The Marriott Breach – We Now Know Everything

marriott breach impacts millions
Marriott Breach Affects Millions

Consumers and many employers suffered a significant blow with the massive data breach recently revealed by Marriott International Hotels. Their hacked data included personal information from nearly half a billion guests. Marriott’s reservation system for their Starwood line of hotels exposed personal data including guest names, passport numbers, phone numbers, email and mailing addresses, along with some credit card information which included the encryption software that could decode the stolen numbers. Along with the enormous number of travelers affected, the fact that the Marriot breach went undetected for approximately four years is particularly disturbing.

In addition to all the Starwood hotels, other affected hotels included Four Points by Sheraton, Tribute Portfolio, Westin Hotels, The Luxury Collection, Sheraton, Design Hotels, Aloft, Element, W Hotels, St. Regis, and Le Méridien. While the mechanism the hackers used to accomplish their heist is still unknown, there are a few things concerned companies can do that may help them avoid issues in the future, particularly if they had any interaction with the affected hotels.

Change Marriott-Related Passwords

As many as 50% of people use passwords that are at least 5 years old. Even if any company interaction with an affected hotel occurred earlier than 2014, it’s time to change all old passwords. For any Marriott passwords shared with other entities, those shared password should be updated as well. It’s also time for companies to seriously consider establishing a standard of using two-factor authentication, along with a password management tool if their corporate devices will allow it. Companies should also establish a standard of changing passwords at regular intervals, such as every 6 months or perhaps even more frequently.

Have a Backup and Disaster Recovery Plan 

Even small businesses are becoming increasingly dependent upon company data. One of the best ways to protect vital corporate data is to have an established and tested backup and disaster recovery plan. In the event a company’s data is held for ransom, they can breathe easier knowing they can restore one of their most vital assets.

Hire Professionals

Large companies can afford to have multiple teams dedicated to protecting their data resources. Small to medium-sized businesses rely on their data just as much, but cannot necessarily afford to hire dedicated staff. This is where a Managed Service Provider can step in and fill the gap. A professional MSP can evaluate a small company and find their security gaps. They can then create a complete security solution, including a backup and disaster recovery plan for their client.

If you would like to know more about how we can develop a complete security plan for your company, please contact us.

Marriott Breach Impacts Millions

marriott breach impacts millions
Marriott Breach Affects Millions

The Marriott International breach has had its online reservation system hacked. Now are we learning the extent of the damage it caused for consumers who have given information to this database. First estimates state that over 500,000 million customers have had their names put into the data system. Other sensitive information has also been put into the system. This includes their telephone numbers, addresses, credit card numbers, and preferred guest account information.

Marriott International is now advising all customers to follow the following steps to help protect their information:

  1. Customers need to set new passwords on their accounts. 21% of Marriott International guests are using a password that is at least 10 years old. While 50% have a password that is at least 5 years old. Change your password every 30 to 180 days for the maximum protection available.
  2. Use a safe, appropriate network with secure locations. Their information is less likely to get hacked than if they just connect from any remote location. 
  3. Implement an appropriate system that will help you implement a backup a plan and disaster recovery plan. Customers need to have a plan in place in case the user’s data was affected by the attack with the intent of being used for ransom. 

These are the 3 key steps that Marriott International is asking customers to take to help protect their data in the future in case another attack were to happen. Changing passwords now can also prevent the hackers from being able to access that information again to use it for malicious intent in the future.

Creating a Safer Business Atmosphere

The Small Business Administration estimates that about 45% of businesses who lose data vital to their operations never fully recover from that loss. As technologies improve, this number will only increase. It’s vital that businesses begin protecting themselves today to avoid the pain of the loss tomorrow. We now live in a generation where you can’t trust that your data is simply “safe as it is”. There is more cybercriminal activity than ever before and more people that would do your information harm if they got the opportunity to do so.

For more information on protecting your business from cyber thieves please feel free to contact us at 4 Corner I.T. for further assistance. 

4 Ways to Make Your Data Safe

4 ways to make your data safe
4 Ways to Make Your Data Safe

Security breaches can be disastrous for a business. Stolen data can result in financial liability and loss of customer confidence. Ransomware and other sabotage will lead to downtime and even permanent data loss. To avoid such outcomes, you need a comprehensive security strategy to make your data safe.

Access control

Only authorized people should have access to internal software and sensitive data. All accounts need to have strong passwords. Two-factor authentication gives greater protection, so that a stolen or guessed password isn’t enough to get in. Employees should have only the amount of access they need.

Employee accounts shouldn’t be accessible over the public Internet. Telecommuting is an excellent benefit, but employees should have access only through a VPN or equivalent security.

Software protection

Every computer on the network should have anti-malware software, and it needs to be regularly updated. New threats appear on the Internet every day, and any that get through to your computer can do serious damage if they aren’t caught quickly.

Spam filtering is equally necessary. If someone opens a malicious email attachment, it can mean serious trouble. However, if phishing mail doesn’t reach the victim’s inbox, it can’t do any harm.

Data encryption

Data that leaves the premises should be encrypted, and so should any sensitive on-premises data. If confidential information such as financial data needs to be stored, it should be in a hashed or encrypted form. Laptops and phones that hold proprietary information should use whole-device encryption.

Defense in depth is what this is about. Attackers shouldn’t have access to the data in the first place, but if they get it, it should be in a form they can’t do anything with.

Backup

People can delete data by mistake, or malware can destroy it. Thus, to keep it safe, you need an up-to-date offsite backup. If your only backup is on the premises and connected to the computer, it can be wiped out along with the original. However, the more frequent the backups are, the lower the risk. The backup needs to be encrypted both in transit and where it’s stored.

We provide managed IT services that will keep your systems safe and smoothly running. Contact us to learn what we can do for you.

How to Protect Your Business Against Viruses

how to protect your business against viruses

Viruses and malware can be detrimental to your business’s critical systems, which makes it important that you do everything in your power to protect your business from these digital threats. Here are a few of the steps every business owner should take in order to protect the digital security of their business.

Invest in Quality Antivirus Software

While this may seem obvious, it is important that you take some time to research the best internet security program for your business. Work with a reputable antivirus software company to create a software package that will meet the needs of your business. You will want to ensure that the program you choose protects against other digital security threats such as malware in addition to virus protection.

Stay on Top of Updates

Aside from having a good antivirus program, one of the best things you can do to ensure your company’s digital security is to stay on top of updates to your operating system as well as all of your other software and programs. The fact is everyone has been in the position where they ignored the update reminders they receive, however, keeping on top of these updates is imperative as hackers often use vulnerabilities in outdated programs to infiltrate networks. Keeping on top of upgrades is then one of your best defenses against viruses.

Consider an IT Service

One of the best ways to ensure the digital security of your company is to partner with an IT service. IT professionals will have the experience necessary to protect your company against digital threats and they will be able to help you maintain and protect all of your business’s vital systems.

Contact us to learn more about what you can do to protect your business against viruses and other digital threats.

Encrypting Email with Office 365

encrypting email with office 365

Normal email isn’t secure. Snoopers can intercept it and read it. Unlike the Web, email doesn’t have any standard way to send data securely. If you’re sending highly confidential email, the risk could be unacceptable. You should learn about encrypting email.

Fortunately, Microsoft Office 365 provides three ways to encrypt email, making it nearly impossible for anyone to spy on it. Each method has its own advantages, depending who’s getting the mail.

Encrypting Email

Encrypting Email with Office 365

Office Message Encryption (OME) lets you send encrypted messages to any address, not just another Microsoft-based one. The administrator sets up rules about which messages are encrypted, so the user doesn’t have to remember to do it. The recipient can decrypt the message with an Office 365 account or request a one-time passcode by email, which expires in 15 minutes.

Information Rights Management (IRM) provides tighter security. The sender can prohibit forwarding, though knowledgeable recipients can override it. It uses Azure Rights Management, and only someone with the designated use license can decrypt an IRM message. Only certain applications can handle these messages, so people who don’t have Office 365 accounts will have trouble reading them. As with OME, the administrator can set up rules to automate encryption.

S/MIME is a vendor-neutral standard that uses public-private key encryption. You can send messages to anyone who has a public encryption key. It provides a high level of confidence that only the authorized recipient can read the message. It encrypts the whole message, so there’s no way to check S/MIME messages for malware or spam.

Any of these methods let you send messages from Office 365 that snoopers can’t read. 4 Corner IT can help you to set up your IT so that all your information is safe, whether it’s in transit or on your drive. Please contact us to learn more.