The Top 5 Scariest Data Breaches in 2021

1. Twitch

 Number of records leaked: 5 Billion

 Amazon-owned streaming service Twitch confirmed it suffered a huge data breach this week. A “human error” committed when configuring a server created an exploitable vulnerability that led to reams of confidential information being leaked online.

The breach makes Twitch – which employs over 5,000 people – the latest large business to fall victim to cybercrime this year; approximately 5 billion private business records were leaked from businesses between January and June of 2021 alone.

 2. Pandora Papers

 Number of documents leaked: 11.9 million

In 2019, an unknown source began submitting massive amounts of documents to the Washington-based International Consortium of Investigative Journalists.

The files showed a global cast of fugitives, criminals, celebrities, football players, and others, as well as secret assets, clandestine agreements, and hidden riches of the super-rich, including judges, tax authorities, intelligence chiefs, and mayors. It had the offshore banking dealings of several current and past leaders of state, as well as more than 130 billionaires.

3. Astoria Company

Number Of Individuals Impacted: 30 Million

Night Lion Security’s threat intelligence team became aware in January of several new breached databases being sold on the dark web. 10 million Astoria customers had their Social Security numbers, bank accounts, and driver’s license numbers exposed. In addition, more than 10 million Astoria customers had information from other fields exposed in the breach such as credit history, medical data, home, and vehicle information.

The leaked Astoria data also contained email transaction logs showing sensitive user information being transferred, unencrypted, via email.

4. ParkMobile

Number Of Individuals Impacted: 21 Million

ParkMobile became aware of a cybersecurity incident in March linked to a vulnerability in a third-party software that the company uses. The company immediately launched an investigation, and found that basic user information – license plate numbers, email addresses, phone numbers, and vehicle nicknames – was accessed. In a small percentage of cases, mailing addresses were also accessed.

The company additionally found that encrypted passwords were accessed, but not the encryption keys required to read them. ParkMobile said it protects user passwords by encrypting them with advanced hashing and salting technologies.

5. ClearVoiceResearch.com

 Number Of Individuals Impacted: 15.7 Million

ClearVoice learned in April that an unauthorized user had posted a database online containing profile information of survey participants from August and September 2015 and was offering information to the public for purchase. The accessible data included contact information, passwords, and responses to questions users answered about health condition, political affiliation, and ethnicity.

The data sets could be misused by bad actors, resulting in survey participants getting contacted for purposes such as advertising. In addition, the accessible information might be used to prepare personal profiles, which could be used in a commercial or political context, according to ClearVoice.

Sources:
https://tech.co/news/twitch-confirms-data-breach-sensitive-data-online
https://www.crn.com/slide-shows/security/the-10-biggest-data-breaches-of-2021-so-far-/11
https://www.wionews.com/world/pandora-papers-largest-leak-of-offshore-data-in-history-explained-417996

Enhance your security with Advanced MFA

At DropSecure, we have made MFA as our top most priority and we provide MFA even for unregistered users. All links are by default protected by MFA so only the intended recipient can access the link and no one else. It is also important to know that not all MFA are same. MFA has to be a second factor, which means if you are getting a link by email, it’s best for MFA to be sent to a device other than email and the preferred choice has become SMS to mobile.

With recent events though, it turns out that SMS can be easily hacked. The next best secure option without needing any additional hardware is TOTP (Time-based OTP) authenticator. At DropSecure the authenticator is our preferred option for MFA and we will keep working on educating our clients about the safest way to set up a second factor. Do remember that, given some of the vulnerabilities of a second factor, it is still far more secure to have a second factor vs none.

Expert Speak: Our Founder Amish Gandhi’s blog on Ransomware

What is a Ransomware attack ?

Ransomware is a type of malicious software (malware) that encrypts your files and drives with a key that you can only obtain by paying whatever ransom your attackers want. Attackers often demand payment in crypto currency that complicates law enforcement efforts to track them down. Even worse, payment does not guarantee that you’ll get the key needed to decrypt your data.

Can Ransomware attacks be avoided ?

Recent well-publicized ransomware attacks have exploited vulnerabilities in products used by IT services and Managed Service Providers (MSPs), such as SolarWinds and Kaseya. The size and sophistication of these attacks means that no one person or organization can stop ransomware attacks.

Ransomware organizations have even begun offering Ransomware-as-a-Service (RaaS) to anyone wanting to make money and/or disrupt businesses. The word “ransomware” sounds scary and those who wield it seem like criminal masterminds who can take over our digital lives any time they want. The situation is dire, but there is reason for hope… and there are some things you can do to greatly reduce the impact of ransomware attacks.

Can you isolate yourself from ransomware attacks ?

The first thing to remember is that ransomware attackers need access to your data… so maintain tight controls over your data. This is as simple as migrating your data from local storage to a Cloud Service Provider (CSP). Removing your data from your device leaves nothing for ransomware to access. Infected computer? Simply disconnect it and reinstall your operating system and applications, or switch to a different computer. Simply migrating to a CSP is not enough. You need to select a CSP who will keep your data safe. It’s tempting to think that popular file storage services are secure and that you need only choose the lowest-cost provider.

What kind of technology protects you from ransomware attacks ?

The real question you need to be asking is whether the provider offers true end-to-end encryption that locks your data before it leaves your premises and keeps it locked at all times thereafter until you access it using your unique key. Think of end-to-end encryption as placing your data inside a safe and then placing that safe in storage while you keep the key. This ensures that only persons with a valid copy of that key can unlock the safe and access your data. Giving your key to someone lets them access some or all your data, depending on how you use your keys… but it does not give anyone any kind of access to the CSP itself.

DropSecure offers true end-to-end encryption. We protect your data using military-grade AES-256 end-to-end encryption. Migrating your data to DropSecure you remove all of your sensitive data from your own hard drives while keeping it safely tucked away on our servers. Ransomware attack? Disconnect the affected computer and either refresh it or keep right on working from a different computer.

DropSecure always keeps your data safe and gives you access from any location at any time. All the cybersecurity experts in the world can’t always stop ransomware attacks, but everyone who uses data can outsmart would-be attackers by thinking ahead.

Selecting a truly secure CSP such as DropSecure helps make sure that you–and not the criminals–have the true power.

The Importance of Data Security in Educational Institutions

Digital information exchange has seen a meteoric rise over the past decade. No matter how ‘traditional’ an individual, business or institution might like to call themselves, a digital integration is unavoidable and in fact, quite necessary to embrace.

Educational institutions have particularly benefited from this transformation due to the sheer volume of data that they generate, save and exchange. Be it sensitive personal information like special needs, disability, sexual orientation or confidential information like address, contact details and exam results, educational institutions have been leading this transformation from the front.

The variety and sensitivity of data that is normally exchanged in educational institutions, makes digital exchange platforms that much more alluring. The speed and ease that these platforms offer, bring efficiency and agility.

“Data is only a tool, and so can improve things, or (if) used incorrectly, make things worse…”.Says Terry Heick, the founder and director of TeachThought in his article on ‘What Is The Future Of Data In Education?’1

Cloud based information exchange and data storage have always been insecure. The Covid 19 pandemic further complicated matters when suddenly ‘teaching from home’ – an erstwhile preposterous concept for teaching and learning – became the new norm. The sudden and unexpected pandemic resulted in institutions being forced to take a ‘reactive approach’ to data management rather than forge a ‘proactive process’. This has resulted in extremely sensitive data being exchanged over questionable platforms including highly insecure modes such as text messages, personal phones and emails, WhatsApp etc.

A recent study by Capita2 revealed that between 2019 and 2020, 23% of data breaches were caused by human error, 25% due to system glitches (including compromised cloud storage) and 52% by malicious attack. Between 2019-20 the cost of data breach in the education industry alone was \$3.90 million.

So how can institutions be sure that the platforms they use for data sharing are secure? Are institutions aware of the unknown risks of data breach and data loss? Is their data safe?

These are essential questions that need addressing. Furthermore, the statutory requirement set by the Elementary and Secondary Education Act (ESEA), also needs to be fulfilled. This act stipulates all educational institutes to put … “a procedure in place to facilitate the transfer of … records, …by local educational agencies to … school for any student who is enrolled … in the school”.3

Technology in the next decade is set to accelerate at a dizzying pace and educational institutions are already getting ready, once again, to lead this from the front. Now is therefore the best time for them to proactively plan for and implement secure data management systems.

DropSecure provides a one stop shop for effectively reducing these risks while ensuring legal compliance. With no logins to create, no software to install and no passwords to memorise, DropSecure provides military grade encryption to its users. Managers can set expiration dates, control and revoke access on files and folders so that no data is ever found in the wrong hands; and certainly never lost.

DropSecure’s mission is to simplify your communication and sharing needs without knowing the contents of your data. To that extent, you can rest assured that your data is in your control.

Get secure with DropSecure cyber security’s 7-day free trial today.

The Rising Need for Cyber Security During COVID-19

According to cyber security firm Kaspersky, DDoS attacks have tripled during the second quarter of 2020. In fact, they jumped 217% year on year (YoY), 20% up from the first quarter. The FBI reported in August that their Cyber Division received up to 4,000 complaints a day. Finally, a report by Interpol showed that a huge rise in the number of cyber-attacks has been observed and recorded in 2020. In a single 4-month period, 907,000 spam messages, 737 malware-related incidents, and 48,000 malicious URLs were detected by a private-sector partner.

This is an alarming rise in cyber-attacks and related activity. What’s clear is that during COVID-19 cyber security has become an essential service.

The chief problem seems to be the work from home protocols established by various companies and organizations. As a result, employees are accessing company servers through their own computers and devices. These aren’t as secure as the ones at their workplaces, of course. Neither are their devices protected by the same rules and regulations that govern workplace behavior. This hasn’t just left multiple access points for hackers and cyber terrorists to exploit, but also created much easier targets.

Phishing Scams Galore

According to the World Health Organization, cyber scammers and hackers have taken advantage of the coronavirus pandemic. They are sending fraudulent emails and WhatsApp messages to spread misinformation. However, this also pertains to URLs that can lead to miracle cures or very cheap DIY tests.

These types of links are often phishing scams which can lead to the compromise of a device. The link allows for a malicious program to be downloaded on to your device which can then grant access to your work server.

According to software company OpenText, 1 in 4 Americans have gotten phishing related emails in their inbox. What’s more the report highlights that most companies and consumers are also falsely confident about their cybersecurity. 95% did recognize phishing as a persistent problem. However, 76% also admitted to opening emails from unknown contacts. 59% blamed it on phishing emails looking more “realistic” than before.

However, 59% believed they knew what to do to keep their data safe. 29% admitted they’ve clicked on a phishing scam this year. 19% also confirmed the receipt of a COVID-19 related phishing scam.

Effects on Small Businesses

It’s clear that more robust work from home protocols/systems are needed to work through the pandemic. Organizations can’t keep dealing with individual instances of fraud or cybercrimes. Small businesses specifically need a secure platform on which to operate.

The normal cloud providers like Amazon and Google or Microsoft don’t provide high level security protocols. For example, none of them provide end to end encryption for your files or mandatory 2-factor authentication. These are essential security features that all cloud platforms should have to keep out intruders.

Luckily, there is a cloud provider out there that offers all this and more. DropSecure’s standard, free plan, offers encryption, protected links, and 2-factor authentication. What’s more, it provides automatic file purging every 7 days.

Get secure with DropSecure cyber security’s 7-day free trial today.

Decrypting End-to-end Encryption

“In November 2018, Marriott International announced a data breach involving about approximately 500 million Starwood hotel customers. The exposed information included names, contact information, passport number, Starwood Preferred Guest numbers, travel information, and other personal information.”

The threat to personal data as it moves or rests within the digital universe has never been more real as now; the need to protect it never more critical for individuals and organizations as now. The paradigm shift in the way we transact at work and out of it has increased the volume of data being transferred on digital platforms. With it there has also been a surge in data breaches, undermining the security of sensitive data, including personal details and financial figures.

So, why isn’t encryption enough?

Encryption uses an encryption algorithm to encode readable data into unreadable data while in transit or storage and only the recipient of the encrypted file transfer can decode it using the corresponding decryption key. This prevents any unauthorized access to data but does not guarantee that your file is protected from the service provider. The reason being, when data is encrypted at rest just on the server, the service provider has full access to your data. Not just that, in order to stream the data, it has to be decrypted on the server itself. So encryption at rest is like encrypting the data with a key that is placed right next to it and, the data still needs to streamed in clear text from server to the client. In order words, your data is accessible to a third person without you really agreeing to it.

End-to-end encryption is the key to secure file transfer and delivery.

End-to-end encryption implies that the only two endpoints – the sender and the receiver – will have the keys to decode data. In other words, when you send end-to-end encrypted files, not even the service provider can decrypt the contents of the encrypted file transfers. In the public domain of the internet where certain data transfer systems facilitate data transfer for free or as part of their larger service ecosystem, end-to-end encryption ensures your right to privacy is upheld at all times.

Unlock cutting-edge end-to-end encryption with DropSecure.

This technology driven platform enables fully compliant, end-to-end encrypted and easy-to-access file transfers with and even without an account. It encrypts all files using z security grade algorithms before they leave your device. The files are decrypted only after your recipient has downloaded them.

Which means when your data arrives on the DropSecure server, it is already encrypted with your keys and those are never sent to our servers. So, unlike encryption at rest, we ensure even we do not have access to your data. No one can access your data without your permission.

DropSecure helps to overcome a certain challenge that the IT departments world-over are up against; developing and installing increasingly sophisticated firewalls around the edges of their networks are a response to cyber threats.

But what of the leaks and breaches that originate from within the networks, rendering the peripheral defenses ineffective?

DropSecure’s end-to-end encryption ensures no one can read your files. Not even us, even while they are residing on our servers.

  • We never store the keys required to decrypt your data.
  • For even greater security, we offer a “zero-knowledge” file transfer option where your encryption keys never pass through our systems!
  • For all download links (for our registered and unregistered users) our real-time encryption shares a private link and a one-time code with you and your recipient(s) using our patent-pending technology.

Going further, when your data is in transit, it resides in our highly secured datacenters that have cleared a wide range of compliance requirements, including SOC1, HIPAA, and FIPS. Depending on whether you are a guest-user or a premium registered user, the data will stay there for an interval or till such time you choose to delete it.

  • The global average cost of a data breach is $3.9 million across SMBs*
  • Since COVID-19, the US FBI reported a 300% increase in reported cybercrimes**
  • 9.7 Million Records healthcare records were compromised in September 2020 alone***

The threat to data security will always be there. With DropSecure’s end-to-end encryption you can choose to be at the razor-edge of data security solutions, storing, sharing and managing files in the cloud with absolute ease.

Source: cybintsolutions.com
Article:15 Alarming Cyber Security Facts and Stats

6 Things to Consider Before Choosing Your File Transfer Solution

File storage and management are drastically changing. In a little over half a century, the world has gone from floppy disks that store less than one megabyte of data to cloud-based storage with up to one terabyte or more. Decisively, cloud-based file storage and transfer will be our primary way of sharing files with our peers.

Given that 48% percent of businesses are progressing into a cloud-first strategy, companies should start implementing file transfer tools and systems. But there are many options available today. So how do you choose the best file management solution?

What to Consider in Choosing a File Transfer Tool

Authentication Features

Authentication features are crucial in file-sharing tools to restrict access to a select recipient or group of recipients. It will help verify if someone is the intended recipient or not.

DropSecure, for example, asks users to enter a one-time passcode (OTP) to download files. These codes can be sent to phones via SMS or email, preventing any unauthorized access.

Another feature that some file-sharing tools can provide for authentication is a unique download link with a decryption key to download or open files. At the very least, your file-sharing tool should have one of these authentication features to ensure data privacy and security.

Data encryption

It’s also important to know what kind of encryption a managed file transfer system uses. File management services should always have end-to-end encryption. This means even the service provider should not be able access your data.

Some file transfer solutions provide military-grade algorithms that cannot be decrypted en route to a user until downloaded on the other end. Other tools also regenerate fresh encryption keys when users upload a new file version.

Pricing

Cloud storage and file transfer is often free nowadays, but with certain limits. An example of those limits might include how much storage you can send or how many times you can send in a given timeframe.

But even when a company has to pay for a managed file transfer tool, it would still cost them considerably less than storing hard copies of files. Businesses spend a significant amount printing, storing, and sending documents every year. So, paying for digital file storage and sharing will most likely cost less.

However, not all file transfer solutions are priced the same. Some cost more but provide more storage and features. In contrast, some might cost less and provide the bare minimum requirements and a lower file capacity. Understanding your processes and identifying what features you need to access before paying for a premium file transfer service is essential. Make use of the free trial of multiple alternatives before making a final decision.

File directory and search

Studies indicate that 77% of business owners want to access files remotely. So file transferring solutions often come with a storage and management feature, meaning the files land somewhere for future access. A secure file transfer software with a storage and management system should have an easy search feature that will make it easy to find files.

For example, professionals with careers in art or something similar need to collaborate with clients digitally. To make sure digital assets are protected, they should have a safe space to store and share files.

File access options

The next consideration is file accessing — how someone can access the data. Accessibility is a delicate balance. Files should be easy enough to share and access by authorized people no matter where they are. However, you also don’t want the files to be too accessible that anyone can simply download them. Data security has been a firm battle cry as many businesses experience data leaks and hacks every year.

Not having an effective and customizable file access policy in place will make it hard to protect your company’s data and interests. Instead, choose a file sharing and storing tool that allows one to restrict access or allow certain access levels like view only or comment only access. Good file storage and management tools will also provide limits to who can provide other users access. Usually, this permission is reserved for a select number of “super admins” who have all-around file and permission granting access.

User experience

Using managed file transfer tools shouldn’t feel complicated, especially if a business intends to roll the system out company-wide. With any new adoption, one hundred percent compliance should be the goal. When file transfer tools have complex user experiences, it can discourage usage and affect implementation plans. Like any software for corporate use, having a silo in the company that doesn’t adhere to programs used company-wide can cause issues in the workflow. So it’s crucial to use a service that is straightforward to use.

File Sharing and Cybersecurity

Amidst the COVID-19 pandemic, cases of cybercrimes rose to unprecedented levels, mainly because many companies shifted to virtual work setups. As the world returns to a new sense of normalcy, many businesses have decided to continue working remotely or adopting a hybrid setup. This means people will continue to share files with their peers and colleagues via cloud services.

So as companies look to remote file sharing practices as a norm for the days to come, cybersecurity should be a priority to keep files safe from hackers and malware. Using any cloud service for sensitive files and information won’t be enough. Instead, companies should use file transfer solutions that keep files encrypted and secure to avoid unnecessary security and privacy problems.

Awards and Achievements