In 2017, Equifax had just suffered a massive data breach, resulting in the theft of over half of all American adults’ personal information. Now, 2 years later, Equifax will pay a total of $700 million in fines for laws they broke and their negligent handling of consumer data. Reuters stated that of the $700 million, Equifax is set to pay $300 million in damages to consumers, a number that could climb as high as $425 million depending on how many people claim damages. LifeHacker has outlined exactly what to expect if you were a part of the 147 million Americans who had their data stolen. If you were to file a claim now, expect one of the following outcomes: 1. Free credit monitoring for four years through Experian, or six years through Equifax. However, if you already have credit monitoring for the next six months, you could file a claim for the sum of $125 cash. 2. Up to $20,000 cash if you can prove damages due to the data breach. However, to claim, let alone obtain such a large sum of money will require that you are able to prove without a doubt that you suffered damages directly related to the Equifax data breach. 3. Identity restoration services for free for the next seven years. Chief Executive Mark Begor from Equifax said that he expects the $425 million would be enough to ensure all those who suffered damages would be financially compensated. However, US consumer advocates voiced several concerns regarding the supposed “substantial” amount. Ed Mierzwinski of the U.S. Public Interest Research Group regarded the fine as “…a parking ticket, not a penalty.” He also finds the number of hoops consumers must jump through, in order to be compensated for Equifax’s negligent handling of consumer sensitive information, ridiculous. Concerns about the short-sightedness of these “penalties and fines” is also on the minds of some. Chi Chi Wu, the attorney for the National Consumer Law Center stated that “The settlement provides some compensation right now, but the risk of identity theft is forever.” Many believe Equifax has been “let off the hook” for the largest data breach in American history, a viewpoint hard to argue with. After reading this, you are probably wondering yourself if your information had been compromised due to the breach. Well, the good news is that I can provide you the link to the website but can promise nothing in terms of the outcome of your discovery! Equifax has provided a website for consumers to review their data information. If you are a business owner and are worried about the security and safety of your business’s sensitive information, contact Hammett Technologies! We are experts in data security and can guarantee the safety and security of all your company’s sensitive information! Click here to learn how we can help your company stay secure!
As technology continues to advance, so do those who aim to use it to exploit others. According to Accenture, when a business suffers a cybersecurity attack, an estimated $2.4 million is spent on recovery, and it takes an estimated 50 days to recover from the attack entirely. On a global scale, the average business can expect to spend on recovery is estimated to be as high as $3.86 million, with another attack within 24 hours with a 27.9% chance (via 2018 Ponemon Report). It is essential that businesses understand this threat, and that investing in preventative measures, such as automation, is important to maintaining a business’s security. What is a Data Breach? According to the 2018 Cost of a Data Breach Study, to classify an event as a “data breach” an individual’s medical record, financial record, and/or debit card information must be placed at risk. This type of information can become exposed due to malicious or criminal attack, system glitch, and even human error. How Does a Business Avoid Data Breaches? In order to prevent a data breach from occurring, a business must invest in a strong cybersecurity team. With the support of a robust cybersecurity team, a business has a better chance of staying ahead of malicious hackers. Furthermore, extensive pressure testing can also aid in prevention. Pressure testing a businesses network environment can reveal vulnerabilities, as well as aid in innovation, keeping your cybersecurity ahead of the attackers. However, one of the most important defenses a business can invest in is automation. What is Automation and How Can It Improve Cyber Defense? When it comes to cybersecurity, automation is your best defender. According to 2019 Study on the Cyber Resilient Organization, automation, in the cybersecurity field, refers to investing and enabling in cybersecurity technologies that assist or replace human intervention in the identification and containment of cyber exploits or breaches. Furthermore, for these technologies to function correctly and efficiently, artificial intelligence and machine learning, must be appropriately implemented. Automation creates a symbiotic relationship with businesses cyber resilience. It reduced the chances a business has of encountering a data breach, as well as the frequency of them occurring. Investing in automation allows for a business to feel more confident in its ability to track, prevent, and contain potential cybersecurity incident. However, while automation does remove humans from the identification and containment procedure, it does not mean that cybersecurity professionals are irrelevant. A business should keep a full staffed cybersecurity team to assist in training, as well as regular maintenance of the automation processes. Furthermore, a fully staffed cybersecurity team can develop a Computer Security Incident Response Plan (CSIRP), which significantly assists in detection and containment. Automation is a necessary part of a company this wished to keep their client’s information save and save money. According to the 2018 Cost of a Data Breach Study, on average, the losses of a company that has fully and effectively implemented automation to their cybersecurity defense, are $2.88 million, while a company that has decided to skip on automation suffers $4.43 million in losses. Automation is an essential tool for any business looking to improve its cybersecurity and cyber resilience. What Other Steps Should a Business Take to Continually Improve its Cyber Resilience? Automation is a crucial component to any businesses cybersecurity detail, but businesses cannot overlook other key personnel and details either. Security intelligence systems can save a company as much as $3.7 million. Companies that take full advantage of encryption and effectively use it can save as much as $1.4 million annually. Properly implementation of a firewall can prevent 2.5 million in losses yearly as well. Perhaps the most often overlooked factor is maintaining a sufficient budget for cybersecurity, which can save a company $2.8 million annually when appropriately maintained. As stated earlier, keeping a fully staffed cybersecurity team crucial to maintaining the network, leading to $2.1 million in savings for the company; however, no team is without its leader. Hiring a Chief Information Security Officer (CISO) can further improve security, as well as save a company $2 million yearly. Lastly, and an added measure as to what automation cannot accomplish is proper training and cybersecurity awareness meetings. Training and informing employees on cybersecurity not only helps to prevent human error, but it also saves a company $1.5 million every year. Automation is crucial, but implementing other cybersecurity personnel and details in equally important in maintaining a proper network. As technology continues to progress, the threats do as well. Therefore, it is up to businesses and cybersecurity teams to implement the proper tools necessary to defend against attacks that can wreak havoc and cause data breaches. At Hammett Technologies we understand the importance and can help evaluate and develop a plan to help train employees and prevent data breaches, ensuring your company’s data remains secure.
Unfortunately, this attack may affect those of you who travel the most. If you have stayed at any of the following Starwood brand hotels, including the Marriot, your information could have been compromised. Westin Sheraton The Lucury Collection Four Points by Sheraton W Hotels St. Regis Le Méridien Aloft Element Tribute Portfolio Design Hotels If you have stay at one of the hotels, it is in your best interest that you assume your information has been compromised! Take precautions and prepare yourself for a variety of social engineering attacks. What to Look For Spear Phishing Alert: Starwood Preferred Guests accounts have been breached, therefore it is likely that attackers have access to both your work and personal email addresses. Now, having your email address, attacks will send you emails that appear to be from real corporations, in an attempt to gain further access to your personal information! Be on patrol for these kinds of email, and if you do spot one, mark it as spam and report it immediately Copycat Phishing and SMS Phishing: With your information now floating around in the wild, attackers will try numerous methods in order to gain further access into your personal information! Marriot has made a statement saying it would email any Starwood Preferred Guests as well as those who may be impacted. Therefore, it is safe to assume that the attackers will now always be sending you and email that will look almost identical. Therefore, to air on the side of caution, do not open any emails, click on any links, or download any attachments that have come from the Marriott or Starwood Hotels. Furthermore, do not respond to any voicemails, or texts that claim they are representatives from the hotels listed above. Instead, look up the hotel and call them directly yourself! Have a Chat with Accounting: Odds are you have a business credit card, and if you have stayed at one of the following hotels in the past 4 years, odds are the bad guys have that same exact card now. Therefore, ask accounting to watch the card for any suspicious activity! If you use your own credit card and get reimbursed, call your bank and inform them of the situation, change your password, and monitor your account closely! Do Not Search for “WebWatcher”: Marriott is offering those who were targeted in the US, Canada, and the UK, a free, one year subscription to a Kroll Identity Service called “WebWatcher”. This service monitors “internet sites where personal information is shared”. Decoded that means they watch hacking sites on the deep web for compromised data records. DO NOT search the web for this program. This search will lead you to programs that, while they carry the same name, are hosts to spyware and other dangerous viruses. If you want to sign up for the free monitoring service, follow the links at info.starwoodhotels.com to country specific versions. Traveling Safe When leaving for an office trip or vacation make sure you: before leaving the office while packing in the taxi at the airport in flight at meetings and conferences at the hotel Following these steps will make sure that you are secure when traveling!