Top 5 tips to stay Cyber Secure for Government Agencies & Public Sector Enterprises

1. Always use a Zero-Knowledge Encrypted platform to share classified information

The overwhelming number of data breaches in the last couple of years, given the backdrop of the pandemic, has been due to the associated risk of not using end-to-end encryption when sharing and saving data. With Zero-Knowledge encryption, only you have access to your encryption keys, and most importantly the data is stored in its encrypted form from the client directly. This means that during the transfer, and then storage, the data is kept only in its encrypted form and cannot be decrypted even after the data is transferred and stored on the cloud.

2. Use 2-Step Verification when accessing contracts and sensitive data

2-Step Verification is a must have security feature and should be built into your data collaboration solution. This is an added layer of security which enables safe access to sensitive data from any device or location. The authentication process can be set up via email, phone or an authenticator app. It works on the principle of entering something you know (your password) and something you have (like your pin or code from the authenticator app).

3. Choose a provider that meets all Regulatory compliances

In today’s world, there are a number of rules and regulatory compliances that have been put in place to safeguard processes and strategies in organizations, as they endeavour to achieve their business goals. These regulatory compliance requirements are becoming more and more stringent as they are specifically designed towards ensuring data protection. They are finely nuanced and audit reports showing compliance to them builds client trust, credibility, as well as, improve profitability of the organizations.

4. Frequent and mandatory training programs for all employees as well as contractors

Cyber security awareness for every employee through training is absolutely essential to prevent and mitigate data security risks for the entire organization. The key to these programs is to keep them frequent so that users, employees and contractors are not overwhelmed with the information on cyber security hygiene practices, ability to identify and report phishing scams, as well as, awareness on the construct of social engineering attacks to be better prepared to fend them off.

5. Retire Vulnerable Legacy Technology

Legacy technology is more expensive to maintain and more exposed to cybersecurity risks as they age, especially when vendors stop issuing patches to fix vulnerabilities. To avoid exposure, government agencies should upgrade their technology, transition to secure cloud solution, and in general expedite the implementation of modern IT software.

2022’s Top 5 Scariest Data Breaches

The pressure of the pandemic has intensified the rise of cyber-attacks as organizations grapple with the issue of securing remote workplaces while conducting their businesses with efficiency. Which means remote workers are harder to secure while they share sensitive and crucial data on a regular basis exposing them to significant security risks. There is a rise in security breaches as cyber criminals grow more sophisticated and use social engineering, ransomware, malware and phishing to conduct these attacks. Here is a quick look at some of the scariest data breaches of 2022, so far.

1. Cash App Investing LLC

Number of individuals impacted: 8.2 million

A former employee of Cash App Investing launched the hack earlier this year – and it has turned out to be the largest data breach and cyber-debacle in 2022 so far.

As CNN reported in April: “More than 8 million Cash App Investing customers may have had personal data compromised after a former employee downloaded internal reports without permission, parent company Block Inc revealed. … Information in the reports accessed by the former employee included customers’ full names and brokerage account number, which is the personal identification number associated with a customers’ stock activity on the platform.”

2. Beetle Eye

Number of individuals impacted: 7 million

Beetle Eye, an online tool that helps marketers with their email marketing campaigns, experienced a major breach apparently caused by a misconfigured AWS S3 Bucket that was left without any encryption, according to a report at Data Breach Today.

Researchers at Website Planet first discovered the breach at the Sarasota, Fl.-based Beetle Eye, exposing sensitive data belonging to an estimated 7 million people.

3. FlexBooker

Number of individuals impacted: 3.75 million

In January 2022, FlexBooker, a cloud-based appointment management solution, revealed it had discovered a data breach that ultimately impacted more than three million people.

According to ZDNet, the Columbus, Ohio-based company said that some of its customer database had been breached after its AWS servers were compromised in late 2021 and that FlexBooker said its “system data storage was also accessed and downloaded” as part of the attack. The information obtained included partial credit card data, ZDNet reports.

4. Elephant Insurance Services LLC

Number of individuals impacted: 2.76 million

In May 22, Henrico, Va.-based Elephant Insurance Services reported that it had experienced a data breach and that it may have compromised the Personal Identifiable Information (PII) of customers seeking insurance policies.

After detecting “unusual activity on its network,” Elephant Insurance said it launched an immediate probe and determined that an intruder may have had access to information that included names, driver’s license numbers and dates of birth of people.

5. Lakeview Loan Servicing

Number of individuals impacted: 2.57 million

Florida-based Lakeview Loan Servicing LLC, the fourth largest loan-servicing company in the US had a data breach that reportedly affected more than 2.5 million consumers.

The breach, which led to the theft of highly sensitive customer information, occurred from October 27 through Dec. 7, 2021. The breach was discovered in January and publicly announced in March 2022. According to one lawsuit, some of the stolen data has been listed for sale on the “dark web,” according to a report at National Mortgage Professional.

Sources:
https://www.crn.com/news/security/the-10-biggest-data-breaches-of-2022-so-far-
https://nationalmortgageprofessional.com/news/lakeview-loan-servicing-faces-multiple-lawsuits-over-data-breach
https://www.classaction.org/news/class-action-elephant-apparent-insurance-company-data-breach-exposed-info-of-more-than-2.7-million-consumers#:~:text=Elephant%20Insurance%20Company%20and%20subsidiary,reportedly%20exposed%20to%20unauthorized%20access.

Awards and Achievements