AXEL.org

data security

Your Privacy and The Internet of Things

The Internet of Things is a remarkable push to bring data collection to a broader range of devices. As technology becomes cheaper, smaller, and more powerful, the internet has found its way into unlikely places. The Internet of Things brings conveniences and insights into the lives of the layperson and the daily dealings of businesses all around the world. What can we gain from the Internet of Things? What happens when the Internet of Things turns its back on us?

What is the Internet of Things?

The Internet of Things is a distributed method of connecting mundane objects, or things, to smart devices and the internet at large. This is done by attaching sensors and transceivers to these objects and directing them to share information that may make end-user lives more convenient[1].

The classic example of an IoT-enabled device is a smart refrigerator. The utility of a refrigerator is bolstered by the inclusion of a few sensors and the ability to communicate. We can extend the lifespan of these refrigerators by predicting service needs and reporting points of failure as soon as they arise. Consumers are able to streamline their grocery shopping, saving time in their increasingly busy lives. 

The benefits of the Internet of Things on a consumer level are numerous. On a commercial grade, they are unparalleled. We can use IoT-enabled devices to drive down overhead costs by taking preventive measures when our servers and production devices ask for regular maintenance. Data points can be gathered from clients at trade shows or in our stores that can further create comfortable and lucrative transactions. Security methods such as intrusion detection and loss prevention can once again be in the hands of the business owner with IoT connectivity.

What are some common IoT Risks?

The Internet of Things relies on the deployment of additional points of internet access, a haphazard deployment of IoT-enabled devices in a workplace can result in easily-missed holes in the digital security fence of your workplace. Password protection and shoddy firmware can lead a savvy hacker directly into a company’s most private data. Ransomware attacks could ironically arrive through an unsecured security camera[2]

Beyond security issues, privacy itself may be at risk when adopting IoT-enabled devices. Smart doorbells, for example, give local law enforcement nearly unrestricted access to the video data passing through the connection between the camera and the end user. Bringing on a device that promises to bring the conveniences of the Internet of Things needs to be a process taken on carefully and with a careful eye on end-user agreements.

Inviting the internet into your company creates an interesting set of vulnerabilities that may not have existed before. One thing to be said about simple machines is that they are entirely secure from a digital standpoint. Adding sensors to the devices running your production infrastructure or connecting devices that previously could not communicate with the internet eventually requires more infrastructure than before.

The Internet of Things relies on edge computing solutions[3]. These are solutions that bring computing power and storage away from the cloud and closer to the place of business. This distributed method of computing brings power and stability to IoT-enabled devices, allowing them to gather and process more data without losing speed or increasing latency. Edge computing solutions come in hardware form, like additional servers, or a software form, like bespoke applications or computing protocols. By virtue of existing near your private data, these secondary computing solutions open up a workplace to cyber-attacks and privacy concerns.

How Does AXEL Go Protect You? 

The shortcomings of the Internet of Things should not scare workplaces away from the conveniences and the massive data-related insights that can come from the clever integration of sensors and transceivers. Like anything else, informed decision-making and a safety-first mindset will prevent the Internet of Things from eroding the privacy and security of a workplace.

Adding additional points of failure to a network means that a business’s privacy and security will find themselves quickly under fire. AXEL Go is a file sharing and storage service that is dedicated to protecting privacy and security wherever possible. Our decentralized server structure and cutting-edge AES 256-bit encryption offer top-of-the-line security in the face of ransomware and brute force attacks. AXEL Go also guarantees your privacy when using our IPFS servers. Only authorized users have access to the contents of your storage. Not even AXEL is able to peer into your end-to-end encrypted storage. 

As technology moves forward in innovative directions, AXEL Go is ready to provide the security and privacy required to keep making the internet a safe and convenient place. 

Try AXEL Go Today

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.
AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage and file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

[1]Fruhlinger, Josh. 2022. “What Is Iot? The Internet Of Things Explained”. Network World. https://www.networkworld.com/article/3207535/what-is-iot-the-internet-of-things-explained.html.

[2]Iredale, Gwyneth. 2022. “Security & Privacy Issues In The Internet Of Things (Iot)”. 101 Blockchains. https://101blockchains.com/security-and-privacy-in-iot.

[3]Gold, Jon, and Keith Shaw. 2022. “What Is Edge Computing And Why Does It Matter?”. Network World. https://www.networkworld.com/article/3224893/what-is-edge-computing-and-how-it-s-changing-the-network.html.

Personal Vehicle Telematics and Privacy Oversights

Our cars are collecting data without our consent. As vehicles have become more sophisticated, tracking information via the onboard diagnostic system (OBD) and built-in GPS has become commonplace. This data is loosely regulated, and that can create a massive privacy hole for consumers. This information can be pulled by insurance companies, mechanics, and whoever else has the authority to demand information from your car. This is rapidly becoming a privacy blindspot upon which we should shine a bright light and direct legislation.

Telematics, Privacy, and Your Vehicle

Telematics is the process of sending and receiving data related to the location and destination of vehicles on the move. In the past, this was typically reserved for fleet vehicles so companies could better track and direct workers to maximize productivity and minimize fuel consumption. Today, as the technology has become more affordable and personally helpful, telematics has found its way into newer vehicles. 

On its face, this information and coordination is a boon to the automotive world. Insurance companies could identify safe drivers, cities could better direct traffic, and the days of being lost on the road could disappear into history overnight. However, like with any technology, a more pernicious reality lies just beneath the surface. If unrestricted access to telematic data is given to too many parties, the vehicles trusted to shuttle us to and from work can easily become intrusive bundles of data weaponized against the driver or any passengers they may have had. Any private activity at any time can be extrapolated from the mere presence of a vehicle. Without oversight, insurance companies, civil courts, and law enforcement will pounce on this opportunity. Hackers plucking this information from servers holding onto this data for later use can easily dangle it over the heads of their targets with frightening precision and expedience.

Buckle Up Your Data

Anybody with a car will immediately understand how much information their vehicle can reveal about them. Everything from their home address to their grocery shopping habits can easily be laid bare once someone has access to location data. This information is sensitive and woefully under-legislated. 

Telematics law is a burgeoning legal framework since the innovations leading to the technology in vehicles have only recently been regularly included in automobiles heading to market. Many states simply defer to the Federal Trade Commission (FTC) and its already existing rules and regulations related to buying and selling the data of internet users. Clearly, this is insufficient. Many similarities exist between internet data and the telematic information collated by a private vehicle. Still, the degree to which drivers rely on their personal vehicles is entirely unlike the relationship they may have with their smartphones. It should also be noted that the collection and distribution of this private data, in many cases, may not be as simple to opt out of as data collection on the internet. Insurance companies and their massive lobbying power are also incentivized to obscure these oversights and push for legislation that will give them broader access to a driver’s private data than they already have. 

Citizens, privacy-minded or not, should push for legislation that covers these holes in privacy law. Telematic data belongs to more than just the driver of a vehicle. Passengers, family members, and children are inextricably tied to this data once they step foot in a car. Their privacy should not be waived simply because they decided to travel inside a vehicle. 

Protecting Your Privacy

AXEL understands that privacy comes first. Without privacy in the modern era, people are subjected to undue scrutiny from bad actors. Hackers, corrupt authority figures, and competitors always look for data that will give them a leg up on their perceived enemies. Any privacy oversights left unaddressed by legislation will inevitably turn against civilians and their best interests. 

When insurance companies offer customers discounts on premiums in exchange for unfettered access to private location data, eyebrows should be raised. Massive insurance companies act to maximize their profit by any means necessary. The overreach into their customers’ personal lives is not simply a business practice that trades the right to privacy for an opportunity to deny their customers’ claims. This represents a broader trend towards the unacceptable commodification and reduction of privacy.

AXEL Go is committed to protecting the privacy of its users and the interests of the internet at large. Our end-to-end encryption, password-protected secure fetch, and decentralized server structure are engineered to provide personal privacy from every angle. AXEL Go will never request access to private data in exchange for discounts, and our servers are designed to keep prying eyes out of our client’s storage no matter what.

Create a Private Space Online

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.

AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any size business. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

Citations

“Research Shows Data Privacy Concerns For Telematics Policies”. 2022. Actuarialpost.Co.Uk. https://www.actuarialpost.co.uk/article/research-shows-data-privacy-concerns-for-telematics-policies-18317.htm.

Leefeldt, Ed. 2022. “The Witness Against You: Your Car”. Forbes Advisor. https://www.forbes.com/advisor/car-insurance/telematics-data-privacy/.

“The Surveillance State Has Invaded Our Cars. Why Don’T We Care?”. 2022. Fast Company. https://www.fastcompany.com/90389104/the-surveillance-state-has-invaded-our-cars-why-dont-we-care.

Why IPFS is the Future of Internet Storage Systems

Let’s demystify IPFS

IPFS is a new and growing technology that underpins some of the most exciting innovations in tech since it took the stage in 2015. AXEL Go and its decentralized server structure takes full advantage of IPFS to secure your data, but how does that work? Why does AXEL Go use the IPFS protocol over something more familiar like HTTP or FTP? IPFS holds several advantages over these protocols of the past and protects our clients like nothing the internet has seen before. Join us as we take a trip into IPFS 101.

What Should You Know about IPFS?

IPFS is a distributed peer-to-peer file-sharing system that is used online to store and access anything from the most basic bit of data to personal documents and websites. It is easy to think of the InterPlanetary File System as an over-complicated, difficult-to-grasp protocol with no practical applications in the real world. This couldn’t be further from the truth. IPFS is simply the next evolution in a rapidly growing and changing internet.

In 2015, IPFS was born. At this time, a team at a company called Protocol Labs began working on a decentralized method of storing and accessing files. CEO Juan Benet and his developers worked tirelessly on the protocol, taking inspiration from other decentralized methods of sharing information, such as the BitTorrent protocol, which had been growing in popularity since 2001.

When Protocol Labs set out to develop IPFS, it initially had very little to set it apart from something like BitTorrent or similar decentralized methods of collective data storage and sharing. With time, however, IPFS set itself apart from the file sharing protocols it took inspiration from by aiming to create a decentralized global network.

How IPFS Works

IPFS is a set of rules that govern how data is shared and stored across a set of servers. A server, as defined by the IPFS protocol, can be something as complex as a server warehouse or as humble as a smartphone. What matters most to the IPFS framework is the ability to house a fragment of data for later retrieval. How does this basic framework scale up to create the framework for a distributed internet? How does IPFS differ from your standard internet protocol

The internet, as we currently understand it uses the familiar HTTP protocol. This is, at its core, a method of storing and distributing data to users, similar to how IPFS works. When a client wants to access a site or the data held on a single server, their machine sends a request, and the server on the other end replies by granting or denying access to the data requested. This method has been acceptable enough for the early days of the internet. Still, as the technology available to the layperson has grown in sheer power and accessibility, HTTP has shown its age in recent years.

Decentralization

A single server acting as a digital air traffic controller creates a great many shortfalls. The massive point of failure is most glaringly sitting right in the middle of this model. If a centralized server goes offline, be that through nefarious or benign methods, clients all over the planet will be denied access. Bad actors will take advantage of this fact when executing DDoS (distributed denial-of-service) attacks or regular infiltration attacks. When a single server is in charge of crucial data, it necessarily becomes a gleaming target for bad actors.

By taking advantage of a distributed structure, IPFS becomes exponentially more stable and secure. IPFS stores the information on multiple servers, or nodes, all around the world. This distribution increases stability by creating numerous points of access that can act as backups no matter the state of a single node. Decentralizing data in this way makes it practically impossible for bad actors to fall back on their old tricks. DDoS attacks simply will not find a foothold on a distributed internet, and grabbing ahold of the data in a single IPFS node will not give hackers enough information to decrypt.

IPFS is an internet protocol that strives for more than simply reinventing the wheel. Its structure acts as a protective layer for clients online and the internet at large. 

The Benefits of IPFS 

Beyond additional security and a significant boost to privacy, IPFS mainly sets out to do precisely what the internet does in its current state. To the average user, it may seem like nothing has changed on the surface. Still, their essential experience and expectation of the future will fundamentally change the more we as a digital community can fold IPFS into our lives.

IPFS promises to put more control into the hands of the people. In Turkey, for example, Wikipedia was blocked across the country. With the help of IPFS and decentralized storage, the people of Turkey could visit a fully-featured archive of Wikipedia’s entire wealth of knowledge. This marvel of community was made possible by IPFS and the inherent benefits of a decentralized server structure.

By creating spaces on the internet that can not be removed by knocking over a single server, millions of users can gain access to data that would otherwise fall victim to privacy overreach. Decentralized structures make it impossible to wrangle all of an entity’s data in a single place, making IPFS nodes safe to store private information. Comparing centralized servers to IPFS node structure shows us the clear advantage that IPFS has when it comes to protecting privileged information from bad actors and any interested parties for which they may be gathering this data.

Why AXEL Go Uses IPFS

AXEL Go is a decentralized storage and security service that believes in privacy above all else. AXEL Go rides the cutting–edge of technology by employing several of the most exciting innovations in computer science and data transfer protocols.

For AXEL, the InterPlanetary File System represents the next step in privacy and security online. AXEL Go uses end-to-end encryption to protect and obscure data when in transit to clients and from the decentralized nodes that make up its server structure. However, the distributed nature of these nodes provides a sizable bulk of the security and privacy once data is sitting safely on these servers.

IPFS gives AXEL the freedom to protect our clients as fiercely as possible without compromising our customers’ privacy and autonomy. The decentralized nature of our server structure means that AXEL has no control over the data our customers store on our nodes. IPFS also gives our customers peace of mind in the form of robust data backups and drastically reduced chances of server failure. The sort of centralized blackouts that would bring a service like Dropbox or Google Drive to its knees would need to happen dozens of times over before AXEL Go would feel a similar effect. 

IPFS is the server structure of the future, and AXEL is happy to take advantage of this rapidly growing technology’s security, privacy, and reliability. Together with our end-to-end encryption, secure fetch, and password-protected file-sharing sessions, AXEL Go is bringing privacy and security to the workplace one file-share at a time.

Try AXEL Go Today

AXEL Go is an incredibly versatile tool in the fight for cyber security. Implementing our decentralized, encrypted storage into a workplace will create a robust bulwark between sensitive workplace data and any clever exploits hackers can slip through the cracks.


AXEL Go is a file storage and sharing service designed to revolutionize how we think about security online. Our user experience design is focused on handing top-of-the-line security to any business of any size. Our AES-256 bit encryption and decentralized server structure thwart cyber attacks on big businesses as competently as it protects local operations. No matter how tight the budget for your practice may be, we are the perfect fit for secure, intuitive storage file sharing. You can try AXEL Go premium for free for 14 days. See what security backed by our $10,000 guarantee can do for your business.

The Fallout of Edward Snowden and his Leaked Documents, Eight Years Later

On June 21, 2021, Edward Snowden celebrated his 38th birthday in Russia. He’s been in the country for over eight years, having been granted permanent residence in the country in October 2020 [1]. Snowden, an American, has not returned to his native country since leaking millions of classified documents detailing the massive surveillance programs that the United States undertook.

While many have heard Edward Snowden’s name, the programs that he uncovered have seemingly faded in the public consciousness in recent years. Snowden’s reveal of massive global surveillance programs in 2013 was a wake-up call for many Americans, when modern technology and digital communication were truly becoming everyday tools at work and home. His leaked documents highlighted how so many Internet activities are never truly private.

Snowden’s Career Beginnings and Disillusionment

Snowden began his career by joining the Army in May 2004, but was discharged four months later due to broken legs he suffered in a training accident [2]. Following his short time in the Armed Forces, he gained a position as a “security specialist” at an NSA-contracted facility, beginning his time in the intelligence community. He then joined the CIA in 2006 until 2009, years that disillusioned his faith in America’s intelligence community [3]. He described an incident where the CIA purposefully intoxicated a Swiss banker and encouraged him to drive home. When the banker was arrested for drunk driving, the CIA offered him help in exchange for becoming an informant. 

Following his resignation from the CIA, Snowden worked as an NSA contractor in Japan with high-level security clearance for three years before moving to Hawaii to join Booz Allen Hamilton, another private contractor. He joined Booz Allen Hamilton with the sole intent of gaining clearance to new classified files. After just a few weeks on the job, Snowden gained access to the classified material, downloaded it on a flash drive, and fled the United States shortly afterward. Finally, he distributed the materials to media outlets he trusted, particularly The Guardian, with the first revelations posted publicly in June 2013.

What Programs Did Snowden Reveal?

The biggest revelation in Snowden’s leaked documents was the existence of a National Security Agency program called PRISM. Under the program, the NSA had direct access to the servers of the biggest tech companies, including Google, Apple and Facebook without their knowledge [4]. Using this direct access, the NSA could collect users’ emails, search history, and file transfers without a court order. Even if you were an American citizen, you could have been subject to this surveillance if your messages ever touched a non-American server.

Snowden explained the horrifying simplicity of the NSA’s programs, stating “I, sitting at my desk, [could] wiretap anyone, from you or your accountant, to a federal judge or even the president, if I had a personal email [5].” This allegation was initially denied by government officials, yet leaked documents showed a program called XKeystore allowed analysts to search enormous databases with just one piece of identifying information [5].

In addition, Snowden revealed NSA phone-tapping of allied leaders, including German Chancellor Angela Merkel and then-Israeli Prime Minister Benjamin Netanyahu [6]. These revelations caused an uproar among American allies, particularly in Europe. The NSA also monitored various charity organizations and businesses including UNICEF, the United Nations’ agency dedicated to providing aid to children worldwide and Petrobras, Brazil’s largest oil company.

The Legal Justification

All of these programs were justified by Section 702 of the FISA Amendments Act, a bill signed in 2008 that amended the original Foreign Intelligence Surveillance Act of 1978. The 2008 amendment rid FISA of its warrant requirement, allowing the NSA to spy on any foreign communications without a court order. In practice, this meant any communications that touched a foreign server were legally allowed to be collected.

Snowden explained “Even if you sent [a message] to someone within the United States, your wholly domestic communication between you and your wife can go to New York to London and back and get caught up in the database [7].” Because the data had reached a foreign server, no matter how short of a time, the NSA was able to collect, store and potentially analyze that data through Section 702’s legal framework. 

The Effects

A Washington Post investigation found that approximately 90% of account holders in a leaked data cache were ordinary Internet users, with just a tenth of the account holders being NSA targets [8]. These account holders were subject to daily tracking, with NSA analysts having access to intimate conversations unrelated to national security. Put simply, the NSA had access to millions of Americans’ personal data, able to be perused by low-level analysts with little more than an email address.

In addition, government officials’ responses to Snowden’s leaks were swift and severe. Then-Secretary of State John Kerry stated that Snowden’s leaks “told terrorists what they can now do to (avoid) detection [9].” Various other officials agreed with Kerry’s assessment, stating that suspected terrorists had begun changing their communication tactics following Snowden’s revelations [10]. While the NSA claimed that digital surveillance helped prevent over 50 “potential terrorist events,” then-President Obama stated that other methods could have prevented those attacks [11].

Data Privacy vs. Protection

Above all, the NSA has been criticized for conducting digital surveillance beyond the scope of national security. While government officials have stated that the surveillance saved countless lives by preventing terrorist attacks, claims that these programs solely stopped potential terror attacks are dubious. The inappropriate collection of everyday Americans’ data, however, is undeniable. Millions of Americans’ emails, video calls and search histories were readily available to low-level NSA analysts. While Edward Snowden remains a highly controversial figure today, his revelations of mass global surveillance undoubtedly increased Americans’ concern for data privacy. And while some still view Snowden as a criminal or traitor, some see him as a brave whistleblower who revealed just how exposed our data, and our lives, can be.

  1. Ilyushina, Mary. “Edward Snowden Gets Permanent Residency in Russia – Lawyer.” CNN. October 22, 2020. https://edition.cnn.com/2020/10/22/europe/edward-snowden-russia-residency-intl/index.html.
  1. Ackerman, Spencer. “Edward Snowden Did Enlist for Special Forces, US Army Confirms.” The Guardian. June 10, 2013. https://www.theguardian.com/world/2013/jun/10/edward-snowden-army-special-forces.
  1. Harding, Luke. “How Edward Snowden Went from Loyal NSA Contractor to Whistleblower.” The Guardian. February 01, 2014. https://www.theguardian.com/world/2014/feb/01/edward-snowden-intelligence-leak-nsa-contractor-extract.
  1. Greenwald, Glenn, and Ewen MacAskill. “NSA Prism Program Taps in to User Data of Apple, Google and Others.” The Guardian. June 07, 2013. https://www.theguardian.com/world/2013/jun/06/us-tech-giants-nsa-data.
  1. Greenwald, Glenn. “XKeyscore: NSA Tool Collects ‘nearly Everything a User Does on the Internet’.” The Guardian. July 31, 2013. https://www.theguardian.com/world/2013/jul/31/nsa-top-secret-program-online-data.
  1. Ball, James, and Nick Hopkins. “GCHQ and NSA Targeted Charities, Germans, Israeli PM and EU Chief.” The Guardian. December 20, 2013. https://www.theguardian.com/uk-news/2013/dec/20/gchq-targeted-aid-agencies-german-government-eu-commissioner.
  1. Sanders, Katie. “PolitiFact – Fact-checking John Oliver’s Interview with Edward Snowden about NSA Surveillance.” Politifact. April 9, 2015. https://www.politifact.com/factchecks/2015/apr/09/edward-snowden/fact-checking-john-olivers-interview-edward-snowde/.
  1. Gellman, Barton, Julie Tate, and Ashkan Soltani. “In NSA-intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are.” The Washington Post. July 05, 2014. https://www.washingtonpost.com/world/national-security/in-nsa-intercepted-data-those-not-targeted-far-outnumber-the-foreigners-who-are/2014/07/05/8139adf8-045a-11e4-8572-4b1b969b6322_story.html.
  1. “Kerry: Edward Snowden Should “man Up” and Come Home.” CBS News. May 28, 2014. https://www.cbsnews.com/news/sec-kerry-edward-snowden-should-man-up-and-come-home/.
  1. Nakashima, Ellen, and Greg Miller. “U.S. Officials Worried about Security of Files Snowden Is Thought to Have.” The Washington Post. June 24, 2013. https://www.washingtonpost.com/world/national-security/us-officials-worried-about-security-of-files-snowden-is-thought-to-have/2013/06/24/1e036964-dd09-11e2-85de-c03ca84cb4ef_story.html.
  2. Gerstein, Josh. “NSA: PRISM Stopped NYSE Attack.” POLITICO. June 19, 2013. https://www.politico.com/story/2013/06/nsa-leak-keith-alexander-092971.

The Ethical Responsibility for Data Security in Finance, Law, and Healthcare

It’s difficult to argue that the vast majority of businesses today don’t have an ethical responsibility to adequately protect and secure their customers’ data. However, it’s an even more crucial aspect for organizations with known fiduciary duties to their clients or consumers, such as those in the Finance, Legal, Healthcare, and Insurance sectors. Let’s dig into each of these industries in the United States, look at their unique ethical demands regarding data security, and find some common solutions.

Finance

The financial industry includes banks, investment firms, real estate companies, and insurance organizations. According to the International Monetary Fund, it is the sector targeted most by hackers[1]. It makes sense. In a 2020 survey by Verizon Communications, researchers found that 86% of data breaches are primarily for money[2]. Who has more money than the financial industry?

Hackers target these institutions in a variety of ways. One of their most common tactics is attempting to gain access to customer login info. Direct attacks against an organization’s reserves gain immediate attention and mitigation, but hackers can take over a user account and move around smaller sums for much longer periods.

Another method they use is stealing sensitive financial documents. It provides the malicious agents with a treasure trove of confidential data to use for identity theft.

So, what ethical obligation do they have to their clients for securing this data? Since they’re such huge targets, financial institutions tend to employ data protection strategies that are more sophisticated than average. In 2020, the Federal Trade Commission proposed amendments to the Safeguards Rule and the Privacy Rule in the Gramm-Leach-Bliley Act. Under these proposals:

  • Financial institutions would need to safeguard customer data more robustly, such as utilizing encryption for all information.
  • Customers could opt-out of data sharing policies between banks and third-parties.
  • Banks would require employees to pass multi-factor authentication (MFA) to access client data.

The FTC has not ratified these amendments yet, but they would serve as a much-needed update to the current regulatory framework.

Law

Legal professionals now face an even greater risk to their clients’ personal information. Being the processors of strictly confidential information always put large targets on them. But, the COVID-19 pandemic forced many lawyers out of the office and courtroom and into their den. Working from home is the new normal for legal pros, and that means more cybersecurity risks. Whereas they probably worked in a closed system at the office that IT experts monitored daily, it’s much more challenging to evaluate weaknesses in everyone’s home networks. Coupled with the fact that lawyers, on the whole, aren’t the most technically literate people in the world, and you’ve got a recipe for data breaches.

The American Bar Association gives broad ethical expectations for data security throughout its Model Rules of Professional Conduct[3]. A recent formal opinion published by the organization outlines them in greater detail[4], specifically for those engaged in a virtual practice. This opinion has the following provisions:

  • Lawyers must make “reasonable efforts to prevent inadvertent or unauthorized access [to client data].” Today, a reasonable attempt goes well beyond attaching a confidential document to an email and sending it off with nothing but the hope that it doesn’t fall into the wrong hands.
  • Virtual practitioners should look into setting up Virtual Private Networks (VPNs), keeping the computer’s operating systems updated so that security patches stay current, utilizing file encryption, using MFA, setting strong passwords, and changing them regularly.
  • Legal professionals must vet software and hardware providers to ensure proper security.
  • Lawyers should never use smart speakers (Alexa, Google Home, etc.) or virtual assistants (Siri) when conducting confidential business. These “helpers” listen to every word that is said and can be hacked easily by malicious agents.

Hopefully, The ABA codifies the recommendations given in this opinion into its formal standards.

Healthcare

The medical industry also deals with extremely private, confidential information and is susceptible to drawing attention from hackers. 2020 was an especially bad year for this, as the rise of COVID-19 caused a 55% spike in data breaches compared to 2019[5]. It’s a chilling reminds of how opportunistic threat actors can be. Sensing healthcare providers were stretched to the max and short on resources, they attacked.

Common reasons to target the healthcare industry include stealing patient medical records for resale on the Dark Web, identity theft purposes, or extortion schemes, and ransomware attacks to cripple critical systems until the organizations pay a hefty fee.

The United States Department of Health and Human Services set national regulations about healthcare data security through the HIPAA Security Rule. Here are some of the guidelines:

  • Organizations must have physical and technical security measures enacted for hosting sensitive health data. Examples include facility access limits, computer access controls, and strict limitations on attempts to transfer, remove, or delete patient records.
  • Technical systems must have automatic log-off settings, file encryption capabilities, regular audit reporting, and detailed tracking logs of user activity.

With COVID cases declining and vaccinations increasing, the healthcare sector could soon return to normal and start allocating more cybersecurity resources. At least for the first time in over a year, there’s cause for optimism.

Conclusion

With cyberattacks on the rise, there’s still much room for improvement in these industries. Organizations should go above and beyond legal requirements if adequate cybersecurity is a priority. Combining the right technical solutions with a plan of ongoing education is crucial. Usually, the weakest links in a network are the employees themselves. Train them regularly on the basics of phishing techniques and how to spot them. You’ll have a more resilient workforce who won’t fall for common scams that can put your organization at serious risk.

AXEL Go

Part of the equation is still using suitable technical systems. If your company transfers or stores confidential data, you need to ensure it’s locked down. AXEL Go is a decentralized, private and secure file-sharing and storage platform. It offers industry-leading security features that set it apart from the typical Big Tech applications. It uses blockchain technology, advanced file sharding, the InterPlanetary File System, and military-grade encryption to keep important documents away from hackers. Try AXEL Go and gain access to all of its premium features for only $9.99/mo. It’s the safest way to share and store online.

 

[1] Jennifer Elliott and Nigel Jenkinson, “Cyber Risk is the New Threat to Financial Stability”, IMF.org, Dec. 7, 2020, https://blogs.imf.org/2020/12/07/cyber-risk-is-the-new-threat-to-financial-stability/

[2] “2020 Data Breach Investigations Report”, Verizon, May. 19, 2020, https://enterprise.verizon.com/resources/reports/dbir/?CMP=OOH_SMB_OTH_22222_MC_20200501_NA_NM20200079_00001

[3] American Bar Association, “Model Rules of Professional Conduct”, Americanbar.org, https://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct/model_rules_of_professional_conduct_table_of_contents/

[4] American Bar Association Standing Committee On Ethics And Professional Conduct, Formal Opinion 489, Americanbar.org, March 10, 2021, https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/aba-formal-opinion-498.pdf

[5] “Healthcare Breach Report 2021: Hacking and IT Incidents on the Rise”, Bitglass, Feb. 17, 2021, https://pages.bitglass.com/rs/418-ZAL-815/images/CDFY21Q1HealthcareBreachReport2021.pdf?aliId=eyJpIjoiOE54NGRRTkhCZDY3aUxGMiIsInQiOiJ0RTZ1QVZXbnFPUGRhZXhVbmhyMmVnPT0ifQ%253D%253D

Phishing: Not as Relaxing as it Sounds

Phishing is a common form of cybercrime that has been around for decades. While there have been many permutations throughout the years (nobody wants your AOL passwords anymore), the basic concept remains the same.

For such a prominent tactic, it still works well enough for criminals to send off three billion phishing emails every day in hopes of catching the big one[1]! So, dust off the oars and make sure the rowboat isn’t leaking because it’s time to visit the phishing hole.

The basics of phishing

The term “phishing” refers to when cybercriminals deceive unsuspecting people to extract sensitive personal information or deploy malicious software payloads. It relates to traditional fishing in that a fisherman tricks the fish into thinking they will get a delicious meal, when in fact, they are the meal!

There are two main end goals for phishing attacks. These are:

Identity theft. In 2019, over 5% of consumers experienced some form of identity theft and suffered nearly $17 billion in losses due to it[2]. That’s more than the total GDP of Jamaica! Phishing attacks can procure the necessary information (names. addresses, social security numbers, etc.) for thieves to open fraudulent credit cards or apply for loans under their victims’ names.

Malware infection. Many phishing attempts lure unsuspecting victims into clicking a malicious link containing a virus or ransomware. Your computer could even be taken over entirely and added to a botnet to carry out DDOS attacks.

Different types of phishing

Spear phishing. These are more advanced, targeted phishing attacks. Whereas a typical phishing attempt may be mass-emailed out to millions of people hoping to snag a few victims, spear phishers strike specific companies, departments, or individuals. They send tailored messages designed to appear authoritative and legitimate. It has a much higher chance of success but takes more research to develop.

Vishing. Also known as Voice Phishing, here, the scammer calls the intended individual and poses as an authority figure. A common example is a visher calling an employee of a company as someone from IT. They try to get the employee to install “security updates,” which actually end up being malware.

It doesn’t have to be related to business, however. Another popular scenario is contacting older people as law enforcement to gain personal information for identity theft or extort payments for fake fines.  Sadly, criminals go to great lengths to achieve their fraudulent intentions.

Smishing. Since spam emails are frequent and well-documented, many people have caught on to blatant email phishing attempts. That must mean the swindlers have accepted defeat, right? No way. They are always coming up with different ways to deceive. That includes smishing, where phishers utilize SMS text messaging to carry out their schemes. People think text messages are more trustworthy than emails and are therefore more likely to click a bad link.

Whaling. Whaling is a subcategory of spear phishing where the mark is a high-level executive at a company. They have access to the most confidential data, and therefore, make for attractive targets.

Clone phishing. If a hacker accesses one person’s email, they can see who they’ve emailed. Clone phishing is where the bad actor sends an email to someone that’s identical to one they’ve already received. Except, the cloned email contains a malicious link or attachment.

Signs of phishing

Strange URLs from trusted brands. Phishers disguise themselves as trusted brands. Always check to make sure the links you’re following from brand emails are legitimate. We recommend copying and pasting links into your web browser bar instead of clicking them directly. This way, you have a better idea about whether or not the link looks suspicious.

Personal information requests. Companies and government agencies usually won’t require anyone to provide personal information via email or text. Err on the side of caution and refuse any such requests. If necessary, find the organization’s legitimate contact information from their verified website and call a representative.

Urgent, time-sensitive language. Phishers sometimes utilize scare tactics to make their targets feel like they need to act or risk enormous consequences. This is especially common when the phishers pose as law enforcement or legal professionals. Never pay for “fines” or “settlements” you had no idea about previously.

Too good to be true claims. Another classic phishing strategy! We’ve all likely received an email claiming we’ve won a lottery we never participated in, or been contacted by a “Nigerian Prince” who wants to reward us with untold riches. The old adage “If it sounds too good to be true, it probably is,” applies here.

Poor grammar or spelling. Many phishing attacks originate from outside the Western world. If the recent email from your boss is riddled with spelling or grammatical errors, you need to verify it came from a legitimate sender before you reply.

High-profile phishing incidents

Phishing has higher stakes than your Grandmother paying a fake parking ticket over the phone (as unfortunate as that is.) Here are a few high-profile incidents that made national news throughout the years.

Ukrainian Power Grid Attack. In December 2015, a spear phisher gained control of a portion of Ukraine’s power grid and caused an outage for over 225,000 people. Russian hackers were suspected to be the culprits[3].

Mia Ash. Throughout 2016-2017, a state-sponsored hacker group in Iran used the fake LinkedIn and Facebook profiles of Mia Ash to spear phish high-priority targets. Posing as a British photographer, the group friended senior employees in the region’s energy, tech, and telecommunications sectors. After lengthy conversations, “Mia” would send excel documents disguised as surveys that secretly contained malware[4].

The Walter Stephan Incident. In 2016, a major aerospace parts manufacturer, FACC, lost $47 million due to phishing. The malicious agent posed as FACC CEO, Walter Stephan, and demanded an employee transfer the enormous sum to a new account for an “acquisition project.” The project was fake, and the phisher made off with the largest known payout ever. Unsurprisingly, FACC later fired the CEO and CFO for the mishap[5].

How to prevent phishing

Never click strange links. If there’s even a passing thought of “Hmm. I wonder if I should click this,” Don’t! Hackers can compromise trusted friends and colleagues. Call and talk in person for verification if there’s a hint of fraud.

Ensure URL is https with a lock beside it. When browsing the internet, ensure the sites you visit are HTTPS (the “S” stands for “Secure”) and that there is a lock icon to the left of the web address. This means the site is safe. Stay away from websites still using the outdated HTTP protocol.

Use firewalls and antivirus software. Modern operating systems come standard with antivirus and firewall software. Use them and keep them updated to the most current versions. Hackers can breach older versions with known vulnerabilities, so it’s a good idea to activate their “auto-update” options.

Don’t put personal info online publicly. Spear phishers and whalers use readily available information found online to plan their attacks. This is why it’s important to consider everything you’re putting out to the world. Social media is a part of our lives, but being too transparent is dangerous. Find the right balance.

Block popups. Popups can be more than minor annoyances. Sometimes, ads with malware or cryptocurrency miners can sneak through and infect the devices of people who click them. Luckily, popular browsers have extensions that block all popups. Less annoyance. Less chance of a malware infection.

Secure your data

Phishing attacks won’t stop until they become ineffective. Hopefully, through education on the tactics phishers use, more people can protect themselves from identity theft and malware. Mistakes happen, however, and it’s challenging to account for all potential methods of attack. That’s why it’s vital to safeguard your data in other ways as well.

AXEL specializes in securing data at rest and in motion. Our file storage and sharing platform, AXEL Go, utilizes a system of decentralized servers to transfer your documents. This means there is no single point of failure like there is in a traditional server farm. It’s harder to pinpoint areas to attack in a decentralized system, and even if a particular node is compromised, we remove it from the system without affecting your files. Content can also be password protected using AES 256-bit encryption to provide an additional layer of security. Hackers can’t crack the encryption and thus aren’t able to access useful data. It’s the safest way to store and share your files. Visit axelgo.app today to learn more and signup for a  free, full-featured account with 2GB of storage.

[1] “More Than Three Billion Fake Emails are Sent Worldwide Every Day”, Security Magazine, June 11, 2019, https://www.securitymagazine.com/articles/90345-more-than-three-billion-fake-emails-are-sent-worldwide-every-day

[2] Krista Tedder, John Buzzard, “2020 Identity Fraud Study: Genesis of the Identity Fraud Crisis”,  Javelin Strategy, April 7, 2020, https://www.javelinstrategy.com/coverage-area/2020-identity-fraud-study-genesis-identity-fraud-crisis

[3] Kim Zetter, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid”, Wired, March 3, 2016, https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/

[4] Danny Palmer, “How these fake Facebook and LinkedIn profiles tricked people into friending state-backed hackers”, ZDNet, July 27, 2017, https://www.zdnet.com/article/how-these-fake-facebook-and-linkedin-profiles-tricked-people-into-friending-state-backed-hackers/

[5] Reuters Staff, “Austria’s FACC, hit by cyber fraud, fires CEO”, Reuters, May 25, 2016, https://www.reuters.com/article/us-facc-ceo-idUSKCN0YG0ZF