The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, “While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most of the world’s time zones, and it really reflects the threat that criminals and cyberattacks bring.”

To read this article in full, please click here

Read More

NCSC wants to determine “the vulnerability of the UK”

Read More

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Retirement plans are an easily overlooked but often critical cybersecurity concern. Employee stock ownership plans (ESOPs), while less common than others, may face particular risks.

ESOPs can provide a valuable way to foster employee engagement and reward loyal workers, but businesses must consider their cybersecurity risks. Without proper security, these plans and those who depend on them may be in danger.

ESOP security risks

Employee Retirement Income Security Act (ERISA)-regulated plans covered an estimated $9.3 trillion as of 2018. Individual ones can hold millions of dollars, making them tempting targets for cybercriminals.

ESOPs pose unique risks, as participating employees have an ownership stake in the company. Consequently, cyberattacks that damage the business’s reputation will affect ESOP participants. Lower stock values will reduce workers’ payouts when they retire.

This ownership stake means an attack doesn’t have to target the retirement plan directly to impact its participants. Any cybersecurity incident against the business poses a significant risk, and ESOP security means safeguarding the entire company’s attack surface.

How to minimize ESOP security concerns

ESOP cybersecurity concerns are significant, but you can take several steps to address them. Here’s how you can mitigate these security risks.

Assess company-specific risks

The first step in ESOP cybersecurity is to assess your specific risk landscape. Every organization and plan within one has unique considerations determining the most effective mitigation measures, so these assessments are a crucial starting point.

Every risk contains two key components: an event that could happen and the consequences if it does. Teams must compile a formal list of threats facing their ESOP plans, ensuring to cover both these categories. This will reveal the most important vulnerabilities to address, helping guide further security steps.

Verify vendors

Like many retirement plans, ESOPs typically rely on third-party vendors to manage funds. Consequently, breaches in these partners could impact the business itself. About 51% of all organizations have experienced a data breach from a third party, so verifying their security before going into business with them is crucial.

Ask for third-party audits and similar proofs of security to ensure any vendors meet strict cybersecurity standards. Contracts should include detailed pictures of their security responsibilities and consequences for noncompliance. Ensuring all vendors have sufficient cybersecurity insurance is also a good idea.

Minimize access

You should minimize access privileges across the organization and its partners even after verification. Well-meaning employees can still make critical errors, but if each account can only use a few resources, a breach in one won’t jeopardize the entire system.

Operate by the principle of least privilege: Every user, program and endpoint should only be able to access what it needs to work correctly. That applies to third parties as well as company insiders. This will minimize lateral movement risks, helping keep ESOPs safe from attacks elsewhere in the organization.

Create a culture of Cybersecurity

ESOP participants slowly gain increasing ownership stakes in the company, so their cybersecurity responsibilities should follow. Employees should understand how their actions impact the wider organization’s security and use best practices out of habit.

You can foster a cybersecurity culture by offering regular training, tying security goals to their impact on employees’ personal lives, and encouraging feedback and questions. When cybersecurity comes as second nature, the company will become inherently more secure, protecting ESOPs.

Develop a business continuity plan

It’s important to realize that no defenses are 100% effective. There were at least 1,862 data breaches in 2021 alone, and that figure has consistently risen over the years. Given this trend, it’s too risky to assume you’ll never suffer a successful attack, so business continuity plans are critical.

These plans should cover encrypted backups of all sensitive data, emergency communications protocols and steps to contain a breach. Ideally, they should also include cybersecurity insurance to cover any losses. These backup plans and resources will ensure ESOP participants can still protect their resources when a breach occurs.

ESOPs need strong Cybersecurity

Attacks on ESOPs and the organizations sponsoring them can cause substantial damage. In light of that risk, any company offering such a plan should also implement strong cybersecurity measures.

These steps will help any ESOP organization minimize its risk landscape. They can then ensure that cybersecurity incidents won’t jeopardize plan participants’ hard-earned retirement income.

Read More

What you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, estimated income, purchasing habits, and any political affiliations you may have—all pretty personal information, right? Well, there’s a good chance that anyone can find it online. All it takes is your name and address.  

Thankfully, there’s something you can do about it. 

But first, go ahead and give it a try. Type your name and address in a search bar and see what comes up. If you’re like most people, your search results turned up dozens of sites with your information on them. Some sites offer bits of it for free. Other sites offer far more detailed information, for a price.  

Who’s behind all this? Data brokers. All part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well.  

The result? A chillingly accurate picture of you.  

So accurate, that reporters and law enforcement will often use profiles from data broker sites to dig up a person’s background. And so could scammers and thieves.  

Data brokers—a primary resource for spammers, scammers, and thieves 

Ever wonder how you end up with all those spam calls and texts? Look no further than the data brokers. They help scammers compile the calling and texting lists they use. Yet spammy calls and texts are just part of the problem with these sites. They can give thieves the tools they need to steal your identity.  

How? Visualize your identity as a jigsaw puzzle. Every bit of personal information makes up a piece, and if you cobble enough pieces together, a scammer or thief could have enough information to steal your identity. And data brokers compile all those pieces in one place and offer up them up in droves. 

If you’re wondering if this activity is legal or at least regulated in some way, it largely isn’t. For example, the U.S. has no federal laws that require data brokers to remove personal information from their sites if requested to do so. On the state level, Nevada, Vermont, and California have legislation in place aimed at protecting consumers from having their data disclosed on these sites. Other legislation is being considered, yet as of this writing there’s very little on the books right now. 

With next to no oversight, data brokers continue to collect personal information, which may or may not be accurate. It may be out of date or flat out wrong. Likewise, as it is with any large data store, data brokers are subject to hacks and attacks, which may lead to breaches that release detailed personal information onto the dark web and into the hands of bad actors. 

Put plainly, data brokers collect, buy, and sell high volumes of personal information, often in ways that leave no trace that it’s happening to you—or that the information is correct in any way. 

Removing your name and information from data broker sites 

All this can feel like it’s out of your control. And maybe the search you did on yourself made you a little uneasy. (Understandable!) Yet you have plenty of ways you can curb this activity and even remove your information from some of the riskiest data broker sites as well.  

It starts by finding out which sites have information on you, followed by filing requests to have it removed. Yet with dozens and dozens of these sites proliferating online, this can be a time-consuming process. Not to mention a frustrating one. We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy.  McAfee+ contains a comprehensive set of tools, such as Personal Data Cleanup which are designed to help protect your online privacy. 

Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. ​ 

And because getting your info removed once isn’t a guarantee that a data broker won’t collect and post it again, Personal Data Cleanup can continually monitor those sites. So should your info get posted again, you can request its removal again as well. 

Seven ways you can keep your personal information from data brokers 

The other way you can thwart data brokers involves cleaning up your tracks when you go online, essentially leaving a smaller amount of data in your wake that they can collect and resell. 

Use a VPN: A VPN is a Virtual Private Network, which protects your data and privacy online by creating an encrypted tunnel that makes your activity far more anonymous than without one. Classically, it’s a great way to shield your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online. However, it has some terrific privacy benefits as well because it makes your time online more private by reducing the personal information that others can collect and track—including data brokers.
Make your social media profile private: Public social media profiles provide data brokers with an absolute goldmine of personal information. If you’ve filled out things like your employer, school, spouse, and so on, data brokers will grab it. They may also cull your interests, likes, and groups for even more profiling information. While we’ve always recommended setting your profile private for friends and family only, data brokers and all their snooping make setting it to private all that more important. 
Think twice about using loyalty cards: Whether it’s at your drug store, supermarket, or any number of other retailers, the “discount” you get with a loyalty card may come with a price—your personal information. Data brokers buy and sell purchasing histories to round out the personal profiles they create. If you’d rather keep data brokers from knowing what things you buy, make your purchases without your loyalty card. In all, it’s a tradeoff. Is the discount worth the potential hit to your privacy?
Refuse those cookies: Thanks in large part to the General Data Protection Regulation (GDPR) in the European Union, many websites now prompt their visitors with options for tracking cookies. If you’ve come across these prompts already you know that they’re hard to miss. Once you click on them, you have the option to select only the most necessary, functional cookies—and if you’d like to enable other cookies for convenience and perhaps marketing purposes. Here, the most private bet is to enable the absolute minimum, which can prevent further information from ending up in the hands of data brokers.
Turn off location services for your smartphone apps: Just like real estate brokers, data brokers are all about “location, location, location.” By not only knowing what you’re doing but where you’re doing it too gives them that much more insight into your travels and behaviors. Advertisers particularly love location data and will create highly targeted ad campaigns based on where you’re going and where you are. One source for this location data are your apps. Depending on the app and the user agreement in place, various apps may collect and share location information. Head to your phone’s settings and disable your location services app-by-app, keeping it enabled for only the most necessary of apps and for only while using the app.
Turn off your phone’s Wi-Fi and Bluetooth when you’re not using them: Some retailers use “passive tracking” technologies while you’re in or nearby their stores. It works by tapping into your Wi-Fi or Bluetooth connections as they search for networks and devices they can pair with. Retailers have sensors that they can connect to, which then collect data. With that data they can determine several things, like when their stores see the most traffic, what the most popular items and displays are, or if you simply walk by the storefront and don’t enter. And because each smartphone has its own unique identifier, a MAC number (Media Access Control), there’s the possibility they can associate you with your phone. This one has a simple fix. Turn off your Wi-Fi and Bluetooth when you’re not using them so you can’t be tracked.
Install and use online protection software: By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like create and manage the strong, unique passwords and provide further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) 

Get your personal info back in your hands where it belongs 

Searching for your name and address can turn up some surprises and introduce you to the world of data brokers, the dozens and dozens of companies that collect, buy, and sell your personal information. While data brokers sell this information to companies for advertising and marketing purposes, they will also sell that information to hackers, scammers, and thieves. Simply put, they don’t discriminate when selling your personal info. That puts more than just your privacy at risk, it can put your identity at risk as well. By selling your personal information, it can give bad actors the info they need to commit identity fraud and theft.  

While cleaning up personal information from these sites is often a difficult and time-consuming task, tools like our Personal Data Cleanup can now dig out the sites where your personal info is posted and can help you remove it. Moreover, you now have several tricks and tactics you can use to reduce the amount of personal data these sites can collect. In all, you now have far more control over what data brokers can collect, buy, and sell than you had before. And now is most certainly a time to take that control given all the time we spend online and the many ways we rely on it to help us work, play, and simply get things done. 

The post How much of your personal info is available online? A simple search could show you plenty. appeared first on McAfee Blog.

Read More

More than 30 organizations compromised by off-the-shelf tools

Read More

According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage, CISOs need alternatives to hiring their way out of this quagmire.

To read this article in full, please click here

Read More

The post Test Post 2 03-11 appeared first on McAfee Blog.

Read More