Ulistic Projects Blog

An IT manager’s work can be difficult at times. This is mostly because of the ever-dynamic nature of technology. There is always something new and better being developed every day. It is the work of the IT manager to know the best technology to use, one that functions on a 24-hour basis and also one that’s easy to manage by the employees. He must ensure that his employer stays current on the specific technology that delivers the desired results.

Change is a good thing, but not when it concerns IT managers. They are usually cautious of introducing changes that might cause chaos. So then how will they be able to overcome their fears and embrace change that will improve their employees’ working environment? Here are some useful steps to help IT managers improve their workplace, maintain modern standards, and give all employees a better work experience.

Introduce a Digital Task Force

This can be done through the labor model which gives employees the flexibility and freedom to work from just about anywhere. This, of course, depends on the specific tasks and what projects employees must get done each day. The only problem is that different employees have different preferences. Some prefer more advanced technologies because that is what they are accustomed to in their personal lives. Others would like to work with old-fashioned systems. This only makes it harder for IT supervisors to find solutions that work for everyone.

Using one software package in the workplace is no longer effective. The IT department should work alongside departmental heads in order to manage ever-changing demands in the digital workplace. They should work through and adopt technology that will boost employee productivity. Technology must be user friendly as well.

Combat Resistance

This is an obvious challenge because it is not easy to introduce something new and then get 100% acceptance. Some employees will still try to resist the changes, not because it isn’t beneficial, but because of the fear that they might not be able to master the new technology. The best way to deal with resistance is to get the employees involved right from the start, way before the organization makes an investment in the new technology.

Communication is also an essential part of the whole process. Discuss the advantages of the new technology and the positive impact it will have on them and how it will improve their work place in terms of productivity. Ask for feedback. Look to department supervisors to provide reports when they encounter any problem.

Security

Keeping a system secure is not an easy task, especially with the increased reports of data breaches. Limiting the access points to sensitive data is one way of ensuring that your system is protected. The employees should be made to understand the need to balance between easy access and the data breach threats. They should also be taken through an awareness training touching on accidental exposure, insider theft, phishing emails, and attacks like ransomware and malware. These coupled with other training will ensure that there is better service delivery and that necessary security measures are in place.

Systematically Deal with the Tech Stack

Tech stack is the overwhelming number of applications or software that are no longer useful but still remain installed in a computer system. There are always new upgrades made, but rarely does anyone follow-up and get rid of the software that is outdated. These software programs could be used as the backdoor entrance for cyber thieves. IT managers should always ensure that these “doors” are closed and locked.

There should be constant communications between the chief technology officers and the department’s chief information officers with a view to streamline the sharing of data and information on cloud-based platforms. The Cloud ensures that users are able to access documents, make edits to them and any changes are automatically updated ensuring accuracy across the board.

Show Your Importance

Today, software updates are easy to do since more technology is moving to cloud. Even with that, the IT manager still needs to ensure that new software is beneficial to the users and that it is a worthwhile investment. A lot of research should be conducted to ensure that the new technology is yielding the desired results.

Wrap Up

When it comes to the introduction of new technology in the workplace, IT managers should treat this like a team effort long before it is introduced. Throughout the necessary training for employees, to the follow-up process once the technology is in place, everyone needs to be included. A savvy IT leader will take strategic moves to make changing over to newer systems a positive process for everyone.

Studies conducted by CareerBuilder Harris Poll in the US showed that at least 22 minutes a day are wasted by an average worker dealing with IT-related issues. According to the poll, the leading cause of time wasted in the workplace is related to cell phone use, which ranked the highest at 50%, gossip which followed at 42%, and closely behind was internet use at 39%. This article will briefly outline how companies can work through IT issues so that they can save on time. And time is money.

How Much Time Is 22 minutes Really?

Going by the average time in a 40-hour workweek, 22 minutes a day is close to two hours of work time lost each week. Imagine what that equals for a full year or 52 weeks. It comes out to be over 95 hours per year. When translated into days, that is close to two weeks spent dealing with IT-related problems.

What Are These IT Issues At The Work Place?

Some of the IT-related issues are technical in nature and they include:

• Software malfunctions
• Freezing computers
• Scanner or printer issues
• Old computer systems
• Annoying pop-ups
• Internet traffic delays

These are just a few of the issues that cause frustration for employees. If not handled well, they can lead to time wasted and low productivity, not to mention grumpy employees.

What Is The Solution To The IT-Related Problems?

Companies should have a help desk where employees can go and report IT issues as soon as they occur so that they can be resolved in the earliest instance. This is to ensure that a problem is resolved before it escalates, thus saving time for everyone.

Apart from fixing the problem, IT staff should be encouraged by the employer to share tips on preventive measures to similar problems to avoid them from recurring. Educating employees is always a good idea. It’s cost-effective and just makes sense.

Companies should also invest in modern technical equipment. This way, computer systems, and networks are easier to maintain, less problematic, and also ensure efficient work delivery.  Companies should confirm that the IT staff is well skilled. Hire trainers or allow employees to enroll in various training programs so they can learn all about the changing trends in technology.

Technology is meant to save time and make work more efficient, but when it decides to act up, it can actually cause headaches. Lack of knowledge is another major cause of employees wasting too much time on simple things that can be avoided in the first place. Whoever provides your IT services should have an in-house department or a third-party firm hired to conduct regular training for employees. They should be performing regular maintenance and upgrades to all systems. Training the employees regularly or after installing a new system can make a big difference when it comes to saving time-related to IT issues.

Training employees might not be the first solution a company thinks of but it’s often the most cost-effective way to avoid wasting valuable time. Of course, it can help to hire savvy employees with proficient computer skills. But even if they know how to fix common IT issues, you don’t want a bunch of amateurs working on your valuable software and hardware systems. When the same IT guy does all your upgrades and maintenance, he becomes familiar with your business. This is where you’ll get the best return on your IT investment.

The IT department in an organization should ensure that regular updates are installed to prevent cyber-attacks. Outdated software can malfunction, thus slowing down work efficiency and delivery. This is also a major gateway for cyber thieves to enter your system and take it down.

Wrap Up

The best way to resolve IT-related issues is to treat the problem as a team effort. The stakeholders, such as heads of departments, should be well aware of the necessary steps to be taken to protect your data and keep all systems running smoothly.

The secret to avoiding costly IT errors is to detect an issue and have it attended to as soon as possible, so it doesn’t grow into a bigger problem. Communication is also very important. Make sure employees are aware of how to handle IT problems. Teach them to report these issues right away. Help them do their jobs better with good cybersecurity training. At the end of it all, employee productivity is the ultimate goal. This will improve your bottom line and make sure your staff is happy and productive.

Almost every single PC is hosted on some server or online platform such as the cloud. It’s hard to use a computer without uploading and downloading data. But this can open the door to malware. It is alarming to know that someone might infiltrate your system and access personal data or sensitive information and then use it against you. The truth is, we cannot avoid the internet these days. So then, what can we do to ensure that our systems are secure? This article will outline some of the simple things we can do to ensure that we do not fall victim to ransomware and virus attacks.

Test Your Settings

This is the very first step and it will show you how vulnerable your computer system is. Most hackers target weak anti-virus or even disabled passwords by using software such as the Microsoft Baseline Security Analyzer. This program allows you to easily detect the status of your passwords. Other important things to test for include your account settings. This includes such things as how many administrators can access your computer and what automatic updates are activated on your computer.

Create Secure Passwords

When creating online accounts, always use the two-step verification option. It works in a way that, whenever you log into an account, it will automatically send a unique code to your personal device, such as a cell phone. You are then required to enter this verification code into the account within a specified time before it expires. This adds an extra layer of security. Since the verification code expires after a few minutes, that prevents someone from using it later.

Update Your Operating System

It is always recommended that you acquire and install the latest version of your operating system because it is more secure. Hackers are developing better and more powerful viruses and malware. Most computer operating system companies such as Apple and Microsoft are trying to improve their features so they are better and more secure. All you have to do is turn on the automatic updates feature for your operating system and each time there is an update, it is installed automatically to your system. Gone are the days when you have to buy and install new updates from a CD. The Internet makes everything much easier.

Install Software From Trusted Sources

Most browsers will inform you if the software you are about to install is from an unknown source. Take these warnings seriously. Do a separate search online to determine whether the company is trustworthy before downloading their program. There could be a virus hiding in the program and once it gets into your computer system, it will corrupt your files. At the very least, some of these software programs will download annoying pop-ups and adware that will drive you crazy.

Install Reliable Anti-Virus

Always ensure that your anti-virus is up to date. It should have the ability to scan both online and offline materials, as well as external resources such as flash drives. Update your anti-virus regularly. Some may even require you to pay regular subscriptions in order to update them. If you use an expired antivirus, it will not work effectively. Schedule your scans so they are automatic. This will be done in the background so it doesn’t disrupt your work.

Activate Your Firewall

Some operating systems such as Windows and iOS come with installed firewall programs. Be sure that yours is activated properly. A good firewall can be a strong line of defense against hackers. A firewall works in a way that it hides your computer when online from unwanted attention. It also controls access to your computer’s network.

Look Out For Phishing Emails

Phishing scams are the number one way hackers break into your computer files. You will get an email that looks like it’s genuine. It will include a link to click on. It may look and seem very authentic. This is how hackers infiltrate your system and introduce malware into your system. Your email’s spam filter should be able to detect this, but if you are not cautious and you click the link, you might be in real trouble.

Delete Files Permanently

If you have been working on sensitive information and you no longer need it, ensure that you have permanently deleted these files from your hard drive. It is still possible for someone to retrieve the file, even days after deleting it. But it does take special software and skills to do this. Permanently deleting sensitive files you no longer use can protect you against losing important information.

Wrap Up

When it comes to technology, you should never let down your guard. Technology is a dynamic field. It changes all the time. You must stay vigilant and up to date with all the latest tools and know-how to protect your data properly.

What is the Future of Ransomware?

Ransomware is a kind of software commonly developed and used by hackers to restrain access to a computer system and/or database until a certain demand is met; mostly hackers want the payment of a sum of money. The hackers threaten the organization whose computer system they have blocked, that if they do not pay the sum of money demanded, the company’s database will be leaked online or destroyed completely.

This has become a quick way for hackers to earn money. In the past, when hackers had to waste a lot of time and resources snooping around a target site, this type of activity didn’t really pay off. This method was risky for many reasons and wasn’t much of a threat.

Today, things are much different. Hackers can easily gain access to a company’s database and then hold the information hostage until a ransom is paid. The advent of cryptocurrency makes the whole transaction seamless and untraceable. This is one of the reasons why ransomware is so big nowadays.

How Big A Threat Is Ransomware?

According to the FBI, businesses paid out $24 million in ransomware payments in 2015. By 2016, that number had reached one billion dollars. The average ransom is now approximately $1,000 but some healthcare organizations have reported paying $17,000 to regain access to their files. As long as companies continue to reward hackers by paying the ransom, this crime will continue to escalate.

Who Are The Likely Victims Of Ransomware Attack?

Most ransomware attacks start as a fishing expedition, which means that the hackers make out a list of organizations and their employees and then try to access their confidential information. Targeted organizations are those that contain sensitive personal information, such as healthcare and financial organizations. Many times, businesses think that the best course of action is to pay the ransom, rather than hire security and IT specialists to come in and restore access. Sometimes, organizations are embarrassed to admit that they’ve been a victim of this crime. They want to make it go away as quickly and painlessly as possible.

What Defense Strategies Can An Organization Put In Place Against Ransomware?

The very first step is to understand how a ransomware attack happens. Hackers send out phishing or spear phishing emails to employees of the organization in an attempt to get someone to click on a bad link. Once this happens, the ransomware virus is downloaded to the company’s network and all files are frozen. At this point, you have two choices: pay the ransom or call in security experts to unlock the files.

The first step for most companies is to lay out a security strategy to deal with viruses, worms, ransomware, and other forms of attack. Every organization should have a plan to address data breaches. The experts say that it’s not a matter of whether you get attacked; it’s just a matter of when. So the best course of action is to be ready. Below are few basic steps you can take:

• Train your employees what to watch out for in suspicious emails. Training must take place on a regular basis because people forget or get careless.
• Hire a security company to test your current system to see where your weaknesses are. Most IT security pros will assess your security, then give you a list of things that should be done right away to shore up your defenses. They can also help you make a long-term plan of action.
• Regular system backups should be performed. If you have all your data backed up at an off-site cloud data storage site, then it can be easy and painless to completely restore all your data.
• Perform regular patches and updates. This keeps your network protected. New cyber threats come out almost daily so this is an important step to keeping your database secure.

Additional Tips

Employees are the key problem when it comes to ransomware attacks and other viruses. They should be fully aware of the types of email scams that are currently going around. Employees should know what to look for and how to avoid clicking a bad link.

It’s not easy to be in a position where you have to negotiate with a ransomware attacker but every decision depends on the circumstances at hand. Whether you work with a managed IT provider or have in-house IT techs, it’s important for them to be fully engaged in keeping your data safe. However, if an attack does occur, you can greatly reduce your losses by being ready and knowing what to do.

Wrap Up

Hackers stay up-to-date on the latest IT technology, so you must do this as well. Social media has opened the doors for hackers because it’s so prevalent these days and many users get careless. Start by finding a great team of security experts to help you get up-to-speed. Get all stakeholders in your organization involved in data security. Don’t get lax. Make sure employees are aware of the dangers online.

The All-New Surface Go: What You Need To Know

There’s no shortage of gizmos and gadgets to choose from in today’s tech world, but not all are created equal, and some are exceptionally unique, like the new Microsoft Surface Go. The Surface Go is the tech giant’s way of combining the Surface Pro’s premium features with affordability and portability – two of the most sought-after features for laptop and tablet owners, understandably. Touted as the “smallest and most affordable Surface yet,” the Go is one of Microsoft’s most exciting new ventures, and with its August debut fast approaching, there’s plenty to know about this trailblazing 2-in-1.

Those familiar with the Microsoft Surface line may have a solid idea of what’s to come in the Go. Here are a few of the most interesting aspects of the Microsoft Surface Go, including specs, price, and all the things you can do with this piece of gadgetry in tow.

What Does It Look Like?

One of the Go’s most endearing qualities is certainly its tiny size. Like its predecessor, the Go is a tablet that attaches firmly to Microsoft’s Type Cover keyboard. Measuring at 9.6 by 6.9 inches, it’s just 8.3 mm thin and weighs only 1.15 pounds. About the size of a composite notebook, with a 10-inch diagonal display that’s sufficient for everything from business to entertainment, the Go is primed for accessibility, above all.

With a gadget made for accessibility comes a need for durability. The Surface Go boasts a magnesium enclosure and an ultra-bright, high-resolution touchscreen bonded with durable Gorilla Glass. And with respect to the design of the Go, convenience is key. It comes complete with a kickstand that extends to 165 degrees, as well as support for a stylus pen, which can magnetically attach to the tablet.

There are also plenty of ports to keep you productive all day. There is, of course, the charging port, but in addition, you’ll find a USB-C 3.1 for data and video, as well as a MicroSD card reader and a headphone jack.

What Can The Surface Go Do?

When designing the Go, in addition to portability and affordability, Microsoft aimed for productivity. They sought to create a device that would be sufficient for both work and play. From Office apps for business and school to Netflix and Hulu for entertainment, Microsoft’s team kept a wide variety of users and uses in mind to create a gadget that checks all the boxes.

When it comes to display, the Surface Go doesn’t skimp. Its high-resolution PixelSense Display is custom-built and can support the Surface Pen with exceptional pressure sensitivity, low latency, low pen parallax and precision. All of this results in near-perfect note taking, design, and drawing.

Easy on the eyes but bold enough for vibrant videos, art, and photos, the Surface Go isn’t short on aesthetics in the least. Even the Surface Pro’s screen capabilities are unique. When in portrait mode, the screen is designed to fit the scale of school textbooks. While in landscape mode, pages will appear side by side, mimicking a paperback in your hand.

Power-wise, despite its small size, the Surface Go is nothing to scoff at. It gets its power from a 7th Generation Intel Pentium Gold Processor 4415Y, which allows for up to nine hours of battery. Other features include Windows’ Hello face recognition camera, which will be used for bio-authentication, plus two front-facing speakers and a sufficient 8-megapixel rear camera to capture high-quality photos.

How Much Does The Surface Pro Cost?

Compared to the Surface Pro, the Go is a steal, and the most affordable Surface ever. When it ships in early August, it will cost $399. With this, users will receive 64 gigabytes of internal storage, plus 4 gigabytes of RAM. More costly options include one with 256 gigabytes of storage and an impressive 8 gigabytes of RAM, as well as an LTE version, which will be available later in 2018.

If you’re looking for add-ons, you’ve got options in a Type Cover keyboard and stylus pen. The Surface Go has the option of a signature Type Cover, custom-made with design features that make for a superb typing experience. Ergonomic key pitch, excellent key travel, and high precision tuning are a few other details you’ll find in the Type Cover. There is also the option to connect your device to the Surface Mobile Mouse for further convenience.

Wrap Up

With an ever-growing number of laptops, tablets, and other tech gadgets to choose from, Microsoft’s taken big steps in creating something more affordable. Hot off the heels of the success of the Surface Pro, the Surface Go is the answer for those who want an inexpensive, but tech-heavy tablet computer. If you’re among the crowd looking for a sleek combination of looks, function, and savings, the Surface Go may be right up your alley.

If you work for a company that deals with government agencies, you may have heard of the NIST, or The National Institute of Standards and Technology. The NIST has its own unique set of standards by which certain companies and organizations must comply.

These cybersecurity guidelines, implemented by the U.S. Department of Defense (DOD) and the Defense Federal Acquisition Regulation Supplement (DFARS) are a point of stress for many organizations, and rightfully so. In fact, ensuring compliance with current NIST standards is among the top priorities for a number of industries in the tech game today, including those in universities, consulting companies, research institutions, manufacturers, and others. If you work within one of these industries and are contracted in any capacity by the DoD, you may do well to familiarize yourself with the most recent NIST standards to ensure you are safe from the consequences of failure to comply.

What Do You Need to Know About NIST Guidelines?

Over time, the NIST, has worked to require additional standards for the processing, storing, and transmission of defense information. The new guidelines seek to promote the protection of “Controlled Unclassified Information,” or CUI, which is defined as government information that, while unclassified, still requires safeguarding. Therefore, the NIST has put into place a specific set of processes, listed in NIST Special Publication 800-171, to ensure government information is protected at all times.

If your company has plans to work with the DOD in the future, you’ll need to take the required steps to ensure you meet the guidelines of the NIST 800-171 mandate. Sections 3.1 through 3.14 of the guidelines contain 109 requirements that companies must meet to comply, though it may have proved difficult for many to meet all 109 by the December 31, 2017 deadline. To address this, the Federal Government typically expects companies to come up with a game plan to earn compliance within a reasonable time frame. Failure to comply may result in your company’s removal from the approved vendors’ list.

There are a few questions you may ask yourself if you’re concerned about whether or not your organization is subject to NIST standards. Simply put, if your company currently holds a United States federal contractor is currently listed as a supplier on a United States federal contract, you likely must answer to the NIST.

Here are a few additional questions that may serve as an indicator of whether or not your company should be concerned about compliance:

• Is your company’s access to CUI contained and reliably isolated?
• Is the CUI controlled? Things like the CUI’s physical location, internet network, authentication factors, and infrastructure all come into play when ensuring the CUI is accessible only to authorized parties.
• Does the site have substantial information technology practices?
• Are backups being maintained?
• Has credible antivirus software been installed?

These are the types of practices subject to the NIST’s guidelines.

What Are Some Common NIST Compliance Myths?

While NIST compliance is vital in a variety of different industries, there are some myths circulating that may make it difficult to know for sure whether compliance has been met. Here are some of the most common myths regarding NIST Compliance:

NIST Compliance Is Too Expensive.

There may be costs associated with becoming NIST compliant, but that doesn’t mean doing so has to cost a fortune. You may not require the help of a large consulting company. Make sure to do your due diligence before committing.

My Company Is Too Small To Worry About NIST Compliance.

Companies of all sizes may be subject to NIST compliance. These guidelines don’t just apply to direct manufacturers, but also any subcontractor currently selling to one of the government’s suppliers. Although your company may not depend on business with the DoD, you may not want to rule yourself out down the line. This is what makes NIST compliance so important for businesses both big and small.

There’s Not Enough Time For Us To Become NIST Compliant.

While there are consequences to not meeting compliance by the aforementioned deadline, it’s still not too late to strive for compliance.

What Steps Can My Business Take To Prepare for DFARS Compliance?

To meet the requirements set forth by DFARS, you’ll need to follow a few steps:

Create A Security Controls Traceability Matrix

If you’re hoping to demonstrate compliance, you’ll need to do it across the system and identify areas of weakness. It’s important to identify every component within your unique system that may be subject to guidelines. Each of these should be mapped out using a simple matrix to ensure accountability.

Pinpoint The Gaps

Your matrix should provide a valuable glimpse into where gaps in compliance may lie. Once you have it, it’s time to investigate where these may be affected in the system.

Visualize And Execute Your Game Plan

Once you’ve determined the gaps, you should develop a strong gap remediation plan that will explore how and when each gap will be fixed and what types of resources you’ll need to achieve this, then put your plan into play. Be sure to document how the gaps have been addressed, as well as be prepared to present data as evidence of your compliance.

Every business knows that getting hit by a data breach can have devastating results. Oftentimes, you lose business along with customer trust. There’s a costly impact to your reputation, and a lot of time is lost on recovering all your data – all translating to huge financial losses. A new report now puts these implications and hidden costs of data breach into perspective.

Ponemon Institute’s 2018 “Cost of a Data Breach Study” presents some worrying figures on the financial impact of data breaches on the corporate world.

While the costs of data breaches are expected to vary depending on factors such as the nature of data lost, the size and nature of the organization whose data has been compromised, and the severity or extent of the attack, Ponemon Institute reports that the global average total cost of a data breach exceeds a whopping $3.8 million.

This represents a 6.4 percent increase from last year’s $3.62 million. What does this mean? The cost of a single data breach is on the rise even as technology continues to present businesses with better, more advanced ways to protect their records both online and offline.

What The Report Covered   

The researchers at Ponemon Institute interviewed nearly 500 companies that had experienced a data breach for the study and analyzed numerous costs and cost factors surrounding an attack. These included incident investigation, legal and regulatory activities, recovery, damage to company reputation, and lost business occurring through customer turnover.

Based on these in-depth interviews, the study established that a mega breach, which simply refers to an attack in the range of 1 million to 50 million lost records, could respectively cost anywhere from $40 million to $350 million on average.

This was the first time the Ponemon Institute study, which has been released annually for the past 13 years, covered calculations of the costs associated with such mega breaches. It, however, did not include huge incidents such as the 2017 Equifax data breach in calculating the averages, arguing that these are uncommon and not the type of breaches that most organizations experience.

According to the report, a company that suffers a mega-breach is bound to experience lost business as the most significant cost. Lost business can claim up to one-third of the total cost of such a breach involving the loss of at least one million records.

What Influences The Cost Of Data Breaches?

A host of factors come into play to determine the costs incurred by organizations that have suffered a breach.

While the knowledge of these factors could mean little by itself, there are some factors that have the potential to reduce these costs. One such factor is the length of time it takes a business to identify and contain an attack incident.

To put it simply, if an organization takes a long time to identify an attack, they would equally take longer to contain the incident – and this would inevitably translate to more extensive damages and bigger losses.

Identifying a breach sooner, on the other hand, allows the victim to address it sooner and be able to contain the problem before the damage spreads. This has the potential to minimize the cost of a data breach.

If the figures from the Ponemon Institute report are anything to go by, it can take up to 197 days (well over 6 months) to identify a data breach and another 69 days to contain it.

Direly, these figures have significantly gone up in the last year, ostensibly because of an increase in the severity of these attacks.

Anything Companies Can Do To Reduce Data Breach Costs?

There are quite a few strategies that, if properly implemented, can help businesses to significantly lower the potential of data breaches and their associated costs.

For starters, the report from Ponemon Institute provides a strong correlation between the time taken to identify and contain an incident of data breach and its related costs. The yearly study has established this same correlation for four consecutive years now – indicating that the quicker you identify a breach, the less it will cost you.

So then, all you have to do is remain vigilant and prepared for an attack at all times. How you wonder? Consider extensive use of encryption in your organization, as this can cut the cost by as much as $13 per capita.

The research also recommends putting in place an incident response team. This, according to the study, can decrease the cost of a data breach by up to $14 per compromised record from the $148 average per-capita cost.

Conclusion

Based on the data from the 2018 cost of a data breach study, being able to contain a breach in less than 30 days will save you more than USD 1 million compared to a company that does not. However, if you can combine vigilance with an automated, state of the art security system, there’s no reason why you can’t keep data breaches from happening in your organization in the first place.

Ticketfly, the California-based ticketing service owned by Eventbrite, hit the headlines in late May, 2018 for shutting itself down in a move to protect user data following a perceived “cyber incident.”

There’s no denying, this must have been tremendously inconvenient to eventgoers who, as part of the security breach, were treated to the message: “Your Security Down im Not Sorry,” in place of the usual login interface on the Ticketfly homepage.

Alongside this message was an image of the Guy Fawkes Anonymous and a Yandex email address belonging to the hacker; neither was of much help to the users.

The hacker had defaced the ticketing website with a picture of the V for Vendetta character plus a claim of responsibility that read: “Ticketfly HacKeD By IsHaKdZ.” This left the company with little choice but to take the site offline and throw itself into damage control.

Ticketfly went on to investigate the incident with the help of third-party forensic cybersecurity experts. The exact extent of the attack and the types of data that the hackers accessed remains yet to be established.

Reports emerged that the Eventbrite-owned ticketing company was supplying venues with lists of ticket buyers, who were required to carry their photo IDs and a printout of their tickets (for those who had the tickets) to the show(s).

The outage was, however, definitely going to present a more serious challenge to those who had bought tickets for an approaching show and didn’t already have the tickets.

The affected ticket buyers would have to sit tight; the company would give them more information as it became available.

Fast Forward To Date

The date is June 2, 2018 – Ticketfly just resumed its normal ticketing operations. Details emerge that the company has been the target of a malicious cyberattack that has led to the compromise of up to 27 million user accounts hosted on its servers.

This is the official communication from the company itself. It clears the air on the earlier reports going around speculating that about 26 million user accounts have been compromised from the Ticketfly attack.

The company, which handles ticket distribution for events like Riot Fest, Celebrate Brooklyn, and a series of venues across Canada and the US, has since confirmed that there was indeed a cyberattack that compromised some event venue and customer data.

It is relieved to confirm, however, that the breached data is limited to people’s names, email addresses, physical addresses, and phone numbers connected to the approximated 27 million Ticketfly accounts. More sensitive information including payment and login data such as credit card numbers and passwords were thankfully not part of the stolen data.

As part of the leak, the compromised names, email addresses, phone numbers, and home addresses were posted on a public server – with some reports indicating that the hacker intended to make public even more data should his demands fail to be met.

Too Early To Celebrate?

The question that now lingers in the minds of many is with regards to the nature of the data that is still in the hands of the hacker who has threatened to release this data to the public.

These threats cannot be taken lightly by any chance. There are reports indicating that the hacker had notified Ticketfly of a security fault ahead of the “cyber incident,” asking the company for a one bitcoin ransom in exchange for repairing the fault. Apparently, Ticketfly did not take the deal, leading to the eventual uploading of the data to the public server. The current value of one Bitcoin is $8,095.

Like any users involved in a major data breach, the primary fear for the victims in this Ticketfly data breach is the idea that the hackers could impersonate them in various instances of identity fraud or consider using their information to access their financial records.

This kind of fear may be unfounded as Troy Hunt, the guy who owns and runs the website named, Have I Been Pwned, feels that this breach is not as ominous as most, given the fact that the perpetrator apparently did not get his hands on people’s passwords or payment information.

The Have I Been Pwned website allows people to check whether their email addresses have been compromised in incidents of data breaches. If your info is included on a public server somewhere, you can find out at this site.

Wrap Up

Right now, it remains to be seen whether the dark hours have passed for Ticketfly or if there are still enough vulnerabilities for the attacker to exploit. By now, there’s no doubt that Ticketfly has improved their security to ensure that all credit card information and user logins are stored in an encrypted database that is cordoned off.