AXEL.org

data protection

How Technology Changed Business (And What That Means for the Future of the Industry)

What comes to mind when you think of the word “business?” Many people will think of stereotypical corporate activities, like signing documents, sitting in cubicles, or swimming in a sea of never-ending black and blue suits. While all three of these things still permeate throughout the business world, all three are also becoming less popular. Think about it: Physically signing documents is a rarity; many businesses use e-signatures today. Cubicles are being phased out in favor of remote work. And instead of fancy suits, we’re seeing our coworkers in more casual clothes (if we even see them in the office at all).

Business is changing. Of course, this shouldn’t come as a surprise. After all, every industry changes with time. But business is different. In order to survive, businesses have to evolve constantly and embrace new technologies that give them an edge over the competition. If they don’t, they’ll be left in the dust by smarter, more modern companies. Because of this, businesses have often been the first to widely adopt and implement innovative technology. But they aren’t just using technology to complement their existing practices; tech is now the backbone of every facet of business. Ultimately, the industry’s willingness to try new technology has helped usher in the digital era that we live in today. Technology hasn’t just helped business; it has evolved business from the ground up.

How Tech Changed Communications

It’s easy to forget, but just a few decades ago, business communication was radically different than it is today. Before the Internet, businesses relied on physical papers and snail mail to communicate. Internally, businesses needed a dedicated mail worker who transferred documents from one employee to another. For team-wide updates, papers had to be posted on a bulletin board to be seen. For external communications, businesses could use telephones to communicate, but if they needed to send a document, they had to rely on mail services. While, individually, none of these tasks are particularly burdensome, that lost time lost adds up. Mail could take a few hours to organize, international shipping could last weeks, and office telephones only worked when employees were at their desks. Before the Internet, businesses tried their best to maximize efficiency, but without modern technology, communications could be painfully slow.

Needless to say, communications at top businesses aren’t like this anymore. The turning point for businesses was the invention of email. All of a sudden, employees could communicate with each other immediately, and even attach documents digitally. As soon as email adoption became widespread in business, the business tech floodgates opened. Today, business software like Slack and Microsoft Teams allows coworkers to communicate instantaneously.

However, this tech isn’t without drawbacks. Because of how easy it is to communicate with coworkers, many employees feel like they can’t escape the office. After all, today’s smartphones can easily handle emails and video calls, ensuring that the office will always be able to contact us, no matter where we are. To that point, many businesses even require workers to respond to emails on weekends and vacations. Ultimately, business communication has become so fast and simple that many workers have trouble escaping the constant connection of their workplace.

How Tech Helps Reach Customers

One of the most difficult aspects of running a business is consistently finding new customers. Regulars are great, but in order for a business to truly thrive, it needs a plan to find and convert leads into customers. Before the Internet, this process was relatively simple. Word-of-mouth, networking, and the occasional newspaper ad were the only ways businesses could seek out new customers. Of these three, word-of-mouth was the most important, as businesses lived and died based on their reputation. Before modern technology, reaching new customers wasn’t all that costly. After all, positive word-of-mouth is just about the one thing a business can’t buy.

Today, word-of-mouth is still one of the most important parts of finding new customers, especially for small businesses. The difference, however, is that there are now dozens of ways for businesses to generate that word-of-mouth. Today, the most popular way is utilizing Facebook advertisements. A full 66% of all small business owners in the United States used Facebook to advertise their business[1]. Ultimately, very few businesses can thrive without the help of the modern Internet. Think about it: If your business has no website, no social media presence, and isn’t listed on Yelp or Google Maps, your business might as well not exist. While finding new customers is much more complex today, the multitude of ways to find new leads helps level the playing field between businesses. Now, your business doesn’t need a century-long reputation in order to succeed; it just needs high-quality digital marketing.

The Rise of Data Analysis

Many business owners may not even be aware of this, but every business uses data analysis to some degree. Simply put, data analysis is the inspection of data about a business and its customers, and making inferences based on that data. One common example is when a coffee shop increases its staffing during the morning rush. The owner knew from previous data that mornings were busier, and then decided to increase staffing to alleviate the rush. For businesses, the simple formula is to collect data, identify patterns in that data, then make predictions based on those patterns[2]. Even before modern technology, businesses regularly used data analysis to increase productivity and minimize downtime.

So, what’s different about data analysis today? Well, we’re usually not the ones doing it anymore. These days, most high-level data analysis is being done by computers. This makes sense, as computers are able to identify patterns in data much more accurately and quickly than humans. Additionally, data analysis isn’t just used for simple things like managing employee scheduling or choosing what items to stock. For the most successful businesses, data analysis is used in every area of business. From customer acquisition and targeted campaigns to new item development and supply chain management, data analysis helps businesses maximize their efficiency[3]

So, What’s Next?

After looking at all the ways technology has evolved business practices, one thing is for sure: Businesses are not done changing. Simply put, if there’s a way for businesses to increase their revenue, it will be utilized. And the fact is, businesses are becoming more and more reliant on computers and technology than ever before. Things like employee scheduling and data analysis, previously done by workers, are now done by computers. And, frankly, this trend is unlikely to reverse any time soon. Now, this doesn’t mean computers will be the ones running businesses in a few years. But let’s face it: They are already making many of the big decisions at businesses across the world. 

Ultimately, technology makes businesses more efficient. Unfortunately, as businesses rely more on technology, this also means they rely less on workers. Positions including warehouse jobs, customer service, and banking services are slowly being overtaken by technology[4]. It’s a sad reality, but businesses can simply be more successful with unpaid bots, rather than salaried employees. Again, technology is unlikely to replace human workers en masse any time soon. But as technology becomes more and more advanced, the most successful businesses will rely on tech more than ever before.

About AXEL

Technology is useful in every facet of business, but particularly in the area of cybersecurity. Cybercrime poses a threat to businesses big and small, highlighting the need for affordable cybersecurity solutions. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, download AXEL Go for free here.

[1] “Leading Social Media Networks Used by Small Businesses to Advertise in the United States in 2021.” Statista, November 18, 2021. https://www.statista.com/statistics/208971/effective-social-media-marketing-tools-for-small-us-businesses/

[2] “Why Data Analytics Is Critical for Small Businesses.” AirSlate, August 17, 2021. https://blog.airslate.com/why-data-analytics-is-critical-for-small-businesses/

[3] Mills, Terence. “Council Post: Five Benefits of Big Data Analytics and How Companies Can Get Started.” Forbes. Forbes Magazine, December 10, 2021. https://www.forbes.com/sites/forbestechcouncil/2019/11/06/five-benefits-of-big-data-analytics-and-how-companies-can-get-started/?sh=48b2320117e4
[4] “Council Post: Tech Experts Predict 13 Jobs That Will Be Automated by 2030.” Forbes. Forbes Magazine, December 10, 2021. https://www.forbes.com/sites/forbestechcouncil/2019/03/01/tech-experts-predict-13-jobs-that-will-be-automated-by-2030/?sh=3fc53ffb22bf

Small Business Tech Trends of 2022

When you think of small businesses, you may think of classic mom-and-pop, Main Street stores with just a few employees, and even fewer expenditures. Even TV and movies love to paint small businesses as old-fashioned shops with carefree owners who spend their time lounging and chatting up regulars. While this rosy picture may be accurate for a few small business owners, for the vast majority, this couldn’t be further from the truth.

Small businesses and their owners face unique, difficult challenges that have no clear solution. This was especially clear when the COVID-19 pandemic began to rage in early 2020. While big businesses had the technological infrastructure to weather the storm, many small businesses simply couldn’t survive, through no fault of their own. For the businesses whose doors didn’t shutter in the early months of the pandemic, they soon found that innovation was the only way they could survive. From Zoom meetings to online ordering, COVID-19 forced small businesses to evolve. And even as the pandemic reaches its two-year anniversary, these involuntary changes aren’t leaving any time soon. As the country (and the world) continue to live with the pandemic, more small businesses are beginning to utilize these new technology trends to survive in this new normal.

Automation and Artificial Intelligence

When it comes to saving time, there is no better tool for small businesses than automation. Automation can complete many of the small, minute tasks that add up. Things like welcome emails, communications with leads, and inventory management can all be automized, allowing more time for business owners to focus on profit-driven tasks. Best of all, there are useful automation software for nearly every facet of business. Spending a lot of time setting up meetings? Try out Calendly, a useful tool that minimizes the time-consuming back-and-forth of arranging appointments. Want to set your social media posts weeks in advance? Try Hootsuite or Sprout, two programs that can post to your company’s social pages automatically. More and more small businesses are utilizing tools like these to cut down time spent on tasks that don’t affect the bottom line.

This increased adoption of tech shouldn’t come as a surprise. After all, small businesses that extensively utilize digital tools earn twice as much revenue per employee than businesses that don’t[1]. It’s simple: When businesses let technology handle small, everyday tasks, they become more successful. However, this doesn’t mean that once a business automizes some things, it’ll magically increase profits. Small businesses have to constantly be on the lookout for programs that give them an advantage over their big-business competitors. One of these programs is quickly growing in popularity, and could even be considered an evolution of automation: Artificial Intelligence (AI).

One of the most popular AI programs for small businesses is chatbots. With these bots, businesses can communicate with web visitors and determine if they need help automatically. More uses include creating marketing content and streamlining inventory management[2]. Although similar to automation, AI goes one step further: It can analyze data and make logical decisions for your specific situation. From resume scanners to employee schedulers, Artificial Intelligence is becoming more useful (and more affordable) for small businesses that seek to prioritize their efficiency.

Digital Advertising is Changing

For the past decade, there has been a single, dominant platform in the social media advertising business: Facebook. It has long been known that advertisements are the lifeblood of the world’s most popular social media site. In fact, Facebook makes a whopping 98% of its revenue from ads[3]. Because of its unending data collection, Facebook can target ads at the micro-level, allowing them to charge advertisers even more. However, extensive data collection and ad-supported social media aren’t exclusive to Facebook anymore. While the company is still making a gaudy amount of money from ads, cracks are beginning to show.

One thing is certain: Facebook is getting older. Now, if your business’s target demographic is 45+, you won’t have much of a problem. But if your business is targeting the coveted 18 to 34 demographic, you may need a more complex marketing strategy. That’s because young people simply don’t use Facebook as much as they used to. In 2016, 60% of teens used Facebook at least once a month. In 2021, that number dropped to 27%[4]. Apps like Snapchat, Instagram, especially TikTok are simply more popular with young people, creating the need for multi-front digital marketing strategies.

Software Integration

The great thing about tech is that there are a virtually infinite number of programs that can help increase efficiency and revenue at small businesses. The bad thing is that, sometimes, too many programs can cause diminishing returns. After all, if you’re uploading data to a dozen different software programs every day, are you really saving time? Additionally, if you’re uploading the same data, over and over again, there’s a higher likelihood of data errors as well. That’s why small business owners have begun to embrace software integration. With integration, not only does software help you complete tasks, but it also communicates with your other software programs. Uploading information from a new lead? With software integration, you can simply add the information once, and it’ll be available on all your integrated programs. Employees need to communicate in order to get work done efficiently. Why can’t software do it too?

While the dream of completely seamless integrated software isn’t quite here yet, there are a number of programs tailored for small businesses that are incredibly convenient. Software like Quickbooks and Xero integrate accounting, expenses, and even employee scheduling. With these tools, small business owners are realizing just how much time, money, and effort they can save by utilizing software integration. 

Cybersecurity Risks

By now, you’ve almost certainly heard the risks of having poor cybersecurity infrastructure. Without protection, small businesses put themselves, their data, and their customers at risk every day. Thankfully, more and more small businesses have realized this risk, and have taken steps to minimize their chances of a catastrophic data breach. In fact, over half of small and medium-sized businesses now have a cybersecurity plan in place[5]. And as cybersecurity programs continue to become more available and affordable, this number is certain to rise in the coming years. While cybersecurity risks are, of course, ever-present, the rising popularity of cybersecurity solutions among small businesses is incredibly promising. Cybercrime risks are unlikely to completely disappear any time soon, but if more and more businesses begin to prioritize cybersecurity, nefarious cybercriminals will have to work harder to wreak their havoc.

Unfortunately, reality isn’t that rosy, at least not yet. While some small businesses have finally taken action to protect their cybersecurity, for many businesses, there’s still work to do. Only 9% of small businesses have cyber liability insurance. Therefore, it’s no surprise that 83% of small and medium-sized businesses are not prepared for the financial consequences of a cyberattack[5]. Ultimately, many small businesses have not reached true cybersecurity protection. While it’s great to see more small businesses finally begin to take cybercrime seriously, there’s still a long way to go. And while companies that have invested in cybersecurity can do business with peace of mind, those that haven’t will be at risk every single day.

About AXEL

No matter what industry your business is in, cybercrime poses a very real threat. At AXEL, we want to help you keep yourself (and your customers) safe from the threats of ransomware and data breaches. That’s why we created AXEL Go. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. If you’re ready to try the most secure file-sharing app for PC and mobile devices, download AXEL Go for free here.

[1] “Small Business Technology Trends: Deloitte Us.” Deloitte United States, May 20, 2020. https://www2.deloitte.com/us/en/pages/technology-media-and-telecommunications/articles/connected-small-businesses.html

[2] Rist, Oliver. “Small Businesses Are Using AI-Sometimes.” PCMAG. PCMag, December 7, 2021. https://www.pcmag.com/news/small-businesses-are-using-ai-sometimes

[3] “Facebook Ad Revenue 2009-2020.” Statista, February 18, 2022. https://www.statista.com/statistics/271258/facebooks-advertising-revenue-worldwide/

[4] Leonhardt, Megan. “Teens Have Been Losing Interest in Facebook for Years.” Fortune. Fortune, October 26, 2021. https://fortune.com/2021/10/25/facebook-teens-usage-harm-studies/

[5] “10 Small Business Cyber Security Statistics That You Should Know – and How to Improve Them.” Cybersecurity Magazine, May 20, 2021. https://cybersecurity-magazine.com/10-small-business-cyber-security-statistics-that-you-should-know-and-how-to-improve-them/

After the Cyberattack: What Happens to your Data Following a Breach?

In 2022, cybercrime seems like everyday news. And in a way, it literally is. Simply search “data breach,” and you’ll find a wealth of businesses across the country dealing with the fallout of cybercrime. Businesses large and small fall victim to these attacks every day, putting more and more people’s personal information in jeopardy. And for consumers, your information leaking isn’t something you have to worry about for a few weeks, then move on. Because of the unique way personal data is stolen and sold, victims of data breaches have to keep an eye on their social media and bank accounts for years. 

On the business side, you’ve likely heard the horror stories of businesses losing millions of Social Security Numbers, or even having confidential documents leaked. From retail stores like Target to digital forums like Facebook, businesses from every industry have fallen victim to cybercrime. Unfortunately, this digital devilry has only become more prevalent. 2021 was the worst year on record for businesses and consumers, with nearly 6 billion accounts breached by cybercriminals[1]. There’s a decent chance even some of your personal information has been leaked without your knowledge. But if nearly 6 billion accounts across the Internet have been compromised, well, where is that information?

Where Does Your Personal Data Go?

When a data breach is reported, the most reported statistic is the number of accounts affected. Data breaches can have anywhere from a few victims, all the way up to 3 billion. When news of a breach breaks, reporters like saying that consumer data has been “leaked” or “published.” However, a more accurate term to describe a breach is that consumer data has been “auctioned off.” This is because the perpetrators of cyberattacks rarely use the data that they just stole. Rather, they simply sell your information to a multitude of low-level digital scammers, who try to make their money through simple phishing scams and the like, rather than complex cyberattacks.

Of course, stolen data can’t be sold on traditional commerce websites. And any public website that tried to sell the data would be taken down quickly for distributing a stolen good. After all, you can’t really Google “stolen data near me” and find what cybercriminals looking for. So, once all that data is stolen, where does it go on sale? On a section of the Internet few know about, and even fewer have visited: the Dark Web. 

The Dark Web is a “layer” of the Internet that can only be accessed through special software. Estimated to be almost 500 times larger than the standard web, the Dark Web is a hub for cybercriminals and their illegal activities[2]. After a data breach, the hackers will typically post about their haul on a Dark Web forum and offer the data to other users for a specific price. Depending on the price and quality of the stolen data, there could be anywhere from a few to hundreds of buyers. Even just hours after a data breach, your personal information could be in the hands of dozens of scammers all across the globe.

How Valuable is My Personal Data?

Not all data breaches are created equal, and not all information is equal either. Think about it: If you were a cybercriminal, would you want three million Twitter usernames and passwords, or one million credit card numbers? Considering Twitter logins are worth just USD $35, and credit card numbers are worth up to $240, most would choose the credit card numbers[3]. Some pieces of information are simply more valuable than others, and cybercriminals know this. That’s why, when a data breach occurs, measuring the impact solely on the number of affected accounts is inaccurate. A leaked Facebook password could cause headaches, but besides a few spam posts, it probably won’t affect your life too much. A leaked passport number, however, could lead to something as serious as identity theft.

This showcases how stolen data itself isn’t particularly valuable, and is only valuable if you know what to do with it. After all, if you hand a random passerby your Social Security Number, it’s unlikely they’ll know how to steal your identity. Unfortunately, these Dark Web cybercriminals have all the knowledge they need to cause chaos in victims’ lives. Even information as simple as phone numbers and corresponding names can be a cash cow for scammers. The disparity in value between pieces of information highlights just how wide-ranging the damage from a data breach can be. So next time there’s a major data breach in the news, don’t just look at the number of accounts affected to judge the severity. Look at what was stolen to truly determine how damaging a cyberattack is.

What About Stolen Documents?

Of course, personal information isn’t the only data that is put at risk during a cyberattack. If cybercriminals target a business, law firm, or government agency, confidential documents could be leaked as well, especially in ransomware attacks. The problem, however, is that this confidential information simply isn’t valuable to cybercriminals. Therefore, when these documents are stolen, cybercriminals often demand a ransom and threaten to publish the confidential information unless it’s paid. For businesses that suffer this type of attack, they typically only have two choices: Pay the ransom, or face a public relations (or even legal) nightmare. 

However, not all cyberattacks are typical. Some cybercriminals couldn’t care less about the money, and only seek to embarrass specific businesses. In one case, a Swiss hacker published confidential data from dozens of companies and government agencies as a protest against mass surveillance[4]. For these companies and agencies, once the hacker gets the data, it’s gone, regardless of the ability to pay a ransom. This highlights how no two cyberattacks are exactly the same. Although most hackers are in it for the money, some simply seek to make a statement, regardless of the financial consequences. That’s why, when it comes to cybersecurity, it’s important to be prepared for anything and everything.

Protect Yourself from Cybercrime

Ultimately, the best way to protect yourself from cybercrime is to prepare. Thankfully, there are simple, inexpensive ways to greatly minimize the risk of a cyberattack on you or your employer. First, encryption is everything when it comes to cybersecurity. Encryption is like splitting your files into thousands of different puzzle pieces, so even if hackers got into your network, your documents are completely illegible to the attackers. Next, updating your security software is the easiest way to mitigate risk. Cybercriminals are always on the lookout for security holes, and those holes are much more prevalent in older versions of software. Keeping your software up-to-date could be the difference between safety, and one of the worst cyberattacks in history. Just ask Equifax.

Finally, one of the best ways to consistently prevent cyberattacks is to encourage a culture of security. This means educating all employees on the risks of cybercrime and how to minimize those risks. From teaching employees how to spot phishing emails to creating an incident response plan, simply prioritizing cybersecurity before a breach is one of the best ways to prevent cybercrime. Prioritizing cybersecurity doesn’t have to be expensive or time-consuming, but it’s the key to protecting your most valuable documents and data.

About AXEL

If you and your business are ready to prioritize cybersecurity, AXEL Go is the solution for you. AXEL Go uses military-grade encryption, blockchain technology, and decentralized servers to ensure it’s the most secure file transfer software on the market. Whether you need to transfer large files or send files online, AXEL Go is the best cloud storage solution. At AXEL, we believe that privacy is a human right and that your information deserves the best protection. To try the most secure file-sharing app for PC and mobile devices, get two free weeks of AXEL Go here.

[1] Mello, John P. “Data Breaches Affected Nearly 6 Billion Accounts in 2021.” TechNewsWorld, January 18, 2022. https://www.technewsworld.com/story/data-breaches-affected-nearly-6-billion-accounts-in-2021-87392.html

[2] “After the Data Breach – What Happens to Your Data?” BlackFog, May 6, 2021. https://www.blackfog.com/after-the-data-breach-what-happens-to-your-data/

[3] Sen, Ravi. “Here’s How Much Your Personal Information Is Worth to Cybercriminals – and What They Do with It.” PBS. Public Broadcasting Service, May 14, 2021. https://www.pbs.org/newshour/science/heres-how-much-your-personal-information-is-worth-to-cybercriminals-and-what-they-do-with-it

[4] “U.S. Charges Swiss ‘Hacktivist’ for Data Theft and Leaks.” NBCNews.com. NBCUniversal News Group, March 19, 2021. https://www.nbcnews.com/tech/security/us-charges-swiss-hacktivist-data-theft-leaks-rcna448

The Ethical Responsibility for Data Security in Finance, Law, and Healthcare

It’s difficult to argue that the vast majority of businesses today don’t have an ethical responsibility to adequately protect and secure their customers’ data. However, it’s an even more crucial aspect for organizations with known fiduciary duties to their clients or consumers, such as those in the Finance, Legal, Healthcare, and Insurance sectors. Let’s dig into each of these industries in the United States, look at their unique ethical demands regarding data security, and find some common solutions.

Finance

The financial industry includes banks, investment firms, real estate companies, and insurance organizations. According to the International Monetary Fund, it is the sector targeted most by hackers[1]. It makes sense. In a 2020 survey by Verizon Communications, researchers found that 86% of data breaches are primarily for money[2]. Who has more money than the financial industry?

Hackers target these institutions in a variety of ways. One of their most common tactics is attempting to gain access to customer login info. Direct attacks against an organization’s reserves gain immediate attention and mitigation, but hackers can take over a user account and move around smaller sums for much longer periods.

Another method they use is stealing sensitive financial documents. It provides the malicious agents with a treasure trove of confidential data to use for identity theft.

So, what ethical obligation do they have to their clients for securing this data? Since they’re such huge targets, financial institutions tend to employ data protection strategies that are more sophisticated than average. In 2020, the Federal Trade Commission proposed amendments to the Safeguards Rule and the Privacy Rule in the Gramm-Leach-Bliley Act. Under these proposals:

  • Financial institutions would need to safeguard customer data more robustly, such as utilizing encryption for all information.
  • Customers could opt-out of data sharing policies between banks and third-parties.
  • Banks would require employees to pass multi-factor authentication (MFA) to access client data.

The FTC has not ratified these amendments yet, but they would serve as a much-needed update to the current regulatory framework.

Law

Legal professionals now face an even greater risk to their clients’ personal information. Being the processors of strictly confidential information always put large targets on them. But, the COVID-19 pandemic forced many lawyers out of the office and courtroom and into their den. Working from home is the new normal for legal pros, and that means more cybersecurity risks. Whereas they probably worked in a closed system at the office that IT experts monitored daily, it’s much more challenging to evaluate weaknesses in everyone’s home networks. Coupled with the fact that lawyers, on the whole, aren’t the most technically literate people in the world, and you’ve got a recipe for data breaches.

The American Bar Association gives broad ethical expectations for data security throughout its Model Rules of Professional Conduct[3]. A recent formal opinion published by the organization outlines them in greater detail[4], specifically for those engaged in a virtual practice. This opinion has the following provisions:

  • Lawyers must make “reasonable efforts to prevent inadvertent or unauthorized access [to client data].” Today, a reasonable attempt goes well beyond attaching a confidential document to an email and sending it off with nothing but the hope that it doesn’t fall into the wrong hands.
  • Virtual practitioners should look into setting up Virtual Private Networks (VPNs), keeping the computer’s operating systems updated so that security patches stay current, utilizing file encryption, using MFA, setting strong passwords, and changing them regularly.
  • Legal professionals must vet software and hardware providers to ensure proper security.
  • Lawyers should never use smart speakers (Alexa, Google Home, etc.) or virtual assistants (Siri) when conducting confidential business. These “helpers” listen to every word that is said and can be hacked easily by malicious agents.

Hopefully, The ABA codifies the recommendations given in this opinion into its formal standards.

Healthcare

The medical industry also deals with extremely private, confidential information and is susceptible to drawing attention from hackers. 2020 was an especially bad year for this, as the rise of COVID-19 caused a 55% spike in data breaches compared to 2019[5]. It’s a chilling reminds of how opportunistic threat actors can be. Sensing healthcare providers were stretched to the max and short on resources, they attacked.

Common reasons to target the healthcare industry include stealing patient medical records for resale on the Dark Web, identity theft purposes, or extortion schemes, and ransomware attacks to cripple critical systems until the organizations pay a hefty fee.

The United States Department of Health and Human Services set national regulations about healthcare data security through the HIPAA Security Rule. Here are some of the guidelines:

  • Organizations must have physical and technical security measures enacted for hosting sensitive health data. Examples include facility access limits, computer access controls, and strict limitations on attempts to transfer, remove, or delete patient records.
  • Technical systems must have automatic log-off settings, file encryption capabilities, regular audit reporting, and detailed tracking logs of user activity.

With COVID cases declining and vaccinations increasing, the healthcare sector could soon return to normal and start allocating more cybersecurity resources. At least for the first time in over a year, there’s cause for optimism.

Conclusion

With cyberattacks on the rise, there’s still much room for improvement in these industries. Organizations should go above and beyond legal requirements if adequate cybersecurity is a priority. Combining the right technical solutions with a plan of ongoing education is crucial. Usually, the weakest links in a network are the employees themselves. Train them regularly on the basics of phishing techniques and how to spot them. You’ll have a more resilient workforce who won’t fall for common scams that can put your organization at serious risk.

AXEL Go

Part of the equation is still using suitable technical systems. If your company transfers or stores confidential data, you need to ensure it’s locked down. AXEL Go is a decentralized, private and secure file-sharing and storage platform. It offers industry-leading security features that set it apart from the typical Big Tech applications. It uses blockchain technology, advanced file sharding, the InterPlanetary File System, and military-grade encryption to keep important documents away from hackers. Try AXEL Go and gain access to all of its premium features for only $9.99/mo. It’s the safest way to share and store online.

 

[1] Jennifer Elliott and Nigel Jenkinson, “Cyber Risk is the New Threat to Financial Stability”, IMF.org, Dec. 7, 2020, https://blogs.imf.org/2020/12/07/cyber-risk-is-the-new-threat-to-financial-stability/

[2] “2020 Data Breach Investigations Report”, Verizon, May. 19, 2020, https://enterprise.verizon.com/resources/reports/dbir/?CMP=OOH_SMB_OTH_22222_MC_20200501_NA_NM20200079_00001

[3] American Bar Association, “Model Rules of Professional Conduct”, Americanbar.org, https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/model_rules_of_professional_conduct_table_of_contents/

[4] American Bar Association Standing Committee On Ethics And Professional Conduct, Formal Opinion 489, Americanbar.org, March 10, 2021, https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf

[5] “Healthcare Breach Report 2021: Hacking and IT Incidents on the Rise”, Bitglass, Feb. 17, 2021, https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf?aliId=eyJpIjoiOE54NGRRTkhCZDY3aUxGMiIsInQiOiJ0RTZ1QVZXbnFPUGRhZXhVbmhyMmVnPT0ifQ%253D%253D

Iran’s State-Sponsored Hackers Continue to Wage Cyber War

Iran’s government-affiliated hacking groups are among the most prolific in the world. While not considered the most sophisticated attackers, they are still a formidable foe for enemies in the Middle East, Europe, and North America.

Backed by the despotic regime

Intelligence indicates many of Iran’s hacker divisions are part of the Islamic Revolutionary Guard Corps (IRGC). The IRGC is responsible for quelling internal political strife and has an unsavory reputation for violently suppressing protests against the current regime[1]. The Corps initially introduced hacker groups to spy on citizen dissidents, but their responsibilities soon grew. Today, they still perform domestic monitoring activities but also engage in global cybercrime efforts, including international espionage and ransomware deployment.

Subfactions galore

Most state-sanctioned hacking enterprises form subgroups within the overarching military or political hierarchy. Iran is no different, employing at least half a dozen Advanced Persistent Threat (APT) groups. Analysts believe some APTs are independent entities with sworn allegiance to Ali Khamenei, the Supreme Leader, while the state directly operates other units.

Known APTs

Fox Kitten

Fox Kitten, aka Pioneer Kitten, aka Parisite, is a well-known APT thought to be under government contract rather than explicit control.  Actors associated with the group recently put hacked corporate intelligence data for sale on the dark web[2]. This suggests Iran isn’t officially operating Fox Kitten, as the government would likely prioritize keeping the intelligence secret over a relatively small payment.

Fox Kitten uses freely-available open-source tools to exploit vulnerabilities in Virtual Private Network (VPN) and Remote Desktop Protocol (RDP) software. Once they gain access to a system, they utilize SSH Tunnelling procedures to encrypt communication with implanted programs and prevent detection. Thus, Fox Kitten can control infected computers remotely to steal vast amounts of sensitive data.

They typically focus on high-value targets in the tech, defense, healthcare, engineering, government, and financial sectors. The bulk of attacks is against organizations in North America and Israel, which offers another clue as to their origins.

Charming Kitten

Charming Kitten, aka Phosphorus, aka Newscaster, is an APT that has been active since 2014[3]. The group is most known for two highly-publicized events.

  • They are the group linked to United States defector Monica Witt. Witt is a former U.S. Air Force intelligence agent who renounced the United States, defected to Iran in 2013, and provided their government with classified intel[4]. She is now working with Charming Kitten to target susceptible military personnel for further espionage.
  • A hacker now understood to be affiliated with Charming Kitten was responsible for the 2017 HBO hack[5]. This was a famous incident where the script for a future’ Game of Thrones’ episode leaked, spoiling it for fans everywhere. Not exactly state secrets, but an embarrassing situation nonetheless. In a strange turn, the United States Department of Justice contends that both Witt and the HBO hacker work closely together at the moment.

Charming Kitten uses phishing techniques to impersonate trustworthy entities. They mainly target journalists, activists, academics, and government institutions with their deceptive campaigns. The hackers steal their victims’ account information while analyzing their contacts.

Rocket Kitten

Rocket Kitten (what’s with these cute codenames?), aka TEMP.Beanie, aka Timberworm, is a state-operated APT that focuses on espionage against Iran’s Middle Eastern enemies and internal opposition.  According to research by the cybersecurity firm Checkpoint, nearly 50% of its activity centers around Saudi Arabia[6].

The group favors spear phishing and social engineering to compromise their victims. They are noted to be unrelenting in their attacks once they set an objective. This means that even though their methods aren’t very advanced, their overall success rate is high. It only takes one employee off their game for a day to open up a vulnerability in a network.

Rocket Kitten’s most recognized achievement came in 2016 when they successfully hacked Telegram, the popular private messaging client[7]. Private communication is something very valuable in countries without free speech like Iran. Rocket Kitten exploited an account activation policy to gain access to over 20 million Iranian Telegram accounts. It undoubtedly led to a crackdown on anti-government speech.

Needless to say, these kittens have claws! There are even more APTs from Iran, and you can read a brief overview of them here.

2020 incidents

If you only read about the most publicized Iranian cyberattacks, you might think they’ve slowed down recently. In reality, 2020 was a banner year for them! Even if they didn’t grab the world’s attention at large, there were still plenty of interesting developments.

August 2020:

In August, the FBI released a statement claiming Fox Kitten uses known exploits to breach networks worldwide before the organizations can patch the vulnerabilities[8]. This means the hackers don’t even have to probe for unknown (or 0-day) exploits. They simply wait until cybersecurity professionals disclose weaknesses and move quickly to strike high-priority targets. According to the FBI, Iran breached two major companies in 2020 by using these methods. Unfortunately, the agency was not able to disclose the names of the organizations.

September 2020:

 The United States Department of Justice officially indicted three state-sponsored Iranian hackers for a series of attacks on American satellite companies[9]. It is uncertain which APT the alleged culprits belonged to, but they know at least one of them is a member of the IRGC. Posing as employees of the organization they wished to attack, they bombarded legitimate employees with emails and deceived them into clicking on infected attachments. Again, the U.S. government didn’t disclose any specific breached organizations but did say the hackers made off with intellectual property from multiple companies located in the U.S. and abroad.

October 2020:

In late October, Charming Kitten showed that Iran’s cyberwarfare division has a strong sense of irony (Iran-y?)  by attacking attendees of the upcoming Munich Security Conference[10]. They used fake emails and websites made to look like official communications from conference representatives to steal credentials and personal information. Many diplomats and attendees fell for the ruse and exposed their information to Iran’s government. Who needs a security conference when Iran is educating officials for free?

Data protection

It may not be something you think about daily, but it’s an undeniable fact we’re in a global war. It’s just a cyberwar rather than traditional aggression. The participants have replaced tanks and aircraft with computers and cellphones. This seemingly unending conflict plays out just beneath the surface of society. Civilians rarely notice, but those enlightened with the truth can see the consequences everywhere.

Malicious, state-sponsored actors battle against each other to steal secrets and confidential data from their enemies. In the case of Iran, their APTs don’t even use sophisticated techniques[11].

Most of their operations utilize open-source or publically-available software. They crack VPN and RDP programs with brute force password guessing. Their ransomware deployments are non-proprietary Ransomware-as-a-Service (RaaS) frameworks purchased from more competent groups.

In comparison to hackers in China or Russia, Iran is downright second-rate. Yet, they’re still thriving. This fact alone should be eye-opening to people and organizations around the world. It’s time to get serious about securing your data.

AXEL’s commitment

AXEL is dedicated to providing industry-leading data sharing and storage solutions. Our platform, AXEL Go, combines three state-of-the-art technologies to ensure your files are stored and shared securely. Utilizing blockchain technology, the InterPlanetary File System (IPFS), and encryption, you can finally have peace of mind that your files are private and safe. We have options for all types of users, whether for personal or enterprise roles. Download AXEL Go today for free. Our basic tier has 2GB of online storage and enough network fuel for thousands of typical shares. In the age of cyberwarfare, you need the best tools possible to protect yourself and your organization. Don’t settle for less.

 

[1] Yaghoub Fazeli, “Soleimani directly involved in suppressing Iran protests: Former IRGC General”, Al Arabiya English, Feb. 10, 2020, https://english.alarabiya.net/en/News/middle-east/2020/02/10/Soleimani-directly-involved-in-suppressing-Iran-protests-Former-IRGC-General

[2] Catalin Cimpanu, “Iranian hackers are selling access to compromised companies on an underground forum”, ZDNet, Sept. 1, 2020, https://www.zdnet.com/article/iranian-hackers-are-selling-access-to-compromised-companies-on-an-underground-forum/

[3] “Charming Kitten”, Mitre, Jan. 16, 2018 , https://attack.mitre.org/groups/G0058/

[4] “Former U.S. Counterintelligence Agent Charged With Espionage on Behalf of Iran; Four Iranians Charged with a Cyber Campaign Targeting Her Former Colleagues”, The United States Department of Justice, Feb. 13, 2019, https://www.justice.gov/opa/pr/former-us-counterintelligence-agent-charged-espionage-behalf-iran-four-iranians-charged-cyber

[5] Daniel Victor and Sheera Frenkel,  “Iranian Hacker Charged in HBO Hacking That Included ‘Game of Thrones’ Script”, The New York Times, Nov. 21, 2017, https://www.nytimes.com/2017/11/21/business/hbo-hack-charges.html

[6] “Rocket Kitten: A Campaign With 9 Lives”, Check Point Software Technologies, https://blog.checkpoint.com/wp-content/uploads/2015/11/rocket-kitten-report.pdf

[7] Joseph Menn and Yeganeh Torbati, “Exclusive: Hackers accessed Telegram messaging account in Iran – researchers”, Reuters, July 27, 2016, https://webcache.googleusercontent.com/search?q=cache:DE8XABScILkJ:https://ar.reuters.com/article/us-iran-cyber-telegram-exclusive-idUSKCN10D1AM+&cd=5&hl=en&ct=clnk&gl=us

[8] Catalin Cimpanu, “FBI says an Iranian hacking group is attacking F5 networking devices”, ZDNet, Aug. 10, 2020, https://www.zdnet.com/article/fbi-says-an-iranian-hacking-group-is-attacking-f5-networking-devices/

[9] Department of Justice, “State-Sponored Iranian Hackers Indicted for Computer Intrusions at U.S. Satellite Companies”, U.S. DOJ, Sept. 17, 2020, https://www.justice.gov/opa/pr/state-sponsored-iranian-hackers-indicted-computer-intrusions-us-satellite-companies

[10] Laurens Cerulus, “Iranian hackers target top diplomats and security officials”, Politico, Oct. 28, 2020, https://www.politico.eu/article/iranian-hackers-target-munich-security-conference-crowd/

[11] Brooke Crothers, “Unsophisticated Iranian hackers armed with ransomware are targeting companies worldwide”, Fox News, Aug. 26, 2020, https://www.foxnews.com/tech/unsophisticated-iranian-hackers-armed-with-ransomware-are-targeting-companies-worldwide

Think Twice Before Using Email Attachments

Even with the increase in digital communication options nowadays, email continues to be very popular. It may not be the flashiest way to reach out, but over four billion people[1] know it gets the job done.

Unfortunately, however, there is a dark side to this ubiquitous messaging system. And no, it isn’t your mother’s chain letters about the horrible things that will happen to you if you don’t forward them to 10 friends. Somehow, it’s even worse. It is not to say you should stop using email; you just need to use it more intelligently. And that means stop using attachments!

Best reasons to stop sending attachments

Email attachments are dangerous for many reasons, especially if you send or receive sensitive documents.

Significant security risks. 90% of successful cybersecurity incidents take place through email[2]. The vast majority of these get delivered via attachments. In many cases, hackers employ phishing techniques to gain access to susceptible systems.

“Phishing” is when a malicious email looks legitimate. Bad actors research your company or acquaintances and send a phony email disguised as being from someone you trust. Usually, this will include an infected payload as an attachment that they ask you to open. Those not careful or inherently suspicious click it and potentially compromise the entire network. Hackers use phishing in combination with the following forms of malware to achieve their malevolent purposes:

  • Open the wrong attachment, and you could cost your company some serious money. Ransomware is a type of computer virus that maps attached storage drives and encrypts their data. The drives can’t be unencrypted unless the business pays a hefty ransom to the attackers. The estimated average payout for a successful ransomware attack is over $110K in 2020[3], with high-profile incidents fetching multimillion-dollar sums.
  • Zero-day exploits. Zero-day vulnerabilities are the security holes in software that even the developers are unaware exist. Hackers are crafty and find bugs to exploit that nobody else has considered. Obviously, they aren’t going to run and tell the developer about these flaws, so they only become known after an attack. If you run a Zero-day exploit from an attachment, you could give up complete control of your computer.
  • When criminals want to steal employee credentials, they turn to keyloggers. Keyloggers are computer programs that track user keystrokes. Every time the victim types, it is recorded in a separate file and transmitted back to the hacker. If you log in to any of your accounts during this time, the bad actor now has the same information. This can be extremely damaging if the malicious agent targets a high-level executive for keylogging. However, even if the victim is a low-level employee, the information gained from their account is useful for future phishing attacks.

Loss of confidentiality. Never use an attachment to transfer confidential material. While most people think of data breaches as being hacks, it’s a more encompassing term. Let’s say you send an email to a colleague containing privileged company financial information. That document is now out of your control.

The employee’s computer could become compromised, or the employee may be disgruntled and distribute it elsewhere. The point is, you cannot track the attachment after you send the email. This means you can never be sure anything sent in an attachment is secure.

Lack of flexibility. Sometimes, the file you want to send is too large to attach. Many email clients have strict maximum attachment sizes. Why deal with this hassle in the first place? Even if you can send large attachments, it’s a good possibility they won’t go through. Many spam filters or malware detectors flag bigger documents. There’s also a chance their email provider blacklists you and prevents future emails! Save yourself the headaches.

Sender’s remorse. You send off important documentation in an attachment only to realize later that you accidentally CC’ed Brian Stahl-a personal contact- rather than Brian Stalder-your CFO. We’ve all been there. Unfortunately, since you used email, you’re out of luck. Better hope Mr. Stahl is a standup guy!

Then, there’s the case of attaching the wrong file. MayEarningsStatement.xls looks so similar to MaysBirthdaySurprise.pdf. You’re busy, and sometimes busy people make mistakes. It shouldn’t be a big deal, but the irrevocability of attachments makes it a big deal.

Steps to improve security

We don’t recommend ever sending attachments, honestly. If you must, however, there are some steps you can take to make it a bit safer.

Authenticate the sender or recipient. Many phishing attempts come from emails that look similar to trusted ones but are slightly different. Before opening any attachment (or sending one), triple-check to ensure the address is valid.

Never open unsolicited email attachments. If you receive an email attachment out of the blue, even from a valid email address, call the person to confirm it’s legitimate. You never know if a cyber attack compromised their account.

Save and scan. Do not open email attachments directly from your inbox. Save them to your drive and scan them with antivirus software beforehand. It isn’t foolproof, but modern antivirus programs will catch the majority of malware.

Turn off automatic downloads. Many popular email clients do not offer automatic attachment downloads these days, but if you run custom or older clients, it’s something to consider. Check your settings to make sure you do not automatically download attachments.

A better way

Hopefully, you understand why you should be wary of email attachments. There are very few benefits and severe risks in ignoring this advice. So, how should you be sending and receiving confidential files? We recommend AXEL Go.

AXEL Go is a secure way to share and store information online. There are no file size limits, so you can send anything you want. More importantly, it provides industry-leading security options to safeguard you against data breaches and cyber-attacks.

With AXEL Go, you’re always in control. You set the expiration dates of your shared files and can prevent recipients from downloading them. This means if you don’t want sensitive documents sitting around on other peoples’ computers, it’s not a problem!  Combined with optional AES 256-bit password encryption, you can trust that important content stays confidential.

To make things even more secure, AXEL Go operates on the InterPlanetary File System (IPFS). It is a decentralized network with servers called nodes that function throughout the world. Files shared on this network are divided into small chunks and distributed to these nodes. It results in a system without a single point of failure. Traditionally, if the server farm holding your documents was under attack, your files were at risk. With IPFS, this isn’t the case. It’s the future of the internet, and AXEL Go runs on one of the largest IPFS networks in the world.

And finally, AXEL Go has full blockchain integration. Blockchain technology is a distributed ledger system where information is unchangeable once written to a block. While our blockchain doesn’t store your files, it does hold transactional details. So every time you share something, that data is timestamped to a block. This is an excellent feature for professionals, as they can transfer time-sensitive content with absolute proof of delivery.

Download today

These capabilities highlight why AXEL Go is the safer, objectively better alternative to email attachments. You can sign up for a free, full-featured Basic account and receive 2GB of storage to try it out for yourself. Download AXEL Go today for desktops or mobile devices and see why email attachments are a thing of the past.

[1] J. Clement ,“Number of e-mail users worldwide from 2017 to 2024”, statista.com, Mar. 25, 2020, https://www.statista.com/statistics/255080/number-of-e-mail-users-worldwide/

[2] “Report unveils most ulnerable sectors to phishing attacks”, Security Magazine, Sept. 14, 2020, https://www.securitymagazine.com/articles/93347-report-unveils-most-vulnerable-sectors-to-phishing-attacks

[3] Mathew J. Schwartz, “Ransomeware: Average Business Payout Surges to $111, 605”, bankinfosecurity.com, April 30, 2020, https://www.bankinfosecurity.com/ransomware-average-business-payout-surges-to-111605-a-14205