Expensive—and Preventable—Data Breach Hits Altice

March 11, 2020

10:00-11:00AM PST

Another major company has announced that it has fallen victim to a major data breach. Alarmingly, it was internet service, phone and cable provider Altice USA that was the data breach target through an attack executed via an extremely common malicious email technique.

Criminals used a phishing email that was sent to an Altice employee in Long Island, New York. When the employee clicked on a link, it gave thieves access that enabled them to download the Social Security numbers, birth dates and other personal information of all 12,000 current employees, as well as a number of former employees and customers across the 21 states it serves.

Data Breaches through Phishing Emails

What makes this data breach alarming is that phishing email attacks—like the one that was usedto initiate this break in and theft—are exceedingly common. The average U.S. employee gets 16 malicious emails a month. Without training and software that protects email, it is only a matter of time before one of those emails wreaks havoc.

Suchdata breach attacks are exceedingly costly:

  • Altice had to hire a computer forensics company to figure out what happened and determine the extent of the damage.
  • It has paid to train employees on how to better recognize a malicious email and what to do with suspect email.
  • The company must cover the cost of credit monitoring services for everyone compromised.
  • As a New York company, Altice is subject to the new SHIELD Act [link to this article on your site]that imposes fines and other legal obligations.

And it doesn’t stop there. Add in the damage to the brand, and you have a major loss; one that was extremely preventable.

Phishing Email Data Breaches Are Preventable

Phishing email attacks that initiate data breaches are indeed preventable. Solutions are available that scan inbound email traffic in real-time. These solutions compare incoming emails against black listed entities, scrape and analyze the emails for malicious links and attachments, quarantine suspected emails, and then detonate them in protected spaces not connected to networks where they can do no harm. The most sophisticated systems use machine learning to enhance threat detection.

Because phishing, spoofing, malware, and other threats require human participation, the best systems provide warnings as to the presence and nature of threats. Training on how to recognize and respond to malicious email attacks is a vital part of protecting systems, data, employees and customers.

Also Protect What You Send

Criminals are looking to break into the emails you send, too. Your outgoing email traffic is equally at risk for data breaches as the email your company sends. Solutions that encrypt outgoing mail, even on mobile devices, provide a needed layer of security.

As we were wrapping up this article late this afternoon, it was announced that Altice is now the subject of a class action lawsuit.  The suit filed today is likely the first of manyfor Altice following this data breach. Unfortunately for Altice, the costs keep mounting—all from a data breach initiated through email that was preventable with a small investment in software and training.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

General Data Protection Regulations: 160,000 Data Breaches and Counting

January 30, 2020

10:00-11:00AM PST

Authorities report over 160,000 data-breach notifications have been filed since the European Union enacted the General Data Protection Regulation (GDPR) that started 25 May 2018. That averages out to 278 breach notifications a day.

 

U.S. companies are directly impacted by this regulation if their websites are accessible and targeted to EU visitors, meaning;there are options to change languages to a European language or you can adjust denomination to a European denomination. The lawallows for no exceptions; not for size of firm, type of data collected, or scope of activities. If your firm is found to be in violation of the law—even if you are just selling hand-knitted mittens or offering a free download of a white paper—EU authorities can fine you up to four percent of your global revenue. They may not be able to easily collect from small U.S. businesses, but enforcement will certainly cause headaches for any business operating internationally.

 

What Personal Data Must be Protected

  • Personal identification data including name, phone, address, email, ID numbers
  • Photographs
  • Social media posts
  • Racial, cultural, sexual, or ethnic data
  • Bank and other financial details
  • Medical, biometric and genetic data
  • Website data: location, IP address, cookie histories and RFID tags

 

Selected GDPR Requirements

We advise you to review the specifics of the GDPR with an attorney and your IT leaders. Some of the key requirements include:

  • Asking visitor for their consent to collect data
  • Getting explicit opt-in to data use in profiling, advertising, etc.
  • Providing an opt-out of future emails option
  • Offering a privacy notice about data collection, use, and protection
  • Mandatory reporting of breaches

 

Why It Matters to US Companies

U.S. companies need to comply with the GDPR, but that is not the only reason to focus on privacy protection issues now. Various states have begun enacting a patchwork of regulations that affect their residents, impacting any company that hiring or doing business in those states. Notable recent regulations include New York’s SHIELD Act for protecting employee information, California’s Consumer Privacy Act, and 201 CMR 17.00 Standards for the Protection of Personal Information in Massachusetts.

 

Cyber-security is costly to your reputation and your business. With increased regulation, you face more than the cost of the crime, but also the costs of litigation and fines. If you haven’t done a complete compliance audit yet, now is the time to get started.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

Trustifi Live Stream: How to Protect Your Business from the Hacking Cyber-Apocalypse

Oct. 28, 2017

10:00-11:00AM PST

Equifax. Deloitte. Yahoo. In the past few years, we’ve seen the rise of some of the worst cyberattacks in recent history. The sheer scope of these hacks has affected business and consumer confidence throughout the whole world. Imagine the most sensitive, confidential and private information, on display to the public – or worse yet – sold to the highest bidder. Private passwords, SSN’s, medical records, bank statements, credit reports, contracts, anything of value to the right set of eyes is now up for grabs.

The threat of a cyber-apocalypse has finally become a clear and present danger to all of us, in any industry. In a special live streaming event, happening on Tuesday, October 31st, Trustifi CEO Idan Udi Edry will deliver a webinar on what individuals and companies can do to protect themselves from this very real threat.

A properly-executed hacked email server can dismantle businesses, destroy reputations and end livelihoods. The webinar will focus on what companies and individuals can do to protect their information through intensive email security, in the light of these recent cyberattacks.

Trustifi, one of the most groundbreaking encrypted email providers in the industry, specializes in protecting corporations of any size. To sign up for Trustifi’s free 7-day trial, click here.

 

Trustifi does much more than just email security. Email tracking, certified email, and eSignature are just a few of the state-of-the-art services Trustifi provides. If you’re looking for a personalized demo, customized to your needs, click here.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization

1 of 3 Part Email Dangers Blog Series: Business Security – Vendor Exposure

By Trustifi on Apr 18 2017

Certain industry types require extra security and data sensitivity. When you make your career in one of those fields you get used to certain standards when it comes to protecting the data that you process. But even the most diligent of us can inadvertently overlook securing sensitive information, or think the document that we’re emailing internally is relatively innocuous and not worthy of protecting.

In this four-part series, we’ll be talking about what you should be securing, encrypting, and tracking so that you can protect yourself, your business, and your clients.

What You Need to Know About Exposure — from Your Vendors

At every level of the organization, as long as an employee is picking up the phone, or sending and receiving emails, that employee is making security decisions for the organization every day. Despite the sophistication of technology and the cybercriminals that employ its use, old-fashioned social engineering is still the go-to resource for infiltrating an organization.

Let’s take a look at how a cybercriminal might use LinkedIn to breach your organization.

LinkedIn is actually one of the biggest resources for criminals seeking to subvert a company’s security. The nature of LinkedIn is for its users to remain open to they can be searched for by business connections, clients, and vendors. But that openness also exposes organizations to attack. The larger an employee’s social network increase their risk of attack as they build connections.

LinkedIn also makes it incredibly easy for a cybercriminal to impersonate a legitimate connection. Let’s say that you work for Acme Optics. Acme Optics has its own LinkedIn corporate page, so it’s fairly easy to determine what kind of service Acme Optics provides and what connections it’s making with other organizations, such as vendors and procurement sources (and remember — those connections are still made by humans at the ends of the terminals).

Our cybercriminal — we’ll call him Vlad — figures out that you work for Acme Optics, determines that Acme Optics gets its lenses from Shine Glass, and sends you a spoofed email from Shine. In three relatively simple steps, Vlad has convinced you to open an email and unknowingly download malware to your internal network.

One of the more insidious ways that Vlad may hurt your organization’s bottom line was discovered during the Yahoo breach, where auto-forward was turned on for thousands of accounts. These “set it and forget it” settings — that almost no one checks regularly — set Yahoo users’ up for years of exposure. Everything from grandma’s cookie recipe to last year’s tax filings was being auto-forwarded to hackers.

And that’s relatively easy to do on company servers, too — once you’ve been let in the back door via malware.

Fortunately, you can protect yourself and your organization by requiring your vendors send any attachments through a secure email lifecycle solution. By utilizing a secure solution, you can be assured that you and your vendors are protected through end-to-end secure email, lifecycle tracking, and dual validation technology.

Also, remember to “trust but verify.” Despite your familiarity with a vendor, even our most trusted associates are open to being spoofed. Vlad is depending on your trust to open that email. If you’re not sure why your vendor is sending you an attachment, pick up the phone and call to confirm that your vendor sent you an email. An ounce of prevention is worth a pound of cure.

 

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization