12 Nov Security Breach – 12 Nov 2020
As we head into the last weeks of 2020 (finally!), businesses are starting to take stock of what they’ve accomplished this year and what they need to get done in Q1 2021.
When you’re making your review list, don’t forget to include “compliance”, because failing to maintain data and system security is a nasty misstep that no business can afford.
Take a moment to review how compliance requirements may have changed in your industry. Japan’s 2005 Protection of Personal Information law received a major update in 2020.
Plus, new GDPR updates and clarifications can add additional complications and additional penalties for failure. India and Hong Kong are also set to enact and enforce updated data privacy regulations.
One data security best practice that is required or encouraged in many industry compliance regulations is multifactor authentication (MFA), and DUO is an ideal choice.
Protect your data with more than one lock: a password and MFA. With DUO MFA feature, a separate code or token is also needed to gain access to your systems and data, guarding you from the impact of a compromised employee password.
Compliance is a tricky field, and it’s always best to consult with an expert to ensure that you’re safe.
As a managed services provider we help you find out exactly what you need to do to ensure that your company’s data handling and storage are on track with industry best practices and compliance requirements, giving you peace of mind as you head into the end of a challenging year.
United States – JM Bullion – Precious Metals Dealer
Exploit: Skimming (Magecart)
Risk to Small Business: Severe: This Texas precious metals trader discovered that someone was cashing in on their clients’ transactions and it wasn’t them. In a recent regulatory filing, the company disclosed that malicious payment skimming code was present and active on their website from February 18, 2020, to July 17, 2020.
Risk to Exploited Individuals: Severe: The information stolen in this attack includes customers’ names, addresses, and payment card information, including the account number, expiration date, and security codes. Customers should be alert to potential identity theft and spear phishing attempts.
Customers Impacted: Unknown
United States – Mattel – Toymaker
Risk to Small Business: Severe: In a recent regulatory filing, Mattel told regulators that it suffered a ransomware attack in July 2020 that shut down some systems but did not include a significant data loss. Only business systems were impacted, production and distribution were not affected. Experts believe that TrickBot ransomware was used in the incident.
Risk to Exploited Individuals: No individual information was reported as impacted in this incident.
Customers Impacted: Unknown
Protect your data and systems by implementing a solid cybersecurity plan. Talk to a TCT team member today and we can show you how.
Follow us on LinkedIn: