An issue has recently been identified with Android devices that may put users at risk of being exposed to a massive data security breach. A backdoor in Android devices and operating software makes it possible for personal data to be transmitted and viewed by people in China. So what created this vulnerability?

Android devices are made with various software and firmware from a variety of companies. One company that creates firmware and software for numerous companies around the world is known as Adups, a Chinese company based in Shanghai. One of the features of the offerings is that the firmware or software automatically sends data back to Adups every 72 hours. The data sent includes information like contact lists, phone call lists, and text messages.

A company known as Kryptowire, a security firm that specializes in detecting potential risks and breaches, found that the firmware developed by Adups may have been installed on a wide array of Android devices, unbeknownst to consumers that purchased the products. Adups, for its part, claims that the software was developed for a specific client that needed to track such information to determine customer service and satisfaction.

Even if the software was designed only for one specific client, Kryptowire found it on the product of at least one other Adups client and has concerns that other companies and devices that work with Adups may also be affected. The leaking of data to Adups or other companies and persons in China (or anywhere in the world) represents a huge security risk for both business and individual Android product users. The backdoor access to the device does not just let data get transmitted to Adups but makes it possible for someone to access and take control of the device without the Android device owner knowing or allowing the access.

As of yet, Google is attempting to catch up with Kryptowire's findings and the known affected clients to try to close this backdoor access and keep user data as safe and secure as possible. Contact us for further information or to find out whether your device is one of those known to be affected by this significant and worrisome data breach.

As long as businesses host valuable data, cyber criminals will continue to bypass the security protocols meant to protect this data. The causes of security breaches range from device theft or loss, weak and stolen credentials, malware, and outdated systems that use ineffective security measures. And with these five tips, you can take the first step toward making sure a security breach never strikes at your precious business data.

Limitation of lateral data transfers

Employees not being educated on data sharing and security is one of the biggest reasons for internal data breaches. It’s a good idea to limit access to important data and information by restricting access privileges to only a small number of individuals. Also, you can decide to use network segmentation to cut unnecessary communication from your own network to others.

Keeping your machines and devices updated

Internal breaches might also occur when employees work with unguarded or unprotected machines. They might unknowingly download malware, which normally wouldn’t be a problem if machines were properly managed. Updating your operating systems, antivirus software, business software, and firewalls as often as possible will go a long way toward solidifying your defense systems.

Use monitoring and machine learning to sniff out abnormalities

It’s not all on your employees, however. Network administrators should employ monitoring software to prevent breaches by analyzing what is “normal” behavior and comparing that to what appears to be suspicious behavior. Cyber criminals often hide in networks to exploit them over a long period of time. Even if you miss them the first time, you should monitor suspicious activity so you can recognize impropriety and amend security policies before it goes any further.

Creating strong security passwords and credentials

No matter how often we say it, there’s always room for improvement when it comes to your passwords and login procedures. In addition to text-based credentials, you should require other methods whenever possible. Great for fortifying your network, fingerprints and smart cards, for example, are much harder for cyber criminals to fake. Regardless of which factors are used, they must be frequently updated to prevent breaches, accidental or otherwise.

Security Insurance

In the end, no system is perfect. Zero-day attacks exploit unknown gaps in security, and human error, accidental or otherwise, can never be totally prevented. And for this reason, small businesses need to start embracing cyber insurance policies. These policies help cover the damages that might occur even under a top-of-the-line security infrastructure. Considerations for selecting a policy include legal fees, first and third-party coverage, and coverage for reputation rehabilitation.

The field of cyber security is overwhelming -- even for seasoned IT professionals. But not for us. We spend our days researching and experimenting to craft the best security solutions on the market. If you're interested in one of our cutting-edge cyber-security plans, call us today.

As long as there have been salesmen, there have been scammers trying to sell useless products. Traditionally the elderly have fallen prey to cold-call fraud, but now scam artists are getting tech-smart, and it's the younger generation of computer users who are falling for scams. Let's find out just what's going on with this new trend, and why the tech-savvy are more vulnerable to it.

Results Conclude Youth is more Gullible

Microsoft recently conducted a survey of 1000 computer users of all ages and from many of the largest countries in the world to find out how many of them had been scammed by phony "technicians" claiming to be employees of Microsoft or other major computer conglomerates. The results were startling when studied demographically. Researchers discovered that seniors, who were traditionally viewed as the major victims of such fraudulent schemes, were not the most likely group to fall for the scam.

Research indicated that although seniors were most likely to buy into a telephone scam, they still did not fall for the act as much as younger age groups. The study found, in fact, that between the ages of 18 and 24, people were 2.5 times more likely to fall for the scam than seniors. Those between the ages of 25 and 34 were three times more likely than seniors to be tricked.

The scam that the Microsoft company recently studied involved the following scenario: Either a person calls claiming to be a technical support technician, or an email or pop-up alerts you that your computer is locked or otherwise compromised. In order to fix the problem, you need to call someone and pay for a program or provide access to your computer so some purported technician can solve the problem "remotely."

If you fall for this scam, you are giving them funds for a false program or access to your computer -- which also allows them access to your personal data and the ability to install malware onto your system. The study revealed that two-thirds of those surveyed (around 660 people) had experienced the scam first-hand. One in five had listened long enough to hear the story, and 1 in 10 actually gave the scammer money.

Why the Younger Demographic Became Easy Victims

While older adults often respond more to phone calls, younger people have learned to ignore phone calls, saving them from being phone victims. However, because younger adults spend the majority of their time online and often remain acutely aware of the status of their computer and online presence, they are more prone to react to a pop-up or email claiming that their computer is in danger. Nearly 60% of the adults aged 18-24 in the study say they were exposed to the scam through pop-up ads or online correspondence.

The takeaway here is simple: Cybersecurity is about more than just firewalls and antivirus software. You need to shore up the human side of your protection protocols. The best way to start is by doing some quick research on social engineering in our previous blogs, but ultimately you’ll need something a little more thorough. Contact us today for more tips and to ask about scheduling a cybersecurity training for your employees.