A new study says the average cost of a malicious data breach has risen to $840,000 — but that’s only an average, which means your company could suffer a far worse financial fallout. Even worse, most data breaches remain undetected for a long time, according to the Ponemon Institute study. The results showed it takes about three months to discover a malicious breach.

The Post Breach Boom

In order to understand the steps companies are taking to protect customers after data breaches, the Ponemon Institute surveyed 3,529 security professionals who had one or more data security breaches in the past 24 months. Highlights of the research include the following findings:

Data breaches are on the rise and organizations are unprepared to detect them or resolve them. According to the majority of respondents, data breaches have increased in both severity (54 percent) and frequency (52 percent) in the past 24 months. While 63 percent say that knowing the root causes of breaches strengthens their organization’s security posture, only 40 percent say they have the tools, personnel, and funding to pinpoint the root causes.

Breaches remain undiscovered and unresolved for months. On average, it is taking companies nearly three months (80 days) to discover a malicious breach and then more than four months (123 days) to resolve it.

Security defenses are not preventing a large portion of breaches. One third of malicious breaches are not being caught by any of the companies’ defenses—they are instead discovered when companies are notified by a third party, either law enforcement, a partner, customer or other party—or discovered by accident. Meanwhile, more than one third of non-malicious breaches (34 percent) are discovered accidentally.

Malicious breaches are targeting key information assets within organizations. Nearly half of malicious breaches (42 percent) targeted applications and more than one third (36 percent) targeted user accounts.

Impact and cost of breaches. On average, malicious breaches ($840,000) are significantly more costly than non-malicious data breaches ($470,000). For non-malicious breaches, lost reputation, brand value, and image were reported as the most serious consequences by participants. For malicious breaches, organizations suffered lost time and productivity followed by loss of reputation.

Most people don’t realize that public WiFi are just radio waves, similar to the type that you can listen to in your car. And just as easy as it is to find your favorite station, a hacker can use public WiFi to listen in on you!

In the middle of Times Square, Ford visited with PRIVATE WiFi team members, Raj Devjani and Lane Liston. In this demonstration Devjani and Liston set up a rogue, or fake, hotspot in Times Square. The official WiFi name is “Times Sq Free WiFi,” but the imposter they created is “Times-Square-Free-WiFi.” Many fell for the trick and within seconds people immediately logged on.

Just like that, Devjani was able to see where and what people were surfing on their mobile devices. Some were using Chase bank, others buying tickets to a Broadway show, many were browsing Facebook and checking their e-mail. But no matter what they were doing they all had something in common: they were exposed.

Luckily, Devjani and Liston were merely just showing WPIX how easy it is for a hacker to get this information. If they had been malicious these public WiFi users would have been in big trouble.

Here is the scariest part, as Ford tells his viewers, “[Hackers] can snoop on you at any and all places you are likely to be online like your favorite coffee place, or waiting at the airport, or even in the subway or at a hotel… anywhere there is public WiFi.”

There is a simple way to stop the snooping. At the end of the segment, PRIVATE WiFi CEO Kent Lawson states, “The only way to protect yourself in any WiFi hotspot: there is only one answer, and that’s a personal VPN.”

With a VPN, a hacker can see that you are transmitting data but it is encrypted so all they can pick up on is gibberish. You and your data are 100% secure and private.

A random smartphone user on the street was polled after being told about the dangers of WiFi hacking. In support of a VPN like PRIVATE WiFi, he says, “If something as simple as an app can stop that, I would be all for that.”

Finally, Lawson concludes, “PRIVATE WiFi was established for ordinary people to protect the privacy of their communications full stop.” 

If you want to protect yourself on public WiFi too, you can download a free desktop/laptop trial or check out our free iOS app. (Android coming soon.)

That’s because medical data breaches at large, major medical centers are all over the place again this month. Will a $40 million lawsuit in Canada — or the lawsuit by two United States veterans against the Department of Veterans Affairs — make people pay attention to such security gaffes and finally demand tighter security?

Several Canadian patients have sued Ottawa-based Montfort Hospital after a misplaced, unencrypted USB drive exposed more than 25,000 patients’ names and personal medical details. The misplaced personal information also included sensitive information for about 1,255 members of the Canadian Armed Forces.

The lawsuit accuses the Montfort Hospital of breach of contract, breach of privacy, and violating its own bylaws and Ontario’s Personal Health Information and Protection Act.

The hospital is accused of failing to ensure the memory device was password-protected and failing to disclose the loss of personal information in a timely manner.

“The contract offered peace of mind to the plaintiffs and the class members,” reads the statement of claim. “Patients believed that their personal information would be kept in a secure manner and would not be lost, disseminated or disclosed to unauthorized persons.”

Another lawsuit — this time against the U.S. Department of Veterans Affairs — alleges that a stolen laptop containing unencrypted sensitive personal and medical information of more than 7,000 veterans will cause long-term harm. The lawsuit says the loss of such data subjects the veterans to possible identity theft and medical insurance abuse, and that such threats will continue to harm the veterans far into the future.

The case stems from a missing government laptop at Columbia’s Dorn VA Medical Center; the lawsuit filed in federal court seeks unspecified damages as well as class-action status.

The lawsuit also claims that the VA failed to implement basic computer safeguards, even after a 2006 data breach exposed information on more than 17 million veterans and their families.

“These vets who have served in Iraq and Afghanistan deserve better,” said attorney Michael Kelly, one of the lawyers representing the two U.S. veterans.

Meanwhile, about 130,000 Indiana patients got a shock of a lifetime when they received a letter on May 10 warning them their sensitive information was included in a recent health data breach.

In this instance, an unencrypted laptop at Indiana University Health Arnett was stolen from an employee’s car. The laptop contained patients’ names, dates of birth, physicians’ names, medical record numbers, diagnoses, and dates of service. Luckily, patients’ Social Security numbers were not included on the laptop.

But patients in Tennessee are not quite as fortunate. The Regional Medical Center in Memphis is notifying about 1,200 patients of a HIPAA data breach that included the patients’ protected health information and Social Security numbers. The hospital says an employee sent out three unsecure emails containing the sensitive personal information in late 2012, though the incident wasn’t discovered until March 15, 2013. The unsecured emails included patients’ names, Social Security numbers, dates of birth, account numbers, phone numbers, and outpatient physical therapy services data.

Finally, at Presbyterian Anesthesia Associates in North Carolina, a hacker broke through a security flaw of the practice’s website in early May. The hacker not only gained access to credit card numbers for nearly 10,000 patients, but also to a database of names, contact information, and dates of birth.

Joining the chat, among others, were Stop.Think.Connect., Clarity for Consumers, CSID and Experian. It was an excellent forum for companies and consumers to discuss WiFi vulnerabilities. Besides tweeting about loads of information on how we can best help the public protect themselves from identity theft while using WiFi, we learned some very interesting WiFi names. Stop.Think.Connect told us that the funniest name they had seen was “Not Your Internet,” while another favorite was “FBI Surveillance.” We hope all of those who participated in the event learned something and will continue to spread the word about staying safe in WiFi.

As with all ID Theft Chats, the questions for discussion were posted prior to the event and these particular questions led to some very insightful sharing of resources and ideas. The first question we asked participants was if they used public WiFi. We wanted to know how often people used this technology and how they used it. This kind of information is always helpful to those of us trying to protect consumers because from it we are able to determine how to make our efforts most effective. Responses to this question ranged from those of us who could not go a minute without WiFi to some who used it sparingly.

From asking our second question, we found that not everyone knew that WiFi was not secure. We were able to provide those people with information to educate them. We asked if anyone had heard of identity theft happening due to use of public WiFi and were weren’t surprised to hear that someone’s friend had used the WiFi in an airport in Ecuador only to arrive home to credit card fraud. In wrapping up the chat we asked what people were doing to stay safe on WiFi and were excited to hear that many of the participants were using a VPN like PRIVATE WiFi and taking others measures to protect themselves.

The next ID Theft Twitter Chat, on June 6th at 2PM EST/11AM PST, will be about the topic of small business. We will be discussing how small businesses can protect the personal information of their customers and employees, as well as how they can protect their digital reputation. You can follow along with @ITRCSD by using the hashtag #IDTheftChat. We hope to see you there and thank you to everyone who participated in this month’s ID Theft Chat!

As public WiFi connections expand in New York City’s subway system, Siff recognized the security implications. To get a better understanding, he spent some time underground with PRIVATE WiFi’s CEO Kent Lawson and Product Growth Manager Raj Devjani.

Using simple, readily available software, Devjani was able to sniff the data of commuters accessing the WiFI network. He explained to Siff, “I can get into your e-mail so I know a lot.”

Lawson continued, “All you have to do is put together enough dots, and you can steal somebody’s identity.” The public may not believe it, but hacking public WiFi is a real threat.

Luckily, there is a solution. “The best way to protect yourself if using a VPN client,” said Zack Sterngold, Boingo’s Vice President.

According to WNBC, “Computer security experts say the same advice that applies at coffee shops and parks and other places where you can tap into free hotspots needs to be reinforced underground… Experts recommend that riders… [on] public Wi-Fi should use a VPN, or virtual private network, to protect their correspondence.”

In this PSA, airing on San Diego’s NBC 7, FBI Special Agent Darell Foxworth states, “Securing your mobile device is essential to keep your data out of the hands of crooks.”

Agent Foxworth provides the following steps for protecting yourself:

1. Lock your device with a passcode.
2. When using public WiFi, limit using e-mail, social networking, shopping, and banking, unless you have a secure Virtual Private Network, or VPN.
3. Keep your device up to date. When software patches are available, use them.
4. Avoid questionable apps, and only download from trusted sources.
5. Always back up your data.

(Note: This PSA is sponsored by PRIVATE WiFi.)

In an effort to cultivate a safe cyber environment, Securing Our eCity is dedicated to raising awareness surrounding potential digital security threats. Additionally, the San Diego-based foundation focuses on educating the masses regarding best practices so that citizens are prepared to protect themselves.

Liz Fraumann, Executive Director of SOeC, explains how internet users are unknowingly leaving themselves unprotected in the “vulnerable supply chain.” In addition to partnering with the FBI, local businesses, the YMCA and schools, SOeC produces PSAs to further “drive cybersecurity risks home.”

Fraumann describes that in this current day everyone wants access to everything instantly, but with hackers producing fraudulent sites and networks, the average user is in danger. “Everyone likes something for free, but nothing is free. So when you use free WiFi you must understand the risks occurring underneath the covers.”

Making specific reference to mobile devices, she states, “The VPN solution is absolutely brilliant. I don’t like using public Wifi. I just don’t use it, because there are so many hackers out there.”

Using the business traveler at Starbucks as an example, Fraumann illustrates how dangerous it is for this person to access their personal or professional accounts on public WiFi. “You just don’t know if the person next to you is a hacker,” says Fraumann. “These people need to think about whether it is safe… That is why PRIVATE WiFi is a wonderful product, because it helps mitigates the risks.”

The hotspots will offer ongoing Internet access for an unlimited amount of time at no cost to users or taxpayers — but does the city know what it’s potentially doing to its throngs of residents, students, and tourists?

While this program seems really cool in theory, it’s potentially risking people’s online security and identity in a big way. Not to be dramatic, but this is exactly the sort of widespread program that hackers and online crooks love — they will be delighted to know that the service could expand to as many as 100 existing payphones throughout Boston this summer and as many as 400 payphones by the following summer.

Risks Involved With ‘FreeBostonWiFi’

Although the city says this program is being carried out on a trial basis, the security risks are very real and very long-lasting. After all, victims of identity theft and fraud require countless hours to restore their good credit and good names.

Remember — it’s not the crime you can see — for example, graffiti — but the crime you can’t see. Take identity theft, credit fraud, or any other type of cyber crime — all of those terrible things happen without seeing the actual dirty fingerprints of the criminal at work.

Here are five reasons why carelessly expanding WiFi hotspots isn’t necessarily the best idea:

1. Not everyone is using a virtual private network (VPN). Without using a VPN on a laptop, smartphone, or tablet, a person is essentially broadcasting every last detail of their online lives. Facebook or Twitter passwords, online bill payments, chats, IMs, and even work-related files — all of that is easily “seen” and “heard” when on public WiFi. That’s because wireless signals are merely radio waves — and like any radio waves, all you need is a receiver, tuned to the right frequency, to listen into all the Internet communications at a WiFi hotspot. By using a VPN, all of your communication is encrypted (think: scrambled!) between your laptop and the VPN’s remote server.
2. A payphone on the street is not as secure as your home-sweet-home. Connecting to any network that offers free Internet access — whether on the streets of Boston, in a Starbucks, or in a hotel lobby — makes people incredibly vulnerable to hacking attacks. Many people assume that public wireless is safe, but that couldn’t be further from the truth. Public wireless is not the same as logging into our home or office networks. Again, that’s where using a VPN is so incredibly effective in safeguarding online privacy.
3. Even the FTC knows better. In a new video from the FTC, entitled Using Public Wi-Fi Networks, it explains what we’ve been saying for years: public hotspots don’t encrypt information you send through the network! As the FTC now advises, “If you log in to an unsecured website — say a social networking site — or enter personal information in a web form, you may be sharing that information with others on the network. Hackers could use the information to hijack your accounts, or to impersonate you.”
4. Being a victim is expensive! In 2011, the FBI reported that 300,000 identity theft victims lost a combined $1.1 billion to Internet criminals. That’s an average of about $3,666 per victim. The typical Internet criminal commits literally thousands of these crimes and almost never gets caught. According to the FBI, nearly 304,000 Internet crime complaints in 2010 resulted in 1,420 cases and only six convictions. So for every 50,000 victims, one cybercriminal was convicted.
5. And last, but certainly not least, who is profiting? How are the payphones’ wireless providers and/or the city of Boston making money? Will the payphones be using display or targeted advertising? (Things that make you go “hmmm” indeed.) When you visit a website, the site collects your IP address, web browser, operating system, browser security, whether or not you have a firewall, browser plug-ins, the country you are located in, pages visited, referring page, and the visit time. A cookie is used to keep track of you as you visit various site pages. As most websites are supported by advertising, the advertisers also place a cookie on your computer that allows them to track your behavior across all the sites they advertise on. Advertisers also use “web bugs” to create a behavioral profile (think: Amazon). However, many websites also sell personal data they collect about you to third parties, which means that your behavior is known not only by the sites you visit, but other entities with which these sites share their information.

Boston says this new program is free — but nothing in life ever is — so protect your privacy and security and think twice before a cyber-thief finds you first.

But according to a new study by Independent Security Evaluators of Baltimore, WiFi users aren’t the only ones to blame for some very serious security threats.

ISE found that nearly all of 13 popular home and small office (SOHO) routers have critical security vulnerabilities that could allow hackers without a lot of expertise to compromise and control them remotely — making it possible to sniff or modify network traffic.

ISE’s report concluded that all 13 routers could be taken over from the Local Area Network while 11 of the 13 could be taken over from the Wide Area Network. The routers tested came from Linskys, Netgear, Verizon, Belkin and D-Link.

How Compromised Routers Could Destroy Your Online Security

A compromised router opens the door for an attacker to intercept the traffic of anyone on the network. If the traffic isn’t encrypted by a virtual private network (VPN), he can view it. If the attacker exploited the router’s vulnerabilities, he could use man-in-the-middle attacks to launch more sophisticated attacks against all users in the router’s domain. According to ISE, these include sniffing and rerouting all non-SSL protected traffic, altering DNS settings, performing denial of service attacks and impersonating servers.

The security risks created by compromised routers don’t end there.

Routers are also firewalls that often represent the first and last line of defense for protecting the local network. And there’s more bad news from the ISE report: “ISPs deploying large numbers of vulnerable routers could also give hackers a way into their core infrastructure.” Let’s hope ISPs are paying close attention to this threat.

Independent Security Evaluators urged router vendors to focus on addressing the critical security risks it discovered. It plans to do a follow-up router study in the near future. While ISE says there’s little the average home/small business router user can do to fully mitigate these attacks, there are some steps you can take to enhance your online security:

What You Can Do to Secure Your Router and Your Network

The FBI and the Federal Trade Commission recommend changing the default identification and the administrative password on your wireless router; creating a long strong password of upper and lower case letters and numbers and symbols; and securing your wireless network with WPA2 security. We also recommend disabling remote management and requiring SSL for local management; keeping your router’s firmware updated; and turning off features that weaken wireless security such as DMZ or port forwarding.

What’s more, using VPN software like Private WiFi is critical for your online security. VPNs encrypt the information sent to and from your computer which makes it invisible to hackers.

Asking the simple question, “What do you like about the PRIVATE WiFi page?,” we encouraged our fans to share their responses with us. Then we selected 25 fans to win a free year of PRIVATE WiFi!

We got some incredible comments; so amazing that we just had to share them with all of you. 

Below are our 25 winners and their reasons for “liking” us. We hope that you will “Like” us, too!

1. Johnny Wilson: “What I like about your page? Your product. What I like about your product? It should be standard on every device.”
2. Larry W. Virgil: “Great product, great service, peace of mind.”
3. Cari And-Jimmy Cruse: “I like the important points & informative links you share on your page that have helped educate me on the importance of securing my devices when using WiFi. Thank you!”
4. Jim Estyle: “your page is very helpful and knowledgeable, I share you frequently”
5. Brenda Lynch: “The most informative of all warning us about using public Wi-Fi, like so many do!”
6. Jennifer Gough: “Smartphones have become repositories for vast amounts of personal information. As their functionality grows, users store more and more of their details in their smartphone, from friends’ phone numbers, diary entries, photos, and messages, to shopping lists, bank details, and travel plans. People need to be able to protect their personal data and this seems like the app that can do it!”
7. Dale Rapp: “Excellent blog with great advice on how to be safe on insecure Wi-Fi.”
8. Linda McGuire: “It names the problems, has the solution.”
9. John Bollinger: “I have really appreciated the knowledge and warnings you guys have posted. I have shared several of them with my friends as well. Thanks.”
10. Lance Teabag Obrien: “Great product, peace of mind.Never go WIFI without it…”
11. Alicia Prusinski: “I love all the helpful tips… and keeping us updated as far as the latest in security risks… Thank you.”
12. Jesse Grywacheski: “I like that your page is about something truly useful and not just a gimmick. It is something that could benefit is all. I know I wouldn’t want my identity or private info stolen.”
13. Lora Duguay: “Love this page and I had no idea there was such a thing as private WiFi, but it makes sense and appreciate the info posted here.”
14. Robyn Michaels: “the information is VERY helpful. appreciate it greatly. usually share it too. thanks for all you do ; )”
15. Denise Bendori: “Keeping your private information safe is critical these days with identity theft on the rise. Private WiFi helps to keep me safe when using public Wifi, offers solutions to navigate from potential pitfalls, and explains the possible dangers when using WiFi in general. You guys are great!”
16. Myralyn Balbin: “great service n product.Keeping us safe n secured.”
17. Rob Babboo: “I like the ability to share security awareness and information to people I know. The more information is spread the better chance people will take the right steps in protecting their personal data.”
18. Michael Mendoza: “I like it that you guys keep us informed about stuff so we can be safe. Especially about public WiFi.”
19. Daniel de Regnier: “A well-needed service. Thanks for getting the word out.”
20. Larry Lucas: “Great page. I’ve learned a lot about security I never even imagined by constantly reading the timely and interesting information you post. Thank you!”
21. Jaleel M. Harris: “I like how it pretty much explains VPN and the dangerous of wifi to people who don’t know.”
22. Geri Frakes Burns: “Reliable and trusted information in a manner that is understandable even for myself, one who is not super tech savvy.”
23. Francis Mohajerin: “Ignorance is bliss, until you get hacked. You guys are doing a good job educating people here about this important matter.”
24. Maritess Valeroso Miraflor: “you are very good in keeping us well informed on the danger of using public wi-fi.. thanks…”
25. Eddie Norman: “The best thing that ever happened to protect my laptop after having one destroyed by a hacker at a local cafe.”

The Proliferation of Public WiFi

In the Identity Theft Resource Center’s Public WiFi Usage Survey, 78% of respondents indicated that they use public WiFi at least once a month and of that number, more than half use public WiFi at least once a week.

Further, The Wireless Broadband Alliance, an industry association dedicated to the global deployment of next generation WiFi, discusses in their WBA Wi-Fi Industry Report the accelerated global proliferation of public WiFi. Even more, according to a report by the market research company Informa Telecoms and Media, WiFi hotspots are set to grow from 1.3 million in 2011, to 5.8 million by 2015.

Considering the rapid growth and prevalence in the use of hotspots, it is important for consumers to be fully educated as to the risks they take every time they connect to public WiFi.

Do You Know The Dangers of Using Public WiFi?

During this month’s #IDTheftChat, co-hosted by the Identity Theft Resource Center (@ITRCSD) and Private WiFi (@privatewifi), we will explain that public WiFi is not secure and how using public WiFi can lead to identity theft.

Please join us for May’s edition of identity theft twitter chat where we will be answering and discussing the following questions:

• Do you use public WiFi? How often? What do you do on public WiFi?
• Did you know that WiFi is not secure?
• Have you ever heard of identity theft happening on WiFi?
• How do you stay safe while using public WiFi?

Our twitter chat will commence on Thursday, May 2 at 2:00 PM (EST) / 11:00 AM (PDT). Please follow @ITRCSD and @PrivateWiFi and use the hashtag #IDTheftChat. You may find it helpful to join the chat by using TweetChat. We look forward to seeing you there!