautions in the world on your own isn’t enough, especially if you lack proper antivirus and malware protection. The odds of avoiding any form of malicious code is just too high – and those odds are only continuing to increase. The Difference Between Viruses and Malware

Read More »
BAI Security November 3, 2016

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact