Cyber Security Expert Says Employees Need to Stop Opening the Door to Strangers


. By Brenda Craig

Another day, another huge data breach. The latest is Premera Blue Cross. The health insurer has just revealed it discovered in January that its data systems were hacked 10 months ago. The Pacific Northwest-based insurer says the breach could have exposed the names, birth dates, Social Security numbers, mailing and e-mail addresses along with bank account information of up to 11 million clients to cyber crooks.

How the breach happened is unknown and is currently being investigated by the FBI.

However, the target is no surprise to cyber security expert Joe Caruso, the founder and CEO/CTO of Global Digital Forensics (GDF) headquartered in New York City.

“Health care companies and hospitals are attractive targets for cyber criminals,” says Caruso. “The amount of data and the type of data that these kinds of organizations store combined with the number of people they employ creates an environment that is ripe for data leaks.”

GDF provides cyber security advice and protection services to government, banking, health care, education and corporate clients. In many cases, the companies surround themselves with expensive perimeter security systems but fail to consider weaknesses inside the organization.

“The biggest problem is really user issues,” says Caruso. “You can do everything possible, buy the best products available to protect data but if the system users are not educated, monitored and controlled, you are going to have data leaks.”

Caruso regularly counsels organizations on the need to make employees with access to sensitive data alert and aware to the danger of opening doors to strangers.

“Employees need to be educated; you need to implement awareness campaigns and keep them informed about what is going on,” says Caruso. “Organizations need controls to keep employees from doing things like hooking their iPhones up to the hospital network or plugging in their home laptop into the corporate network. Those types of things are a real danger.

“Hospitals are even more susceptible because they have a lot of employees with different access levels. Maintenance people and cleaners for example move freely throughout the hospital and have access to computer terminals and that is all problematic. Doctors want to be administrators of the network because they feel like they should,” says Caruso. “These are the kinds of situations where leaks can occur.

“The other issue we have to grapple with is government databases,” says Caruso. “We are seeing health care companies getting hacked, private companies getting hacked and financial institutions hacked. However, I am fairly certain that county and state government agencies are compromised. They just don’t have the money to keep up with the changing technology and they are prime targets because they also have a lot of valuable information in their systems.

“Cyber security is a really new issue, and it is really escalating,” says Caruso, who offers expertise in a clear and easy-to-understand way.
“This is a whole new kind of warfare. People used to throw sticks and stones at each other and then the invention of steel and gunpowder. Then there was the atomic bomb, and now this.


“This is something everyone needs to take very seriously,” he says.

A 2014 report by TrendLabs looking ahead to cyber security issues in 2015 and beyond identified several key areas for consideration. It predicted (and it is already coming true) that the number of cyber hacking incidences would increase dramatically.

It also identified Android devices as being particular vulnerable, and it predicts that the number of threats to these devices will double in 2015. The information contained on the device will end up in the hands of cyber criminals who will sell that information on the “Dark Net” to other criminals who will monetize the data or be used in attacks.

Mobile payment methods, now becoming more and more commonly used, will also result in new threats to consumers.

“I talk to people all the time who don’t have a security system on their computer,” says Caruso. “They say, ‘it came with one but I didn’t want to pay the $29 to renew it.’

“You have to think of your computer the way you think of your wallet,” says Caruso. “Are you going to walk out of the house with your wallet on a park bench for an hour while you run into the store? People do that to their computers all the time. They open e-mails, go to websites without thinking about it, and hook up unsecured devices to the desktops all the time.”


Data Breach Legal Help

If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to an internet/technology lawyer who may evaluate your Data Breach claim at no cost or obligation.

READ MORE DATA BREACH LEGAL NEWS