Maximize your protection, eliminate business risks.
Optimize and modernize with cloud transformation.
Empower your people to work securely from anywhere.
What it takes to convince leadership that migrating to the cloud is the right move.
Let us handle IT so you can focus on growing your business.
Get multichannel 24/7/365 expert end-user support.
Stay ahead of attacks with 24/7 protection and monitoring.
Maximize uptime with with industry-leading DRaaS.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Accelerate PE client deals and secure data.
Leverage your technology as a strategic asset.
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Posts
By: Paul Reissner
Table of content
In the information age, it can be difficult to identify who online knows about you. Many of us accept that Google and Facebook maintain profiles about who we are. We use their services, and in return they use this data to target advertisements in a way that is most effective – it’s how they can afford to provide these free services to billions. However, Google and Facebook aren’t the only companies who hoard user data. Exactis, a company you’ve likely never heard of, operates a “data warehouse” of more than 3.5 billion records for use in digital marketing, and some of this data was available to anyone willing to look for it.
In mid-June, security researcher Vinny Troia identified 340 million records, which included interests, contact information, and information on family members, in an unprotected Exactis ElasticSearch database (ElasticSearch is a “big data” search and analysis platform). No social security numbers or financial information were found; however, these profiles contained an alarming amount of data. In an interview with WIRED, Mr. Troia said, “I don’t know where the data is coming from, but it’s one of the most comprehensive collections I’ve ever seen.”
Exactis and the FBI were contacted, and Mr. Troia confirmed the database was no longer accessible. Exactis has not confirmed these findings at this time.
With this in mind, there are a few questions you should ask yourself after any large breach of personal information: “Why is this information important?”, “How can I make sure my organization’s data isn’t out there?”, and “How can I protect myself?”.
This database would be a treasure trove for someone interested in launching a spear phishing (i.e., highly targeted malicious email) campaign. After all, if this data helps marketers convince you to click on an advertisement, it’s equally valuable in convincing you to click on a malicious link. Phishing is still one of the most popular attacks, and with as many as 22% of people failing simulated phishing tests last year, there is a high potential for success. Phishing is one of the most common infection points for ransomware, like Cryptolocker.
All organizations hold sensitive data, which may include client payment information, employee data, or simply the “secret sauce” that gives them a leg up on the competition. You may think this data has little value to those outside your office, but losing this information would lead to a breach a trust between you and your clients, which could have a long-lasting impact on your reputation and could ultimately lead to a loss of business. You should always know what data you have and where it’s located. This can be achieved by having strong policies that dictate how and where data can be stored, and regularly assessing your network for compliance, vulnerabilities, and improper configurations that may allow someone outside of your organization to access sensitive information.
You can protect your organization by actively testing your employees with simulated phishing emails and providing user awareness training for all employees at least annually. A vulnerability assessment can identify vulnerabilities on your network and improperly configured servers that may unintentionally be present on the internet. You should also regularly monitor your corporate domains for activity on the Dark Web. Information like the data found on the Exactis database is often aggregated and sold on the Dark Web alongside passwords and other sensitive material. By monitoring for this activity, you can react by specifically changing passwords to reduce the risk of an account breach.
It’s important to remember that the United States lacks general information security regulations but instead relies on industry specific regulations (e.g., HIPAA) to govern how personal information is handled and define penalties for noncompliance. Europe’s General Data Protection Regulation (GDPR) recently took effect and provides guidance on how data, like that from the Exactis database, is to be secured and what rights individuals have to secure their data. GDPR has caused some popular websites to block access from the EU while they work on complying with this regulation. It’s only a matter of time until similar regulations are enacted in the United States, so taking steps now to identify and protect your sensitive data may save you from headaches down the road.
INSIGHTS
Subscribe to our blog to learn about the latest IT trends and technology best practices.