Press Release: 10/20/17: Intelisec Launches Data Secure Certification Program

October 20th, 2017   •   News   •   Comments Off on Press Release: 10/20/17: Intelisec Launches Data Secure Certification Program   

FOR IMMEDIATE RELEASE

Peoria Company Launches Data Security Program for Small Business
as Part of National Cyber Security Awareness Month

Data Security Certification Helps Consumers Select Safest Businesses

Peoria, Illinois, October 20, 2017:

Intelisec, (https://www.intelisec.com) a Peoria-based data security company has launched its Certified Data Secure program to: 1) assist companies in securing all their customers’ and employees’ data and 2) assist consumers in selecting local companies that are the safest for data security.

“In the current environment of regular data breaches, we wanted to help consumers know which businesses in Central Illinois adequately protected their data. So, we launched the Certified Data Secure Program. If a local business has passed our rigorous data security certification process, then they receive our Certified Data Secure seal. (https://intelisec.com/certified-data-secure-intelisec/)

“We launched this in October, in conjunction with National Cyber Security Awareness Month, to highlight the need for increased data security awareness for everyone – at work and at home.”

The Scope of the Problem for Small Businesses

  • 60% of all data breaches involve small businesses
  • 55% of small businesses have had a breach
  • Of these, more than 50% have been compromised more than once

Cost of an average attack on small businesses:

  • $8,699 in 2013
  • $20,752 in 2014
  • $36,000 in 2016

33% of small businesses required more than three days to recover from an attack

60% of small businesses fail after a data breach (Source: Ponemon Institute)

Consumers and businesses alike need to know which businesses keep their data safe.

A Firewall is Not Enough

Effective data security requires more than just a firewall and anti-virus software. Perhaps the greatest vulnerability is human error – clicking on a malicious email that can trigger ransomware or data breach. This technique, called “spear phishing,” involves impersonating someone in the company through their email address, and asking an employee to carry out a task, such as updating a file. When the employee clicks on a link, or enters information, ransomware or a data breach can be triggered. Spear phishing was used in recent major data breaches, such as the Target data breach.

Intelisec works with employees of local businesses through a year-long testing program that tests their vulnerability to malicious emails and phone calls. This gives staff members an opportunity to learn from their mistakes, and also includes a comprehensive security training program.

Also, a lack of physical security can contribute to data theft. If sensitive data on paper is unsecured, a break-in can cause a data breach. Intelisec also trains local businesses to recognize and respond to attempted data theft through scenarios such as “walk-ins,” where a data thief may pose as a delivery person, and leave a thumb drive with malicious code on it. An unsuspecting employee may find the drive, and plug it in, opening a backdoor to hackers or a data breach.

Intelisec also partners with other local companies, such as Oberlander Alarms, to assist businesses secure their data through physical security.

“We feel that the Certified Data Secure program can benefit local businesses keep their customers’ and employees’ data safe, while also giving Central Illinois consumers a guide on which businesses are adequately protecting their data.”

Launched in 2004, and actively supported annually in October, National Cyber Security Awareness Month (NCSAM, https://staysafeonline.org/ncsam/) was created as a collaborative effort between government and industry to ensure that all Americans have the information they need to stay safer, more secure, and protect their personal information online. Since its inception under the leadership of the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA), NCSAM has grown exponentially, reaching consumers, industry, government, academia and nonprofit organizations nationwide and encouraging all internet users to be #CyberAware.

# # # #

FBI Advises Businesses to Replace Kapersky Products Immediately

August 19th, 2017   •   News   •   Comments Off on FBI Advises Businesses to Replace Kapersky Products Immediately   

The FBI is now advising all US businesses to stop using all Kapersky products – antivirus, firewall, etc. and replace them with a product from another company immediately.

The US government has long suspected that Kaspersky is used by Russian spy agencies use the company as an intelligence-gathering tool on a global scale.

The FBI’s counterintelligence section has been giving US businesses briefings since beginning of the year on a priority basis, prioritizing companies in the energy sector, and others with sensitive information.

In light of successive cyberattacks against the electric grid in Ukraine, the FBI has focused on this sector due to the critical infrastructure designation assigned to it by the Department of Homeland Security.

Also, the FBI has briefed large U.S. tech companies that have working partnerships or business arrangements with Kaspersky on products — from routers to virtual machines.

FBI officials have given US companies a high-level overview of the threat assessment, including what the U.S. intelligence community says are the Kaspersky’s deep and active relationships with Russian intelligence. FBI officials point to multiple specific accusations of wrongdoing by Kaspersky, such as a well-known instance of allegedly faking malware.

Intelisec strongly recommends replacing any Kapersky products immediately, with a product from another company.

Please contact us for more information, and for an evaluation of your present data security at no obligation.

October 24, 2016 – Intelisec and Sora Technologies Present: The Cyber Battlefield

October 15th, 2016   •   News   •   Comments Off on October 24, 2016 – Intelisec and Sora Technologies Present: The Cyber Battlefield   

Inteliec and Sora Technologies of Peoria will present: “Cyber Security: The Cyber Battlefield – How to Protect Your Business and Your Employees<” at the Peoria Area Chamber of Commerce Board Room at 12 noon.

Come take a journey through cyberspace to learn more about the criminals, their crimes, culture and how to best protect yourself. Learn how to mitigate your risk so you don’t become the next victim.

Register here.

October 17, 2016 Intelisec Presents Member Seminar for Peoria Chamber of Commerce

October 15th, 2016   •   News   •   Comments Off on October 17, 2016 Intelisec Presents Member Seminar for Peoria Chamber of Commerce   

On October 17, 2016, the Intelisec and Brookshire Consulting will present a member seminar for the Peoria Area Chamber of Commerce: “Steps You Can Take Now to Protect your Business from Identity Theft, Fraud, and Website Hacking.”  Our co-presenter will be Angel Chatterton, of Brookshire Consulting, who will discuss: “Spot the Red Flags: How to Protect Your Business From Internal Theft and Fraud.”

Register here.

June 9, 2016 – Intelisec Presents Lunch and Learn for Peoria Heights Chamber

June 10th, 2016   •   News   •   Comments Off on June 9, 2016 – Intelisec Presents Lunch and Learn for Peoria Heights Chamber   

Intelisec presented a Lunch and Learn for the Peoria Heights Chamber of Commerce on website security and preventing data theft and identity theft in the workplace.

With 1 in 3 Americans now being victims of identity theft, and 7 in 10 cases of identity theft occurring in the workplace, small and medium-sized businesses must protect their customers’ and employees information.

Website hacking and malware is one of the major ways that identity thieves steal information, making this a priority for small businesses, as well.

Massive Heist of Twitter usernames and passwords

June 9th, 2016   •   News   •   Comments Off on Massive Heist of Twitter usernames and passwords   

The credentials for nearly 33 million Twitter customers were stolen, and reported on Wednesday. Incredibly, “123456” was by far the most commonly used password, according to security company LeakedSource. More than 120,000 people had used “123456”as their Twitter password.

That was followed by “123456789,” “qwerty,” “password,” and many other passwords that are easily guessed and easily hacked. According to LeakedSource, a hacker stole 32,888,300 Twitter credentials. LeakedSource found the database on an online black market, for sale for 10 bitcoins (about $6,000).

Twitter says it is “confident” its systems weren’t compromised. It’s possible that the hacker used malware installed on the Twitter users’ computers to gain access to the usernames and passwords. Twitter said it is monitoring the list, and working with LeakedSource and working to assist customers who had their credentials stolen.

Several celebrities and well-known business’ Twitter accounts have recently been hacked. This may be related to this theft of credentials.

We recommend using complex passphrases, as well as two-step logins for social media accounts, such as Twitter.

Contact us for computer and network security, identity theft risk management for business, and identity theft protection.

Major Data Breach at LinkedIn – Change your Password Immediately

May 26th, 2016   •   News   •   Comments Off on Major Data Breach at LinkedIn – Change your Password Immediately   

In many instances of a data breach, companies notify ALL their customers to change their passwords and login information – even if the breach did not effect all of their customers.

In 2012, after 6.5 million LinkedIn users’ passwords appeared on a password-cracking forum, the social network did not recommend that all users to reset their passwords. That choice is now proving to be a mistake, after an alleged cache of 167 million accounts appeared for sale on a dark web forum. A data breach notification site says it was able to purchase the all the data for just 5 bitcoins, or about $2,200.

Three Lessons

  1. After a data breach incident, companies should require all their employees and customers to change their passwords, and take other steps to secure their data.
  2. Regularly change passwords on all your user accounts.
  3. Create passwords that are complex and difficult to guess. Passphrases, rather than passwords, are more effective, such as a line from the lyrics of one of your favorite songs, with caps, numerals and symbols mixed in.

Contact us to reduce the risk of data breach and identity theft fraud in your business.

New Web Site Hack for WordPress sites – Fake Flash Update

May 11th, 2016   •   News   •   Comments Off on New Web Site Hack for WordPress sites – Fake Flash Update   

This new hack of WordPress sites  randomly redirects site visitors either to a parked test0 .com, domain or to malicious sites via the default7 .com domain. This week the default7 .com domain went down, but the attackers returned with a new wave of site infections and the new redirecting domain – test5 .xyz (registered just a few days ago on May 7th, 2016).

This new domain points to the same dedicated server as default7 .com – 199 .48 .227 .25 (United States Carlsbad Plankton Tech Inc) and it still redirects eligible visitors to malicious sites and the rest to a parked test0 .com domain.

The visitor is redirected to a fake Adobe Flash update site, and asked to download an update for Flash.  This installs malware on the victim’s computer.  This update site is also filled with fake advertising – malvertising.  This attack remains undetected by many malware and antivirus programs!

fake-flash-update

DO NOT install Flash updates unless you are sure that they are from Adobe! This fake one has the Flash logo, as well.

This attack commonly uses stolen WordPress credentials to log into admin interface and use the theme editor to inject malware into theme files in WordPress sites, thus replicating the attack to other sites.

Your WordPress website should have the latest website security and anti-malware protection

Contact us for website security protection, and for identity theft prevention and protection.