It’s still too early to determine what the long-term consequences of the hack will be, and if there will be any legal ramifications. But the video breach is a reminder that data protection for cloud-based services is critical for safe operation. 

That’s where XQ comes in. If the cameras had the XQ agent installed both live and stored video would be protected.  XQ works by encrypting video right on the camera with an ephemeral key.  The key is posted to a cache with specific policies on who can access it.  In this case, even a Super Admin would not be able to access the data unless they were authorized to do so.  Moreover every transaction in XQ is logged in real time.  Thus if there was an unexpected authorized access that would also be flagged. 

Earlier this year the Indiana 5G Zone demonstrated encrypted video using XQ technology. In the video below you will learn about XQ’s API based architecture that encrypts data on the edge to ensure that large-scale breaches don’t happen. Check it out!

Click here for the video

American regulators have crossed the rubicon with the bringing of charges against First American Title by New York State for violating its cybersecurity regulations. First American, the country’s second-largest real estate title insurer, is accused of allowing hundreds of millions of files containing sensitive customer information (Social Security numbers, bank account information, etc.) to be illicitly accessed. The company could face a $1,000 fine for each instance of exposed customer information. With anywhere from hundreds of thousands to millions of records compromised, fines could stretch into billions of dollars.

For title insurance firms, a $16.5 billion industry, predatory behavior by cybercriminals and regulators is a particularly acute issue. Title insurers store a wealth of customer information (often exchange several times by email in a single transaction) and are prime targets for cybercriminals. Further, the regulatory structure is relatively diffused and overlapping. Consider First American’s data breach. The company’s primary regulator is the Nebraska Department of Finance, who were informed of the data breach and ruled that the company acted appropriately. New York regulators found that the company had breached its guidelines and have brought charges. Other states with stringent privacy laws, like California, may also take action. For insurers, among other sectors, the results from cyber attacks can be dually devastating: first cyber criminals ruin your reputation with your customers, then regulators bankrupt you.

At XQ Message, we’re making it possible for businesses and consumers to take control of their privacy. We’ve developed a cross-platform quantum encryption system that is designed to combat the privacy issues of today and the emerging threats of tomorrow. XQ has taken a radical new approach to cybersecurity by making military-grade quantum encryption accessible to businesses of all sizes and consumers. XQ isn’t just another messaging app, but a cross-platform encryption solution that works across the most commonly used business messaging platforms. XQ’s embedded quantum encryption software is available for Gmail, Outlook, Slack, iMessage, and Android, with Zoom on the way. XQ’s enterprise product allows businesses to create a secure environment for internal and external communications to co-workers, clients, and vendors. With XQ, businesses need not worry about being bankrupted by cybercriminals and regulators.

Companies across the U.S. are in lockdown mode: employees working from home, offices shuttered, client interactions happening online. Amid this disruption to business as usual, one group sees a wealth of opportunity: cybercriminals.

 Even in non-pandemic times, the cost of cyber fraud to small businesses is devastating. Estimates run as high as $200,000 per cyberattack for U.S. companies on average, with 43% of all attacks aimed at small businesses (1). A 2019 study of companies with 500 or fewer employees that had suffered a data breach found that 10% went out of business and 25% had to file for bankruptcy (2). Smaller companies often don’t have the resources to implement cybersecurity measures, buy specialized protection software, or hire team members with expertise in defending against such threats (3). 

Relying on email for external communications makes a company vulnerable at the best of times. But in the era of COVID-19, increased sharing of confidential data over email translates to even higher risk. Documents that would normally be shared as hard copies in an office are now being sent back and forth as PDFs through free applications like Gmail or Dropbox.

Tech-savvy business owners  may believe they’re safe if they’ve created a 15-character password with all the bells and whistles – capital and lowercase letters, an ampersand and an exclamation point, a few out-of-sequence numbers. But if they send sensitive information to someone who has “password” or “123456” as their password, both parties are sitting ducks for hackers. 

By the way, those aren’t parodies of bad passwords: they’re alarmingly common. Annual rankings of the year’s worst passwords, based on frequency of appearances in data breaches, confirm that far too many Internet users fail to create more complex passwords (4). According to a 2019 Harris Poll/Google survey, nearly a quarter of Americans have used easy-to-guess passwords like password, 123456, abc123, or iloveyou, or qwerty. More than half have used either a pet’s name or their own name. Only 37% said they’d used two-factor authentication. Alarmingly, up to two thirds of Americans use the same password for banking, email, and social media (5).

Small and medium-sized businesses are only as secure as the weakest link in their communication chain. With a circle of contacts that includes customers, vendors, business associates, partner organizations, and contractors, sensitive data that’s been sent over email can be compromised regardless of what precautions the sender took. Think bank account numbers, invoices, social security numbers, tax returns, medical records, investment holdings of mortgage applicants – information clients count on businesses to keep secure.

A cache of emails obtained by a hacker can lead to severe financial and reputational losses. As too many businesses have discovered, a cybercriminal who has access to a past invoice can create a convincing fake one, using real account numbers and wording that sounds legitimate. Invoice fraud and phishing scams have cost businesses billions – even Google and Facebook were tricked by a Lithuanian cybercriminal into paying $23 million and $100 million, respectively.

If a business is tricked into paying false bills, that’s costly in itself. But if the hacker has accessed private, personally identifiable client information and makes it public, the costs could grow exponentially: government fines, loss of clients, negative publicity. The California Consumer Privacy Act, which went into effect this year, assesses fines on companies doing business in the state of between $100 and $750 per consumer per incident, or actual damages – whichever is greater – in cases of theft or unauthorized disclosure of data. 

A survey of consumers’ reactions to 2018 data breaches revealed that 67% trusted a company less after it had experienced a data breach, and 22% stopped doing business with a company after such a breach. 

Establishing adequate protection against cyber attacks can be an overwhelming prospect, considering the costs, the time and effort it takes to implement security upgrades, and weighing the risks. For companies looking for simpler interventions that can still make a difference, encryption of communications is a good place to start.

1. https://www.cnbc.com/2019/10/13/cyberattacks-cost-small-companies-200k-putting-many-out-of-business.html
2. https://www.scmagazine.com/home/security-news/data-breach/data-breach-causes-10-percent-of-small-businesses-to-shutter/
3. https://www.business.com/articles/small-business-data-breaches/
4. https://www.securitymagazine.com/articles/91461-the-worst-passwords-of-2019
5. https://www.inc.com/jason-aten/google-says-66-of-americans-still-do-this-1-thing-that-puts-their-personal-information-at-a-huge-risk-heres-how-google-wants-to-help.html

Bob Flores, Former CTO of the CIA, XQ Advisor

Over the past year there has been a stream of news about social networks and messaging services listening into private conversations. The typical response from online services is that user monitoring is covered by the terms of service to support their advertising business. Yet some of the services have been caught selling identities to advertisers. More recently even VPN and ad blocking services have been caught selling data on their users.  

The lack of transparency by online services has resulted in Western governments, including the US, to consider stronger privacy laws. While online services are promising better privacy, it’s too early to tell how they will balance this with the needs of their ad business. For now, users must take a more proactive role to protect their own data. Here are some practical steps to consider:

Anything you say on the Internet can be used against you.

1/ Your first thought must be whether you want to publicly stand behind your statements. People have gone to jail and lost jobs for jokes made between friends. Unfortunately, humor is not legal defense.

2/ Consider the “old school” phone call for sensitive information. Given the bulk of messaging now takes place on mobile devices, it’s fairly easy just to call the other party (on their mobile device) when sharing sensitive information. There is no shame on using a phone to talk.

3/ If you must transmit sensitive data, encrypt it. There is a range of free encryption apps such as Wickr and Signal that create a dedicated secure channel between users. Additionally, there is a new service called XQ Message that creates a private channel inside apps such as iMessage, Gmail, and Slack. Use one of them for secure your sensitive messages.

Being aware of the dangers of Internet services is the first step to guarding your privacy.