Wi-Fi Routers: A New Avenue for Hackers To Attack

| September 3, 2015

Wi-Fi routers appear to be another avenue for hackers to strike. As Sequel has said before, often times it is the office hardware people overlook that can pose real danger to a company. Computerworld has reported the popular Belkin N600 DB router has several vulnerabilities unauthenticated hackers could exploit. The CERT Coordination Center at Carnegie Mellon University (CERT/CC) says remote hackers can use router susceptibility to trick users on a local network into visiting specially-designed websites that automatically download malware, and they can alter device configuration by spoofing Domain Name System (DNS) responses. And what is most terrifying, “attackers with access to the local area network could bypass an affected router’s authentication and take complete control over it.”

The CERT/CC says “there are no practical workarounds for the DNS spoofing or firmware over HTTP issues and no way to prevent attackers from exploiting the authentication bypass vulnerability once they have access to the local network.” Therefore, it is critically important for small and medium-sized businesses to take steps to protect their Wi-Fi networks from future attacks. In order to prevent a hacker from infiltrating your company or home Wi-Fi, we recommend setting strong passwords for both your Wi-Fi network and your router, changing out these passwords regularly, and only allowing trusted computers on your LAN network. As hackers and their attacks become more and more sophisticated, this headline should act as an alert for businesses to leave no stone unturned when it comes to protecting their data.

What Are the Federal Government’s Standards for Cyber Security?

| August 26, 2015

The U.S. Federal Trade Commission (FTC) can now take action against companies failing to protect customer data, according to a recent decision by the U.S. Court of Appeals for the Third Circuit. The important point to note about this headline is that the federal government has not set actual standards for cyber security. Therefore, it is almost impossible to tell how companies will be evaluated.

In three separate data breaches between 2008 and 2010, hackers allegedly stole more than 619,000 credit and debit card numbers from Wyndham Worldwide Corp. This recent court decision claims Wyndham should have had a thorough understanding of the FTC’s cyber security standards at the time of the breaches. FTC Chairwoman Edith Ramirez said, “It is not only appropriate, but critical, that the FTC has the ability to take action on behalf of consumers when companies fail to take reasonable steps to secure sensitive consumer information.” With little information to determine what the FTC determines to be “unreasonable cyber security practices,” the commission’s future cyber security policing could raise a number of questions. Sequel will continue to follow these developments, but in the meantime, Computerworld, Bloomberg BNA and the Wall Street Journal have all covered the Third Circuit’s decision.

What Small and Medium-Size Businesses Can Do To Recover from Cybercrime

| August 21, 2015

We found Bloomberg BNA’s recent interview with Patrick Fraioli, partner and chairman of the Data Privacy & Security Workgroup at Ervin, Cohen & Jessup LLP, quite insightful. The overarching theme of Mr. Fraioli’s interview is that small and medium-size businesses (SMBs) are feeling the greatest impact from cybercrime. As Sequel has said before, and as Mr. Fraioli discussed, failure to educate and train employees on the best privacy and security practices, lack of a swift response plan, and a lack of comprehensive written policies mark the most common and most significant cybersecurity vulnerabilities for SMBs. With this in mind, the best thing an SMB can do is institute a customized information governance program, one that follows cost-effective practices, to help prevent data loss incidents and to recover quickly if one occurs. By taking the time to make sure your office has incorporated these rules, the vast majority of data breaches can be prevented, along with the costly damage they bring. Read Mr. Fraioli’s interview with BNA in full here.

U.S. Businesses Need To Get Serious About Europe’s Data Protection

| August 21, 2015

Guidelines for U.S. firms operating in Europe could become much tighter as Europe’s data protection watchdog is calling to enforce costly fines on businesses violating new data-privacy rules. This should act as a wakeup call for U.S. businesses to get serious about this issue. The European Commission and many national governments are pushing for a maximum fine of as much as 2% of global revenue or $1.1 million for violations, but the European Parliament is urging for the adoption of a stricter 5% fine. The main criticism of the proposed fines comes from firms expressing concern over heightened risk for companies operating in Europe. Liam Benham, International Business Machine’s Vice President for Government Affairs in Europe, says, “Increasing risk related to processing data may negatively impact the growing data economy and will likely impede start-ups and new market entrants. Regulation should…focus on encouraging rather than discouraging data-driven innovation in Europe.” Sequel will be monitoring the third round of negotiations on this issue, which will occur in mid-September. To read more, the Wall Street Journal has the full story.

Verbal Confirmation: Protecting Yourself Against Sophisticated Cyberattacks

| June 17, 2015

Small businesses and law firms are not immune to cyberattacks, which is why regularly evaluating network security and internal processes is critically important. Hackers now have the ability to pull together disparate pieces of information about you using computerized brute force attacks, which are essentially massive computers with pre-programmed algorithms trying every possible logical password. For example, if a hacker gets a hold of a username and/or password to a simple account such as the one for your grocery store, using username/password continuity, he or she can utilize this information to get answers to security questions and personal information used for accessing more important accounts.

Here is the internal message for small law firms and businesses looking to combat these hackers:

1) Before moving important internal or personal data, even if you are transmitting paper documents, verbally confirm with a supervisor or the person requesting data that it is okay to transmit such data. Do not respond automatically to email requests for data without checking the requestor’s authority.

2) Change your passwords regularly, even for small accounts.

3) Do not ever click on any solicitation such as links and surveys. With just a click, malicious code can be downloaded onto your computer that follows your keystrokes to obtain personal information.

This is not your average breach problem. The level of sophistication behind these attacks is frightening, so please take simple steps to protect you and your business from cyberattacks.