Arming the Next Generation of Cyber Warriors

July 9th, 2019 by Julie Lough

Cyber Warriors

There are everyday warriors in businesses across the country, but these individuals may never have worn the uniform of their country. This next generation of cyber warriors is being groomed by organizations of all sizes in an attempt to overcome the growing skills gap in the cybersecurity world. While many current cybersecurity analysts started in general IT, there are individuals throughout the business and technology world that are moving towards this lucrative career path. Unfortunately, there are few set career paths already in place and no firm list of skills to develop to move in this direction. See what Under Armour’s VP & CISO, Matt Dunlop, is doing to arm the next generation of cyber warriors that he knows his organization desperately needs.

Background of a True Cyber Warrior

One of the key reasons that Matt Dunlop sees the value of developing these skill sets is because he’s worked throughout the fields of mathematics and computer engineering since his time in the U.S. Army as a colonel. After starting as a network engineer, he further developed his skills by completing a master’s degree in computer engineering and ultimately a doctorate in a related field. When the U.S. Army Cyber Command was created, he was a logical choice to help stand up this new division — partially due to his status as a computer science educator at West Point. In his position as CISO with Under Armour, he’s able to bring together his passion for teaching and marry it with his deep knowledge of technology and cybersecurity. “As we look into the future and project this huge job shortage, companies are looking for the silver bullet,” says Dunlop. “But I look at it as a long game.”

Creating Lifelong Learners

Cybersecurity is an ever-changing landscape and one that doesn’t have a set career path or an endpoint. Dunlap is currently working with the National Cyber Education Program to help create a generation of students that are interested in the exciting field of cybersecurity. There is a major deficit of individuals who have the breadth and depth of knowledge that would allow them to effectively provide cybersecurity protection for an organization. Sparking the interest of the next generation of smart workers is crucial, especially as automation takes the place of low-level activities and leaves plenty of room available for strategists and individuals who are able to implement more complex — and therefore more challenging — environments. Historically, cybersecurity professionals begin as entry-level IT professionals and work their way through the ranks to ensure that they gain the necessary knowledge about infrastructure and integrations to help protect an organization from both malicious actors and internal business challenges.

Cloud is Changing the Face of Cybersecurity

As cloud-based applications gain prominence in today’s business world, cybersecurity professionals will need a better understanding of data and integrations as well as hardware and servers. Transitioning from general IT to cybersecurity requires in-depth knowledge of how and where weak points can occur in an organization’s security net. From next-generation firewalls to strategies for warding off malware and phishing attacks, there are integration details that require recognition of how data flows throughout your business — and beyond. Pulling together information from disparate cloud-based platforms leaves a fail point that needs to be monitored, especially when you consider the proliferation of third-party vendors in the business ecosystem. Each link in the chain that passes data between organizations and customers must be analyzed and monitored for compliance and security throughout the sales and manufacturing cycle.

Arming the next generation of cyber warriors starts with firing the imagination of generations of children and young adults as they enter the formative years of their education. Cybersecurity is an exciting career path and one that will continue to morph as threats emerge. Encouraging staff members to become lifelong learners is one of the shorter-term ways that Dunlop encourages individuals to enter the cybersecurity field, but he is the first one to recognize that we need a broader group of future professionals to enter this critical field and support the security of businesses in the future.


How Can You Focus Your Company on Reliable Anti-malware Strategies?

July 1st, 2019 by Julie Lough

antimalware

Organizations across the country are learning from cyber attacks perpetrated in Atlanta, Newark, and Sarasota. Similarly, large targets such as San Francisco’s transit authority and Cleveland’s airport have also been targeted. The growing threat from ransomware, which locks up the victim’s device and files, is hard to track down to the source. Fortunately, many attacks are preventable with the right training and compliance with company policies.

Where to Focus Cyber Hygiene Efforts?

Cyber hygiene involves putting processes into place to make it more difficult for hackers to attack your network. First, use two-factor authentication. Also known as dual-factor authentication, this creates an additional layer of security since it requires two proofs of identity. The most common method includes both a password and a one-time code texted to the user. Individual users should also back up data offline using an external hard drive or another device.

Internal firewalls deter malicious actors attempting to access your computer. When suspicious activity is detected, the suspect device is locked and denied access to the rest of the system. It’s similar to quarantining sick people to protect healthy ones.

Require staff members to regularly update passwords since cybercriminals can sometimes buy stolen passwords through the dark web. Take special precautions for remote access, which creates unique vulnerabilities. Make sure that your IT team has a process for detecting and eradicating threats associated with remote access to the company’s network and data.

How Can Staff Members Reliably Detect Phishing Emails?

Most ransomware attacks begin with what’s known as a phishing email. The hacker tries to get users to open attachments or links — which install ransomware on the computer. Here are a few tips on identifying phishing emails:

  • Strange word choices
  • Odd links
  • Misspelled words
  • Weird attachments, especially .exe or .zip files

If an odd-looking email seems to be coming from a friend, verify its validity before opening the email.

How Does Updating Your Software Help Prevent Infection?

Hackers exploit vulnerabilities in software, and patches are released to fix them. When your computer prompts you to update the software, do it.

What’s the Best Way to Stay Prepared?

According to a recent 60 minutes episode, hackers shut down systems at a hospital in Indiana. The hospital had to pay a $55,000 ransom to unfreeze its systems. Other organizations should learn from this experience and establish a robust security protocol.

How You Can Prevent Astonishing Impacts of Scareware?

Anti-malware programs cannot scan your PC without permission. No reputable company sends you scary emails or pop-ups as a marketing ploy. These messages are scams and are commonly referred to as scareware. They may even introduce infectious viruses on your computer. Avoid opening emails from senders you aren’t familiar with. Never give your computer credentials, personal information or credit card information to these bad actors.

There are things you can do to avoid scareware threats. First, avoid programs that pester you to register your device or buy software to clean up your computer. You could end up paying to clean up your working computer. Even worse, you could end up giving unknown cybercriminals access to your personal information. When you want to purchase malware protection, go directly to a reputable provider. Many companies offer free software to scan your system from their home page.

What are the Dangers Associated with Bundled Software?

Sometimes, when you download software, you get a prompt asking if you wish to download toolbars or change the home page of your browser. Don’t do it. Even though this is becoming common with legitimate software, it puts your system at risk. Known as “crapware,” these extras are often harmless and may even be quite helpful. However, there are times when adding these components open you up to cyber theft. It can also display annoying pop-ups and impact your computer’s performance.

You can avoid these attempts to bundle software. Extra apps that companies sneak onto your device aren’t always malware initiatives. They are, however, very annoying. Your computer can become so bogged down it’s practically inoperable. If you download the latest version of software such as Adobe Flash, reach every screen during the installation. Uncheck all boxes regarding additional toolbars.


9 Cybersecurity Terms You Need To Know

June 28th, 2019 by Julie Lough

Every business should have a comprehensive cybersecurity plan and a competent team that can execute that plan. Otherwise, cybercriminals and malicious actors can and most likely will take advantage of security vulnerabilities to access company data and cause damage. But as important as it is to have skilled IT professionals looking out for your business, it is equally important to educate yourself in the basics of cybersecurity so that you can avoid compromising your valuable information accidentally.

The following list of cybersecurity terms is one that every business owner, manager, executive and other professional should be aware of. The more you understand the basics of cybersecurity, the better equipped you will be to protect your valuable business data and personal information moving forward.

Cybersecurity Tips

9 Cybersecurity Terms Every Business Professional Should Know

1. Malware

From the time the average family had a personal computer in the house, most people had heard of computer viruses. Today, it is still common for many people to think of all types of attacks to computer systems and networks as viruses. In truth, a virus is only one type of attack that you need to be aware of. There are many other types of attacks, which along with viruses, fall under the umbrella of malware. Anything that is made to access your network or data—or cause damage to your network or data—is referred to as malware.

2. Phishing

Like the common term it comes from, phishing can be thought of as throwing out attractive bait in hopes that someone will bite and give up their valuable information. Phishing involves making a website or application that looks just like a site or app that people trust. You might get an email from Google or the IRS that looks legitimate. It could claim that the company needs you to update your information or your password and then take that info and give it to a cybercriminal.

3. Antivirus

An antivirus program is just like it sounds—a program for fighting computer viruses. What it is not is a program that will handle all of your cybersecurity needs. It will search for common viruses and eliminate those viruses, but it will not necessarily protect against other types of malware. Your antivirus can only scan the drives it has access to, and can only identify viruses that have already been identified by the company that makes the program.

4. Social Engineering

Social engineering refers to deceiving people instead of computers. While creating malware requires focusing on technical aspects, social engineering focuses on ways to manipulate people into doing what you want them to do. The scams where people ask you to cash checks on their behalf and send them the money because they are out of the country are an example of social engineering.

5. Ransomware

A common type of malware being put out by cybercriminals is known as ransomware. Ransomware takes some of your sensitive data and encrypts it so you cannot access it. The cybercriminal then demands a ransom for you to get access to your data. All of the cybersecurity terms you see that end with ware are types of malware.

6. Zero-Day Attacks

One of the biggest weaknesses of antivirus programs or other anti-malware programs is that they can only detect and protect against malware that has already been identified. Cybersecurity experts are constantly on the lookout for new malware, but they are not able to catch every piece of malware before it compromises systems and networks. There are always holes in the protective layers offered by cybersecurity teams. When a piece of malware compromises a hole, or vulnerability, in standardized security layers, it is known as a zero-day attack.

7. Redundant Data

While cybersecurity experts and your IT team are always striving to protect your system and network from attacks, sometimes your data can still become compromised—like with a zero-day attack. The reality of cybersecurity is that there is always the possibility of compromise, which is why backing up your data is a necessity. Not only does backing up your data protect against cybersecurity threats, but it also protects against equipment failures.

A quality backup will be quarantined in a facility that is not in the same location as your business.

8. Patch

A patch is what software developers send out when they discover a gap in the security of their programs. You should download available patches regularly to ensure optimal protection.

9. Intrusion Protection System (IPS)

An IPS is placed between your firewall and your system to identify intrusions and stop them before they cause damage.

For more information about cybersecurity for your business, please contact our team.


Cyber Security Advice: 6 Crucial Strategies

June 21st, 2019 by Julie Lough

Computer Security Tips

Cyber security is more important than ever before. The news is full of stories of leaks and breaches large and small. Some of these result from sophisticated, targeted hacks, and others occur thanks to enterprising hackers taking advantage of security holes in insecure or out-of-date software.

At the end of the day, though, just about every organization has the same weak link: its employees. The finest security tools are no match for bad (or just naïve) behavior from your employees. With that in mind, today we’ll review 6 strategies and tips crucial to improving your employees’ cyber security behavior.

1. Use Long, Complex Passwords

People tend to be lazy. It’s a part of human nature. If your IT policies allow people to set their passwords to “password” or “12345”, you can be assured some of your employees will do just that. Short, simple, easy-to-guess passwords are a security threat to your business. Not only can passwords like these be easily guessed by a human, they take next to no time to be brute forced by hacking tools.

Encourage (or, better, require) your employees to use long, complex passwords. A phrase that’s memorable to the employee is a good start. Add in some complex characters (symbols, mix of capital and lowercase) to increase the complexity further.

2. Understand That Everyone Can Be Targeted

Don’t think of cyber crimes in the same way people used to think about military conflict: as something that occurs between large entities with high-powered offensive and defensive capabilities. Yes, it’s the Targets and Experians of the world that make the national news when they are breached, but those high-profile cases are the exception, not the rule.

Smaller hackers aren’t going after hard targets, like governments or Wall Street. They’re going after soft targets: small and medium businesses that think they “can’t afford” good cyber security. In other words, they’re going after you.

3. Don’t Go Swimming and You Won’t Get Phished

One of the best tools hackers use is phishing. Phishing starts with your employees receiving a fake email. It could look like a legit business message or like a message from a vendor or service that you’re already using (like Microsoft Office 365). In other cases it looks interesting, tantalizing, or even salacious. These emails will contain a link or an attachment and will encourage users to click the link and log in or to open the attachment.

But the links and attachments aren’t what they appear to be. Once users do those actions, their credentials or devices are compromised.

Our best advice here is don’t go swimming so you won’t get phished. Don’t click on suspicious links, no matter how interesting they look. Don’t open attachments from unfamiliar accounts. If the email looks to be from a legit service (like Office 365), navigate to that service manually instead of by clicking the link. Lastly, if you’re not sure about an email, check with your IT group before continuing.

Computer Network Security

4. Consider the Security of the Network You’re Using

One of the advantages of cloud services is the ability to access many work systems from anywhere. As more and more firms move to cloud software and cloud services, those firms’ users need to stay up to date on security best practices. Employees dealing with sensitive company information or accessing customer data should only do so on secure networks. Public computers, free Wi-Fi at the corner café, and your cousin’s open Wi-Fi network are all examples of insecure network environments. Save the sensitive stuff for a more secure environment like the office.

5. Be Physically Aware

Many cyber attacks are perpetrated through actual, physical access to systems. Employees can be shockingly careless with company tech. If you walk away from your computer, phone, or tablet — even just for a second — lock the device. This is true even in your own cubicle or office. You never know when a disgruntled coworker might attempt to compromise something while posing as you.

Also, make sure employees understand that devices can be compromised by anything that’s plugged into them. Computers can be compromised by plugging in a flash drive or SD card that’s infected with malware. Be sure you trust the source of any external device that’s coming into your company.

6. Beware Social Engineering

Employees also need to watch out for social engineering schemes. These are similar to phishing schemes, but instead of stealing credentials using a fake form or website, thieves convince employees to hand credentials over outright. Don’t be afraid to hang up on (or stop emailing with) someone claiming to be from an important vendor (we’ll use Microsoft again). If anyone is asking an employee to supply credentials or to take actions on your computer or network, that’s a huge red flag. Legitimate vendor contacts likely wouldn’t need the employee to do this for them. Employees can call back directly using a number they know is legitimate. If the concern is real, the real support team will know about it.

Conclusion

These 6 strategies will help your employees resist cyber intrusions, but there is so much more for your team to know. For more comprehensive help with your cyber security strategy, contact us today.


Watch Out: File Hijacking and Malware Possible Through Slack Bug

June 5th, 2019 by Julie Lough

Software Bug Slack

On May 17, 2019, security firm Tenable announced that one of its researchers, David Wells, had discovered a Slack bug affecting Slack’s Windows desktop client. The bug affects version 3.3.7 of the Slack desktop app, which was just last week the most current version. Read on to learn more about this bug: how it was discovered, what it can do, and how to protect yourself.

Discovery and Reporting

Wells discovered the Slack vulnerability and reported it via HackerOne’s bug bounty program. This program allows white hat hackers to receive financial compensation for disclosing previously unknown vulnerabilities so that companies can address them before serious damage is done.

Under the terms of this program, the bug was not disclosed publicly until Slack had the opportunity to release a fix. Slack has since released that fix, but the segment of its 10 million active users that haven’t yet updated may remain vulnerable.

What the Bug Can Do

Wells discovered that slack’s protocol handler, “slack://”, can do quite a bit. It even has the ability to modify sensitive application settings. Attackers could abuse this protocol by creating a “slack://” link that reroutes the user’s download location. The powerful “slack://” protocol even allowed rerouting to an attacker-owned location.

The result of that action would be that files downloaded from Slack would actually be saved to the attacker’s server. The attacker would even be able to modify those files before the reviewer had a chance to open them.

The attack can also be hidden fairly well. Slack’s “Attachment” feature allows users to change the text that displays with a hyperlink, meaning the malicious link could be disguised as “Account Report 004.docx” or any number of realistic-looking files.

Lastly, an attacker with sufficient skill could inject malware into an Office file (like a Word document or Excel spreadsheet) using this exploit. This is a real danger, because Office files are tossed around as attachments all the time. Office warns users that downloaded files can be unsafe, but users will nearly always ignore this warning when they think they’ve downloaded a document from a trusted colleague.

The Danger Level

A bad actor gaining access to all downloaded documents isn’t good, of course, but how dangerous is this bug, actually? Tenable reports that it has scores 5.5 on the CVSSv2 scale, which is a medium score. We see two reasons the bug doesn’t score higher.

One, exploiting this vulnerability requires user involvement. If you don’t click the link, the attacker gets nothing.

Two, exploiting this vulnerability in a convincing way requires compromising the credentials of a Slack group member. It’s difficult if not impossible to send a message to just anyone using Slack. You have to first be a member of the same channel. This means that this exploit is more or less limited to disgruntled channel members and attackers who’ve hacked or stolen a channel member’s credentials.

How to Protect Yourself

The good news on this vulnerability is that Slack has already patched it. All you need to do to protect yourself and your organization is ensure that anyone using Slack for Windows has updated to version 3.4.0 or later. You can check yours by looking at the “About” window in the program. If you don’t have the access needed to update your application, contact IT right away.

IT Administrators looking to update a Microsoft Install deployment should check out these instructions provided by the Slack team.

More Good News: No Real-World Impact, Yet

There’s more good news about this bug and associated exploit. Because Tenable reported the bug to Slack through HackerOne, Slack was able to address the vulnerability before it became publicly known. According to the company’s reporting on its own research, they find no evidence that the vulnerability has been exploited in the real world yet.

Conclusion

Exploits like these are discovered every day. Are you protected? If you’re not sure, give us a call. We stay up to date and we keep our clients safe.


8 Ways Cybercriminals Make Your Firewall And Antivirus Useless

May 29th, 2019 by Julie Lough

Cyber Security Solutions

Having the right cybersecurity technology is just a part of doing business in today’s world.

In fact, security solutions like firewalls and antivirus software accounted for $23 billion in annual revenue – it’s likely that you contributed to that in some small way.

But are they really worth your money?

There’s no disputing the need for an effective firewall or antivirus solution, regardless of the size or specialty of the business in question.

But, given that they are such a standard in the business setting today, have you ever stopped to figure out what you’re paying for?

What is a Firewall?

Your firewall is your first line of defense for keeping your information safe. A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

A firewall inspects and filters incoming and outgoing data in the following ways:

    • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
    • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
    • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

What about Antivirus?

Antivirus ProtectionAntivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation. The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.

Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.

If a user encounters a threat, the antivirus software detects the threat and blocks it using a string of text – an algorithm – that recognizes it as a known virus. The virus file tries to take one action or sequence of actions, known to the antivirus software, and the algorithm recognizes this behavior and prompts the user to take action against suspicious behavior.

Is this type of cybersecurity software effective?

Short answer?

To an extent.

Sorry for the underwhelming answer, but it’s a bit of a difficult question to answer.

A next-generation firewall and up to date antivirus solution are great at doing specifically what they’re designed for.

The problem is that they are not the end-all, be-all of cybersecurity in the modern world.

You could have the best firewall and antivirus software on hand, and still be vulnerable in any number of other ways…

The top 8 ways that cybercriminals get around firewalls and antivirus

Cybercriminals target your employees.

As important as cybersecurity technology is, on its own, it simply isn’t enough. The key to truly comprehensive cybersecurity is simple, yet often overlooked: the user.

Cybersecurity gimmicks — such as “set it and forget it” firewalls and antivirus software — fail to account for how important the user is.

Even the most effective digital security measures can be negated by simple human error, which is why conventional solutions are simply not enough to make sure you’re safe.

Much of cybersecurity is dependent on the user, and as such it’s vital that you properly educate your employees in safe conduct.

The more your workforce knows about the security measures you have in place and how they can contribute to cybersecurity, the more confidently they can use the technology is a secure manner.

Well trained employees become a part of cybersecurity, and are capable of:

  • Identifying and addressing suspicious emails, phishing attempts, social engineering tactics, and more.
  • Using technology without exposing data and other assets to external threats by accident.
  • Responding effectively when you suspect that an attack is occurring or has occurred.

Cyber Criminal

Cybercriminals target your offsite devices, outside of business hours.

This is a critical limitation of your cybersecurity software, and it’s obvious when you think about it – if your firewall is only installed on your work devices, but you let employees use personal devices and home workstations to access business data, then obviously you won’t be totally secure.

In addition to having a detailed Acceptable Use policy in place at the office to stop your staff from using work devices to use unauthorized software and visit dangerous websites, you also need a mobile device policy in place to protect your data that may be on personal devices.

The right monitoring software for mobile devices will protect you from a number of dangerous scenarios, including:

  • Jailbreaking and rooting company devices
  • Unauthorized access to company data
  • Lost or stolen devices that need to be remotely wiped

Cybercriminals figure out your passwords – because your passwords are weak.

Users, both at home and at work, tend to be horrible at selecting and maintaining strong passwords.

Did you know, for instance, that 81% of data breaches in 2017 came down to stolen and/or weak passwords?

Are you confident in your password strength?

Find out for sure by reviewing these common password mistakes:

  • Length and Complexity: Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and simple passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
  • Numbers, Case, and Symbols: Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols in order to increase the complexity.
  • Personal Information: Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself.The same methodology applies to your pet’s name, your mother’s maiden name, etc. However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
  • Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess. Despite the fact that passwords are the most direct way to access a user’s private information, most passwords in use today are simply not strong or complex enough. Passwords protect email accounts, banking information, private documents, administrator rights and more – and yet, user after user and business after business continues to make critical errors when it comes to choosing and protecting their passwords.

Keep these tips in mind when setting your passwords:

    • Password Strength: It’s common that passwords are required to include uppercase letters, lowercase letters, numbers, and special characters. Consider using a passphrase—which is when you combine multiple words into one long string of characters—instead of a password. The extra length of a passphrase makes it harder to crack. For a more secure passphrase, you’re encouraged to combine multiple unrelated words to create the phrase, for example, “m4ryh4d4l1ttl3l4mb.”
    • Password Managers: These programs store all of your passwords in one place, which is sometimes called a vault. Some programs can even make strong passwords for you and keep track of them all in one location, so then the only password or passphrase you have to remember is the one for your vault.The downside of using a password keeper program is if an attacker cracks your vault password, then he or she knows all of your passwords for all of your accounts.
    • Multi-Factor Authentication: Multi-Factor Authentication is a great way to add an extra layer of protection to the existing system and account logins. 45% of polled businesses began using MFA in 2018, compared to 25% the year prior.By requiring a second piece of information like a randomly-generated numerical code sent by text message, you’re better able to make sure that the person using your employee’s login credentials is actually who they say they are. Biometrics like fingerprints, voice, or even iris scans are also options, as are physical objects like keycards.

Cybercriminals penetrate your unpatched, out of date networks.

Did you know that one of the most common ways that cybercriminals get into a network is through loopholes in popular software, applications, and programs?

Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes. Due to this, much of the software you rely on to get work done every day could have flaws — or “exploits” — that leave you vulnerable to security breaches.

Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix those flaws and protect the users.

This is why it’s imperative that you keep your applications and systems up to date.

Unfortunately, most users find updates to be tedious and time-consuming and often opt to just click “Remind Me Later” instead of sitting through an often-inconvenient update process.

Comprehensive and regular patch management is a crucial part of proper IT security. Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.

Data Backup Services

Cybercriminals target data that hasn’t been backed up.

Do you have a data backup policy in place?

If not, then you’re vulnerable, right now, to ransomware.

Ransomware has quickly become one of the biggest cyber threats to businesses today – remember the Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries?

That was ransomware, and it could happen to you too. Unless that is, you get a data backup solution put in place.

If you have you have a data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.

That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.

Be sure to:

  • Back up data on a regular basis (at least daily).
  • Inspect your backups to verify that they maintain their integrity.
  • Secure you backups and keep them independent from the networks and computers they are backing up.

Cybercriminals trick your staff into installing dangerous software.

One of the most popular cybercrime tactics is to trick users into downloading malware, under the assumption it’s a type of software they need.

This could be hidden in a large downloaded file that users may think is a work program, a video game, or even a mobile app.

This is further reason why you need an Acceptable Use policy and content filter in place on work devices. These types of measures will protect you against your unsuspecting employees.

Cybercriminals trick your staff with phishing emails.

A popular cybercrime tactic among hackers today is “phishing” – a method in which they send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.

It’s more effective than you might assume. That’s why the rate of phishing attacks increased by 65% in recent years – businesses keep making it easy for cybercriminals to get away with.

Share these key tips with your employees to make sure they know how to spot a phishing attempt:

  • Incorrect Domain: Before even taking a look at the body of the message, check out the domain in the sender’s address. Maybe they claim to be from your bank, or a big name company – but talk is cheap.It’s much more difficult to spoof an actual domain name, and so it’s more common to see domains that are closer, but not 100% correct. If it seems fishy, it probably is.
  • Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
  • Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
  • Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
  • Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
  • Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.

Cybercriminals cut out the middle man and pretend to be you.

With the amount of personal data that people put online today, it’s not as difficult for cybercriminals to impersonate you as you might think.

By mining your social media, your LinkedIn and your company website, it can be pretty easy for a hacker to figure out your email address and reset your password.

Or maybe instead they spoof your email address and use it to contact a subordinate or a business contact to gain further information and access to use against you.

Put simply?

You need to protect yourself as a matter of privacy, and with the right processes:

    • Never give out private information: A basic cybersecurity rule is knowing not to share sensitive info online. The trusted institutions with which you do business will not ask you for your private information.They already have your account numbers, social security number, and your passwords. They won’t have any good reason to ask for it again, right? If an email from a superior or external contact asks for that info, it is likely a scam, so be sure to confirm the request by phone or in person.
    • Set standard protocols for requests: Have steps put in place for management to follow when asking for information or access from employees. If your employees have a clear idea of how these interactions should look, they’re less likely to be fooled by a hacker posing as their supervisor.

Are your firewall and antivirus worth the money?

Yes.

Security software is a vital part of your cybersecurity – but the key word in that statement is part.

You should definitely invest in the usual cybersecurity solutions, but they are not enough on their own. Cybercriminals have so many tactics and methods for penetrating an organization like yours that you can’t settle for defending yourself on one front alone.

That’s why you need a comprehensive defense, that combines cybersecurity solutions, employee training, best practices, and detailed policies.

Anything less and you will have left a gap in your armor, making only a matter of time before cybercriminals find their way in.


What Is PII Under GDPR?

May 13th, 2019 by Julie Lough

GDPR PII

The security of user data is of high importance, and that importance only grew with the implementation of the EU’s General Data Protection Regulation (GDPR). These sweeping new regulations went into effect on May 25, 2018. They are European Union regulations, but they have sweeping effects since they apply to any business that stores personal information of any EU citizen.

It’s important to comply with GDPR. The first step, though, is to understand what exactly GDPR requires for your business.

PII Under GDPR

The short answer to the question of what PII is under GDPR is that it’s not a thing. Personally, identifiable information is an American term. The rough European equivalent is personal data. It’s important to note, though, that the two are not identical. The European standards are more restrictive, and the European category (personal data) is, therefore, more inclusive.

Here’s the bottom line: don’t assume that if you’re PII compliant that you’re automatically GDPR compliant. You need to do more for the latter.

Defining Terms

If you’re asking the question “what is PII under GDPR?” there’s a good chance you know some of the lingo already, but it’s worth reviewing.

Personally Identifiable Information (PII)

This term refers to any number of pieces of information that a company might store that can be used to identify individuals. Bad actors who accumulate enough PII on an individual may be able to compromise the individual’s accounts or even steal the individual’s identity. Examples of PII include (but aren’t limited to) driver’s license numbers, social security numbers, full names, physical addresses, and credit card numbers.

Remember, this is an American term, not a global one.

Non-Personally Identifiable Information (non-PII)

Non-PII is what’s left that’s not PII, in the American way of viewing things. This is the kind of information that can be used in aggregate forms. It’s useful data, but it can’t be used to identify individuals on its own. Examples include IP addresses, device IDs, and cookies left behind on devices while browsing the web.

Personal Data

Personal data is the EU equivalent of PII. It’s the information that businesses store on customers that could be used to identify those customers. The important difference here is the breadth of the definition.

GDPR concludes that even non-PII can be personal data. Cookies and IP addresses, for example, can be used in conjunction with PII to help reconstruct a person’s identity. For this reason, even these forms of information are considered personal data and are protected under GDPR.

The ruling that even cookies can be considered personal data is why you’ve started seeing cookie warning messages all over the internet. Those companies are seeking to comply with GDPR by receiving permission from all visitors to use cookies.

Best Practices for Businesses

Given the changing landscape of privacy regulations, businesses must adapt and stay compliant. Here are a few best practices for complying with GDPR.

Survey What Data You Collect

The first step toward compliance is to know what your business is collecting. Conduct a comprehensive survey of the data that you collect and store through your site.

Keep Only What You Need

Second, ask the hard questions about what personal data your business truly needs. If it’s not providing real value, dump it.

Get Permission to Keep It

Whatever you decide is essential, ask permission to keep it. That’s what the cookie notices are doing, and you need to do the same.

Conclusion

Data privacy regulations are complex. You might not want to go it alone. If not, we’re here to help. Contact us today!


Are You Using Internet Explorer?

May 6th, 2019 by Julie Lough

Internet Explorer Security

Do you still surf the Web with Internet Explorer?  If so, you’re not alone. Even after Microsoft came out with their new Edge browser in 2015, some people are still using Internet Explorer.

The Problem?

Security experts have found serious security flaws in Internet Explorer’s code. This means that if you use it, you’re opening yourself and your business up to hacking and computer viruses.

Another Problem?

Microsoft won’t be fixing this for the foreseeable future.

What Are These Flaws?

The most recent of these was found by an independent researcher named John Page. He published a proof of concept that demonstrates a flaw in the way that Internet Explorer handles MHT files. MHT is a Web page archive file format.

How Do These Flaws In Internet Explorer Create Security Issues?

If you use Windows 7, Windows 10, or Windows Server 2012 and it comes across an MHT file, it will try to open the file using Internet Explorer. This presents an easy opportunity for savvy hackers.  All they have to do is to use an MHT file containing a malicious virus and present it to you via a phishing email or other form of social engineering. Once you take the bait, the malicious virus gets into your computer/server.

Are We Safe If We Use Another Type Of Browser?

Not really. Any Windows-based system is still very much at risk from infected MHT files. This is because Internet Explorer 11 still ships with all Windows-based PCs. This includes computers that use Windows 10.

What Can We Do To Prevent Being Hacked Due To Internet Explorer Flaws?

One good thing is that Internet Explorer isn’t enabled on Windows 10 computers. For it to be enabled, you need to set it up yourself.

For now, this is the simple solution — Just don’t enable Internet Explorer. And to be completely sure, it’s best if you uninstall Internet Explorer from your Control Panel altogether.

John Page reported the issue to Microsoft on March 27, 2019, and received the following reply from them:

“We determined that a fix for this issue will be considered in a future version of this product or service. At this time, we will not be providing ongoing updates of the status of the fix for this issue, and we have closed the case.”

Unfortunately, it looks like, for the foreseeable future, that Microsoft won’t be providing a fix regarding the flaws with Internet Explorer. As we said above, the answer, for now, is for you and your staff to uninstall Internet Explorer from your computers.


Ransomware Hits Popular Cable TV Network

April 30th, 2019 by Julie Lough

Weather Channel Ransonmware

For several years now, sporadic attacks that interrupt major networks’ daily programming have been occurring around the world as hackers try to break in and succeed at their digital violence.

In April 2019, the victim was The Weather Channel. The network found itself having to broadcast pre-recorded material while an internal plan to regain channel access was quickly developed and put into place. Because this happened during some peak air morning air time—between 6 A.M. and 7:40 A.M. EDT—a significant number of viewers were affected. Aside from money the network needed to spend on emergency tech measures to get their channel back and rebuild it to a more secure form for the future, this event must have cost them reputation points as it likely didn’t sit well with advertisers.

While the network publicly announced that malware was at play in the attack, there has been speculation about whether this was the result of ransomware. With ransomware, the disruptive effects of malicious software persist until a specified amount of money has been paid. And although the malware attack itself may seem senseless, this stands as a good opportunity for your business to take some precautions to protect itself.

  1. Back-up your machines and networks. Having multiple layers of back-ups in place—both locally as well as in the cloud—can help easily restore your systems should a ransomware attack strike. Part of this also includes making sure you set back-ups to happen regularly; this ensures that you have fixed and reasonably recent recovery points to draw upon in the event of an emergency.
  2. Break up network access by different machines and user groups. Odds are that very few users if any need to have access to everything in the business; why leave full access open to anyone? They’d be a source of major vulnerability since, should a hacker gain access to their account, everything would be up-for-grabs. Leveraging the limited access of specific user groups or permissions helps contain an attack should one arise, and prevent damage from spreading business-wide. You and anyone on your team might be the exception to this in that you all need total access to be possible somehow. Fortunately, you can always construct a solution, such as several different administrative users with limited permissions, to give you the tools you need for your job while still maintaining high security.
  3. Train employees and enforce best practices. Make sure that everyone working at your business understands what steps they can take to protect their computers from hackers as well as how some of the most common types of threats work. Empower your people to set up strong passwords and to know when to trust an attachment or link. Make sure they follow through on some of these precautions by requiring them to take measures such as setting up multi-factor authentication on their accounts. Don’t let weak security be a possibility!
  4. Install software to secure your machines and scan for attacks—and make sure you keep it up-to-date. First off, you want to try to make sure your machines and networks are fortified against attacks. Use a well-constructed firewall as a central part of your protection plan. But don’t rely entirely on a strong structure to protect your business, particularly given how rapidly tech evolves. Make sure you have systems in place that anticipate vulnerabilities and keep an eye out for attacks. Some businesses even opt for honeypots, which are like dummy vulnerabilities to bait potential attackers and keep a digital weathervane in place to tell if hackers are likely to try something. Regularly update these scanning tools to ensure they are up-to-speed with the latest hacker trends and potential aggressors.

Malware attacks cost businesses large amounts of money, accounting for as much as about one-third of global cyber attack costs in recent years. In fact, cybercrime in the United States is estimated to cost enterprise companies an average of $27.4 million per year, a number that is only continuing to climb over time. If you’ve been fortunate enough to not experience any recent spikes in malware attack attempts, don’t let that lull your business into a false sense of security. After all, 85% of companies polled had experienced a social engineering or phishing attack in the past year, while 75% had at least one web-based attack. Regardless of your company’s size, remaining vigilant for possible threats and attacks is important to ensure that daily business operations can continue to flow as usual, uninterrupted and uncompromised.


Foreign Hacker Steals Nearly Half a Million From City of Tallahassee

April 26th, 2019 by Julie Lough

Tallahassee Cyberattack

The Tallahassee Democrat reported on April 5th that a large sum of money had been stolen from the city of Tallahassee’s employee payroll. The perpetrator is suspected to be a foreign hacker.

What was stolen in the hack?

The breech diverted approximately $498,000 from the city payroll account. Still, all city employees have received their earned paychecks. This hack was the second time in less than a month that a breach of city security had occurred.

How did the attack occur?

The city of Tallahassee employs an out-of-state third-party vendor to host their payroll services. Their employees should be paid regularly through direct deposit. However, a foreign hacker apparently targeted this third-party vendor, effectively redirecting the direct deposits to their own accounts.

The city of Tallahassee found out about the breach when their bank alerted them. Of course, employees found out simultaneously when they awoke to realize they had not been paid on payday.

Is there any way to get the money back?

In the majority of large scale hacks, stolen funds or data is difficult or impossible to retrieve. Still, with help from their bank, the city of Tallahassee has managed to recoup approximately a quarter of the stolen money.

They continue to pursue criminal charges against the hackers with the aid of law enforcement and their insurance provider as well.

How do cyber attacks like these occur?

Successful cyberattacks usually start with some form of an email hack. This is usually achieved through phishing.

In fact, before the most recent hack of the city of Tallahassee, an email had been sent out that appeared to be from the City Manager. It was actually from an outside hacker who had included a virus disguised as a Dropbox link in the email.

While it is not suspected that this email was related to the stolen payroll funds hack, this does happen. “Phishing” emails can help hackers procure useful information about accessing in-network files and accounts.

How can you prevent hackers from attacking your business?

Large municipalities such as Tallahassee City are increasingly being targeted in cyber attack thefts. But the truth is, any business — or individual, for that matter — can fall prey to a cyber attack.

Unfortunately, the retrieval rate on hacking thefts is not high, meaning that prevention is key. The best way to prevent a hack is to prevent phishing, as this is how most hackers access your systems and accounts.

Make sure that everyone on your staff is keenly aware of what to look for in terms of phishing emails. When in doubt, suspicious emails should be left unopened. Or, at the very least, links should not be clicked, and personal or account information should never be handed over unless it’s sure the request is legitimate.

It’s also important for businesses to employ the services of a reputable and experienced IT services provider. Look for one who specializes in cybersecurity and has experience dealing with hacking prevention.