Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
This is it. No more patches. No more updates. No technical or legal protection. And you could be violating HIPAA, PCI-DSS, State & Federal Privacy Laws and New York State Ethics Rules 1.6 as it relates to client privacy. What does end of support mean to you? Running Windows XP SP3 and Office 2003 in your environment when support ends may expose your company to potential risks. Therefore, any computer or server with these software programs installed will be completely exposed to serious hacker attacks aimed at taking control of your network, stealing data, crashing your system, and inflicting a host of other business-crippling problems you do NOT want to have to deal with.
How do I begin my migration?
Call Raj at 917-685-7731 today to develop a migration plan for the hardware and software upgrades you need to avoid a serious security risk to your organization and stay competitive.
“As a business owner, you don’t have time to waste on technical and operational issues. That’s where we shine! Call us and put an end to your IT problems finally and forever!”
Raj Goel, CISSP Brainlink International, Inc.
[email protected] 917-685-7731
In This Issue…
Windows XP Retires April 8, 2014. Are you prepared?..…………...…P1
What can Construction, HVAC, Architecture, IT & Lawfirms learn from the Target Breach? ……...P2
The Lighter Side……....…………….P3
Raj’s WPIX-11 TV Interview.…..P4
March 2014, New York, NY
brainlink brainSTORM
FREE Business
Advisory Guide:
“We make all of your computer problems go away without the cost of a full-time IT staff!”
Ask about our fixed price service agreements. — Computer support at a flat monthly fee you can budget for, just like rent!
Brainlink International, Inc. | 917-685-7731 | www.Brainlink.com
What Construction Company CFOs and COOs MUST Know
About Protecting Data
www.brainlink.com/protecting-your-data-2014/
“The age of personal surveillance is here…”
NEW YORK (PIX11) -
JAY DOW INTERVIEWS RAJ GOEL
Once upon a time, when it came to hi-tech
phone surveillance, the NSA used to be the
only game in town.
And while some of the capabilities exposed by
former contractor Edward Snowden are indeed
mind-blowing, these days anyone – from your best friend, to your worst enemy —
now has the ability to listen into your most intimate conversations, and it’s only a few
smartphone clicks away.
One of the newest apps that puts that kind of once formidable processing power – in
the palm of your hands is called Crowd Pilot.
“It’s a loaded gun that there giving to people without a lot of controls on it,” says
tech expert Raj Goel. “Ultimately, the question of privacy in our daily lives will
need to be addressed by the user – not the technology.”
“The age of personal surveillance is here. What the Stasi and the CIA could only
dream of in the 50s and 60s now we can do with a two hundred dollar
smartphone. And the real challenge for us as parents and grown ups in society is
going to be, “are our laws up to date? Are we teaching our kids, and our business
partners, and our spouses, girlfriends, and boyfriends proper behavior?” said
Goel.
Watch the video clip at:
http://pix11.com/2014/02/21/why-the-nsa-isnt-the-only-threat-to-your-phones-
privacy/
Do you have a burning question for Raj? Would you like to pick the brain of a 25 year veteran of the IT industry who has advised Governments, appeared at conferences world-wide and testified at the Hague? Submit your question to [email protected] and your question could be featured on a future newsletter.
Brainlink International, Inc. | 917-685-7731 | www.Brainlink.com
Page 2 Page 3
Have You Heard This Before? “March comes in with an adder’s head, and
goes out with a peacock’s tail.” - Richard Lawson Gales
“Up from the sea, the wild north wind is
blowing under the sky’s gray arch; Smiling I watch the shaken elm boughs, knowing It is the wind of March.” - William Wordsworth
“Who in this world of ours their eyes In
March first open shall be wise; In days of peril firm and brave, And wear a Bloodstone to their grave.” - Unattributed Author
“Ah, March! We know thou art Kind-
hearted, spite of ugly looks and threats, And, out of sight, art nursing April’s violets!” - Helen Hunt Jackson
“Slayer of the winter, art thou here again?
O welcome, thou that bring’st the summer nigh! The bitter wind makes not the victory vain. Nor will we mock thee for thy faint blue sky.” - William Morris
“March: Its motto, ‘Courage and strength in
times of danger.’” William Morris
“Beware the ides of March.”
- William Shakespeare “In fierce March weather White waves
break tether, And whirled together At either hand, Like weeds uplifted, The tree-trunks rifted In spars are drifted, Like foam or sand.” - Algernon Charles Swinburne
“With rushing winds and gloomy skies The
dark and stubborn Winter dies: Far-off, unseen, Spring faintly cries, Bidding her earliest child arise; March!” - Bayard Taylor
“All in the wild March-morning I heard the
angels call; It was when the moon was setting, and the dark was over all; The trees began to whisper, and the wind began to roll, And in the wild March-morning I heard them call my soul.” - Lord Alfred Tennyson
The Lighter Side:
Brainlink International, Inc. | 917-685-7731 | www.Brainlink.com
On top of it all, both Fazio Mechanical and Target received visits from the FBI, Secret Service and DHS.
· Are you prepared to handle a visit from the FBI or Secret Service?
· How about a call from your largest client telling you that you were the
source of their break-in?
· Do you have proper E&O, P&C and Cyberliability insurance?
· Do you have active defenses to Detect, Defend and Protect your users from
criminals and themselves?
The $ 1,000 challenge If you think all your ducks are in a row, let me interview you. And at the end of the interview, I will donate $1,000 to your favorite charity. If you don’t think you have everything, and need help in building a proper security and disaster recovery plan, then let’s meet. When your firm becomes a client, I’ll still write a check for $1,000 to your favorite charity. What have you got to lose? (except an unexpected visit from the FBI)?
- Raj
References: http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-
target/ http://www.brainlink.com/2013/07/5-steps-to-protect-your-business-from-
cyber-crime/ http://www.brainlink.com/2013/04/security-alert-hackers-and-cyber-criminals-
are-concentrating-their-attacks-on-small-business-2/ http://www.brainlink.com/2012/08/the-fdic-misunderstanding-that-business-
owners-need-to-know-about/ http://www.brainlink.com/lawfirmseminar/ http://www.brainlink.com/constructionseminar/
The Target Corp credit card breach has been in the news for months, and it may end up reshaping how credit cards are issued and used in the US. While Target’s customers were the final victims, and ID theft is the largest white collar crime hitting Americans; Target itself was a victim.
Target’s systems were broken into via a weakness in one of their contractors – Fazio Mechanical.
From KrebsOnSecurity.com: The breach at Target Corp. that exposed credit card and personal data on more than 110 million consumers appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer, according to sources close to the investigation.
[why it took the Fazio so long to detect the email malware infection]: The company’s primary method of detecting malicious software on its internal systems was the free version of Malwarebytes Anti-Malware.
To be clear, Malwarebytes Anti-Malware (MBAM) free is quite good at what it’s designed to do – scan for and eliminate threats from host machines. However, there are two problems with an organization relying solely on the free version of MBAM for anti-malware protection: Firstly, the free version is an on-demand scanner that does not offer real-time protection against threats (the Pro version of MBAM does include a real-time protection component). Secondly, the free version is made explicitly for individual users and its license prohibits corporate use.
So, what lessons does the Target breach hold for contractors and consulting firms?
1) If you are relying on free, unmanaged tools to protect your company – STOP.
STOP RIGHT NOW.
2) If you are relying on free or expired anti-virus software to protect you, STOP.
3) And most importantly, no one is too small a target.
Some facts: · The long weekend bank hack has been the most lucrative attack against small
businesses for the last 7 years
· Patco construction company had $588,000 stolen from their accounts and had to sue their bank to get some of the
money back
· A medical billing firm declared bankruptcy after thieves broke in and stole files
· A $1.5 million cyber theft caused an Escrow firm to declare bankruptcy
I’ll bet that Fazio’s management never thought they would be an attractive target to cyber criminals.
The reality is that criminals are creatures of habit and seize opportunities, like any good business owner. The broke into Fazio using email phishing attacks, stole documents, credentials, etc. and accidentally discovered that Fazio had access to Target’s network. Or they did research on Target, identified their key suppliers, and kept attacking the suppliers until the weakest link broke.
It doesn’t matter how Fazio was selected as a target – what matters is what happened afterwards. Due to lack of proper security tools, a lack of security management and simple myopia, Fazio was broken into. Thru Fazio, Target was broken into.
And 110 million (that’s 110,000,000) credit cards were compromised.
What can Construction, HVAC, Architecture, IT and Law Firms learn from the Target Breach?
Brainlink International, Inc. | 917-685-7731 | www.Brainlink.com
Page 3
It doesn’t matter how Fazio was selected as a target – what matters
is what happened afterwards.
Due to lack of proper
security tools, a lack of security management
and simple myopia, Fazio was broken into. Thru Fazio, Target was
broken into.
What Construction Company CFO’s and
COO’s Must Know About Protecting And
Preserving Their Company’s Critical Data And Computer
Systems
www.brainlink.com/protecting-your-data-2014/