Blog

Outside or internal attacks, which is the bigger cyber threat to financial services?

Many financial service organizations pay close attention to security measures that can prevent outsider attacks while focusing less on internal threats. No organization likes to think their employees— either maliciously or mistakenly— will cause harm to their organization, but it’s a very real threat.

Malware is one of the techniques cyber criminals use to gain profit from the financial service industry. (Photo/Flickr)

In fact, IBM and the Ponemon Institute estimated that in 2016, while 50% of data breaches were caused by malicious or criminal attacks, 27% resulted from system glitches and 23% from negligent employees. The balance shifted slightly in the most recent data from the 2017 study which said that 47% of all breaches in this year’s study were caused by malicious or criminal attacks, 28% from negligent employees, and 25% system glitches.

Year-over-year, the balance between outsider and internal cybercrime is neck and neck. So, should financial service organizations rethink their strategy?

What does the data mean?

Most importantly, these statistics reveal that data security strategies need equal protection against both internal and external threats.

Common insider cyber issues

Sometimes these attacks aren’t meant to be malicious, there are instances of glitches or mistakes that can lead to lost data. For example:

  • Lost laptops with easily compromised files and folders
  • Insecure login credentials that are easily compromised
  • Human-error
  • Weak infrastructure

While these harmless mistakes may make up a part of the internal threat, there are also more malicious objectives from employees that should be addressed as well.

Insiders, especially in the finance vertical, have access to sensitive information on a regular basis. These employees may also know how the information is protected and where vulnerabilities are. If your employees want to steal it or leak information for personal gain, they likely can do it with greater ease than outsiders.

Common issues for outside crime

Some of the outside crime can also overlap with vulnerabilities from internal negligence. To enter a network, cyber criminals usually need credentials of an internal member. Employees with weak passwords or companies with lackluster password policies may make it easier on cybercriminals. Some common methods and viruses’ hackers use to gain access to your site, software, or network include:

Once inside the system, it can take anywhere from a few seconds to a few months before the attack is noticed.

Which is costlier?

Insider or outsider, there is no good way to be breached. They are both devastating. But is one more expensive than the other?

In general, according to IBM and Ponemon Institute, malicious attacks were more expensive on their face, “Companies that had a data breach due to malicious or criminal attacks had a per capita data breach cost of $236, significantly above the mean of $221. In contrast, system glitches or human error as the root cause had per capita costs below the mean ($213 and $197, respectively).”

Still, there are additional costs associated with internal breaches that are difficult to account for. What if your employee is selling secrets that now limit your revenue growth? How about the cost of attrition, hiring new employees and fixing your reputation?

Internal threats are certainly worth paying attention to.

How to protect your company from both threats

To effectively prevent data breaches, companies in the financial industry need to invest in the infrastructure and expertise to protect themselves. Here are a few tips that can be easily implemented:

  • Consider hiring a Chief Information Security Officer (CISO), who is a trained and certified staff member responsible for developing, executing and maintaining a security and emergency incident response plans to ensure you are prepared in the event of a breach.
  • Implement employee training on cybersecurity so they can be aware of the importance of password protection, and common schemes that cybercriminals use.
  • Require safeguards like stronger password security, more complex passwords that are difficult to hack.
  • Keep track of employee access levels and change them accordingly and frequently. Use systems for safe, secure document sharing and only provide access to employees who need it.
  • Change passwords regularly and immediately after an employee leaves.

Learn more about how EZPD can complement your current cybersecurity efforts and protect your company both internally and externally.

Questions about cybercrime every finance company needs to ask

Financial service companies are a massive target for cybercriminals. This is—and will continue to be—inherently true due to the nature of the business. Financial service companies manage sensitive data, which is a draw for criminals who sell sensitive data on the black market for profit. And every company is only one mistake away from a cyberattack.

The financial service industry is highly targeted for cyber crimes. (Photo/Creative Commons)

In 2015, online magazine QZ, discovered a listing on the dark web selling an individual’s identity for $248.22, for this price, the buyer would also have access to an American Express with a $10,000 limit. Now imagine your customer’s data getting hacked. And hundreds, if not thousands, of identities and financial data are stolen.

That’s a decent payday for the criminal, and extraordinarily detrimental to your client list.

If you work in the financial services vertical, regardless of the size and scope of your organization, defending against cyber vulnerabilities will be the most important component of your reputation.

So, ask yourself some questions:

How closely do you monitor each vendor you work with?

Companies have recently found themselves falling victim to costly and damaging data breaches as a result of a third-party service provider’s security failures. In fact, the infamous Target data breach was a result of a third-party service failure. In this case, one of Target’s vendors fell for a phishing scheme which installed malware onto their computer. From there, hackers were able to gain access to target’s internal data by stealing the vendor’s login credentials.

As a security precaution, experts recommend companies demand that vendors accessing their systems use legitimate anti-malware software, a two-factor authentication for anyone accessing sensitive information, and strong password protection for files containing sensitive information.

How about your vendors’ third parties?

Much like monitoring your third-party, your vendor’s third parties can also be a risk.  If a third-party vendor is affected by a ransomware attack that takes them offline, how quickly would you find out about it? Do you know how that outage would affect your vendors? Additionally, would you have protections in place if the attack spread to your vendor, who is the direct tie to your critical information?

How widely does your organization operate?

If your business operates in more than one location, have you taken the time to understand how security risks change per region?

According to Information Systems Audit and Control Association (ISACA) companies with multinational locations often have variances in their security model. This variance can create holes in security. Additionally, data are transferred and modified across multiple systems, which may result in discrepancies and possible errors.

You could also apply this thought process to your vendors as well. What regions do your vendors operate in? What regions do their vendors operate in? Does their multinational business model make your data less secure?

Keeping up with cybercrime patterns and learning how other thought leaders in the space are defending themselves is imperative to your protection. Cybercriminals are becoming more sophisticated than ever which means your defenses need to continue to evolve as well.

Take action today

The first line of defense for any organization is always password management.  When communicating sensitive information with your vendors and staff, consider using a password management system that makes login credentials for internet accounts or data files invisible.

EZPD is a password generation and regeneration software that allows users to create complex passwords using node-locking technology, which means all traces of the password can be hidden.

Additionally, EZPD is different than most password managers because it does not require a master password (because we know a master password can still be compromised). And, EZPD does not use a cloud or a server to remember what passwords have been generated.

EZPD is a stealthy password generation software, learn more about our capabilities.

Why your company is only one mistake away from a data breach

Your company’s cyber protection is only strong as your company’s weakest password.

As a business owner, your reputation is of utmost importance. One mistake can jeopardize your success. 

Your workplace’s cybersecurity is only as strong as your weakest password. (Photo/Wikipedia Commons)

It’s unfortunate— but realistic—that your employees don’t share your devotion or urgency to protect internal data. This means you’re only as strong as your organization’s weakest password. And, according to a recent study by Verizon, 63% of data breaches are caused by weak, stolen or reused credentials.

With that in mind, it becomes increasingly important for business owners to be proactive. How can you ensure your employees are creating and storing passwords well?

Tips for strengthening your passwords internally

  • Never allow an admin to manage software or assets under their name. Always insist accounts are under the organization’s name.
  • Centralized ownership and control over passwords.
  • Immediately reset passwords after employees leave.
  • Create role-based access permissions.
  • Require your employees to change their password every 90 days.
  • Create password requirements to ensure their strength.

Staying on top of password protection can be difficult. To take control of your employee’s password strength, it’s on the employer to provide the tools necessary for success.

Provide your employees with EZPD

When a company requires employees to change their password often, running out of password ideas is commonplace. The process can cause less creativity or redundancy with passwords used. So, it should come as no surprise that 73% of online accounts are guarded by duplicate passwords.

Using duplicate passwords is risky because if one account is hacked it can create a snowball situation. Any data in your network, protected by duplicated passwords, will be at risk in the event of a data breach.

Which makes EZPD a viable solution for business owners.

EZPD is revolutionary software that allows its users to easily generate and regenerate complex passwords. Users can specify what characters, symbols and length to meet their password requirements. Then, at the click of a button, a password will be generated. EZPD also offers several features unheard of in current password management systems. This eliminates password syndrome and creates unique benefits for an organization.

A cloak of invisibility

One of the differentiating features of EZPD, compared to other password management programs, is that you never have to make your password visible with EZPD.

EZPD operates from a license file and node-locking system. This means two things:

  1. Passwords are connected to a license file which is registered to unique devices. Only those with access to a license file can access their passwords. As long as a user has access to their license file, they are able to:
    • Generate a password
    • Then delete EZPD from their computer
    • Redownload EZPD when they need to access their password
    • Regenerate passwords at the click of a button
  2. When a user generates or regenerates a password with EZPD, the information is automatically copied, which means the user simply pastes the string of characters into the necessary account.

If the user wanted to ensure security, they would never need to make their passwords visible. This cloak of invisibility makes it difficult for passwords to be stolen.

Role-based access permissions

EZPD also allows its users to share license files. If a sensitive data file needs to be shared to specific shareholders in a company, it’s best to password protect the file and find a way to share the password securely than risk submitting it via email, chat or as a written note.

With EZPD software, license files can connect multiple, authorized devices, which can regenerate the same passwords for programs without submitting them electronically or manually. It also guarantees centralized and controlled ownership of important data.

Like password generation or regeneration with an individual license file, only those with access to a license file can access their passwords, and once a password is generated, it simply needs to be pasted into the password field. There is no need to make the password visible.

EZPD can be redownloaded as often as necessary and users can create over 3,500 unique passwords through the program. Learn more about the unique features of EZPD and how it can protect your business from being breached.

How is EZPD different than other password managers?

In today’s word, most of us realize the importance of creating strong passwords to protect our most sensitive information. We understand that using the same credentials for each account is dangerous because one breach can easily snowball into something far more serious and wide-reaching. 

Password managers have shortcomings many users aren’t aware of. (Photo/Pixabay)

But, when it comes to keeping track of our passwords, well that’s a different story.

Because of the complexity and number of passwords we deal with each day, many internet and software users try programs that store their passwords for easy access and organization.

What most people don’t realize is, password managers are also susceptible to hacking.

What is a password manager?

Most password managers generate and store online passwords for its users. Many users also store other information like PINs, credit-card numbers, CVV codes, answers to security questions to their password managers as well.

Some other common attributes of password managers may be that they automatically log into sites for you, or audit your password strength. Others verify that you’re not using the same in too many places.

While these features seem positive, there is one glaring red flag users need to be aware of.

How password managers store your information

Most password managers require a master password. This is the one and only password you need to remember, and it unlocks the vault which holds all of your information. If this master password is compromised, so is all of your information. This poses an additional problem for users who store financial data on their password managers.

The second problem with password managers is how individual companies store data. Many password managers use a cloud or a server to remember what passwords they have generated for their users. Therein lies the problem. Servers and clouds can also be hacked.

Therefore, what seems like a secure method for password generation may not be after all.

What to look for in password management

The best password protectors should have components within them to ensure your true protection. So, what specifically is the most important thing to think about when it comes to a password manager?

Storage

The best password managers will not store your information on the cloud or otherwise. EZPD, a password generation and regeneration program, takes a unique approach to password protection.

EZPD uses a node-locking software which means that your password is never stored, only regenerated at your devise. And only computers with your unique license file are able to regenerate your password.

Master passwords

Rather than remembering a master password, EZPD equips its users with a license file. Upon signing up for EZPD, you’ll be emailed a unique license file that only works on your authorized computer. The license file is what activates and deactivates the node-locking software.

You can erase the license file from your computer after you’ve accessed your passwords and redownload it as many times as you want.

By using a license file, hackers from the outside are unable to locate where your passwords are stored making it virtually impossible to compromise them.

Flexibility

In addition to safe storage and a license file, you also need a password manager with flexibility.  EZPD makes it easy to create an unlimited amount of unique and complex passwords. With EZPD you can customize the length (up to 96 characters) and which symbols, characters and case sensitivity you need to satisfy password requirements.

Above all, it’s important to remember that not all password managers, and the characteristics associated with them, are created equally. Picking the best password manager is important for your safety and protection.

Learn more about how EZPD can protect you today.

How thieves are stealing your tax return

We are in the midst of tax season. And, while we are busy collecting our w2s, 1099s and 1095s, identity thieves are equally busy scheming their next attack.

Tax-related identity theft is one of the IRS’ “Dirty Dozen” tax schemes. (Photo/Flickr)

Tax-related identity theft is when someone uses your Social Security number to file a tax return and fraudulently claim your refund. Tax refund fraud affects hundreds of thousands of U.S. citizens each year. In fact, the IRS estimated that during the first nine months of 2016, the agency was able to stop 787,000 fraudulent returns totaling more than $4 billion. Unfortunately, the IRS still paid out $239 million in “suspect” refunds, which means thieves have a lucrative incentive.

Not to mention, after the Equifax breach in 2017, the IRS worries leaked social security numbers will increase the number of tax-related identity theft significantly for this coming tax season. Additionally, early reports show that identity thieves who specialize in tax refund fraud have been hacking online accounts at multiple tax preparation firms to uncover sensitive information.

Tax-related cybercrime is currently listed as one of the IRS’ “dirty dozen” scams to look out for.

It’s imperative to stay ahead of the curve. Learn about common tax season fraud schemes, what red flags indicate you may be a victim, and what you can do to stay protected.

What are the red flags?

The worst part of tax-related identity theft is that most victims don’t even know they’ve been preyed upon until their tax return gets rejected because scammers beat them to filing it.

If you start to receive payments or information about your refund before you’ve filed, it’s a strong indicator that you may be a victim of tax-related identity theft. According to the IRS, other telltale signs to look for include:

  1. More than one tax return was filed using your SSN.
  2. You owe additional tax, refund offset or have had collection actions taken against you for a year you did not file a tax return.
  3. IRS records indicate you received wages or other income from an employer for whom you did not work.

Additionally, it’s common for criminals to pretend to be debt collection agency officials acting on behalf of the IRS. Criminals will place harassing phone calls urging you to pay your debts.  

What can you do if you’ve fallen victim to identity theft?

If any of the aforementioned red flags have happened to you, take action quickly. The Federal Trade Commission (FTC) recommends these steps if you’ve been breached:

  1. File a complaint with the FTC at identitytheft.gov.
  2. Contact one of the three major credit bureaus to place a ‘fraud alert’ on your credit records. The three credit bureaus are:
    1. Equifax
    2. Experian
    3. TransUnion
  3. Stay on top of your credit history. Contact your financial institutions and close any financial or credit accounts opened without your permission or tampered with by identity thieves.

How can you protect yourself?

While the IRS recommends that you file early to ward off thieves from claiming your tax return first, this doesn’t solve everything. If your data has been compromised, thieves can still create a messy financial situation for you. Additional advice for ongoing cyber protection is the following:

  1. Always use security software with firewall and antivirus protection.
  2. Learn to recognize and avoid phishing emails. Do not click on links or download attachments from unknown or suspicious emails.
  3. If you receive threatening calls and texts do your due diligence. Is it a scammer posing as legitimate organizations such as your bank, credit card companies and even the IRS?
  4. Protect your personal data. Don’t routinely carry your Social Security card, and make sure your tax records are secure.
  5. Use strong passwords. Your passwords will always be your first line of defense. That makes it increasingly important to create strong and undetectable passwords. One way to do this is through EZPD.

EZPD is a platform that allows users to easily create strong, secure passwords up to 96 characters long. After you’ve entered your password, you can delete all traces of EZPD and your password from your computer for optimum security.

When you need access to your locked accounts, EZPD allows you to easily regenerate the same password when you need it. This increased password strength makes it practically impossible for a hacker to steal your passwords and access your accounts fraudulently.

It’s also possible to get a shared license so you can send your tax information through EZPD password protected files to your tax preparer with confidence. Learn more.

 

Why you should be concerned about storing your data in the cloud

Cybersecurity is a major concern for businesses and individuals alike. With the abundance of information and buzzwords tossed around, daily, it’s difficult to understand what you need to truly protect yourself from cybercrime.

In this article, we will explore cloud storage, one of the more popular options for data protection. But, is it the safest option?

Is it safe to store your data in the cloud? (Photo/Pixabay)

What is cloud storage?

In short, cloud storage is a service model that allows users to save, manage, back up and maintain data, remotely.  Users access their information over a network (most typically the Internet). Cloud storage is seen as protection for data in the event something happens to your computer or hard drive. Information isn’t saved locally, so it can be accessed from any device.

Some cloud storage is free, others are subscription-based.

How is cloud storage data protected?

With increased access to data comes increased security concerns and measures.

Encryption is the most important component of third-party cloud security. Encryption is when your service provider transforms data, using complex algorithms, then places the newly-concealed information on the cloud.

In order for a hacker to breach cloud security, they would need to decipher the encrypted files or have access to an encryption key. Decryption is a difficult process that requires a large amount of computer processing power and a lot of time. However, it’s not impossible.  

Clouds can be breached, which makes cloud storage vulnerable to hackers.

And, your data is only as safe as your service provider’s system architecture. If your third-party system isn’t secure, your data is increasingly vulnerable. In fact, we’ve seen third-party failures in several recent attacks. Perhaps, the most widely-known cloud hack was Apple’s iCloud.

What happened in the Apple iCloud hack?

In 2014, a collection of almost 500 private pictures of various celebrities were stolen from Apple’s iCloud and posted on imageboards like 4chan, Imgur, Reddit and more. The images were initially believed to have been obtained via a breach of Apple’s cloud services suite iCloud, but it later turned out that the hackers more likely took advantage of a security issue in the iCloud API which allowed them to make unlimited attempts at guessing passwords.

It is possible the hackers obtained millions of passwords from other, previously hacked websites and services, and the affected users repeated passwords, which allowed access to their iCloud account.

This event re-emphases that data stored in the cloud is still breachable, especially if individuals don’t pay close enough attention to their own password strength and security and your third-party cloud service has vulnerabilities.

Password security systems need to be infallible

Even with the noted vulnerabilities in cloud storage, many organizations are still relying on the system. In fact, a recent poll stated that 86% of companies use multiple cloud storage systems to protect their most sensitive information.

But, as hackers proved in the aforementioned iCloud breach, poor password security can give cybercriminals an all-access pass to your private data. It becomes your responsibility to find safe ways to protect your information and develop strong password protection.

Regardless of if you opt to store data in a cloud or not, your most important defense is your password protection. Which is why you should consider a software like EZPD.

What is EZPD?

EZPD is a unique password generation and regeneration that uses a complex algorithm to create secure, untraceable passwords. EZPD does not store your passwords in a cloud or on your computer which means that they are virtually invisible.

EZPD generates your unique password using a proprietary algorithm, and unique license file on command. Users can copy and paste the password without even looking at it. After you’re done using EZPD, you can delete it from your computer. When you need your password again, redownload the license file to regenerate the same password.

No one can reproduce your password without your unique license file.

With EZPD you can generate passwords up to 96 characters long that includes (or exclude) special characters. You can create different passwords for different accounts as well.

Learn more about downloading and using EZPD today.

 

5 of the largest data breaches in the U.S.

Personal information ranging from email addresses to credit card numbers were compromised as a result of the five following data breaches. What do consumers need to know about protecting themselves in the future?

First, take time to understand the types of common cyber attacks. 

Data breaches can harm the reputation of businesses and put consumers at risk. (Photo/Flickr)

Three common types of cyber attacks are:

Most data breaches are a result of one or more tricks.

    1. Malware – is a general term for software written with the intent of doing harm to data, devices or to people. Common types of malware are viruses, trojans, spyware and ransomware.
    2. Phishing – is when cyber criminals send emails masquerading as reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

  • Password Attacks – simply put, password attacks are the process of recovering passwords from data that have been stored in or transmitted by a computer system. One of the more common approaches for a password attack, brute-force attack, is when a hacker guesses repeatedly for the password and check them against an available cryptographic hash of the password.

 

Password attacks are the easiest to prevent if you take proper steps of password protection.

A combination of these attacks played a role in many of the largest data breaches in the U.S.

The five largest data breaches in the U.S.  

  1. Equifax – This breach in 2017 was a result of attackers gaining unauthorized access to private data of an estimated 143 million Americans (or 50% of American adults). Hackers were able to do this by exploiting a vulnerability in a website application called Apache Struts. Social security numbers, driver’s licenses, and birth dates are among some of the data stolen in this breach.
  2. Yahoo – In 2017, Yahoo announced that data associated with at least 500 million accounts had been stolen. Three months later, Yahoo disclosed a second breach affecting more than one billion accounts.Luckily financial information was spared in this breach, but names, email addresses and passwords were all compromised.
  3. Target – Roughly 40 million shoppers were affected by the Target hack in 2013. Victims had their credit and debit card information stolen. Cyber attackers were able to gain access to Target’s gateway server through credentials stolen from a third-party vendor. This hack is a reminder of the importance of creating strong passwords, having the ability to store them safely and change them easily.
  4. Myspace – This aging tech company confirmed a breach of usernames and passwords for about 360 million accounts. Though the severity of this attack seems small compared to others on this list, more than 80% of internet users reuse the same password for all of their accounts, including financial applications. One hack can unlock access to many doors, which makes the Myspace account dangerous.
  5. Anthem – In February of 2015, hackers broke into Anthem’s servers and stole up to 80 million records. Anthem is the parent company of other well-known and substantially-sized providers including Blue Cross and Blue Shield. The attack began with phishing emails sent to five employees who were tricked into downloading a Trojan virus. This virus enabled the attackers to obtain passwords for accessing the unencrypted data.

The healthcare system is one of the most targeting industries for cyber attacks.

How can consumers protect themselves?

When a company’s technical infrastructure is weak, a consumer is at risk. This makes it even more important to take control of your own personal account information and use best practices to protect yourself.

One suggestion is to add two-factor authentication to all your banking and brokerage accounts. A two-factor authentication starts by generating a strong password then is further secured with an extra layer of protection, like a fingerprint or an answer to a security question.

Another suggestion is to change the passwords to your accounts regularly. As hacks continue to happen at a fast pace, it’s difficult to keep up with who and what has been compromised. To be safe, change your password often.

Train yourself to keep a close eye out for scam emails. It’s easy to fall for a phishing email, they are increasingly well done. Still, there will be red flags, like the sender’s email address or contact information that can indicate malicious intent.

Stay on top of credit monitoring. Always look for suspicious information on your credit score, a sign that your financial information has been compromised.

According to a report by Verizon Enterprise 81% of hacking-related breaches leveraged either stolen and/or weak passwords. As consumers, the best way to protect yourself is by paying special attention to your password generation.

Your first line of defense password security

EZPD is a password generation and regeneration software that keeps users protected from the ever-evolving world of cybercrime. EZPD’s proprietary algorithm ensures that no one can hack your password.

With EZPD, users can generate complex passwords that include (or exclude) special characters and numbers and can be up to 96 characters long. EZPD provides users with unique license files that unlock a customized software experience for the individual user.

Without the license file specific to your device, you cannot access your passwords. After you’ve created a unique, complex password, you can delete EZPD’s program and license file from your computer to erase tracks of your password. EZPD does not store your information or require remembering a master password to unlock, unlike most password managers. When you need to access your password again (or generate a new one) you can redownload EZPD’s program and license file from the link provided to you upon sign up.

Download EZPD today.

 

Why hospitals suffer from cybercrimes and how they can protect themselves

Year-over-year cyber experts warn the healthcare industry they are among the most targeted industries for cybercrimes. Why is this? And how can hospitals protect themselves?

Patient care is at risk when hospitals are attacked by cyber crimes. (Photo/Health.mil)

The problem: By the numbers

Though the problem of hospitals being targeted for cybercrimes isn’t new, it’s one that hasn’t been properly rectified.

A 2013 Ponemon Institute survey revealed that 94 percent of healthcare organizations experienced at least one breach over since 2011 and nearly half (45%) were struck by more than five. And, since 2013, the impact hasn’t lessened.

A 2016 study by the same institute shows that 89% of studied healthcare organizations have experienced a data breach, which involved patient data being stolen or lost, over the past two years.

A specific example comes from 2017, and a worldwide cyberattack by a ransomware called WannaCry. This attack shutdown 65 hospitals in the United Kingdom. The impact of WannaCry wasn’t just on hospital computers during this attack. The reach was much greater impacting patient care, storage refrigerators, MRI machines and other critical medical equipment that operate from the hospital’s networks.

In 2016 a study by security company Solutionary found that healthcare industry was the victim of 88% of all ransomware attacks in the U.S.

So, it’s obvious that cybersecurity in hospitals is increasingly important. Why are hospitals targeted so specifically?

Why are hospitals targeted?

Hackers can take total control over hospitals. From computers with pertinent patient data to MRI machines, hackers know that hospitals will do anything to recover control of their equipment quickly.

That’s what makes them uniquely susceptible to ransomware.

Ransomware is a type of malware that locks a user out of their computer or files until a sum of money has been paid. And hospitals have a lot to lose if they are unable to access their equipment.

The most obvious issue is HIPAA compliance. If a hacker steals patient information, hospitals can be on the hook for fines, lawsuits and loss of reputation. And while privacy is important, it’s not the whole picture.

It’s also important to note that during attacks like ransomware, hospitals can lose access to patient information which can halt care. Especially if ransomware affects critical medical equipment. This doesn’t just halt hospital operations, it risks lives.

A 2016 IBM survey found that 70% of businesses who have had experience with ransomware attacks in their workplace have paid to have stolen data returned.  And, it’s estimated data breaches cost the U.S. healthcare industry an estimated $6.2 billion, annually, according to the Ponemon Institute.

How can hospitals begin to protect themselves?

What should hospitals do to protect themselves?

Ransomware is the most prevalent threat in the healthcare industry. It can delay patient care, delete data, cost money, impact employee productivity, and force a HIPAA breach notification, all from a single infection.

To prevent, fight and recover from a ransomware attack we recommend the following:

  1. Install quality antivirus and antimalware programs on all computers and servers.
  2. Have a provider scan all website and email traffic before it enters the network.
  3. Train all staff to recognize a ransomware threat and how to avoid becoming infected.
  4. All hospitals should perform regular risk assessments. Can you find vulnerabilities before a hacker can?
  5. Backup your information and password protect your backup.
  6. Limit access to your information. Only grant permissions to select staff members, and authorize access using EZPD shared licenses.

Though nothing can truly guarantee the prevention of ransomware, the aforementioned measures may help with HIPAA violations and act as a line of defense to protect sensitive files.  

Use a password protection as your first and strongest line of defense. Learn more about how EZPD can protect hospitals today.

What is ransomware and how can you protect yourself from it?

Ransomware is a type of malware that locks a user out of their computer or files until a sum of money has been paid. According to Verizon’s 2017 Data Breach Investigations Report (DBIR), ransomware is now the fifth most common variety of malware. 

Ransomware can be detrimental to users (Photo/Flickr)

The Department of Homeland Security warns that ransomware’s effect can be “devastating.” Learning how to protect yourself from ransomware is more important than ever.

How ransomware works

In order to work, a virus must first access your computer. The primary trick hackers use to breach a computer is to send a link or attachment that looks legitimate.

Once a user clicks on the link or attachment, the ransomware encrypts the computer’s hard drive, locking users out of computer files like photos, personal finance records, business information and more.

One story, as reported by Time magazine, discusses an authentic looking email from FedEx. The recipient was expecting a package in the mail, so he clicked on the attachment for delivery details. Rather than receiving information from FedEx about his delivery, he received a ransom note demanding $300 to retrieve all data on this computer.

This story isn’t an anomaly either. In fact, 59% of ransomware attacks occur via phishing emails that lure you into clicking on malicious links or attachments, according to a 2016 study by Osterman Research.

Deeper dive: What type of ransomware exists?

Ransomware can look different depending on who the hacker is and what their goals of the ransomware are. Let’s explore two types of ransomware.

Encrypting ransomware blocks files within your computer. In order to decrypt the content, victims must pay for the key, usually via bitcoin.

Locker ransomware takes a slightly different approach. Rather than focusing on files, this type of ransomware locks the victim out of their entire operating system. This means it’s impossible for a user to log in to their computer, access their desktop or any applications and files. In this case, the files are not encrypted, however, a victim must still pay a ransom to unlock their computer.

More than 5,100 ransomware complaints were reported to the FBI over the past two years. And, while the average ransom amount is $300 per computer, according to Symantec, some businesses have reported paying over $40,000 to regain access to their files or computers.

Ransomware primarily targets computers running on Microsoft operating systems. (Luckily, EZPD specializes in Microsoft operating systems.)

Who do hackers target?

Hackers that use ransomware have the motive to target a wide variety of people and organizations.

For example, cybercriminals often target startups for their breakthrough technology. Locking a startup out of their computers would be detrimental to a business’s growth. This means they are more inclined to pay a ransom to have access to their work again.  

Similarly, targeting well-established companies can yield payments for hackers too. Large companies will pay to protect sales lists, client information, or any other sensitive information they’ve collected over the years.

When criminals target hospitals, the staff becomes locked out of patient files, halting care. This means lives are potentially on the line.

Individual and personal computers are also at risk. Hackers know personal computers have less security than in some organizations, and often individuals aren’t expecting an attack. Most of us store personal information on our computers that are priceless to us.

With that said, if someone — regardless of who it is — has valuable information, criminals know there is money to be made. Companies and individuals will go to great lengths to save their data.

Still, there are ways to be proactive, and protect yourself before a criminal finds your vulnerability.

Five ways to protect yourself from ransomware

    1. Don’t click suspicious links. This is the most obvious solution. Be skeptical of all links and attachments that come your way. Read the entire email, including the email address, carefully. Check for signals that the sender might not be authentic.
    2. Back your data up, and password protect it outside of your PC. If ransomware infects your computer and have your files backed up, you don’t need to pay the ransom. They can’t steal what you’ve already protected. Your backed up files, whether you store to a hard drive or in the cloud, are only as secure as the password you use to protect them.
    3. Keep software up to date. One of the most common vulnerabilities for ransomware is out of date software on your technology. Software updates can catch and stop malicious files and viruses. If your operating system is out of date, it’s more likely they will miss suspect links and attachments.
    4. Enable a pop-up blocker. In addition to email links and attachments, malware scams can also come through websites via pop-ups that offer ‘free’ file downloads, including music, movies and games, or free access to content. Reduce the temptation to click on these by blocking them from your computer.
    5. Password protect everything. Depending on the type of malware or ransomware your computer picks up, strong and unique passwords to your personal files and internet accounts can protect your information at various touchpoints.

Password protection for your passwords

It’s also important to note, that while all ransomware strains work differently, there are cases of password-stealing malware being used in conjunction with ransomware.

The best way to keep your passwords protected from ransomware is to back up your credentials and use a secure password to protect them.

EZPD is the best solution for password protection. EZPD is a platform that allows users to easily create strong, secure passwords up to 96 characters long.

After you’ve entered your password, you can delete all traces of EZPD and your password from your computer. When you need access to your locked accounts, EZPD allows you to easily regenerate the same password when you need it.

Passwords are never stored on a PC or cloud, which makes them virtually invisible and impossible to be compromised by attacks like ransomware.

Cyberattacks get more refined by the day. As cybercriminals learn from their mistakes and tweak their malicious code to be stronger, more strategic cyber security solutions are necessary.

Protect yourself. Download EZPD today.

5 things you need to know about cybersecurity

In 2017, cybersecurity concerns dominated headlines. Between Equifax, Uber, and the SEC, virtually every aspect of the human experience was touched by cybersecurity and privacy concerns.

And, while major companies like Uber are the ones that tend to make headlines, the majority of cybercrime is directed at much smaller companies or even individual consumers. As a result, we must be increasingly diligent about learning about cybersecurity and protecting ourselves from attacks.

Read on to discover what you need to know about cybersecurity and how it impacts you, personally.

What is cybersecurity? 

Cybersecurity deals with technologies, processes and practices that protect sensitive information from attacks, damage or unauthorized access. The first line of cybersecurity defense is a strong password to protect your most sensitive information. 

Cybercrime is on the rise. How can you protect yourself? (Photo/Pixabay)

How widespread is the problem?

It’s hard to get an accurate number on the number of cyberattacks that happen each day, as the minor cyber incidents continue to grow and are often unreported. Still, here are some striking figures that might put the severity of cybercrime into perspective.

  • The FBI reported that since January 1, 2016, an average of 4,000 ransomware attacks occurs on a daily basis. Ransomware is only one type of cyber attack, it also happens to be the most expensive for victims. 
  •  Cyber Security Ventures, a cybercrime research organization, predicts cybercrime damage costs to hit $6 trillion annually by 2021. 
  • High ranking organizations such as the Pentagon and National Nuclear Security Administration reports getting millions of cyberattack attempts every day.

 Who are the victims?

It’s not just mega-corporations and high-profile organizations that are targeted. In fact, the largest demographic experiencing cybercrime are small to medium-sized businesses and individual consumers.

This segment makes for an easy target because they tend to spend less to protect infrastructure and pay less attention to detail when it comes to password creationThese three demographics often think that cyberattacks won’t get them. Until it does.

According to a report by Verizon

  • 61% of the data breach victims in this year’s report are businesses with under 1,000 employees. 
  • 81% of hacking-related breaches leveraged either stolen and/or weak passwords. 

Always remember, if there is a vulnerability, it will be exploited.

What do thieves do with the information?

There are many things thieves can do once they have breached your internet accounts, password protected documents, secure servers, application software, or anything else that holds sensitive information.

Thieves can obtain financial, medical and personal information which can all be sold on the black market for a price. Attacks in of themselves are big business, especially ransomware.

According to the aforementioned Verizon study, in the 2016 ransomware was the 5th most common form of malware and the most common in the Crimeware pattern. Ransomware means an attacker will hold files on your computer for ransom. Once a user pays, usually anonymously via Bitcoin, the files are released. It is fast, low risk and easily monetizable.

What do you need to keep in mind?

Change your strategy. Don’t rely on practices that are already implemented, just because it’s the way you’ve always done things. Technology is fast-moving and hackers are always moving.

The safest way for you to protect your information is by using software like EZPD.

EZPD is a password generation and regeneration software that keeps users protected from the ever-evolving world of cybercrime. EZPD’s proprietary algorithm ensures that no one can hack your password.

With EZPD, users can generate complex passwords that include (or exclude) special characters and numbers and can be up to 96 characters long.

EZPD provides users with unique license files that unlock a customized software experience for the individual user. Without the license file specific to your device, you cannot access your passwords.

After you’ve created a unique, complex password, you can delete EZPD’s program and license file from your computer to erase tracks of your password. EZPD does not store your information or require remembering a master password to unlock, unlike most password managers.

When you need to access your password again (or generate a new one) you can redownload EZPD’s program and license file from the link provided to you upon sign up.

Businesses that don’t protect themselves with secure passwords have a lot to lose. Learn how EZPD can protect you.

And, for continued reading, learn howwith limited resources small and medium-sized businesses of all types can protect themselves from cyber vulnerabilities.