Get Started Today!  732-747-9373   

Fotolia 68929807 M new

DeckerWright Corporation Blog

DeckerWright Corporation has been serving the Red Bank area since 1984, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

COVID-19 and the mad rush to work from home!

The advent of Covid-19, a Coronavirus, is accelerating a trend we have been seeing with our clients for many years. Employers are seeking out the best person for the job regardless of where they may be located. Many of our clients have employees scattered around the country, and some are using people resources from around the world. The Covid-19 virus is causing our clients with employees still going to the office to rethink how they do business so they can support remote workers. 

Microsoft has two key technologies that can facilitate the move to a remote work force. SharePoint when combined with Teams are enabling technologies for a remote workforce. Office 365 SharePoint provides for structured and secure document storage in the cloud. SharePoint allows for the customization of the landing pages that can include web parts for viewing and managing content. Built-in web parts allow access to calendars, contacts videos, documents, projects, and Microsoft Teams. SharePoint provides a structure for storing documents and corporate data that can be leveraged with Microsoft Teams. With the proper credentials, Office 365 SharePoint may be accessed by an employee anywhere at any time, facilitating remote workers. 

Microsoft Teams provides an important part of the remote worker puzzle. How do you make a remote worker feel like part of the company? Teams has built in features that foster employee collaboration and connections. At its core, Teams is a text messaging system that allows 1 to 1, 1 to many or many to many conversations online. In its early days, Microsoft integrated Skype for Business into Teams. By building Skype into Teams, employees could make point to point phone calls between staff members through their computers. This capability by-passes traditions phone systems and allowed staff members to talk to each other with one click. Teams also supports video calls. The ability to see your counter-part provides a staff connection that texting and hearing a person’s voice cannot.

Teams also has a powerful meeting capability for staff members to collaborate.  It is easy to schedule and run a meeting.  A meeting can either be created through Teams, or Microsoft Outlook.  Once on the schedule, team members simply click on a “Join Now” button to enter the meeting.  These built in features replace the need for Webex or GoToMeeting for internal meetings.  Once in a meeting, Team members will have the ability to share their screens for instant collaboration.  The screen sharing can either be a presentation, or a document everyone is trying to get finished for a deadline.  Either way, the ability to meet and work in Teams is game changer for remote workers.

Teams has integrations to SharePoint and many other Microsoft tools like Yammer, Planner, OneNote, Power BI, and Stream. These applications can be added to Teams giving Team members quick access to other Microsoft tools. Microsoft has also opened Teams up to allow for third party integrations including from Adobe, Salesforce, Zoho and Survey Monkey. Microsoft is investing in Teams and sees it as a key technology for its future.

Any company considering expanding their usage of remote workers in reaction to the Covid-19 virus, should include SharePoint and Teams as part of the solution. Beringer Technology Group is recognized by Microsoft as a leading developer of SharePoint sites and can help guide companies to leveraging Microsoft technology to support their remote workers.

Click HERE for more information on Beringer's development team.

0 Comments
Continue reading

Business Preparation for the Coronavirus

By now everyone has heard about the Coronavirus that started in China.  It is rapidly spreading around the world.  Governments in an effort to slow the spread of the virus have instituted travel bans and whole cities in China are in quarantine.  Businesses in the US are just starting to feel the consequences of having the Chinese parts of their supply chain disrupted by government commerce shutdowns.  So far, the direct impact of Coronavirus infection in the US has been minimal, but the supply side disruptions and potential for the spread of the virus in the US are real.

What can a business do now to be prepared to continue operations when the Coronavirus finally strikes the US mainland?  The simple answer is to setup and/or expand the ability for people to work from home.  It takes time and preparation to enable people to work remotely, especially for an extended period of time. 

Here are some of the things that need to be considered for staff members working remotely:

  • How are the phones going to get answered?  Does the phone system have the ability to call forward to peoples home or cell numbers?
  • How will the staff communicate with clients and vendors?
  • How will the staff member access e-mail? 
  • How will the staff collaborate during the day? 
  • What systems will the staff need to access to do their jobs?
  • If a staff member needs to print, where is it going to print?
  • If a staff member needs to scan a document, is there a way to get scanned document to the right place on the business network?

At Beringer Technology we have a number of staff members that work remotely away from the primary business location.  We’ve worked through the issues above to seamlessly integrate remote workers onto the Beringer team.  Clients and vendors have no idea where the staff members are located.  Our ability to support remote workers came from careful planning, and learning from the experience of supporting remote workers. 

There is no one right way to setup and support remote staff members as the solution for a business will be based on their business processes, phone systems, IT infrastructure, security requirements and the mix of cloud and premise based systems. 

Contact Beringer Technology today at (856) 325-2800 so we can help you prepare for the Coronavirus.

Click HERE for more information.

0 Comments
Continue reading

Beringer Technology Group Acquires DeckerWright Corporation

Beringer Technology Group Kicks Off 2020 by Acquiring DeckerWright Corporation, Expands Presence in Northern and Coastal New Jerseybreaking news

MAPLE SHADE, NJ, Jan. 21, 2020 /PRNewswire/ -- NJ based Beringer Technology Group and Red Bank, NJ based DeckerWright Corporation, a full service MSP offering IT solutions for small and mid-sized businesses, joined forces January 1, 2020. The acquisition extends Beringers' geographic footprint and adds experienced DeckerWright staff to the Beringer team. The merged company will have over 35 employees in four states.

"The acquisition of DeckerWright Corporation fits in with Beringer's strategic growth plan," explained Craig Beringer, CEO & President. "They are in a great location with blue ribbon clients, and an experienced team that can immediately contribute to our continued success." 

Marshall Wright, President of DeckerWright Corporation adds, "We looked at about a dozen proposals from other companies including Private Equity backed buyers. None of the buyers we assessed aligned better with our staff, clients and values than Beringer Technology Group. We are excited to be a part of Beringer Technology Groups' future."

There is a great deal of synergy between Beringer and DeckerWright from corporate values to the tools and systems that both companies leverage. Both companies are committed to the clients and delivering superior service & support. The DeckerWright team will remain in its Red Bank location serving clients in central and northern New Jersey. Marshall and Sally Wright, along with the entire DeckerWright team have joined Beringer and bring over 60 years of management and system engineering experience to the Beringer Team.

Beringer Technology Group has built a highly skilled team of engineers, implementation specialists & a leadership team that set them apart and helps small and medium sized businesses maximize the value of their technology investments.

About Beringer Technology Group
Founded in 1993 and headquartered in Maple Shade, NJ, Beringer Technology Group is recognized as a leader within the managed service provider industry and has been in the top 1% of Microsoft's partner ecosystem as Gold certified for more than 15 years. Beringer Technology Group specializes in Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing, Unified Communication Solutions, Microsoft Dynamics 365 & Microsoft Office 365. 

For more information visit www.beringer.net, follow @BeringerTechGrp on Twitter, Facebook and LinkedIn.

MEDIA CONTACT:
Taryn Ericsen
Beringer Technology Group
tericsen@beringer.net
(856) 325-2800

 

0 Comments
Continue reading

The Week in Breach: 1/8/20 - 1/14/20

dark webUnited States - Alomere Health 

Exploit: Phishing Attack
Alomere Health: General Medical and Surgical Hospital

Two employees fell for a phishing scam that gave hackers access to patients’ protected health information. The first breach occurred between October 31, 2019 and November 1, 2019, while a second breach took place on November 6, 2019. In response, the company is updating its email security protocols, an effort that won’t restore the stolen data nor repair the company’s already-damaged reputation. In addition, Alomere Health could face regulatory penalties because of the nature and scope of the data breach.

United States - Contra Costa Library System

Exploit: Ransomware
Contra Costa Library System: Library Network

A ransomware attack disabled the entire library network, impacting all 26 branches. While buildings remain open, patrons have to bring their library cards to a location to manually check out books. The incident will bring significant recovery costs to the library network, which just updated its systems in 2018. For an organization with limited resources, this attack can reduce their ability to meet customer needs and invest in future opportunities.

United States - Wyze 

A cyber-security company identified an exposed database containing the personal details of millions of Wyze users. The breach, which has not been confirmed by Wyze, is an unforced error that could have serious and financial and reputational implications. Smart home technology is often targeted by hackers due to its sensitive nature, and many consumers are already unwilling to work with companies that cannot protect their personal data, especially when it impacts their peace of mind and security.

United States - The Heritage Company

Exploit: Ransomware
The Heritage Company:  Telemarketing and Fundraising Firm

An October ransomware attack ultimately forced The Heritage Company to close its doors. Shortly before Christmas, the company informed the staff that their operation was no longer tenable, even noting that the CEO was paying salaries out-of-pocket in an attempt to keep business going while systems were unavailable. Unfortunately, three months after the attack, The Heritage Company was no longer financially solvent and chose to temporarily shutter its operations. The company may try to reopen if systems can be restored, but it appears likely that the institution, which existed for 60 years, was put out of business by a ransomware attack.

0 Comments
Continue reading

The Week in Breach: 12/25/19 - 12/31/19

cyber criminalsUnited States - The Heritage Company 

Exploit: Ransomware
The Heritage Company: Telemarketing Firm

A ransomware attack forced The Heritage Company to temporarily shutter its operations, even after making a ransom payment to release their critical IT infrastructure. IT admins were unable to use the decryption key to access company data, resulting in the company’s CEO notifying employees that they would not be able to return to work until at least January 2nd. The attack has already cost the company hundreds of thousands of dollars. If they can’t recoup their valuable information, it’s possible that this ransomware attack could permanently cripple their business.

United States – Ring

Exploit: Accidental Data Sharing
Ring: Video Doorbell and Security Camera Maker

Security researchers discovered Ring users’ account credentials posted on the Dark Web. The information could provide hackers with front door access to customer accounts. Given the sensitive nature of their business, this type of access could be especially problematic for users. Moreover, the episode is the company’s second cyber-security incident this year, which raises questions about their efficacy in an industry that demands excellence when it comes to data security and privacy.

United States - Center for Healthcare Services 

Exploit: Ransomware
Center for Healthcare Services: Mental Health and Substance Abuse Services Provider

A ransomware attack disabled a server for the Center for Healthcare Services, and IT administrators brought the entire network offline to prevent information from spreading. The company was forced to put paper signs on the doors reminding employees not to turn on their computers, and services were mostly unavailable over the Christmas holiday. The healthcare services provider is soliciting support from the FBI and other agencies to help identify the attacker and restore their services.

0 Comments
Continue reading

The Week in Breach: 12/20/19 - 12/26/19

dark webUnited States - Rooster Teeth Productions 

Exploit: Malware Attack
Rooster Teeth Productions: Entertainment Production Company

Hackers injected malware into the company’s online store that siphoned off customers’ payment details at checkout. The breach was first detected on December 2nd, and the company claims that the malware was removed on the same day. However, it’s unclear why they waited several weeks before notifying customers of the breach. Rooster Teeth Productions has sent breach notification letters to those impacted by the incident, but the episode will certainly have a negative impact on the brand’s reputation at a critical time of year for sales.

 

United States - Conway Medical Center

Exploit: Phishing Attack
Conway Medical Center: Healthcare Provider

Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cybercriminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability.

United States - Central Square Technologies 

Exploit: Malware Attack
Central Square Technologies: Technology Services Provider for Public Sector Agencies

Hackers compromised the Click2Gov payment system that allowed customers to pay their utility bills online, allowing them to siphon off payment details from customers. Specifically, the breach impacts the City of Marietta, as customers who entered payment information on the website between August 26th and October 26th may have had their credit card information stolen. However, the breach does not impact those paying in person, over the phone, or who are enrolled in the auto-pay system. Unfortunately, the company didn’t identify the breach until early December, which will complicate their recovery efforts and place customers at greater risk for data misuse

0 Comments
Continue reading

The Week in Breach: 12/11/19 - 12/19/19

CyberCrimeAcademy Sports + Outdoors: Sporting Goods Retailer

Hackers used previously stolen, legitimate login credentials to access customer accounts. The company noticed the breach after unusual activity was detected on certain user logins. In response, Academy Sports + Outdoors is encouraging customers to reset their passwords. Unfortunately, the breach occurred during the busy holiday shopping season, and customers have increasingly shown that they are less willing to engage with platforms that have a track record of cybersecurity lapses. This could harm the company’s sales at a critical time for gaining traction.

Complete Technology Solutions: IT Service Provider

A ransomware attack on Complete Technology Solutions, an IT service provider for dentistry practices, disrupted operations at more than 100 practices. When a company server was compromised, it allowed hackers to infect client computers with ransomware that disabled network security, data backups, and phone services. The attack began on November 25th and has continued to disrupt services more than two weeks later. Complete Technology Solutions declined to pay a $700,000 ransom to release the information, and decryption keys later provided by the hackers only unlocked some of the affected computers. As a result, the recovery process is incredibly complicated, and it will certainly have long-term repercussions for the company.

Prison Rehabilitative Industries & Diversified Enterprises (PRIDE): Private, Non-Profit Social Services Organization

PRIDE was struck by a ransomware attack that crippled its website and brought its services offline. The attack, which first occurred on December 7th, continues to disrupt services nearly a week later. As a non-profit organization, PRIDE will have a difficult time procuring the resources to remove the malware, and the service outages are making it difficult or impossible to fulfill their mission and provide critical services to a client base in need.

0 Comments
Continue reading

The Week in Breach: 12/04/19 - 12/10/19

CyberCriminalUnited States - McLaren Health Plan 

Exploit: Phishing Scam
McLaren Health Plan: Health Maintenance Organization

A successful phishing attack on one of the company’s third-party vendors compromised patient data at McLaren Health Plan. The hackers used a compromised email account to send spam emails, putting patient data at risk. The exposure will inevitably lead to reputational damage, and the sensitive nature of the information breached will invite scrutiny from healthcare regulators along with the prospect of financial penalties.

 

United States - On The Border

Exploit: Malware Attack
On The Border: Casual Restaurant Chain

Hackers installed malware on the restaurant’s payment processing platform, which provided access to customers’ payment information from locations across 27 states. The attack occurred between April 10th and August 10th, and it did not include franchised restaurants or catering orders. Unfortunately, the breach wasn’t discovered until November 14th, giving hackers ample time to misuse customers’ personal information and financial data. Moreover, it’s unclear why the company waited several weeks to notify customers of the breach, a misstep that will certainly slow the recovery process.

United States - New Jersey Shakespeare Theater 

Exploit: Ransomware Attack
New Jersey Shakespeare Theater: Theater company dedicated to Shakespeare

A ransomware attack has disabled the company’s access to its ticketing system and patron database. The attack arrives as the company is scheduled to begin its holiday production, a significant draw for the theater. The first showing was cancelled while the company developed an alternative ticketing method. Fortunately, customer data was fully encrypted and not viewable by hackers, but the Shakespeare Theater also can’t access this information. In response, customers are being asked to bring confirmation emails or ticket stubs to the performance so that the show can go on.

0 Comments
Continue reading

The Week in Breach: 11/27/19 - 12/03/19

dark webUnited States - DeBella’s Subs

Exploit: Malware Attack
DeBella’s Subs: Rochester-Based Restaurant Chain

Credential stealing malware was discovered in the restaurant chain’s information systems almost a year after the initial incident. However, the company acknowledged that the breach investigation was completed well before the company notified the public, a misstep that will undoubtedly mar the recovery process. The company is taking steps to ensure that this type of attack won’t be successful in the future, but that won’t help the hundreds of thousands impacted by this data breach.

 

United States - Great Plains Health

Exploit: Ransomware
Great Plains Health: Local Hospital

A ransomware attack disrupted many services at Great Plains Health, including email and other internal communication technologies. As a result, the healthcare provider has cancelled some procedures and appointments, while continuing to provide emergency services as needed. Whether Great Plains Health ultimately decides to pay the ransom or to attempt a recovery from backups, the result will undoubtedly be expensive. Especially when coupled with the opportunity cost and reputational damage that accompanies a data breach, the consequences of a ransomware attack can be financially devastating and long-lasting.

United States - Magellan Rx Management 

Exploit: Phishing Scam
Magellan Rx Management: Full-Service Pharmacy Benefit Manager

An employee fell for a phishing scam that provided hackers with access to his account, which contained health plan member data. The breach occurred back on May 28th, and it wasn’t identified until July 5th. However, it’s unclear why the company waited until November before disclosing the breach to the public. Officials haven’t found any evidence that the data was misused, but the lengthy response time makes it more difficult for those impacted by the breach to secure their information before it’s used for nefarious purposes.

0 Comments
Continue reading

The Week in Breach: 11/20/19 - 11/26/19

cyber criminalsUnited States - Select Health Network

Exploit: Unauthorized Email Account Access
Select Health Network: Indiana-Based Collection of Healthcare Providers

An employee’s compromised email account credentials were used to access sensitive data for thousands of patients. The data was accessed between May 22 and June 13, and it’s unclear why it took the company so long to identify the breach and to report it to patients. Regardless, a small vulnerability will likely result in a sizable blow-back in the form of regulatory scrutiny, brand erosion, and potential financial repercussions.

United States - PayMyTab

Exploit: Accidental Data Exposure
PayMyTab: Hospitality Payment Platform

Cyber-security researchers located an unsecured Amazon Web Services bucket that contained the personal data for tens of thousands of PayMyTab users. Notably, the data packet was exposed because PayMyTab personnel failed to follow Amazon’s security protocols. Fortunately, the error was discovered by white hat hackers and was reported to the company, but the bucket had been exposed since July 2, 2018, giving bad actors plenty of time to locate and exploit the information first.

United States - Solara Medical Supplies

Exploit: Compromised Email Account
Solara Medical Supplies: Supplier of Diabetes-Related Treatment Products

An unauthorized third-party gained access to several employee accounts containing patient and employee data. The breach was first discovered on June 20th, and the compromised data was exposed between April 2nd and June 20th. In response, the company reset account passwords, and Solara is updating its policies to ensure that a similar scenario doesn’t occur again in the future. Unfortunately, such maneuvers won’t help patients whose data was already stolen in the breach. Moreover, the company’s lengthy response time will certainly invite increased regulatory scrutiny while giving consumers fodder for criticism during the recovery effort.

0 Comments
Continue reading

The Week In Breach: 11/13/19 - 11/19/19

cyber attackUnited States - Florida Blue

Click here for more information.

Exploit: Phishing Attack
Florida Blue: Health Insurance Provider

A phishing attack at one of Florida Blue’s third-party vendors successfully duped an employee into compromising patients’ personally identifiable information (PII). The event included less than 1% of Florida Blue’s members, but it shines a spotlight on the underlying cyber-security vulnerabilities within third-party partnerships. Now, because of an event outside of their immediate control, Florida Blue will face intense regulatory scrutiny and suffer from less-quantifiable reputational damage in the wake of breach.

United States - SmartASP.NET

Click here for more information.

Exploit: Ransomware Attack
SmartASP.NET: Web Hosting Platform

Hackers encrypted the web hosting platform’s data, crippling both its IT infrastructure and customer data. After the attack, the company’s phones and website were both inaccessible, and SmartASP.NET was forced to notify customers that their data was encrypted. In addition to encrypting customer-facing infrastructure, a common target for ransomware attacks, the attack locked up significant amounts of back end data and delayed recovery efforts considerably.

United States - Starling Physicians

Click here for more information.

Exploit: Phishing Attack
Starling Physicians: Connecticut-Based Healthcare Group

Three employees fell for a phishing scam, providing hackers with access to their email accounts which contained patients’ personally identifiable information. The breach originally occurred on February 8th but wasn’t discovered until September. It’s taken the company two months to identify those impacted by the breach and send notifications. This lengthy response time will make it more difficult for patients to protect their information, while also opening the company up to increased regulatory scrutiny that could result in fines or penalties that will compound the financial implications of the breach.

0 Comments
Continue reading

The Week In Breach: 11/06/19 - 11/12/19

the week in breach

United States - InterMed

Exploit: Compromised Email Account
InterMed: Maine-Based Physician Group

Hackers gained access to four employee email accounts that contained patients’ protected health information. The first employee account was accessed on September 6th, and the subsequent accounts were available between September 7th and September 10th. Although InterMed did not report the specific vulnerability that led to the breach, credential stuffing and phishing attacks were likely the culprit. The company’s slow response time and the sensitive nature of the compromised data will result in regulatory scrutiny that will amplify the post-breach impact.

United States - Brooklyn Hospital Center

Exploit: Ransomware
Brooklyn Hospital Center: Full-Service Community Teaching Hospital

A ransomware attack struck Brooklyn Hospital Center, making some patient data inaccessible while deleting other information entirely. The ransomware originated with unusual network activity in July, but it wasn’t until September that the hospital determined that certain data would never be recoverable. However, it’s unclear why it took another month to notify the public of the disabled or missing data. As healthcare providers both big and small face the threat of ransomware attack, this lengthy reporting delay can compound the problem as it ushers in the opportunity for more hostile consumer blowback.

United States - Utah Valley Eye Clinic

Exploit: Unauthorized Database Access
Utah Valley Eye Clinic: Utah-Based Eye Clinic

A cyber-security vulnerability at a third-party affiliate compromised personal data for thousands of the clinic’s customers. The incident resulted in patients receiving fraudulent emails indicating that they received a payment from PayPal. The breach was only recently discovered, originally occurring on June 18, 2018, so patient data has been exposed for a significant duration. As a result, the company will likely face legal penalties and lost revenue due to exposed protected health information (PHI).

0 Comments
Continue reading

Security Concern #3 - Physical Security

physical securityOne of the lesser emphasized areas of cyber security is physical security. HIPAA regulations cover in detail the physical security of computer systems. If you get a HIPAA Risk Assessment and it doesn’t include on-site visits to each location, the Risk Assessment document is incomplete. A growing area of concern is mobile computing, and multi-factor authentication using smart phones. With data now readily accessible outside the office, physical security has taken on new meaning. 

Breaching physical security of data systems means that a person who is unauthorized gains access data. The unauthorized person is most likely an employee, but could be a client, vendor, criminal or other person. The most common physical data breach happens when a computer systems is left logged in and unattended. A curious employee would be able to impersonate an authorized person and gain access to data they should be seeing. 

As part of a HIPAA Risk Assessment, physical security of a company’s data systems are evaluated. Are the computers in areas secured from unauthorized persons? Very often computers need to be in areas where they intersect with unauthorized persons, such as in a retail environment. In cases like this, computers should be set with short timeouts to lock the computers when not in use. Laying out a work space so that monitors are not facing public areas is also a good practice. 

Local data storage on servers, computers and storage devices must also be protected. The best practice is to have the servers hosting the data to be in a secured and locked room. The room must have adequate ventilation to ensure the room remains at room temperatures. Servers need to be protected from theft so that the data on them is protected. 

The latest threat to physical security is the increasing dependence on mobile computing. Smart phones, tablets and laptops are setup to access corporate data with remote access software. Sometimes corporate data is also stored on these devices. Since there is no way to “lockup” a mobile device, precautions must be implemented to protect the corporate access to data on the devices. Devices should be protected with a password or bio-metrics for access. Any data on the devices should be encrypted. The operating assumption from a security perspective isn’t if the device will be lost or stolen, it is when the device is lost or stolen.  Without planning and implementing best policies on mobile devices, a criminal can gain access to corporate data by stealing a mobile device. 

The smart phone has become the de facto “token” for multi factor authentication (MFA). Smart phones serve as MFA tokens either by getting a text message with a six digit code, or through apps like Google and Microsoft Authenticator. A criminal wanting to impersonate you has a high interest in stealing your cell phone. A recent Wall Street Journal article chronicles how cyber criminals targeted a person and stole his phone to gain access to his MFA (He Thought His Phone Was Secure; Then He Lost $24 Million to Hackers). His estimated loss was over $24 million dollars.

https://www.wsj.com/articles/he-thought-his-phone-was-secure-then-he-lost-24-million-to-hackers-11573221600

Physical security is often over looked in our high tech industry, but it must be considered and planned for in order to protect corporate data.

Click HERE for HIPPA physical security regulations.

0 Comments
Continue reading

The Week In Breach: 10/23/19 - 10/29/19

United States - BillTrust

Exploit: Ransomware Attack
BillTrust: B2B Billing Service Provider

A ransomware attack crippled BillTrust’s customer-facing systems, forcing them to bring all infrastructure offline to stop the malware’s spread. The company discovered the attack on October 17th, and it’s taken nearly a week just to begin recovery efforts. Fortunately, Billtrust maintained backups that were unaffected by the attack, which made it possible to avoid paying the ransom demand. Nevertheless, the lost revenue, reputational damage, and recovery expenses will definitely chip away at the company’s bottom line.

United States - Kalispell Regional Healthcare

Exploit: Phishing Attack
Kalispell Regional Healthcare: Family Healthcare Provider

Several employees fell for a phishing campaign that compromised their login credentials and patients’ personally identifiable information. Hackers accessed the data between May 24, 2019 and August 28, 2019. As a result, the company will bear the cost of identity and credit monitoring services for all victims, and they will face intense regulatory scrutiny. Brand reputation is also jeopardized, as the hospital was formerly recognized as a highly-ranked healthcare provider for their cybersecurity practices.

United States - Ocala City

Exploit: Spear Phishing Attack
Ocala City: Local Municipality

A spear phishing attack convinced an Ocala City employee to transfer $640,000 to a fraudulent bank account. The account still had $110,000 left when the city identified the scam, but cybercriminals still walked away with over $500,000. To trick the employee, cybercriminals sent an email purportedly from one of the city’s construction contractors and requested payment to a bank account that did not belong to the contractor. While the email and bank account were fraudulent, the invoice was legitimate, which made this incident especially difficult to detect.

0 Comments
Continue reading

The Week in Breach: 10/30/19 - 11/5/19

WEB.COM

Exploit: Unauthorized Database Access
Web.com: Domain Name Registration and Web Services Provider

An unauthorized third party accessed Web.com’s network, which compromised their customers’ personally identifiable information. The intrusion took place in August 2019, but IT personnel were not able to identify the breach until October 16th. Data breach notifications went out this week, but the significant detection delay will certainly compound the damage for both the company and its customers

sPower

Exploit: Cyber-Attack
sPower: Renewable Energy Provider

sPower was the victim of a cyber-attack that brought down its services and disconnected its hardware from the electrical grid. Although the attack occurred in April, the details are emerging as part of a Freedom of Information Act filing by reporters covering the energy sector. Hackers were able to leverage a vulnerability in the company’s firewall that allows outside entities to access their network. The event could significantly harm the company’s reputation within the energy industry, impacting its ability to land future contracts and compete with other companies.

United States - City of San Marcos

Exploit: Cyber-Attack
City of San Marcos: Local Government Municipality

Hackers accessed the city’s computer systems and restricted access to significant portions of their IT infrastructure. The attack, which began on October 24th, brought down email accounts and other communication services. As a result, messages sent to city employees were not delivered, though government facilities remain open. Recovering from the attack is proving especially difficult, as the services are still restricted for more than a week after the initial event. To prevent further attacks, employees are being asked to change their passwords and enable two-factor authentication on their accounts.

0 Comments
Continue reading

The Week in Breach: 10/16/2019 - 10/22/2019

CyberCriminalUnited States - Pitney Bowes Inc.

Exploit: Malware attack
Pitney Bowes Inc.: Mail Management Company

A malware attack prevented Pitney Bowes’ employees and customers from accessing critical services. The company, which specializes in mail management, lost business directly as a result of the attack. Customers were unable to refill postage or upload transactions on their mailing machines. In addition, news of the announcement sent the company’s shares down 4%, which underscores the many ways that a cybersecurity incident can negatively impact a company’s bottom line.

United States - Alphabroder

Exploit: Ransomware Attack
Alphabroder: Promotional Product Supplier

A ransomware attack temporarily halted Alphabroder’s processing and shipping platform. Since the ransomware prevented the company from executing orders, Alphabroder was forced to make a statement on social media and interrupt most business processes. Alphabroder did subscribe to cybersecurity insurance to help offset the costs, but the reputational damage and long-term infrastructure costs can be difficult to quantify and are capable of significantly dampening the company's financial prospects in the near term.

United States - Stripe

Exploit: Phishing Attack
Stripe: Online Payment Processing Company

Hackers are deploying fake and invalid Stripe support alerts to engage customers and procure user credentials. After clicking on the fictitious support alert, users are prompted to enter their bank account information and user credentials on a fake customer login page. This isn’t the first time that Stripe customers have been targeted in phishing attacks, and such attacks are becoming increasingly sophisticated and prevalent.

0 Comments
Continue reading

The Week in Breach 10/02/19 - 10/08/19

cyber criminalsUnited States - Zynga

Exploit: Unauthorized Database Access
Zynga: Social Game Development Company

Hackers gained access to the company’s database, which exposed the personally identifiable information (PII) for millions of customers. The company discovered the breach in September, and they responded by hiring an external investigator to determine the scope and severity of the breach. Unfortunately, by the time they responded, hackers uploaded user data to various hacker forums.

The data breach applies to all users of the platform’s popular Words with Friends gaming app on Android and iOS who registered on or before September 2, 2019. In addition, some users of Draw Something, another mobile game produced by Zynga, were compromised. The exposed information includes names, email addresses, login IDs, hashed passwords, password reset tokens, phone numbers, Facebook IDs, and other Zynga account details. Since this information is already available to bad actors on the Dark Web and will be used to perpetuate additional cybercrimes, those impacted by the breach should carefully monitor their accounts while being especially watchful for other fraudulent communications.

United States - Tomo Drug Testing

Exploit: Unauthorized Database Access
Tomo Drug Testing: Medical Laboratory Providing Drug and Screening Services

An unauthorized user gained access to Tomo’s customer database, which contained a treasure trove of personal data. Upon discovering the access, Tomo hired an external forensic firm to investigate the incident, which confirmed that customer data was either deleted or removed from the database. Although Tomo can’t confirm that hackers downloaded data, they are charged with notifying their customers and regulatory bodies of the incident. This could bring additional expenses and revenue reductions to the drug testing company. Moreover, the company will certainly face additional criticism and scrutiny for its lengthy reporting process and the sensitive nature of the compromised information in question. The breach occurred on July 1, 2019 but wasn’t officially reported until this week.

Tomo confirmed that personal data, including names, driver’s license numbers, Social Security numbers, and drug test results could be compromised. The drug testing company has set up a designated helpline, and they encourage those impacted by the breach to acquire a free credit report to identify abnormalities.

United States - Zendesk

Exploit: Unauthorized Database Access
Zendesk: Customer Service Software company

More than three years after the event, Zendesk acknowledged a data breach after a third party notified the customer service software company of unauthorized data access. The breach impacts Support and Chat accounts, and it includes personal data from all categories of Zendesk users, including customers, agents, and end users. The company is resetting all passwords for users that registered before November 1, 2016. However, the platform touts many high-profile companies as clients, which means that the breach could have far-reaching repercussions for all stakeholders involved.

 The personal details of customers, agents, and end users were compromised in the breach. This includes names, email addresses, phone numbers, passwords, and other technically-oriented data. The company is contacting all customers who could be impacted by the breach, and those affected should reset their Zendesk passwords and any redundant passwords used on other platforms.

0 Comments
Continue reading

Security Concern #2 - Employees

security concernsDespite the industry focus on cyber-criminals and defending against different attack methods, employees continue to be the primary source of data loss to businesses. In this article we will discuss different documented ways employees have stolen corporate data for the employee’s benefit.

Employees achieve economic gain by stealing business data through three primary methods. First, an employee can steal cash from a business. Often an employee is entrusted with taking care of the company’s financials. If the employee has end to end authority over financial transactions, it is easy for the employee to divert funds into their pockets. There are many examples of this type of employee criminal behavior including processing false reimbursement vouches, cashing fraudulent checks and paying factious invoices to company’s controlled by the employee or an accomplice. Safeguarding the company’s accounting system is based on establishing clear procedures with at least two people involved in every transaction. The person processing accounts payable should NOT be the person paying the bills.  Expense vouchers and bills should be reviewed by a second person prior to payment to reduce fraud.

The second way employees attempt to profit by stealing business data is to use that data to either enhance their position with a new employer, or to start their own business. The most common theft is of client contact and sales information which can be used by the new entity to market to company’s clients.  There are two ways to combat this type of loss. One method uses tools after the theft to legally pursue the former employee, and the second relies on technology to try and stop a theft in progress. In order to pursue a former employee for possible data theft a company needs both contractual protection and electronic proof of theft. Legal protection is normally included in the employee hand book or employment contract. Electronic proof can come from phone logs, computer security logs, videos, emails and hi-tech monitoring software. Putting together the evidence of theft is often impossible for companies that haven’t done the proper up front work to retain log files and archive emails. 

The third way employees attempt to capitalize on business data theft is by selling the data. A recent example of this was the Capital One data theft. The cyber-criminals used knowledge gained as a former employee to gain access to Capital One’s client financial data. Once stolen, the employee attempted to market the data on the internet. These types of threats are increasing in frequency and intensity. Methods to prevent these types of business losses include limiting employee access to only the data they need to perform their business tasks. Make sure logging is enabled and that log files get archived so that if there's a breach, log file forensics can determine who and what was taken.

DeckerWright supports multiple employee tracking software systems including Veriato and Teramind. These software solutions track everything an employee does and can provide alerts if the employee is doing suspicious activities. While these solutions aren’t cheap, they do provide a method for using technology to both prevent and then document employee data theft.

Click HERE for more information.

0 Comments
Continue reading

Remote Users: Security Concern #1, Cyber Criminals

BOYDOne of the major trends in our industry has been the proliferation of remote workers using “Bring Your Own Device” (BYOD). Since the devices are owned by the employee, corporate security teams cannot install their software. Company data may be accessed by two methods, either directly through apps, or indirectly through remote desktop capabilities. Both methods rely on a device that is outside of the corporate IT infrastructure in the possession of an employee. Either method exposes the company’s data to loss to cyber criminals. To understand why, this article discusses some of the tools cyber criminals can deploy to exploit remote employees. 

In the normal course of our business, we help clients monitor activity of their employees on their devices. The “good guy” monitoring software provides a window into the types of tools used by cyber criminals to compromise a company’s security and gain access to valuable data. These tools include key stroke logging, click logging, URL logging, screen shots, access to log files and an inventory of software used by the employee. In the hands of a skilled cyber-criminal these tools would allow the cyber-criminal to impersonate the employee to gain access to the companies systems.

Here’s how. The software inventory tells the cyber-criminal what software they need installed to make the connection. The key stroke logger will provide the user name and password, and the screen shots will provide information about the connection, including clues about the multi-factor authentication. If a VPN tunnel is setup, the cyber-criminals can remote control the employee’s computer to gain access to the configuration of the VPN tunnel to gain any keys. With no multi-factor authentication (MFA), the cyber-criminal would have enough information to gain access to most systems with just this information. 

The most common form of multi-factor authentication is to a cell phone. Cyber-criminals have two methods for getting the MFA codes from a smart phone. One method is to get malware installed on the employee’s phone that forwards any codes received to the cyber-criminal, or allows the cyber-criminal remote control.  The more common method used today is for the cyber-criminals to take the employees phone number by impersonating the employee with the cellular phone company. Once the phone number is switched to their own device, the criminals can get the MFA codes directly. Both of these methods have been documented as used by cyber-criminals. 

A cyber-criminal could also use an active session to impersonate an employee when they aren’t working to gain access to information. Cyber-criminals controlling a device could also inject code into a company’s systems to search for and exploit weaknesses in internal systems. Since the screen shots will reveal the company’s internal systems, the cyber-criminals can tap the vast library of hacker’s tools to compromise the system. The success of either of these methods may allow the cyber-criminal to gather corporate information.

Any remote device compromised and controlled by a cyber-criminal can become a gateway to your company’s data.

Click here for more information.

0 Comments
Continue reading

The Week in Breach: 9/30/19 - 10/4/19

United States - Thinkful

Exploit: Unauthorized database access
Thinkful: E-learning website for developers

By leveraging an employee’s stolen credentials, an unauthorized third party was able to access the company’s database. While sensitive data, such as social security information, was not exposed, it’s possible that other personal information was accessed. In response, Thinkful has notified its users of the data breach, and is requiring password resets on all accounts. While the company wrote to its users that it is taking additional steps to enhance security, these efforts will not help those whose credentials were already compromised in the breach. This incident follows on the heels of the company being acquired by Chegg.

Users’ Social Security numbers were not compromised in the breach, but other personal information could have been accessed by hackers. Users should create unique passwords, enroll in multi-factor authentication, and monitor their accounts for suspicious activity in the wake of the attack.

Thinkful’s data breach announcement is especially problematic since it immediately followed news that the company was being acquired by Chegg. It’s unclear how this cyber-security incident will impact the deal, but cyber-criminals often target small companies before an acquisition, hoping to infiltrate their IT infrastructure before coming under the protection of the larger, more robust system of their new parent company. Therefore, businesses must consider cyber-security as both a moral imperative and a financial necessity, especially in the realm of mergers and acquisitions.

United States - Campbell County Memorial Hospital

Exploit: Ransomware
Campbell County Memorial Hospital: Healthcare provider operating as part of the Campbell County Health Department

A ransomware attack on Campbell County Memorial Hospital forced the healthcare provider to divert ambulance services, cancel surgeries, and stop admitting patients. The hospital’s emergency room remains operational, but many services are curtailed. Hackers did not send a ransom demand, leaving hospital IT administrators grappling for a solution. Campbell County Memorial Hospital reports that no patients were harmed because of the outage. However, with no solution in sight, patient care remains dubious and the long-term financial ramifications of the incident could be extensive.

United States - Southeastern Pennsylvania Transport Authority

Exploit: Malware attack
Southeastern Pennsylvania Transport Authority: American transport authority

The online store for the Southeastern Pennsylvania Transport Authority was victimized by Magecart malware, a data skimming attack that steals customer data at checkout. In response, the department permanently closed their online store. The malware was spotted on July 16th, but it took the agency more than two months to gather relevant data and notify customers. The lengthy delay could have compromised additional users while also exacerbating the inevitable PR nightmare that always accompanies a breach.

Hackers gained access to the most sensitive form of e-commerce data, including names, credit card numbers, and addresses. Since this information can quickly spread on the Dark Web and then used to perpetuate additional financial or identity fraud, those impacted by the breach should notify their financial institutions and enroll in identity and credit monitoring services as soon as possible.

0 Comments
Continue reading

Mobile? Grab this Article!

Qr Code

Latest Blog

The advent of Covid-19, a Coronavirus, is accelerating a trend we have been seeing with our clients for many years. Employers are seeking out the best person for the job regardless of where they may be located. Many of our clients have employees scattered around the country,...

Account Login