October Cyber update II from the Office of Rob Kleeger
Oct 28, 2020 9:26 pm
,
I hope this email finds you and your loved one's safe, secure, and healthy. In addition, that this Q4 provides as much success as you've had in the past.
I've been receiving some very positive feedback on these little reminders about me and with open arms. So much positive has come from this pandemic and I've been more mindful than ever since. :( perhaps it's just aging!
That said, some people that know me deeply have told me and said they know me as appreciative, open, willing to always be of help, amazingly available and quick responder, passionate about what I do, and for whom I do it for, direct, honest, and at times blunt without being PC - type of person.
It is my hope that you find value in the below and bi-monthly "top of mind" communications. If you do, please forward along to a person who may find value and/or have them sign up at the bottom of the newsletter.
I am always looking to improve, receive constructive criticism, and embrace the opportunity to hear your voice.
Lastly, I am working on another newsletter called 2020 Bytes, please click the letter below if you are interested:
A- It would be nice hearing your voice. Lets schedule a call.
B- It would be nice seeing you, Lets schedule something.
C- I don't care about A or B, I value your content and thought leadership, so I will email you requesting to be put on this valuable list of 2020 Bytes willing subscribers.
All the best,
Rob Kleeger
1010101001010111010101100010100101010010101
Words of Wisdom:
"The world will be different - very different - than you've ever known it. Enjoy the Fall days, morning dew, and the early sunsets...Life's too short!" - Me.
CURRENT DATA SECURITY NEWS:
Now is a good time to contact us to develop a "reasonable and defensible" cyber roadmap to securing your business...AND from the "work from home" environment in 2021.
Law Firm Says Google Employee Information Compromised in Data Breach
New York-based immigration law firm Fragomen, Del Rey, Bernsen & Loewy has confirmed a data breach involving the personal information of current and former Google employees.
The law firm said it discovered last month that an unauthorized third-party accessed a file containing personal information on a “limited number” of current and former Google employees. The law firm provides companies with employment verification screening services to determine if employees are eligible and authorized to work in the United States.
In a notice of data breach filed with California’s Office of the Attorney General, Fragomen is informing affected Google employees of a data breach that it discovered on September 24, and which has resulted in personal information being compromised. Fragomen did not say what kind of data was accessed or how many Google employees were affected. Companies with more than 500 California residents affected by a breach are required to submit a notice with the state’s attorney general’s office.
Steelcase furniture giant hit by Ryuk ransomware attack
On October 22, 2020, In an 8-K form filed with the Securities and Exchange Commission (SEC), Steelcase has disclosed that they were the victim of a cyberattack. Steelcase, the world’s largest maker of office furniture, is the largest office furniture manufacturer globally, with 13,000 employees and $3.7 billion in 2020.
The firm claimed to have detected a cyber-attack on its IT systems.
“The company promptly implemented a series of containment measures to address this situation including temporarily shutting down the affected systems and related operations,” it continued. “The company is actively engaged in restoring the affected systems and returning to normal levels of operations.”
The Steelcase attack came in the same week that French IT services giant Sopra Steria fell victim to what it claimed to be a new variant of the prolific Ryuk family.
Amazon Warns Users of Insider Disclosing Details to Third Party
Amazon is coming under pressure to detail the magnitude of an apparent insider data breach that has seen the email addresses of multiple customers leaked by malicious employees. While it is not inconceivable that the company could face action under the General Data Protection Regulation (GDPR) if the circumstances demand it, pinning responsibility on employers for the actions of their employees is a tricky legal question.
Amazon has sent emails to users warning of a rogue insider who has been fired after disclosing customer details to a third party. In a press statement, an Amazon spokesperson said the company had fired multiple people. "The individuals responsible for this incident have been fired. We have referred the bad actors to law enforcement and are supporting their criminal prosecution,” the statement read.
An insider threat report published by cloud security firm Bitglass in September 2020 revealed that 61% of enterprises have had an insider breach within the past 12 months, whether accidental or malicious, and 73% thought such incidents were becoming more frequent.
For nearly two decades, I've been informing, educating, and assisting business leader's to worry most about insider threats. Most companies build this hard outer layer, but have complete trust for their employees inside. They have access to all of the confidential data, intellectual property, networked storage devices and cloud sites, and information that attackers want to get a hold of.
1010101001010111010101100010100101010010101
CURRENT CYBER LAW CASE UPDATES:
Former California police captain pleads guilty in eBay cyberstalking case
A former police captain who went on to work for eBay Inc. pleaded guilty to conspiring to commit cyberstalking and conspiring to tamper with a Massachusetts couple whose online newsletter was viewed as critical of the e-commerce company.
Federal prosecutors in Boston said Philip Cooke, a former supervisor of security operations at eBay’s European and Asian offices, and other employees harassed the couple through Twitter and sent them disturbing packages like a bloody Halloween pig mask, a box of live cockroaches and a funeral wreath.
In addition, Prosecutors said the defendants also sent pornography in the couple’s name to neighbors and conducted covert surveillance in a bid to terrorize the couple and deter them from criticizing eBay.
A former finance manager at e-commerce giant Amazon was charged with insider trading by the Securities and Exchange Commission.
The SEC alleged a senior manager in Amazon’s tax department, who analyzed and reviewed numbers ahead of the company’s quarterly an annual earnings reports, is said to have obtained “highly confidential” information about the company’s performance and tipped off her husband from Jan 2016 through July 2018.
The employee’s husband and his father made trades using the information on 11 separate accounts, earning then family $1.4 million from the unlawful trades.
Florida Department of Law Enforcement arrested Naples woman for illegal video surveillance
A woman from Florida has been arrested after allegedly hacking into the home camera system of a family member as part of an extortion attempt. Agents with the Florida Department of Law Enforcement arrested Jennifer Lenell Small on October 26 and charged the 44-year-old with a third-degree felony cybercrime.
Agents say that Small accessed the home camera system of a male family member as part of an extortion attempt that involved a contested will. Her alleged victim was a former employee of her husband's construction company. The company cell phone that the victim had returned to his employer had an app installed on it that allowed the victim to view footage from his home security camera system. Small allegedly used that app to access video belonging to the victim without his authorization.
Do you have a BYOD (Bring Your Own Disaster) policy?
1010101001010111010101100010100101010010101
CYBER SECURITY TIP OF THE MONTH:
October was Cybersecurity Awareness Month!
Compromised RDP endpoints and phishing emails are still the top threat vectors with a brisk dark web trade in stolen and brute-forced RDP credentials ensuring a steady supply of targets.
We recommend that RDP is shut down when possible and NOT needed.
Want to avoid having your online accounts hacked?
We always recommend when possible to enable two-factor authentication, a crucial security measure that requires an extra step when signing in to high-value services. Here's a great layperson article on how to implement.
What can I say that hasn't been said:
- Create and use strong passwords
- Protect your accounts with MFA
- Defensible Encryption
- Utilize independent 3rd party experts to penetrate or ethically hack your networks
- Train your employees about your Cyber Culture
- Draft information security policies
- Conduct a risk assessment to establish a baseline for improvment
1010101001010111010101100010100101010010101
Don't forget About Us:
Digital4nx Group, Ltd., a boutique firm which focuses on helping business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident!
Digital4nx Group provides a blend of legal and technology services to Lawyers, Business Owners, IT Professionals, Financial Executives, Trusted Advisors, and Human Resource and Compliance leaders who need a reliable partner to systematically identify, preserve, extract, analyze, and interpret digital evidence.
Our services are commonly used to:
- React and respond by providing litigation support services for plaintiffs or defendants, as well as providing expert testimony and consulting, both in and out of court.
- Proactively identify and provide insights on how to better secure your network and your confidential data
Cyber Security Services
Cyber incidents can be damaging to an organization, both in the short and long term. Digital4nx Group helps business leaders protect their “crown jewels” through reasonable, defensible, and cost-effective services... Before, During, and After a Data Incident! We offer a multi-disciplined approach to cyber services such as:
- Advanced “Ethical Hacking”
- Cyber Risk and Compliance Assessments
- Incident Response to Cyber Incidents or Data Breaches
- Cyber Security Awareness Training
- CISO-as-a-service