Image for post
Image for post

There is a lot of novelty in medicine. Here, we can talk about the emergence of telemedicine, “smart” medical devices, and the digitization of medical cards. These innovations are designed to improve the quality of service and save time for patients and doctors. However, neither doctors nor patients realize how vulnerable medical information becomes.

Not only does digitization simplify the work of medical centre staff, but also reduces the risk of errors in the provision of emergency medical care, when patients can’t provide information on their own. …


Image for post
Image for post

Ransom

Do you get the same result if you choose to pay ransom or not to pay it? Are there any chances your data won’t be exposed? The leaked data is leaked for good.
How did companies manage the issue? Refresh your memory here, here and here!


1. There are locations with multiple official languages and even dialects, can the solution analyse texts written in any of them?
The solution support import of local dictionaries. As policies are customisable, dictionaries can be tailored to a company’s needs.

2. Does the endpoint software have tamper protection?
The software installed on an endpoint can’t be deleted or sabotaged by a user.

3. Can the policies be changed when a user’s laptop is outside the corporate perimeter?
There are a few measures to take before moving people to work from home:

  • Configure connection to internal services via VPN
  • Make sure that all the services are available outside the office and assess Internet and backup communication channel…

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly.

Two tiers of GDPR fines

The GDPR states explicitly that some violations are more severe than others. The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher. …


Every month we enrich our collection of classic and non-trivial cybersecurity cases. Data leaks, frauds, sabotage, and other incidents caused by insiders are of our interest.

Some of the cases are funny, others are scandalous, but all are definitely edifying. Some cases happen out of nowhere, and there are also some caused by the extremely negligent attitude to security rules (Eh? Trump) So, without further ado, let’s get started.

Tesla employee sabotage

What happened: At the auto plant in Fremont, California, the production line stopped for several hours. IT security has quickly figured out the incident details.

Who is to blame: It was one of the employees who paralyzed the working process, lately, he destroyed the company’s computer and attempted to blame his colleague. The violator was fired. Although the company does not disclose details of the incident, we can conclude the reason for an insider breach was the notorious “employee revenge”, which Tesla faces not for the first time. For example, in 2018, Elon Musk accused former company engineer Martin Tripp of sabotage. …


One of the most common threats which companies often learn about only after an incident occurs is keeping the accounts of dismissed employees active and failing to revoke excessive rights in case employees were terminated or changed their job responsibilities within a company — many user accounts which should be disqualified stay active. Make sure your system follows sensible and strict data access patterns, data privacy policies are abided by and permissions are configured. The monitoring solution will help you identify access attempts and avoid litigation involving data owners and prove compliance.

How much can a former employee cost you?

Just recently, The City of New Haven, Connecticut (New Haven) has agreed to pay $202,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the HIPAA Privacy and Security Rules. …


Printer rebellion

What happened:

Image for post
Image for post

CyberNews journalists (aka cybersecurity experts) hacked 27,944 printers around the world and sent a quick information security guide to print. The prankers used the Internet of things search engines like Shodan and Censys to search for devices with open ports and an Internet connection. To print the documents, they wrote a special script.

Who is to blame:

The gamble was successful because the captured printers were not hidden from public access. For example, printers had default passwords, no firewall was enabled, wireless connections to the router were allowed, and so on. …


Today DLP system’s purpose is not just monitoring data leaks as it was in the beginning. Now DLP systems are commonly used to solve a much broader list of problems of information, economic, and personnel security. An employer can make use of data from the system to optimize business processes, control and increase productivity, and even more.

In this article, we decided to answer 10 most common questions that we hear from potential customers about the capabilities and limitations of DLP systems and our SearchInform DLP in particular.

1. Why do we need to install a monitoring program? I trust my employees.

Trust works when you know each employee personally. Even in this case, there is the risk some employees will abuse the trust you put in them. When your staff counts with more than 50–100 people, there is a place for intrigue and fraud, information leakage, or a lot of incidents due to carelessness. …


How can you analyse employee personality and steer clear of breaching privacy?

Image for post
Image for post

The biggest GDPR fine in Germany which H&M is to pay has uncovered a delicate yet scandalous problem — spying on employees. It was mentioned there that some profiles were created and continuously developed bringing details of about two hundred employees to a number of managers. But is there such a thing as righteous profile?

H&M will be charged €35.3 million — penalty imposed by the Data Protection Authority of Hamburg. The company, which has a service center in Nuremberg, is accused of collecting and storing private life data of its employees. H&M has allegedly been gathering too much data than it had rights to about hundreds of its employees since 2014. In the press release describing the incident it is said that lots of private details got documented by the company’s management, including information about family issues, religion, illness information and diagnoses. …


94% of leaks in last six months appeared to be useful information for scammers. In most cases, it was an insider breach.

SearchInform decided on analyzing breaches that occurred in the first half of 2020. By an incident, we mean any known leak of personal data, namely, data breaches such as sale on the darknet, and services vulnerabilities as, for example, unencrypted servers with databases, employee negligence, etc. In total, SearchInform analysts have encountered 33 grave incidents, which affected government body, private companies, and medical organizations (see the diagram).

Image for post
Image for post

Government body appeared to be most vulnerable with five incidents recorded.

Six incidents occurred in a trade sector. …

About

Alex Parfentiev

Leading Analyst at https://searchinform.com/, I’m here to address those human factor risks many businesses often neglect or aren’t even aware of

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store