Why is this a thing

If criminals break into a company’s systems and steal their data, its called a data breach, taking lots and lots of data belonging to a company. They may then try to sell this data on some underground forums, where they might try and sell it to other criminal gangs, for their use.

But there are also, usually, good guy security researchers in those forums too, keeping an eye on things. If they come across some company’s data being trying to be sold, they may try to notify the company that there has been a breach as they may not be aware of it. Sometimes the security researchers find it difficult to get through to these companies to make contact with somebody that they can discuss this data breach.

How can using the security.txt file help

That’s where the security.txt file comes in. This is just a simple text file that contains some contact information for somebody in the security area or in IT. Somebody that would be reachable by email and maybe if you want to do it securely they may also include the public encryption key for the email to make sure that all communications are kept secured so that the security researchers can reach out and contact the company. They can use the contact address and get in touch there to report the data breach and maybe other vulnerabilities that they may have discovered.

Where can I find out more

So it’s always good to have this and it’s usually placed on your website in a well-known location. Here is the security.txt proposed standard.

So if you have a website, set-up this security.txt file for it.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

The post #WeekendWisdom 099 Using the security.txt file appeared first on L2 Cyber Security Solutions Ltd..

Where is this coming from?

As I said last week, the Data Protection Commission had issued a report for 2020. I’ve had a chance to read through it now in a bit more detail. I really love looking at the case studies that they include there because these are real life events that have occurred.

One of them struck me as something that could occur anywhere.

What? A data breach of bank details??? That’s serious!

It was Case Study 15: Bank details sent by WhatsApp. What had occurred was that a customer of a financial institution had gotten in contact with them wanting to get a copy of their BIC and IBAN details. The member of staff that was dealing with the enquiry knew this person. So, because of that, they took a picture of the details on their personal phone and sent them by WhatsApp to the customer.

WhatsApp is encrypted, so it must be safe. Right?

But it turns out the details that they took the photo of were for somebody else. So, when the customer reported this incident to the bank, they realised this was a data breach. That customer had seen somebody else’s personal details.

How does a business prevent this type of issue?

This is simply a staff training issue. Staff need to be aware that they should always follow proper protocols when dealing with people’s personal details. To make sure that they provide the correct details to the correct person.

As I say it could happen to anybody. So use that example with your staff today.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 068 A Data Breach of Bank Details appeared first on L2 Cyber Security Solutions Ltd..

Yesterday the Data Protection Commission (DPC) in Ireland released their annual report for 2020 and I’ll just give a quick summary of its findings here.

What is the number 1 complaint that the DPC get?

The number one source of complaints for the third year in a row under the GDPR remains access requests. So, businesses out there are still having trouble giving people access to their data that they’re entitled to.

I always focus in the training to make sure that people get their access rights done properly. They have proper procedures in place to handle these requests from individuals.

Any figures for Data Breaches?

Over in regard to data breaches. The number of those reported to the Data Protection Commission has increased again by about 8% overall.

But the number one source of data breaches was unauthorised disclosures of personal data, which was up 12.5% over last year, to nearly 6,000 breaches, which is really, really significant.

Data Breaches caused by hacking were up about 40% and Ransomware incidents also doubled over last year. So, things are going the wrong way.

Is there any good news in the Data Protection Commission Report 2020?

Just to finish on a happy note. I was delighted to see that data breaches in regard to phishing have halved over last year. So that must mean people are getting really good training out there on how to spot dodgy emails.

So that’s it for this week. Lets be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 067 Data Protection Commission Report 2020 appeared first on L2 Cyber Security Solutions Ltd..

Where is this coming from?

I have introduced the www.HaveIBeenPwned.com service to a number of people recently. They have gone on to the website. They have typed in their email addresses and in some cases they have found that they have been included in data breaches. When they’ve gone to look and see what was breached, in a number of cases they had at least their email address and password for that service were included in the data breach.

Also check out previous #WeekendWisdom 014, #WeekendWisdom 015 and #WeekendWisdom 016.

Data breaches are bad. What should they do?

So they asked me “What should I do?”. The first thing of course is always, they must change their password on that service or site or whatever it was that was breached. Then I ask “Do you use that password anywhere else?” And they say “Yeah. I use it on multiple sites” or “It’s my favourite password. I use it everywhere.”

So I said “Well you’re going to have to change that password on all of these other platforms.”

They say “That’s going to be an awful lot of effort. Why should I worry?”

Why did you call this post Credential Stuffing?

You worry because of a thing called Credential Stuffing. What happens is that the bad guys, they take these data breaches, say from LinkedIn back in 2012. They take those email addresses and passwords that they have cracked and they try to sign into Facebook, into Twitter, into Microsoft 365, into Google G Suite, into Gmail and many, many other services. The criminals will try all of these things automatically.

They are stuffing credentials into services to be able to try and break in. That is what credential stuffing is all about. That is why you should not use the same password across multiple platforms and services.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 056 Credential Stuffing appeared first on L2 Cyber Security Solutions Ltd..

First of all what do I mean by a shared account?

What is a Shared Account?

A shared account is a generic user ID or username that has its password known by multiple people. Now I’m distinguishing this from generic accounts which might have their password only known by one person. They’re ok. There’s no real risks there. So that could be an Accounts user ID or a HR user ID.

How about an example?

But the shared accounts are risky. So just as an example in a hotel environment you might have multiple staff that look after the reception desk. They might all have access to a “reception” account that is set up on the computer there. so that they don’t have to be logging in, logging out or things like that on that computer.

What is risk of using shared accounts?

Now the thing is because multiple people know that password you lose control over any tracking over what that account does. So one of those staff logged into the account and they transfer a database of information off to some external account, you don’t know which one of the multiple people that know the password, you don’t know who did it. It can be very difficult to track that down.

So those are the kind of risks that exist with using shared accounts.

So that’s it for this week. Let’s be careful out there and we’ll talk to you again next week.

How can L2 Cyber Security help you?

We offer a full range of training programmes, which can be delivered online or in-person*.

L2 Cyber Security are also a partner of CyberRiskAware for online self-directed Cyber Security Awareness training and Phishing testing.

Contact us for more information at info@L2CyberSecurity.com.

*With appropriate social distancing and other health and safety measures adhered to.

Follow us on Social media:

Liam is available on Twitter, LinkedIn and Instagram.

Follow L2 Cyber on Twitter, LinkedIn, Instagram and Facebook.

© L2 Cyber Security Solutions

The post #WeekendWisdom 052 Using Shared Accounts appeared first on L2 Cyber Security Solutions Ltd..

We’ve heard of companies having data breaches and losing people’s data. But how could you find out if you are included in some of the data breaches? There is a free site from a gentleman called Troy hunt from Australia and the site is called www.haveibeenpwned.com. “Pwned” is hacker-speak for “Owned” or compromised so “Have I been compromised .com” really.

So have you been in a data breach?

All you have to do is:

1. Go to the site
2. Enter your email address
3. Click “Pwned?”

If it it comes up saying no pwnage found, happy days that email address is safe. It is not included in a data breach that Troy Hunt is aware of.

However if you input your email address and click “Pwned?” and it comes up “Oh no pwnage found”:

1. Scroll down the web page
2. It will show you what breaches you have been included in
3. It will also show you what details have been lost in that data breach

So you are now aware of what information is out there in the wild.

Can I receive a warning if I have been in a data breach?

If you want to be notified, if you ever do come into a data breach in the future, from this website:

1. You can click notify me
2. Then click the I’m not a robot
3. Click “please notify me of pwnage”
4. Then you will be sent a verification email
5. Once you click OK on that, then you will be registered with the site

So if that email address ever does come up in a data breach in future you will get notified.

So that’s it for this week let’s be careful out there we’ll talk to you again next week.

www.L2CyberSecurity.com

www.twitter.com/L2Cyber

The post #WeekendWisdom 014 Have you been in a data breach appeared first on L2 Cyber Security Solutions Ltd..

Setting up an account is sooo easy

Cast your mind back to when you set up Whatsapp on your phone for the first time and you set up your account with them. Did you specify a User ID or Username? Did you give it a password? The answer is no. The only authentication was your telephone number, which your phone was giving the app.

Recycling is good for the planet, but not good for security

Mobile telephone numbers get recycled by telephone companies all the time. This is because they don’t have an unlimited amount of numbers that they can issue. If you watch enough crime programmes on the TV, you will see a lot of “burner” phones being used. These are basically a cheap phone and number that might only be used once or twice and then is disposed of forever. Also, people having affairs would sometimes have a second “secret” phone for communicating with their paramour. If the affair doesn’t last long, that phone number will be disposed of.

So phone companies that have old numbers, where a contract hasn’t been renewed or a prepaid number has not been topped up in some time, they will simply assign them to new SIM cards and push them out through their retail channels. Thus the number is recycled and reused.

This is what happened to Abby Fuller. She got a new number and when she installed Whatsapp, she had all of the messages from that telephone number’s previous owner restored onto her device. Because the number is the only means of identifying an account, this is why Whatsapp authentication sucks.

She took the correct course of action and deleted everything. However if she had a bad side, she could have downloaded all of the messages or even worse, she could have impersonated that number’s previous owner in those messages and caused all sorts of issues.

So Whatsapp authentication sucks. What can I do about it?

You can set up, what Whatsapp calls, two step verification. With this enabled, if you (or somebody else), try to setup Whatsapp with your number on a different phone, you (or they) will be asked for a PIN number, which only you should know.

It’s really easy to set up:

1. Go into your Whatsapp settings
2. Select Account -> Two step verification
3. It will have an explanation screen. Click Enable
4. Provide a 6 digit PIN number and then confirm it
5. Optionally (but recommended) you can provide an email address should you forget the PIN number, where a PIN reset request can be sent. You will need to confirm that email address
6. That’s it

If somebody gets your number or they try to take over your phone number, when they try to set up Whatsapp, they will need to input the PIN you just set up. It’s not really the best two step verification in the world, but it should be effective.

I must try and persuade the few Whatsapp groups that I am involved in to switch to something more secure like Signal.

Lets be careful out there.

#SecuritySimplified #GDPR #SimpleGDPR

The post Whatsapp Authentication Sucks appeared first on L2 Cyber Security Solutions Ltd..

1. There will be another large scale incident on a similar scale to WannaCry

Every year there are really large attacks using different methods to cause problems. In 2016 we saw huge floods of data attacking online services. This flood was caused by poorly secured internet connected security cameras. 2017 saw Ransomware worms in WannaCry and Petya/NotPetya. The latter of these was quite ingenious in the way it worked, as it used different methods to move around networks, once it successfully infected a machine. I’m going to guess that we’ll see something of similar complexity being used, perhaps in a more targeted way – possibly by way of altering a widely used application’s source code and lying dormant until activated.

There was one huge, record breaking event, but it didn’t feature in most of the global news as it affected a US based service provider. It was a large distributed denial of service attack, which I reported here. Earlier in the year, there was a situation where websites that used a certain popular plug-in were “mining” virtual currency for the bad guys. In September, there was number of well known websites, like Ticket Master and British Airways, who had their payment pages compromised. People who used those sites had their credit card information stolen.

I’ll take a partial on this, as the stories above didn’t have the same kind of media frenzy or global awareness as previous incidents.

2. Past Data Breaches will impact victims financially on a large scale

With so many data breaches occurring throughout 2017 (and for years earlier), there is a huge amount of useful and usable data that the evil doers can, if they used some big-data methodologies, mine to extract and target individuals and hit them financially. It’s not credit card numbers I’d be worried about, as the issuers are fairly good at catching fraud and protecting the card holder. It’s all of the other information that could be used to craft a very convincing e-mail/letter/WhatsApp message that will cause the victim to send money to the bad guys.

I reckon I got this one. Old passwords that were breached a long time ago (possibly from the 2012 LinkedIn breach), were used to make a sextortion e-mail appear more credible and a lot of people fell for it. According to some reports, 1,000 people paid approximately $500,000. An earlier analysis of the payments showed that some people paid up to $4,900, with the average being $1,900.

3. GDPR will cause a big Facebook-type company to be fined

I suspect there are individuals out there waiting in the long grass for May 25th 2018 to roll around so they can launch all manner of subject access requests on various companies and government departments that they don’t like. Just to be a nuisance. I do, however, expect that some large global corporation, that has a lot of personal data on a huge number of people, will end up being investigated and, either in 2018 or 2019, be levied a massive, multi-million Euro fine. But they will fight back and hold up the imposition of the fine for a number of years. They may even expose flaws in the GDPR legislation.

The cases are still under investigation, so I’ll take a partial on this, but it’s not a Facebook-type company that is going to be fined, but Facebook themselves. They currently have multiple post-GDPR investigations underway with the Data Protection Commission.

4. Crypto-currency hack

If BitCoin is still a valuable thing in 2018 (and hasn’t crashed and burned), I expect the evil doers will be doing their best to hack the BitCoin block chain in order to steal some of that sweet, sweet virtual currency.

This was a miss. I’ve not heard of any successful block chain hacks and BitCoin’s value has fallen so low, it’s probably not worth the effort to attempt to hack it any more.

5. Data breaches will see a massive increase in reporting in Ireland

While there have been data breaches reported in Ireland, they are few and far between. However, I fully expect that the requirement to report data breaches to the Data Protection Commissioner under the GDPR, will cause an increase in the reports of data breaches occurring. I have a useful short video here showing that there are many different types of data breach that might need to be reported.

This was a kinda easy one to predict. In 2017, there were on average 230 data breaches reported to the Data Protection Commissioner each month. Two months after the GDPR had been implemented, the Data Protection Commission (as it is now known) had received nearly 600 data breach notifications per month.

Results for my 2018 predictions

2 correct, 2 partials and 1 incorrect. Not too bad.

I don’t plan on doing this again next year. However, if enough people ask me to do so, then I’ll reconsider. Send me an e-mail at info@L2CyberSecurity.com and let me know if you want to see a 2019 set of predictions.

Wishing you and yours a safe and secure 2019.

Lets be careful out there.

#SecuritySimplified

The post Review of my 2018 predictions. appeared first on L2 Cyber Security Solutions Ltd..

My attitude has always been to never pay. This is because:

1. You stand a very good chance of not being able to get your data back.
2. You are giving good money to criminals. This will be used to fund criminal enterprises like human trafficking, drug smuggling, gunrunning, etc.
3. With some simple preparation, it’s unnecessary.
4. You might need the money to pay a GDPR related fine.

We’ll deal with those later, but first I want to address why …

Paying Ransomware may break the law.

If your business is in any way a part of a US corporation, then you are probably already screening all of your financial transactions against a list provided by the Office of Foreign Assets Control (OFAC). This is a part of the US Government’s Treasury Department. They produce a list of designated individuals, businesses and countries with which US corporations are prohibited from doing business with. It’s all about cutting off avenues to finance terrorism. If your business tries to transfer money to one of these designated individuals, screening that transaction against the OFAC list should flag it as being illegal. To date it’s all been about identifying bank accounts.

Last month OFAC included a couple of cryptocurrency addresses (a virtual wallet for a digital currency) in this list. They attributed them to a couple of Iranian criminals who are allegedly behind a particular type of Ransomware, called SamSam.

So this means that any US company that gets affected by SamSam, will break US Federal Law if they pay the ransom into those virtual wallets. The fines that can be imposed for such breaches would be a lot higher than the Ransom demand. As nearly all Ransomware is paid by some form of cryptocurrency, then this screening is likely to spread to other such virtual wallets.

“I’m not affiliated with a US corporation, so I can pay the ransom.” says you. Let’s go back to the 4 points I made earlier.

You might pay for nothing.

If you pay, you might not get your data back. Figures vary wildly from 50% to 100% failure to recover data. If you pay and don’t get your data back, you will then have to pay the full cost of recovery anyway.

You’re funding criminal activity.

When you pay, you are funding organised crime. You are paying criminals who not only do cyber crime, but human trafficking, drugs, weapons, etc. All the crime and terrorism news you see online, on TV or in the papers – That! That is what ransom payments are helping to fund.

People think I am being jokey or have my tongue in cheek when I refer to Evil Doers. I’m not. This is an accurate description of these people. They! Are! EVIL!

So no paying Ransomware. OK?

Be prepared.

It may be the Boy Scouts motto (full disclosure, I never was one ?) but it should be part of your business’ policies.

The first thing is to make sure you get your staff some security awareness training. This is something that I deliver. Details of the complete training is available here. We can do customised training to suit your organisation too. Call me on 087-436-2675 or e-mail on info@L2CyberSecurity.com to discuss your requirements.

Then ensure that you have your systems updated/patched regularly, have security appliances like Firewalls in place, Anti-Virus is generally helpful against malicious software and also you shouldn’t insert strange USB devices into your computers.

Finally, you should have a good data backup system in place. This can be a very simple set-up or more complicated depending on your business needs. Again, I offer advice and support on backup strategies and business continuity planning. I also have a commandment about backups.

That’s it! With all of the above in place, in the very unlikely event that you do subsequently suffer a Ransomware incident, you will be able to recover from it.

There is also some help available from the good guys. It’s a not-for-profit, freely available service called No More Ransom (https://www.nomoreransom.org). This is run by various Law Enforcement and Cyber Security firms around the world. They are constantly working on cracking the codes for the different Ransomware variants and enabling people to recover their data for free.

The GDPR has something to say.

If your business processes personal data of individuals who are resident in the European Economic Area (EEA), then it is subject to the GDPR. If the files that are scrambled by the Ransomware contain personal data, then technically you have a data breach on your hands. I have a short video explaining this here:

Conclusion

Finally, if you do suffer a Ransomware incident, a crime has been committed, so please report it to local Law Enforcement. They may not be able to do much about it, but it needs to be reported for statistical purposes if nothing else. If it can be shown that Cyber crime is as big a problem, as I know it to be, then the more reports to Law Enforcement will mean they will get more resources to be able to tackle it’s root cause.

Lets be careful out there.

#SecuritySimplified #GDPR

The post Paying Ransomware may break the law appeared first on L2 Cyber Security Solutions Ltd..

Updated 05/12/18: To include the Dell, potential breach.

Last Wednesday, Dell announced a potential cybersecurity incident. This was followed on Friday when it was revealed that Marriott International Hotels had a massive 500m  records stolen. These were all forgotten by Monday for most normal people and then later on Monday Quora, an online question and answer forum had 100m records stolen. A couple of weeks ago, Amazon notified an unknown number of customers that their name and e-mail address were exposed. Earlier in the month, VisionDirect in the UK had lost payment card data for an undisclosed number of customers.

That’s just 5 companies that you probably have heard of. I covered the NUI Galway breach separately a couple of weeks ago. There were lots more breached last month. I’ll give a synopsis on each one of the five and then discuss what can happen.

Quora have some questions to answer

So Quora had ~100m records accessed by persons unknown. They detected the issue on Friday 30th November and on Monday 3rd December they endeavoured to contain the issue. They logged out the impacted individuals and forced them to reset their passwords when they log back in. What was taken by the bad guys?

• Account information, e.g. name, email address, encrypted (hashed) password, data imported from linked networks when authorized by users

• Public content and actions, e.g. questions, answers, comments, upvotes

• Non-public content and actions, e.g. answer requests, downvotes, direct messages

They claim not many subscribers used the direct messages features, so really the most important items lost here was the account information.

Marriott reserve second place in the data breach tables

I actually missed this story on Friday the 30th November, as I had promised a customer a security assessment report by the end of the week. So I stayed off social media for the day, while I completed it. There were a LOT of tweets to get through that night! ? This is currently the second biggest data breach in history after Yahoo!’s almost impossible to match record breaking 3 billion accounts breach as revealed in October 2017. So what did Marriott lose? The contents of the Starwood guest reservation database, going back as far as 2014, containing:

• For approximately 327 million of these guests, the information includes some combination of name, mailing address, phone number, email address, passport number, Starwood Preferred Guest (“SPG”) account information, date of birth, gender, arrival and departure information, reservation date, and communication preferences.

• For some, the information also includes payment card numbers and payment card expiration dates, but the payment card numbers were encrypted using Advanced Encryption Standard encryption (AES-128).  There are two components needed to decrypt the payment card numbers, and at this point, Marriott has not been able to rule out the possibility that both were taken.

• For the remaining guests, the information was limited to name and sometimes other data such as mailing address, email address, or other information.

Some of the data lost is genuinely concerning. Particularly the payment card information.

Bad guys try to ding dong Dell

This may or may not have been a breach. Dell haven’t given away too much information. Their security measures detected unauthorised activity that was …

… attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords.

Dell couldn’t say at this point whether these details were actually extracted from their systems by the bad guys. But even if they were unsuccessful in taking data, this just demonstrates that even massive companies like Dell can be broken into. Massive companies like … ⬇⬇⬇

Prime example of poor communication from Amazon

The Amazon data breach on 21st November doesn’t seem too bad. All that might have been compromised was name and e-mail address. However their notification to affected customers was pretty poor.

A lot of security professionals have said that this looks very “scammy”. While I would tend to agree as it’s very light on any details, there’s no suggestion that the recipient should take some urgent action. If that had been the case, I would fully agree.

Is there short-sighted security in place at VisionDirect?

Back on the 19th November, VisionDirect in the UK issued a statement about a data breach. The breach affected customers who updated their details or placed orders between the 3rd November and 8th November. What data was accessed by the evil doers?

The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.

In fairness to them, they were very specific about the timeframe when the website was compromised. “Between 12.11am GMT 3rd November 2018 and 12.52pm GMT 8th November 2018.” This was repeated ad nauseam.

What can happen when there are data breaches everywhere?

A common feature of all the above breaches are names and email addresses. While you might not think these are worth anything, 50,000 valid email addresses can be sold for up to $50 on criminal exchanges on the “dark web”. I hate that term by the way. It’s so “hackery”. Anyway, your email address has a small, but material value.

Payment card data is the next thing that is of immediate value, particularly where the bad guys have the CVV/3 digit security number. These can be immediately put to work purchasing vouchers which are then immediately spent. The card numbers are also valuable on their own and sell for up to $60 each. While Marriott had the credit card numbers encrypted, they were not sure if the required information to decrypt them again was also exposed. So I would assume that it was.

Passwords are the next concern. Quora had “hashed” passwords which is good. These are hard (but not impossible) to crack. They also forced a password reset on affected subscribers, so that’s another mitigation. With VisionDirect, the password was totally compromised. This is because it was captured when a user was signing on to the site. They forced password changes on people who were impacted. However, if the password is used on ANY other account, particularly email, banking and social media, then you must change them all.

The rest of the data that was breached is still incredibly useful to the criminals. In particular from the Marriott breach. They have reservation details, probably into the future. So they know the future likely movements of people. They have loyalty card information, which, along with other data points, can be used to compromise a person’s Starwood’s Preferred Guest account and re-direct the rewards elsewhere.

The amount of data leaked, over such a long time at Marriott is pretty bad. This can be merged with lots of other data breaches and the evil doers can build quite a profile on each individual. I’ve discussed before how breached data from multiple sources can be put to evil use.

Data breaches everywhere indeed.

How can we help?

As the saying goes, preparation is half the battle. If you’ve not prepared to handle a data breach, it will be a much bigger struggle. We can help you prepare, both for a breach and handling the aftermath.

If you want to discuss further, please call on 087-436-2675 or send an e-mail to info@L2CyberSecurity.com and somebody will get in touch. We will make it straightforward and easy for you to be ready for an incident.

Lets be careful out there.

#SecuritySimplified

#GDPR #SimpleGDPR

The post Data Breaches Everywhere appeared first on L2 Cyber Security Solutions Ltd..