Cyber Security Is a Growing Issue for Nonprofit Organizations

Cyber Security Is a Growing Issue for Nonprofit Organizations

Information Security, IT Support
Cyber Security Is a Growing Issue for Nonprofit Organizations  Save the Children, an international nonprofit children's relief and development organization, revealed that a cyber attacker or attackers tricked the organization into paying out almost $1 million. The cyber incident on Save the Children shows that cyber security isn’t only the concern of profit organizations, but also by not-for-profit organizations. While the Save the Children’s cyber incident disclosure was done via the organization’s 2017 tax report, this cyber incident only came to light with the recent report of the Boston Globe. In its tax report, Save the Children said that in April 2017, an unknown cyber attacker or attackers posing as an employee of Save the Children tricked the organization to transfer $997,400 to a fraudulent entity in Japan on the…
Read More
Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests

Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests

Information Security
Marriott Reveals 4-Year Long Data Breach Affecting 500 Million Guests Marriott International, Inc., the world's largest hotel chain, disclosed a massive data breach that lasted for 4 years, exposing personal and financial information of its 500 million guests, specifically guests who made a reservation at Marriott’s Starwood properties. Marriott has more than 6,700 properties in 129 countries and territories, including Canada. Thirty leading hotel brands are under the Marriott umbrella. Marriott has since become the world's largest hotel chain after acquiring Starwood Hotels & Resorts Worldwide in September 2016. Starwood hotels include Sheraton, W Hotels, Westin, Aloft and St. Regis. In a statement, Marriottsaid that the network that contained guest information relating to reservations at Starwood properties was illegally accessed from 2014 up to September 10, 2018. Marriott said that…
Read More
Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure

Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure

Information Security
Microsoft Details Causes & Prevention of Recent Office 365 Multi-Factor Failure Multi-factor authentication is meant to lock out cyber attackers. What happened instead last November 19 was that legitimate users of Microsoft Office 365 were locked out for hours from their accounts. For 14 hours, between 4:39 UTC and 18:38 UTC last November 19, users of Microsoft Azure AD Multi-Factor Authentication (MFA) services were locked out from their accounts. These include users of Office 365, Azure, Dynamics and other services which use Azure Active Directory for authentication. The outage affected users in Europe, Asia and the Americas regions, including the U.S. Government and the U.K. Parliament. According to Microsoft, the following 4 reasons contributed to the Azure AD Multi-Factor Authentication (MFA) service outage: The first cause of the outage identified…
Read More
Top 5 Malware to Watch Out This Holiday Shopping Season

Top 5 Malware to Watch Out This Holiday Shopping Season

Information Security
Top 5 Malware to Watch Out This Holiday Shopping Season Online shoppers and e-commerce site owners alike need to watch out for trojan malicious software (malware) programs that are out in force this year-end’s busy holiday shopping season. Kaspersky Labdocumented 14 trojan malware programs that are out in force this holiday shopping season that target e-commerce brands to steal from victims. Trojan is a malware type that’s often disguised as a legitimate software. The most popular trojans are the banking trojans, which traditionally target users of banking and financial institutions’ online services, stealing financial data. Over time, these banking trojans target online shoppers of e-commerce sites. According to Kaspersky Lab, banking trojan detections in e-commerce-related activity has increased steadily over the last few years. In 2015, trojan detections in e-commerce-related…
Read More
How to Protect Your Organization’s Network from Rogue Employees

How to Protect Your Organization’s Network from Rogue Employees

Information Security
How to Protect Your Organization’s Network from Rogue Employees The recent audit report that a U.S. government network was infected by a malicious software (malware) as a result of a federal employee’s “extensive history” of visiting porn sites using his work computer highlights the importance of protecting your organization’s network from rogue employees. An audit conducted by the Office of lnspector General (OIG)of the U.S. Department of the Interior found that the network of the U.S. Geological Survey’s Earth Resources Observation and Science Center satellite imaging facility in South Dakota was infected with a malware as a result of the unauthorized actions of the center’s employee, visiting more than 9,000 pornographic web pages. Pornographic images from these web pages were subsequently downloaded to a personal USB device and cellphone connected…
Read More
When to Report a Data Breach

When to Report a Data Breach

Information Security
When to Report a Data Breach Cathay Pacific Airways, the official flag carrier of Hong Kong, recently disclosed that it suffered a major data breach. The data breach announcement was, however, made 7 months after the cyber incident was discovered by the company. Cathay Pacific’s delayed data breach disclosure highlights the question on when is the right time to report a data breach. To date, the data breach at Cathay Pacific is the world’s biggest airline data breach, affecting 9.4 million people – more than the total population of Hong Kong. The airline, in a statement, said that passenger data, including name, nationality, date of birth, phone number, email, address, passport number, identity card number, frequent flyer programme membership number and historical travel information were accessed without authorization. The company…
Read More
Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link

Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link

Information Security
Servers Left Running Without Security Updates Can be Your Organization’s Weakest Link The revelation that the server used by attackers as a passageway in Singapore’s biggest cyberattack hadn’t been updated for more than a year shows how a failure to update a server can be your organization’s weakest link. The circumstances surrounding the failure to update the server used by attackers in ultimately reaching Singapore Health Services (SingHealth)'s critical system were revealed during the recent hearing conducted by the Committee of Inquiry (COI), the body tasked to investigate Singapore’s biggest cyberattack, the SingHealth cyberattack. Last July 20, Singapore’s Ministry of Communications and Information and Ministry of Health issued a joint statementdisclosing that attackers stole non-medical related personally identifiable information of more than 1.5 million patients who visited SingHealth’s outpatient clinics…
Read More
Mind the Air Gap: Pros and Cons of Network Separation

Mind the Air Gap: Pros and Cons of Network Separation

Information Security
Mind the Air Gap: Pros and Cons of Network Separation The Singaporean Government recently completed the task of disconnecting staff computers at public healthcare facilities from the internet. Disconnecting the staff computers from the internet, also known as internet surfing separation, network separation or air-gapping, is aimed at preventing cyberattacks, Singapore's Deputy Prime Minister Teo Chee Heansaid at an engineering conference. The announcement of air-gapping or network separation at the public healthcare facilities in Singapore came on the heels of a major cyberattack at the Singapore Health Services (SingHealth), the country’s largest group of healthcare institutions. Singapore’s Ministry of Health, in a statement, said, non-medical personally identifiable information of more than 1.5 million patients who visited SingHealth’s outpatient clinics and polyclinics from May 1, 2015 to July 4, 2018 were…
Read More
Importance of Protecting Your Organization’s Server from Malware

Importance of Protecting Your Organization’s Server from Malware

Data Backup, Information Security, Servers
Importance of Protecting Your Organization’s Server from Malware The recently disclosed data breach at Algonquin College highlights the importance of protecting your organization’s server from malware. Algonquin College, in a statement released last July 16, said that on May 16 cyberattacks illegally accessed one of the College’s servers by infecting it with a malicious software (malware). The educational institution didn’t indicate what specific type of malware that the attackers installed on the infected server nor indicate how the attackers were able to get inside the server. The infected server, according to Algonquin College, hosted access to databases which contained personal information. Sensitive information, including date of birth and home address, of 4,568 individuals (students and alumni) may have been exposed, while non-sensitive information of an additional 106,931 individuals (students, alumni…
Read More
Effects of a Cyberattack: City of Atlanta Experience

Effects of a Cyberattack: City of Atlanta Experience

Information Security
Learning from the City of Atlanta Cyberattack It has been over 2 months since the City of Atlanta suffered a cyberattack, but a city official said at a public meeting that the effects of the cyberattack seem “to be growing every day”. On March 22, 2018, the City of Atlantaexperienced a ransomware cyberattack that affected the city’s multiple software applications and computers. A ransomware is a malicious software (malware) that locks files on infected computers and asks for ransom payment to unlock files. The City of Atlanta, in a statement, said that as a result of the attack, "some City data is encrypted and customers are not able to access City applications". Atlanta Information Management head Daphne Rackley told the Atlanta City Council that more than a third of the…
Read More