What You Need to Know About the US Government's Massive Data Breach

In June 2015, US officials announced that 4 million current and former federal employees may have had their personal information stolen by hackers. It is believed that the legislative and executive branches of the government were not breached. Uniformed military personnel were also unaffected. However, the list of potential victims included workers from nearly every major government agency.


The incident is one of the largest data breaches ever faced by the US government. Computers at both the Department of the Interior and the Office of Personnel Management (OPM) were hit in the attack. The latter agency handles the overwhelming majority of all federal background checks, and therefore has a huge amount of information on government employees. As a result, the data breach affects practically all of the federal government.

Authorities are still attempting to determine how the hackers managed to breach the government's computer systems. Unconfirmed, is more recent news that millions more may be effected. The OPM is offering credit monitoring and identity theft insurance for 18 months to people who may have been affected by the attack. The government has warned all potential victims to get new credit reports and keep a close watch on their financial statements.

A History of Similar Cyber Attacks

Investigators believe that Beijing is behind the attack. A spokesman for the Chinese Embassy in Washington called the allegations irresponsible and counterproductive. However, this is the second time in less than a year that China has been linked to a cyber attack against the OPM.

In July 2014, The New York Times revealed that hackers had broken into several databases at the OPM. The Department of Homeland Security confirmed the attack, but added that the culprits had not managed to steal any personally identifiable information. According to the Times, a senior US official said that the attackers were based in China.

Beijing has been tied to several high-profile attacks against major American organizations, particularly those in the healthcare industry. Specifically, cyber security professionals have linked it to a large-scale data breach at Anthem Inc., one of the leading health insurers in the US. Anthem announced in February 2015 that hackers had stolen a huge amount of files from one of the company's databases. While the exact number of victims was not disclosed, the database contained the records of up to 80 million customers. The cyber intelligence firm iSight Partners has gone one step further by connecting the Anthem attack to the OPM data breach.

The recent attack against the federal government's computers comes on the heels of another major data breach at a US agency. In May 2015, the Internal Revenue Service (IRS) revealed that hackers had manipulated a tool on the agency's website in order to steal the records of over 100,000 people. The stolen information was used to file fraudulent tax returns. The IRS sent out nearly $50 million in refunds before it detected the data breach.

How Hackers Use Stolen Personal Information

As the IRS attack shows, stolen personal records are incredibly valuable. Hackers can use this information to file fraudulent tax returns or perform other types of identity theft. As one example, criminals use personal data to get past security questions linked to their targets' online accounts. They also secure loans and apply for credit cards in the names of their victims.

Hackers also use this information for spear-phishing campaigns. After targeting a victim, a hacker using spear-phishing techniques will create an email carefully tailored to fool the target into downloading a malware-infected attachment or clicking on a link to a malicious website. After the victim does so, the hacker will be able to gain access to their computer. The OPM breach is especially devastating when viewed in this light. If a hacker targeted the right federal employee, then they could end up with a substantial amount of confidential government files.

How You Can Protect Your Data

The hackers behind these attacks have shown that they are capable of getting past high-level cyber security measures. These attacks should serve as a wake-up call to organizations throughout the world: you cannot be lax about your cyber security.

Check with your IT staff or service provider about the status of your cyber security efforts. You should be using comprehensive anti-malware and intrusion detection measures. Similarly, multi-factor authentication tools can keep your accounts secure, while access control tools can help you enforce your network security policies.

A solid cyber security strategy also calls for contingency planning. In order to prepare for the worst, you'll need a data backup plan. Frequently creating backup copies of your databases means that an attack won't leave you without a large amount of your files. By the same token, documenting a detailed disaster recovery plan ensures that your employees will always know what to do when reacting to a data breach.

With the help of experienced IT professionals, you can improve every facet of your cyber security efforts. When protecting your data, these partnerships can make all the difference.

Learn more tips by joining us for for one of our upcoming webinars.  Each month we provide a live webinar the covers important information on security, mobile or cloud solutions.  To learn more about our next webinar check out our Events page here.

Comments (0)

3 Signs That Your Company Needs a Managed Service Provider

Many companies find themselves juggling IT problems along with their typical day-to-day responsibilities. Outsourcing IT work to a managed service provider (MSP) lets a company excel at what it does best. Here are some signs that your business should look into hiring an MSP.

1. You don't have dedicated IT staff

Small companies often rely on a computer-savvy staff member, rather than hiring an actual IT expert. Problems are solved as they occur, but little planning occurs to avoid future problems. A dedicated IT expert has the time and resources to anticipate hardware and software upgrades, as well as to protect a company from the latest security threats.

Another problem with this practice is that, even if a staff member is computer-savvy, they can only bring their own limited knowledge to the table. MSPs deal with recurring issues from multiple clients, and stay up-to-date on the latest IT developments. In turn, they generally possess a greater breadth and depth of IT-specific knowledge than you can source from within your office.

There's also an opportunity cost when a staff member is sidelined by IT responsibilities. Rather than completing the role they were hired to fill, they are sinking time into work for which they were not specifically trained.

2. Maintenance-related IT tasks are piling up

Dealing with IT maintenance can be a huge distraction from your core business service and can negatively impact productivity. Software updates and licensing are just a couple areas where an MSP can offer relief.

Software updates require constant attention. Failure to keep up with them can cause vulnerabilities and expose company data. MSPs can create maintenance plans to regularly attend to updates and fix any problems that may surface during the process.

Software licenses also need to be properly acquired and maintained. With the exception of software you've written for your own use, all software requires some sort of license. The penalties for using unlicensed software include huge fines and expensive litigation, not to mention a tarnished reputation. When you hire an MSP, they'll keep organized records of your software licenses and create a schedule for renewing them.

3. You want to save money

Many studies have shown that MSPs can reduce costs for small businesses.

Relying on yourself or another staff member for ad hoc IT support pulls resources away from your core competencies, which is inefficient and wasteful. A dedicated in-house IT staff isn't much better, requiring salaries, benefits, office real estate, equipment and training. They also need continuing education, such as courses and conferences, to stay current on the latest IT developments and trends. An MSP removes that overhead entirely.

With an MSP, small businesses only pay for the services and support they need. MSPs can monitor, protect, and support your infrastructure from a remote location using Remote Monitoring and Management (RMM) software. They'll also work with other vendors to ensure that you get the best deals on hardware, software and technology services.

Learn more tips by joining us for our next webinar on June 17, 2015 – Demystifying the Cloud.  We will look how new innovations with clouds services allow employees to securely work from anywhere. Sign up here.

Comments (0)

iOS for Business Webinar Recording

Last week Ease Technologies held our iOS for Business webinar.  During the event we covered tips on improving business productivity when using your iPhone and iPad.  Listed below are some of our favorite iOS apps and enclosed in the post is the full recording of the webinar.

Some of our favorite iOS business apps:
Outlook – some very good updates recently that make this a solid app especially for the iPad.  
Evernote – excellent way to capture notes, ideas, web clippings and documents that can be accessed between all you devices
Keynote – Apple’s presentation app 
1Password – Securing manage and full access to all your passwords on all your devices
Docusign – offers the ability to securely sign, send, and manage documents in the cloud
Dropbox – cloud based storage between all your devices, but upgrade to Dropbox for Business to get the best security features
Waze – a navigation app that offers real-time traffic and auto re-routing for those heavy backups
Quickbooks Online for iPad – recently updated to include some improved reporting

Join us for our next webinar on June 17, 2015 – Demystifying the Cloud.  We will look how new innovations with clouds services allow employees to securely work from anywhere. Sign up here.

Comments (0)

Cyber attack on CareFirst exposes customer data

carefirstCareFirst BlueCross BlueShield, Maryland’s largest healthcare insurer, announced on Wednesday that it had been the target of a cyber attack. The data breach compromised the personal information of approximately 1.1 million members. The database that was attacked contained personal information, but not Social Security or credit card numbers, medical information or passwords.

"CareFirst BlueCross BlueShield has confirmed that cyber-attackers gained limited, unauthorized access to a CareFirst database. We understand that the security of your information is important and we are taking steps to protect members in light of this attack and moving forward." - CareFirst BlueCross BlueShield
They have set up a website providing further information about the attack and the impact on CareFirst members at In addition, CareFirst is offering two years of free credit monitoring and identity theft protection services for those members affected.

This is the third major attack on a healthcare insurer in the past several months. Anthem, currently the nation’s second largest health insurer, acknowledged that it had been hacked in February. The Anthem cyber attack included personal data such as birthdays, medical IDs, social security numbers, email addresses and employment information. Premera, a health insurer out of Washington and Alaska, suffered a similar attack in January. 

Brian Krebs, Cyber Journalist, suggests that the same threat actors that attacked Anthem and Premera may have been involved with Carefirst. “It turns out that the same bulk registrant in China that registered the phony Premera and Anthem domains in April 2014 also registered two Carefirst look alike domains - careflrst[dot]com (the “i” replaced with an “L”) and caref1rst[dot]com (the “i” replaced with the number “1”).” – Krebs on Security

So what should you do?
Go to the CareFirst website to stay informed and follow guidance on that compromise. As with any announced data breach, take the time to change your password on that site. Always follow good password practices that include the following: 
• Use a combination of complex upper and lower case letters, numbers and characters
• Make sure your password is eight characters or longer
• Do not use the same password across different sites
• Change your passwords several times a year
• Use a password manager like 1Password or LastPass
• Be sure to have your devices set to auto-lock

Ease Technologies provides IT support services and cloud solutions for organizations in Baltimore, Washington or Fairfax. Watch our Ease Cloud Workspace video and learn how our secure cloud offering can be your virtual office wherever you go.

Comments (0)

6 IT Policies to Help Protect Your Company

Many companies rely on IT to help run their businesses. For this reason, they often depend on a set of IT policies to ensure the productive, appropriate, and legal use of IT resources. IT policies establish expectations and regulations for behavior related to company computers and networks.

In addition, IT policies detail consequences for employees or customers in the event of a policy violation. The proper enforcement of IT policies may also provide a basis for defense in the event of a lawsuit.

Here are six common IT policies to help protect your company:

1. Acceptable Use Policy

An acceptable use policy, or AUP, restricts use of a company's network or services. AUPs prevent illegal activity, ensure security, and safeguard the reputation of the company.

AUPs also outline the consequences of breaking the rules. A common penalty is restricted or permanent loss of access to the associated network or service.

2. Privacy Policy

Privacy policies protect the personal information collected from a company's customers and employees. Personal information includes anything that can be used to identify an individual. Names, social security numbers, credit card numbers, email addresses, and even photos of individuals are considered personal information.

Privacy policies typically document how personal information is collected, stored, used, and disposed of. Privacy policies may also disclose when personal information is shared or sold to third parties.

3. Data Governance Policy

Data governance policies describe how data is managed as it passes through company systems. Specifically, these policies document how a company makes sure that data is accessible and secure, as well as accurately collected and properly maintained.

Data governance policies also identify the people responsible for the quality and security of company data. They might also mention any third parties that play a role in the company's data management plans.

4. Disaster Recovery Policy

A disaster recovery policy outlines the broad requirements of a company's disaster recovery plan. These policies identify critical data and responsible departments or staff. They also specify allowable downtime, as well as how to ensure business continuity in the event of downtime.

Disaster recovery plans are usually created by senior IT staff. However, the specifics of data recovery plans are normally left to those designing and executing the plan.

5. BYOD Policy

A BYOD policy, or Bring Your Own Device policy, is an IT policy that governs the use of personal mobile devices in the workplace. BYOD policies are becoming increasingly important, with study after study showing the dramatic shift of personal mobile devices into the workplace.

Specifically, BYOD policies state the degree to which personal mobile devices are allowed within the workplace, what can be done with these devices, and how the company will support them.

6. Social Media Policy

Social media policies govern employee use of social media both in and out of the workplace. These policies define how a company will manage and monitor the online behavior of it's employees. They also set forth any company expectations regarding the nature and tone of information being posted.

As a result, social media policies are sometimes perceived as repressive. However, they can actually empower employees by letting them know what can and cannot be posted. Striking a balance between the needs of the company and employees is the key to a successful social media policy.

Comments (0)
Our Newsletter

Upcoming Events
Calendar Icon

Upcoming Events

Keeping Your Business Secure Online [webinar]
7/16/2015 12:00 PM - 1:00 PM

Wounded Warrior iPad Training
7/16/2015 12:00 PM - 1:00 PM

Blog Archive

Archive by Years