You’ve read recent news stories about a vulnerability discovered in the WPA2 encryption standard. (Some reports refer to it as KRACK – Key Reinstallation Attack.) Should this be of concern to your business? Yes. Does it warrant further action at your company? Absolutely.
Blog Posts Tagged with Data Security
You’ve heard about the “dark web” and wondered how it affects businesses – including small businesses. That was one of the topics addressed at an FTC conference earlier this year on identity theft. Recent headlines about high-profile data breaches have added even more urgency to the discussion. So why should the dark web matter to your company?
In our Stick with Security blog series, we’ve done our best to dive deeper into data security by focusing on the lessons learned from recent cases, insights from closed investigations, and the questions and comments we’ve received from businesses.
If you own a small business or work for one, you’re probably concerned with protecting your business’ data. You want to make sure that sensitive information isn’t accidentally deleted, turned over to a scammer, or hacked. So this week, during National Cybersecurity Awareness Month, let’s focus on making sure you know the resources the FTC has to help you and your employees understand cybersecurity, maintain your business’ computer networks safely, and keep sensitive information protected.
High-profile hackers grab the headlines. But some data thieves prefer old school methods – rifling through file cabinets, pinching paperwork, and pilfering devices like smartphones and flash drives. As your business bolsters the security of your network, don’t let that take attention away from how you secure documents and devices.
Recent headlines offer a reminder that no business is immune from cyberattack. If you’re a tax professional, the sensitive information you handle makes you a particularly appealing target. Find out how to reduce your cyber risk at a free webinar for tax professionals.
UPDATE: As of September 21, 2018, the law says credit freezes are free for everyone, and alerts now last one year (not 90 days). Read more here.
The Wizard of Oz was right: “Pay no attention to the man behind the curtain.” That’s because according to an FTC settlement, computer company Lenovo should have been paying attention to the “man in the middle.” In this case, the “man in the middle” was preloaded ad-injecting software that put consumers’ personal information at risk from harmful man-in-the-middle attacks.
Ask a business person where their office is located and the likely answer is “everywhere.” They’re working from home, staying in the loop while traveling, and catching up on email between sales calls. For productivity’s sake, many companies give their employees – and perhaps clients or service providers – remote access to their networks. Are you taking steps to ensure those outside entryways into your systems are sensibly defended?
If you or your clients are in the tax preparation field, there are three letters you should focus on. OK, I-R-S may be the first thing on your mind. But as the FTC’s proposed settlement with TaxSlayer suggests, don’t forget those other important letters: G-L-B.
Who’s coming in and what’s going out? Businesses that want to stick with security build commonsense monitoring into their brick-and-mortar operations. Whether it’s a key card reader at the door or a burglar alarm activated at night, careful companies keep an eye on entrances and exits.
Tax professionals are prime targets for identity thieves. Why? Your clients’ information — bank and investment accounts, Social Security numbers, medical records, and more — can be a virtual goldmine in the wrong hands. That’s why securing it against a data breach is critical to protect your clients and your business.
How much information does Uber have about its riders and drivers? A lot. The FTC just announced a settlement addressing charges that the company falsely claimed to closely monitor internal access to consumers’ personal information on an ongoing basis. The FTC also alleges that Uber failed to live up to its promise to provide reasonable security for consumer data.
When it comes to data security, what’s reasonable will depend on the size and nature of your business and the kind of data you deal with. But certain principles apply across the board: Don’t collect sensitive information you don’t need. Protect the information you maintain. And train your staff to carry out your policies.