For one media organization, employees recently learned that their tax season just became a bit more complicated after news that their tax information may have been compromised broke. And, as cybersecurity issues and coverage such as this rise, so do the questions around subjects such as the security of the devices we increasingly rely on and the reporting requirements of the big tech companies we so often turn to.
We start this week with Atlantic Media which shared that hackers may have gained access to employees’ tax information. According to Business Insider, the company explained that “unauthorized actors” went into a server storing tax forms which include sensitive information. However, there is no evidence as of yet that any of this information has been shared publicly, nor is there any evidence that information associated with subscribers, customers or clients was compromised.
While having to deal with cybersecurity- related problems has brought about an acknowledgement of the importance of investing in cybersecurity for many organizations, there are still holes in the practice of this that have yet to be filled. One of them comes in the form of mobile device use. CNN Business reported that 45% of 856 respondents said that “their companies are sacrificing mobile security to just ‘get the job done.’” This data came from Verizon’s (VZ) 2021 Mobile Security Index which surveyed 856 mobile security and IoT professionals. Not only is this reflective of the effects of managing remote work, but it is reflective of the challenges that mobile device security presents. While these devices are just simply easier to lose or have stolen, they may also be more susceptible to phishing attacks and are vulnerable to breaches of cloud platforms. A solution to this issue is proper and regular security training, however the Verizon report concluded that almost half of the companies that participated did not offer such training.
Another issue sparking concern is the handling of data leaks on behalf of Facebook. Facebook is facing backlash for the way in which it responded to the theft of data related to 500 million users. The breach of personal information was discovered by cybercrime intelligence firm Hudson Rock and comes from a “vulnerability” that Facebook addressed back in 2019. However, it seems as though the social media giant never made the users aware of the incident and have not commented otherwise according to The Washington Post. Although there is no law forcing companies to distribute such notifications, the discussion around imposing one is likely to come up especially in places such as California where privacy laws are stricter as the Post article states.
“Atlantic Media says hackers may have obtained employees’ financial data” – Charles Davis, Business Insider
- Atlantic Media reported that hackers may have accessed employees’ tax information.
- This came after the company found that “unauthorized actors” accessed a server that holds tax forms.
- There is no evidence that any information has been shared publicly or that subscribers, customers, or clients were impacted.
“One of WFH’s biggest losers: Cybersecurity” – Clare Duffy, CNN Business
- 45% of 856 respondents to Verizon’s (VZ) 2021 Mobile Security Index said that “their companies are sacrificing mobile security to just ‘get the job done.’”
- This is concerning as mobile devices are vulnerable to phishing attempts and attacks on cloud platforms.
- While regular security training may help, nearly half of the companies reported not having such a system in place.
“The Cybersecurity 202: A massive Facebook breach underscores limits to current data breach notification laws” – The Washington Post, Tonya Riley & Aaron Schaffer
- Facebook is facing backlash for the way in which it responded to the theft of data related to 500 million users.
- The breach of personal information was discovered by cybercrime intelligence firm Hudson Rock and comes from a “vulnerability” that Facebook addressed back in 2019.
- Discussions around imposing requirements on companies to make information about such breaches available have been sparked by this event.