Capital One Data Breach: Importance of Cybersecurity Basics

Capital One Data Breach: Importance of Cybersecurity Basics

By now you’ve heard of the Capital One Data Breach that happened on July 29, 2019, where a hacker gained access to 100 million Capital One credit card applications and accounts. Read more about the thoughts from Cybriant’s Chief Technology Officer, Andrew Hamilton.

My first reaction when I saw that the Capital One data breach has been the same as many of you: someone misconfigured something and a former employee knew that misconfiguration.

What we most commonly see as a security company when organizations move to the cloud is the expectation that the cloud provider (AWS, Azure, Google) will automatically understand and take into account any security threat vector which may be particular to an organization.

Unfortunately, they can’t work in that manner because requirements and environments will always differ from one organization to the next.  What may be a potential threat vector to Capital One could be required functionality to another organization.

And so, the cloud providers afford their customers a high degree of flexibility, but they state in their Terms of Service (and recommendations) that the customer is responsible for securing their tenant.

Similarly, when we monitor a customer’s environment one of the first things we check for is whether we see customer endpoint devices utilizing external DNS servers instead of the official internal company DNS servers.

Malware loves to exfiltrate data via DNS because most of the time UDP/TCP 53 is wide open to the Internet.  And while there are certainly ways to exfiltrate data via valid CNAME and TXT records (which require additional techniques to monitor/block such as RPZ records) those are computationally less efficient than simply blasting data via a commonly trusted port DNS port and bypassing HTTPS SSL inspection.

There was an excellent article at InfoSecurity Magazine yesterday on the top 5 penetration test discoveries (link:  https://www.infosecurity-magazine.com/news/95-test-problems/).

All five boil down to good Systems Administration hygiene. They aren’t as “sexy” as buying a Palo Alto and bragging about it to friends, but instead are things that are often left by the wayside (requiring complex passwords, simple patch management, etc).

What can be even more puzzling is when we see organizations who want a VERY expensive penetration test, and yet they haven’t even begun resolving the issues found from their vulnerability scanner.  Unfortunately, this is the norm that we see across industries and company sizes.

To avoid a Capital Bank data breach at your organization, read to the end to see our recommendations.

Related: Top Cyber Security Websites

Capital One Data Breach Facts

On July 29th, 2019 Capital One Financial Corporation, a US-based bank holding company specializing in banking, credit cards, loans, and savings, today released a statement1 regarding the detection of a breach resulting in unauthorized access to personal data about over 100 million Canadian and US credit card applicants and customers.

  • The breach is believed to be one of the largest in the history of the banking industry;
  • According to the statement, Capital One does not believe the compromised data has been used fraudulently;
  • Capital One became aware of the breach following a responsible disclosure email alerting them to potentially leaked data on a GitHub account associated with the alleged threat actor (TA);
  • The breach reportedly exploited a configuration vulnerability in Capital One’s infrastructure, including at least one known firewall misconfiguration, permitting access to customer data stored on Amazon Web Services (AWS) cloud;
  • US Law Enforcement arrested an alleged TA, ‘Paige Adele Thompson’, a former Amazon Inc. employed S3 Systems Engineer2, also known as ‘Erratic’, in Seattle, WA (US) on suspicion of ‘Computer Fraud and Abuse’ as filed3 in a criminal complaint with the US District Court for the Western District of Washington at Seattle;
  • The hack is expected to cost the company up to $150 million in the near term, including paying for credit monitoring for affected customers.

Scope of breach

  • Personal data of more than 100 million US and 6 million Canadian customers (consumers and small businesses) including approximately: o 140,000 US Social Security numbers
    • 1 million Canadian Social Insurance Numbers (SIN);
    • 80,000 US bank account details;
    • Names, addresses, phone numbers & dates of birth;
    • Self-reported income;
    • Credit scores, limits, balances & payment history.
  • Stolen information about credit card applications from 2005 through 2019.

Capital One Data Breach Timeline

  • 12 March – 17 July 2019 – Period in which unauthorized access to Capital One’s infrastructure likely occurred;
  • 22 March 2019 – Capital One access logs confirm unauthorized access to AWS from a compromised account;
  • 21 April 2019 – Timestamp associated with leaked data hosted on GitHub in addition to unauthorized activity recorded by Capital One logs;
  • 26 June 2019 – Posts on a Slack channel associated with, and using an alias of, the TA include screenshots and directory listings of files belonging to Capital One and other potential victims;
  • 17 July 2019 – Responsible disclosure email received by Capital One, alerting them to ‘leaked s3 data’ hosted on a GitHub Gist account believed associated with the threat actor;
  • 18 July 2019 – Direct messages posted by the TA suggest that they were prepared to distribute the stolen data;
  • 29 July 2019 – US FBI agents arrested the TA and Capital One release a public statement about the breach (also establishing a dedicated data breach webpage4 with an FAQ for potentially affected customers).

Cybriant Recommendations:

  • Organizations using cloud-based services, such as Amazon S3, should ensure that assets are correctly configured to prevent inadvertent or unauthorized access to sensitive data. Cloud providers will provide documentation detailing identity and access policy configurations that can restrict access, be that by the user, file, bucket, or organization.
  • Patch Management is a vital service that is often overlooked or taken for granted. Cybriant offers a Responsive Patch Management service that will take the guesswork out of the administrivia of this task and maintain a healthy network.
  • Vulnerability scans may catch the majority of issues, but these need to be done continuously. If you are only scanning once a year or quarter, that leaves a long period for hackers to use those vulnerabilities for malicious purposes. The alerts that come from the scans need to be remedied. Our Risk-Based Vulnerability Management service will aid your team to identify vulnerabilities to protect your network.
  • Logging any incidents in your network is the best way to protect against advanced persistent threats, including insider threats. Our Managed SIEM with 24×7 Security Monitoring service is not only a potential compliance requirement but will address and resolve the most complex cyber risk issues.




The Financial Industry’s Biggest Threat


Introducing PREtect: Tiered Cyber Risk Management Service

How to Prevent Data Breaches in Healthcare

How to Prevent Data Breaches in Healthcare

Data breaches in healthcare are rampant in today’s cyber threat landscape. Is it possible to prevent them? Security must become ingrained in the strategy of the organization. Keep reading the following tips to ensure success.

Why instigate data breaches in healthcare? The reason is apparent that the pharmacies, hospitals, doctors, and clinics practices have valuable information. Healthcare organizations attract cybercriminals as they are goldmines of private, personal information. Thus, there is a need to protect securely the information.

How Can Companies Prevent Data Breaches?

Ensuring the security of sensitive information has become a top priority for companies across all industries. The threat of data breaches is constantly looming, which can have significant consequences in terms of financial losses and reputational damage. To prevent such incidents, companies must implement a robust cybersecurity framework that addresses potential vulnerabilities. This entails several measures such as regular software updates, multifactor authentication, employee training on safe online practices, and limiting access to sensitive data only to authorized personnel. By taking these measures, companies can protect themselves against potential data breaches and safeguard their reputation and integrity.

10 Ways to Prevent Security Breaches in Healthcare Sector

1. Ensure that all software is properly updated: Regularly updating your healthcare organization’s operating systems, medical devices, electronic health records, and other software can help prevent attackers from exploiting outdated vulnerabilities.

2. Implement strong authentication systems: Multifactor authentication (MFA), using two-factor or biometric authentication could help protect patient data against unauthorized access.

3. Train and educate employees on data security: Regularly providing training to employees in areas such as phishing prevention, password management, mobile device security, etc. can help reduce the risk of data breaches due to human error.

4. Limit access to sensitive data: Implementing least-privileged user access controls can limit the scope of a potential data breach by granting access only to those who need it.

5. Encrypt patient data: Encrypting sensitive EHRs and other PHI can help protect them from unauthorized access, even if attackers gain access to your system.

6. Monitor medical devices and IoT networks: Regularly monitoring connected medical devices and IoT networks can help identify potential vulnerabilities and malicious activities before they become a serious threat.

7. Conduct periodic risk assessments: Regularly assessing the security posture of electronic health records (EHRs), as well as other sensitive data can help organizations identify potential risks and take steps to mitigate them.

8. Implement physical security measures: Securing physical access to medical equipment and other assets, such as servers, can help protect against potential data breaches.

9. Implement robust backup plans: Regularly backing up EHRs and other sensitive data is a crucial step in ensuring that patient information remains safe even if there is a breach.

10. Prepare for the worst: Developing a comprehensive incident response plan can help organizations respond quickly and efficiently to any data breach that may occur. This includes contacting affected parties, conducting investigations, and providing support. Additionally, having a clear policy on what should be done if a data breach occurs can help healthcare organizations better protect their data in the wake of an attack.

Causes of cybersecurity breaches in healthcare

The causes of cybersecurity breaches in healthcare are the same as any other industry – lack of security protocols, human error, malware and viruses, weak passwords, and inadequate patch management. However, the healthcare sector faces additional challenges due to its vast array of legacy systems that are often challenging to secure. In addition, there is a huge amount of sensitive information stored in these systems which attackers may target.

Health Insurance Portability and Accountability Act (HIPAA)

Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA) is a federal law designed to ensure that health information remains secure and private. HIPAA regulations include requirements for protecting patient data under the Privacy Rule, as well as data security standards under the Security Rule. These regulations establish specific safeguards that healthcare organizations must take to protect patient data from unauthorized access, use, and disclosure. HIPAA compliance is mandatory for any organization that handles PHI or electronic health records (EHRs).

Data Breaches in Healthcare

If you look at the healthcare wall of shame, it seems the healthcare industry shows a lax attitude toward security procedures.

This lax attitude makes data breaches in healthcare almost inevitable.

Based on the high amount of personal information available within healthcare organizations, a data breach will only devastate patients and providers. There is a need to prevent data breaches in healthcare and it means tightening the security. A few actions to shrink a data breach possibility:

Perform Yearly Assessment of Security Risk

There are a lot of things going on in an organization in 12 months. This involves infrastructure enhancements, integration of a new system, employee turnover, and organizational restructuring. It is prone to vulnerabilities to take place.

Performing yearly assessments of security risk helps the providers to review the protocols of security and to assess system vulnerability, besides understanding the security measures to be improved.

Learn about healthcare data breach impacts

Accepting the fact that not all the people working with healthcare data are tech-savvy, there is a need to be more careful. This is because less or a lack of knowledge may cause a security breach. The risk is high and acquiring proper technical knowledge should be made mandatory.

Educating employees on data breaches and their impacts is the foremost step to preventing the breach from happening. Educating employees or the amount spent on data security learning is an investment. The cyber attack risk is reduced only when there are educated employees.

Nicknamed the “Healthcare Wall of Shame” the U.S. Department of Health and Human Services must post a list of breaches of unsecured protected health information affecting 500 or more individuals, based on the HITECH Act. You can see the number of individuals affected, the type of breach, and the location of breached information.

Related: The Financial Industry’s Biggest Threat

Monitor records and devices

Constantly reminding employees about being mindful of using electronic devices and leaving unattended paper records is helpful.

Avoiding a healthcare data breach also involves paper records getting stolen. Thus, safeguarding a patient’s information is everyone’s responsibility, and the employees must ensure to keep data safe.

While security awareness training is important, the service has proven to be more effective in managed endpoint detection and response. 

By managing the endpoints and having the ability to prevent malware from executing, it’s possible to prevent data breaches in healthcare.

Install hardware and encryption of data

Encryption is critical to prevent data breaches in healthcare. It is the best way of safeguarding data. There is a need to ensure data is not accessed and so encrypting patient information is a must. Besides, the vulnerable hardware such as network endpoints, servers, medical devices, and mobile is the right decision.

Implementing data encryption is a must. Money spent on the protocols of encryption will soon outweigh government penalties, legal fees, forensics, negative publicity, and potential lawsuits that run into millions.

Restricting patient information

The healthcare environment always has many hands working and patient information is always in use. This is the reason it is important to limit access to data and to manage carefully the user’s identity.

Controlling access to information is rightly done by logging on and off the machines that are shared. These are safe methods that help in identifying a computer that is logged in or left unattended.  Running automation helps to check these protocols and ensures safety and efficiency for that involved.

Modernize IT Infrastructure

A common scene in hospital environments is outdated computer hardware. The healthcare environment must have secure equipment.  It is observed that even today in many hospitals Windows XP is in use.  Microsoft has already ceased support for XP and there are no new patches of security available. It means with XP users the healthcare data breach is open.

There is a need to realize the importance of healthcare data. Hospitals have sensitive information and are data banks. If someone breaches and lays a hand over a confidential medical record, it will be a disaster for the healthcare system.

Patching is vital, especially in older equipment. A Managed patching and vulnerability service could help prevent data breaches in healthcare.

Invest to defend networks

The truth is that hospitals require more doctors and nurses, but there is a need for supportive hospital administration.  There is a need to be careful of the medical data and to take preventive measures to safeguard the data.

Preventing cyber attacks implies that healthcare should invest in defending networks so that there is no data breach. The healthcare data should not be mitigated and so ensure your staff is vigilant and aware of data protection.

When you start with the security strategy, you can create a framework for all security-based decisions. Read more about People, Processes, and Technology here.

Subnet wireless networks

Nowadays, offering Wi-Fi as free access has become common. Hospitals are also offering the same. The key is to ensure the patients are not stranded and the Wi-Fi access allows them to access their requisites.

Offering patient Wi-Fi access is not wrong, but it should be done by creating subnetworks. Creating a subnetwork means it will be reserved for public use and permit restricted access to guest users. Creating more subnets for apps to know healthcare information, for business applications, and apps involving a monetary transaction is also essential. Subnetworks are recommended so that the healthcare data network is safe and secure in an encrypted form and there is no data breach.

Implement BYOD policy

Smart devices use is on the increase and aids doctors remotely. This is convenient but is also a threat to the IT departments that wish to safeguard the healthcare environment.

Thus, it means following a policy of BYOD ‘bring your device’. This will keep the IT associates and the employees aware of the devices that will be in use internally and externally. Also, draw a strict outline to adhere to the BYOD so that there is no healthcare data breach.

Remote smart device use comes with increased risk. Be sure to have endpoints secured through a managed endpoint service.

Hire a Cyber Team for Incident Response

There is a need for an expert cyber team as a standby representative. You must be ready for the worst if there is a data breach. If you aren’t able to prevent a data breach, you’ll reduce the negative effect of the breach when you have an incident response team standing by.

Protecting patient data with tight network advanced security helps in detecting the indicators and also in responding before the attack starts. Any sort of neglect cannot be acceptable in healthcare.   Regardless of what happens, accepting the situation is best, and dealing with it during sensitive circumstances is possible only by an expert cyber team.

Learn more about Incident Response and Incident Containment Services. 

How Can Data Breaches Be Prevented?

Preventing data breaches is essential in the digital world we live in to protect sensitive data and valuable information. System monitoring, training employees on cyber security, encrypting data, firewalls, and threat detection can all contribute to the prevention of a data breach.

By paying attention to detail and implementing strong prevention practices, businesses can improve their security system and protect customer or corporate data. Educating staff on cyber security systems and common threats will create an awareness that can help prevent a possible breach before it even gets started.

Additionally, updating systems regularly, using encryption techniques to store data safely, and using secure authentication protocols are all prevention strategies that should be taken seriously by businesses. Ultimately, the prevention of a data breach is key for keeping a valuable company or customer information safe from malicious attacks.

Data Loss Prevention DLP Solutions: Everything You Need to Know

PREvent Data Breaches with PREtect


4 Necessary Tools to Prevent Security Breaches

4 Necessary Tools to Prevent Security Breaches

Learn more about the four necessary tools to prevent security breaches. No matter your organization’s size, you are at risk. No company is secure unless you don’t use the internet or computers, which is highly unlikely.

Preventing Security Breaches

Preventing security breaches is possible with the right set of tools. Enterprise security technologies such as identity and access management solutions, endpoint protection software, and data loss prevention (DLP) are key elements in creating a secure environment. Such technologies provide visibility and control over user activities, helping to prevent unauthorized actions or malicious intent by employees or third-party users.

Additionally, organizations can use automated analytics and threat intelligence to detect and respond to security incidents quickly. By leveraging the power of artificial intelligence (AI) and machine learning, organizations can create a more secure environment that is continuously monitored and updated as threats evolve.

As part of this effort, organizations should also ensure all systems are regularly patched against known vulnerabilities. Finally, proper procedures should be put in place for responding to any security incidents that do occur. By following these guidelines, organizations can ensure they are doing everything possible to protect their data and prevent any security breaches in the future.

How to Prevent Security Breaches

Network security threats are constant and real. By simply using the internet, we are constantly being bombarded by multiple types of internet threats. All types of internet threats apply various forms of malware and fraud, in which every part of it uses HTTP or HTTPS protocols, and utilize other protocols and components, such as links in email or instant messaging, or malware attachments that have access to the Web. Read more on the Ultimate Guide to Network Security Threats

With all the many types of network security threats, how is it possible to prevent security breaches? Take a look at the four tools we use to help protect our clients.

Tool #1: SIEM

You need a SIEM to help log security events for your organization. This is the first line of defense to prevent security breaches. You may already have this tool on hand because it is required by compliance regulations. We recommend managed SIEM if you aren’t using the technology to its fullest capabilities or if you don’t have the resources needed to manage the SIEM.

Your organization likely has firewalls, IDS/IPS, and AV solutions installed that look for malicious activity at various points within the IT infrastructure, from the perimeter to endpoints. However, many of these solutions are not equipped to detect zero-day attacks and advanced persistent threats. Help prevent security breaches by adding SIEM technology to your arsenal.

What is a SIEM?

Security Information and Event Management (SIEM) – A SIEM platform centrally collects data from multiple devices on your network, including your existing security appliances. Through an advanced correlation engine, it can proactively identify security events not otherwise detected by standalone security technology.

A SIEM system centralizes logging capabilities on security events for enterprises and is principally used to analyze and/or report on the log entries received. The analysis capabilities of SIEM systems can detect attacks not discovered through other means and can direct the reconfiguration of other enterprise security controls to plug holes in enterprise security. Some of the top SIEM products — assuming an attack is still in progress — can even stop detected security breaches.

Read more in our SIEM FAQs

If you already have a SIEM, why should you consider outsourcing the management of your SIEM to prevent security breaches?

There are many reasons to consider Managed SIEM including:

  • Finding and maintaining experienced SIEM/SOC Security Analysts is NOT EASY (and also expensive)
  • You could build it, but it will take much longer than outsourcing to a professional security services provider like Cybriant
  • You are getting everything from an MSSP only at a fraction of what you could spend internally
  • Scalable and Flexible
  • Greater Threat Intelligence – We’ve been doing this for a while and we’ve seen a lot of things.

Without the proper planning and expectations around people and processes up front, the odds of achieving even the minimal capabilities of a SIEM solution are slim to none.

Tool #2: Endpoint Detection and Response (EDR)

Prevent security breaches with endpoint detection and response. Our team utilizes artificial intelligence that will help stop advanced threats and malware at the most vulnerable point – the endpoint.

Antivirus isn’t enough to protect endpoints.

The underlying technology for Cybriant’s EDR service is the only technology that stops over 99% of advanced threats and malware before they can execute to cause harm. It eliminates the need for legacy antivirus software, anti-exploit products, whitelisting solutions, and host-based intrusion detection and prevention systems.

Cybriant uses a “prevention-first” technology – we stop attacks before they cause harm, vs allowing attacks to happen, then clean up the mess.  By reducing the number of endpoint security products deployed on the endpoint, customers gain operational efficiencies by not having to manage signatures, policies, or deployments of additional protection.

Cybriant’s Managed EDR can help eliminate legacy endpoint security technology that is not effective against today’s threat problems, thus improving cost savings and management overhead. The technology was tested by HIPAA security assessors and found to be significantly superior to any other antivirus or anti-malware product in finding malicious software.

Managed Endpoint Detection and Response Benefits

When you outsource the management of your Endpoint Detection and Response (EDR) to Cybriant, our security analysts are able to:

  • Perform root cause analysis for any blocked threat or any other artifact deemed important found on an endpoint
  • Proactively search endpoints for signs of threats commonly referred to as threat hunting
  • Take decisive action when a security incident, or potential incident, is identified

Tool #3: Patch Management

How many recent cybersecurity breaches you’ve read in the news have been caused by known vulnerabilities that need to be patched?

According to a recent Poneman study, “To prevent data breaches, security teams need to patch more quickly,” the study says. “However, the survey shows that they are being held back by manual processes and disconnected systems that compromise their ability to patch in a timely manner.

Patch management is a simple process that tends to be overlooked by already overwhelmed IT employees but, to prevent security breaches, this can have the biggest impact.

The best way to ensure proper patch management is to outsource to a company like Cybriant and use automation.

Our Responsive Patch Management solution will scan your systems, check for missing and available patches against our comprehensive vulnerability database, download and deploy missing patches and service packs, and generate reports to effectively manage the patch management process of the enterprise.

Our Responsive Patch Management solution handles every aspect of Windows, Mac, Linux, and third-party application patch management. This includes deploying patches seamlessly across desktops, laptops, servers, roaming devices, and virtual machines, from a single interface.

Our Responsive Patch Management solution will update the configuration baseline definitions to include the new patches, regularly analyze to assure that all endpoints remain in compliance, identify improvements and customize the patch management process accordingly.

Tool #4: Vulnerability Management

To prevent security breaches, it’s important to understand that an asset is no longer just a laptop or server. It’s now a complex mix of digital computing platforms and assets that represent your modern attack surface, including cloud, containers, web applications, and mobile devices. Proactively discover true asset identities (rather than IP addresses) across any digital computing environment and keep a live view of your assets with our managed vulnerability management service.

Performing only a single vulnerability scan each year or quarter puts organizations at risk of not uncovering new vulnerabilities. The time between each scan is all an attacker needs to compromise a network. With continuous scanning, our security experts automatically have visibility to assess where each asset is secure or exposed.

By using risk prioritization, our security experts have the skills to understand exposures in context. They will prioritize remediation based on asset criticality, threat context, and vulnerability severity. Our reporting will help you prioritize which exposures to fix first, if at all, and apply the appropriate remediation technique

The modern attack surface has created a massive gap in an organization’s ability to truly understand its cyber exposure.

The larger the gap, the greater the risk of a business-impacting cyber event occurring. Traditional Vulnerability Management is no longer sufficient. Managed Vulnerability Management extends vulnerability management by covering the breadth of the attack surface (IT, Cloud, IoT/OT) and providing a depth of insight into the data (including prioritization/analytics/decision support).

If you are ready to prevent security breaches for your organization, consider CybriantXDR. 

How To Combat Security Breaches

Ultimately, organizations need to stay informed about the various threats and attacks that can occur. As technology continues to advance, so do cyber attackers’ methods. Organizations should continuously assess their security measures and upgrade them as needed in order to remain one step ahead of potential adversaries. Additionally, all employees should be trained on best practices for cybersecurity and data privacy. By following these guidelines, organizations can ensure they are adequately protected against any security threats and breaches.

A key element in combating cyber threats is awareness. Organizations should have a good understanding of the data they store, the systems that manage it, how attackers could exploit weaknesses within those systems, and the steps needed to mitigate any potential risks. This includes the implementation of authentication measures such as multi-factor authentication, encryption of sensitive data, and regular security audits. By taking the necessary precautions ahead of time, organizations can effectively protect their systems from potential data breaches.

Organizations should also consider investing in cybersecurity insurance to cover any financial losses they may incur from a possible breach. Insurance policies vary depending on what type of coverage is needed, but it is important for organizations to review their options to ensure adequate protection. Additionally, having a detailed incident response plan in place can help organizations effectively manage and respond to any security incidents that may occur. With this

Finally, it is important for organizations to stay aware of the latest developments in data privacy and cybersecurity threats. Regularly monitoring news sources such as government websites and industry publications will provide organizations with the most up-to-date information on any new security issues. By having a firm understanding of current threats, organizations can remain proactive and prepared when it comes to safeguarding their data and systems.

Data Breach Prevention Tips

Data breach prevention is essential for organizations to protect their data and systems. This includes implementing authentication measures, encrypting sensitive data, and conducting regular security audits. Additionally, investing in cybersecurity insurance can help cover any financial losses from a possible breach, and having an incident response plan in place can help manage and respond to any security incidents that may occur.

Finally, it is important for organizations to stay aware of the latest developments in data privacy and cybersecurity threats, so they can remain proactive and prepared when it comes to protecting their data. By following these tips, organizations can greatly reduce the risk of a data breach and ensure that their information is secure.

Organizations must take the necessary steps to protect their systems from data breaches. This includes implementing authentication measures, encrypting sensitive data, and conducting regular security audits. Investing in cybersecurity insurance is also recommended as it can cover any financial losses incurred from a breach. Additionally, organizations should have an incident response plan in place and stay up-to-date with the latest developments in data privacy and cybersecurity threats.

Traditional Antivirus vs. EDR (Endpoint Detection and Response)


All 4 Tools in 1 Service

GDPR: Steps to Help Your Organization Prepare

GDPR: Steps to Help Your Organization Prepare

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. If your business handles data on EU residents then you must abide by the GDPR regulation. 

The Information Commissioner’s Office (ICO) has released a checklist to help organizations prepare for the GDPR:

  1. Awareness: Make sure the decision makers and key people in your organization are aware that the law is changing to the GDPR.
  2. The information you hold: Your organization needs to document what personal data you hold, where it came from
    and who you share it with. You may need to organize an information audit across the organization or within particular business areas.The GDPR requires you to maintain records of your processing activities.
  3. Communicating privacy information: Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice.
  4. Individuals’ rights: Check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
  5. Subject access requests: You should update your procedures and plan how you will handle requests to take account of the new rules: If your organization handles a large number of access requests, consider the logistical implications of having to deal with requests more quickly.
  6. Lawful basis for processing personal data: Identify the lawful basis for your processing activity in the
    GDPR, document it and update your privacy notice to explain it.
  7. Consent: Review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
  8. Children: Consider whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.
  9. Data breaches: You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. Need help? Cybriant can help. 
  10. Data Protection by Design and Data Protection Impact Assessments: It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’. It
    also makes PIAs – referred to as ‘Data Protection Impact Assessments’ or DPIAs – mandatory in certain circumstances.
  11. Data Protection Officers: You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organization ’s structure and governance arrangements.
  12. International: If your organization operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.

View the full checklist here. 

Need Help?

Top 2 types of attacks

Top 2 types of attacks

According to HIPAA, all covered entities and their business associates are required provide notification following a breach of unsecured protected health information.

These breaches of unsecured protected health information affecting 500 or more individuals are then posted on HHS.gov.

What is considered a breach? A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

The top two types of breaches

According to the report that lists all breaches reported within the last 24 months that are currently under investigation by the Office for Civil Rights, the top two types of attacks are hacking at 32.6 percent and unauthorized access at 21.3 percent. 

Unauthorized access was added in 2016 when the ITRC noticed that the term Unauthorized Access/Disclosure was being used in a significant number of breaches posted on the HHS.gov website as well as in other notifications.


Hacking: includes phishing and ransomware, is readily recognized as a malicious intrusion to access a company’s data, whether it’s personal or business related.

Unauthorized Access:  defined as breaches which involve some kind of access to the data but the publicly available breach notification letters do not explicitly include the term hacking.

According to the January 2018 report from ITRC, the number of data breaches in the medical/healthcare industry dropped slightly from January 2017 from 29.1% to 28.9%.

# of Breaches: 31
# of Records: 232,589
% of Breaches: 26.7
% of Records: 7.4%

Protect your data

The time is now to begin a proactive approach to cyber risk management. Here are the steps we recommend:

1. Find out where your security gaps are.
2. Improve and harden your organization’s security program.
3. Strengthen your human firewall.
4. Monitor your security infrastructure.
5. Make sure data is accessible no matter what.

Phish Your Users

Find out what percentage of your employees are Phish-prone.