Reasons to Perform a Security Risk Assessment
Performing a Security Risk Assessment (SRA) is one of the things that Managed Service Providers can utilize as a way to solidify their client relationships and grow their business. Offering it to existing clients is a way of showing your value as well as helping them to strengthen their security posture. You can engage with potential clients by offering to do an assessment for them.
Additionally, businesses that are in healthcare and fall under HIPAA compliance are required to perform an assessment annually, so it can be used as a tool to strengthen and build those relationships. However, doing so with all of your clients should be a part of your plan regardless of the industry that they work within.
Inside Threat
The threat to a business from outside perpetrators is very real when it comes to cybercrime. But sometimes the threat comes from within, and it is even harder to detect or prevent in the first place.
Why would someone try to intentionally hurt the very company that provides them with a paycheck? The reasons vary, but there are a few that are repeat offenders. They include stealing proprietary information to take to another job, selling to the competition, or working with cybercriminals to provide the foundation for an attack.
Collective Action Against Cybercrime
Last week the President met with leaders in the private sector as well as those in education to discuss the need to address cybersecurity threats to the nation and efforts needed across the board. The increase in incidents and the ongoing threat of attack is something that transcends all the invisible borders that we put on humans or businesses. In other words, cybercriminals don’t care about your race, religion, income, or the industry that you work within. Data is valuable to them however it needs to be obtained and whatever information it can provide – it all adds up.
Normalizing Breaches
In August of 2019, Facebook was the victim of a data breach that compromised information from 533 million people from 106 different countries. Why is this in the news now? Because the breach was addressed in a recent email from Facebook management, and that email was accidentally sent to a Belgium-based news outlet and, in that email, they don’t seem too concerned.
Small Business Exposure
When you’re a small business, you hope for exposure. But recently, we learned that the Small Business Association (SBA) was the victim of an incident that exposed user data in a less than positive way. This occurred at the end of March, about two weeks into the official COVID-19 crisis for the United States, and at the beginning of the relief efforts that were being established.
The exposure was on the SBA’s online portal where nearly 8,000 applicants provided personal information in the process of seeking emergency loans.
When the Threat Is Inside the Building
Insider Threat
A recent discovery of a breach of customer data at Fifth Third Bank uncovered a troubling truth. It wasn’t hackers outside the United States that had accessed the information, it was intentionally handed over by employees.
Equifax Breach Update
Made in China
The 2017 Equifax breach brought individuals and one of the largest credit agencies to their knees. And now, over 2 years later, the United States Justice Department has charged four Chinese military officials as responsible parties in the breach.
Words With Friends Hack Could Affect 218 Million Users
I’d Like a Word with You
In fact, I’d like a word with all 218 million of you. Yes, that is the number of users in the popular game Words With Friends, the very one that was allegedly hacked by the Pakistani hacker, who uses the alias Gnosticplayers, on September 2nd of this year. This recent breach is all a part of their announced intent to put data of 1 billion users up for sale. And he/she seems to be making progress because by April, they had reportedly stolen 932 million user credentials from a whopping 44 companies.
Breach Accountability
This week I saw a story link come across my newsfeed to “make sure you get your money from Experian” – it was referring to the compensation being offered as a result of their breach. You could either opt-in for credit monitoring or take the $125 payout.
Regardless of what choice you made if you were affected, what I found interesting was that this was now coming across in the newsfeed of my “friend” group, not my professional feed where I would expect it.
These Numbers Don’t Add Up
If you are management, and your employee came to you with a proposal, you’d likely (hopefully) listen.
What if that employee proposed to you that by keeping business as is, you’d likely lose millions of dollars – and possibly go under? But if you made one small change, you’d increase your odds of staying in business and actually thriving throughout the years – would you listen? I bet you would. I know I would.