MCCC Blog |
Click Here to submit an article for our blog.
|
Note: The views and opinions expressed here are those of the authors and do not necessarily reflect the position of the Morris County Chamber of Commerce.
|
 By Ken Scaggs, NFP Time and time again, we continue to see news stories or hear about cyber security related events in the world. As technology and the internet continue to drive itself into the backbone of what we do and how we operate, the need for cyber security and effective planning continues to become essential in our daily lives. Facebook, the world’s largest social media platform, is being sued by users over a 2018 data breach. According to a court filing, they are claiming that Facebook failed to warn its users about risks tied to its single sign-on tool, but protected their own employees. Single sign-on connects users to third-party social apps and services through their Facebook credentials by using “access tokens”. Who could have foreseen that the trade-off for convenience would potentially involve getting your data stolen? With the transmission of data on the internet, one weak link such as an outdated system, firmware or application is all it takes for a cyber-criminal to get access. This scenario Facebook is dealing with is a great example of failing to ensure all of your bases are covered when planning for cyber security – more specifically, reacting to a cyber-breach. This likely could have been prevented with some forward thinking and planning.
The lawsuit facing the social media giant stems from their worst-ever security Breach back in September, when hackers stole the previously mentioned “access tokens” which allowed them to access nearly 29 million accounts. Think about all of the data and personal information that people are willingly putting out on the internet, especially Facebook. Hackers could potentially find a lot of value in this data, depending on what their end goal is. The plaintiffs stated that, “Facebook knew about the access token vulnerability and failed to fix it for years, despite that knowledge” in a section of the filing in the U.S. District Court for the Northern District of California in San Francisco. They continue to state that, “Even more egregiously, Facebook took steps to protect its own employees from the security risk, but not the vast majority of its users.” The judge of the case told Facebook he was willing to allow further research into the case to uncover how much user data was stolen. It was found that the attackers took profile information such as birth dates, employer and education history, religious preference, types of devices used, pages followed and recent searches and location check-ins from 14 million users. For the other 15 million users, their information was restricted to name and contact details. In addition, the hackers could see the posts and lists of friends and groups of about 400,000 users. They did not steal personal messages or financial data and did not access users’ accounts on other websites, as claimed by Facebook. While the information taken during this breach back in 2018 may seem irrelevant or small in comparison to larger, more confidential breaches such as the Equifax hack, it should not be taken lightly. Large amounts of data like this are valuable to hackers and cyber criminals, one way or the other. Both personal and business data is often traded and sold between cyber criminals. They could easily piece information together to find trends and target specific groups of people based on certain criteria and move on to their next plan of attack. What can be done to keep your information safe? From a business perspective, you’ll want to be sure that you have a cyber-liability policy in place that has coverage for cyber breaches with ample limits to cover any costs of dealing with cyber related losses. On top of that, it would be smart to have a plan in place for breach responses, to mitigate any legal ramifications similar to what Facebook is dealing with. There are many other facets to consider in the cyber space, which is where your local NFP Risk Consultant can step in to add to the conversation. If you are unsure of how to appropriately insure for cyber threats or want to discuss best practices further, please do not hesitate to reach out to NFP. Reference: https://www.insurancejournal.com/news/national/2019/08/16/536451.htm Comments are closed.
|
JOIN Us | CONTACT Us | LEARN About Membership | REGISTER for Events | FIND a Member Business | READ our Magazines | LEAD Morris | FAQ
|
The Power of Connection! Your membership connects you to valuable resources, opportunities for business growth and rewarding relationships with fellow members. And you don't need to be based in Morris County to belong!
Our Business Hours are Monday to Friday, 9 am to 5 pm. If you plan to stop by, it's best to make an appointment to ensure that someone will be available for you. Staff is often out of the office hosting events or meeting with members.
|
The Morris County Economic Development Alliance (The Alliance) is an affiliated 501c3 Nonprofit of the Morris County Chamber and includes the Morris County Tourism Bureau, the Morris County Economic Development Corporation and the Connect To Morris job board.
|