Tag: cyber criminal

Posted on

Cybersecurity and Small Business

Small businesses face many challenges as they grow and expand, and chief among them is the growing threat of cyber-attack. As the company grows, its value to cybercriminals grows, too. Implementing comprehensive cybersecurity measures is essential to maintaining customer trust and safeguarding important business data against these threats.

There is a belief among small business owners that their operations are too small or insignificant to be attractive targets for cybercriminals. Cybercriminals, on the other hand, more often view small businesses as easy targets. Why is this? Largely because the bad guys know that the smaller companies aren’t spending on cybersecurity services and tools and aren’t always keeping their workers informed about ways they can participate in keeping things safe.

To help protect the business from cybersecurity threats, it is crucial to invest in some key security measures. Longer and more complex passwords, regular software patching and updating, and periodic training for employees on how to identify phishing attempts and what to do with suspicious emails is a good start. Cybersecurity efforts should scale with the business, and this requires strategic planning that is aligned with the goals and objectives of the business.

The best cybersecurity approaches are built on a secure foundation, and this is what helps to support business growth and expansion. For every business, there are four cornerstones of a solid cybersecurity foundation.

  • Identifying potential cyber threats and understanding the business risk they represent.
  • Enforcing strong password protection and role-based access controls.
  • Following best practices in cybersecurity.
  • Managing documentation and vital business information securely.

Cybercriminals know that smaller businesses generally have limited cybersecurity resources, making small businesses prime targets for phishing and malware. What is the potential impact of falling for a phishing email, or what happens if there is a ransomware attack? Each type of threat carries different levels of risk, and growing businesses should be aware of the potential financial, legal and reputational impacts when evaluating their approach.

Businesses can help their users become part of the cybersecurity plan by regularly training them on phishing methods and ways to avoid ransomware or malware. When users know more about emerging threats and how to recognize and report suspicious things, they become valuable assets in the improvement of cybersecurity of the business.

The first line of defense in cybersecurity is the username/password challenge. Many systems today use an email address as the username or user ID, which means it really isn’t much of a challenge to guess. This leaves it to the password to keep the account secure, so a strong and unique password is necessary.

Making another challenge to the authentication adds another layer of protection to the account. Referred to as 2FA or MFA (two-factor authentication or multi-factor authentication), users may be required to respond to an in-app message, provide a code received via SMS or other, or provide a code from an authenticating application to satisfy the login requirements. This additional challenge to the user identity makes it harder for cybercriminals to gain unauthorized access.

Ensuring the protection of sensitive business information requires controlling what users have access to once they are in the system. If someone were to gain unauthorized access, having appropriate role-based access controls in place would limit their ability to get sensitive data. This is often another area of vulnerability for smaller businesses that don’t implement strict document controls or structures, opting instead for an open self-service model that leaves data available to whomever can get logged in.

With businesses changing frequently, it is important to not just create a framework to limit user access, but to keep user and role-based access reviewed and updated regularly. Software and systems also need to be updated regularly. Known software vulnerabilities should be patched and security updates installed on devices, and policies enforcing updates and antivirus/malware detection should be implemented.

We understand that businesses must enhance their cybersecurity strategies to combat the growing number and type of cyber threats, and it can be challenging just figuring out what to do first. Working with a variety of technologies and specialists, we can help secure your digital environment and keep you better-protected from the bad guys.

jm bunny feetMake Sense?

J

Posted on

4 Rules of Thumb for Better IT Security

Your business is a target. The simple fact of being in business makes it so. There are a lot of bad actors out there who will go to great lengths to get your personal and financial information, and they have many different and innovative approaches to get it. There are some small steps any business can take to make a big impact in protecting business data.

Here we present our 4 Rules of Thumb for better IT security; a starting place if you’re looking for somewhere to begin.

We can’t stress enough that every business should make it a priority to implement some basic information/technology security standards and regular employee training. Having more discussion on the subject helps everyone in the company learn and shows that management is paying attention. Remember that business data isn’t just word documents and spreadsheets. It’s banking and financial and other information, employee information like social security numbers and direct deposit info, customer, vendor information and more. For even a small business, the possibility data exposure or loss isn’t trivial.

NOOBEH cloud services works to keep your QuickBooks on Azure cloud deployment more secure in a variety of ways, but we always start with a few essential policies. These rules and policies can mean the difference between a small IT annoyance or catastrophic failure and data encryption, loss, or exfiltration. If you haven’t implemented these four essential policies in your business IT environment, today is the day to start.

  1. Always use strong passwords, at least 10 to 12 characters, and make them complex. Require passwords to be updated periodically. Don’t reuse passwords and avoid common words or phrases.
  2. Don’t let users operate with permissions greater than required. In applications, consider restricting functionality based on the role or job requirements. On servers and PCs (Windows, Mac, whatever), make sure users are operating as “standard” users rather than system administrators. When you reduce the permissions granted to users you prevent their accounts from performing possibly harmful actions in the system, like installing malware or damaging programs, modifying settings, or even creating backdoor user accounts.
  3. Control user account information and manage it closely. Simply knowing what user accounts exist can give hackers and phishers enough information to begin targeting logins and applying methods to crack them. Part of this includes making sure to remove or disable accounts for user accounts that are no longer needed. Every unused account that remains enabled is just another point of vulnerability. Protect system and administrative accounts and directories (like Microsoft Active Directory). Make certain that you only grant access to sensitive system and account information when absolutely necessary, and only to a completely trusted source. Also make sure to have at least one “break the glass” (back door) admin account you can use if the regular administrative account(s) become compromised.
  4. Limit the installed software to what is needed for the business and keep it current. Make sure operating systems and applications are up to date, and keep browsers and plugins updated to make sure they don’t become the weak link.

Cyber criminals are delivering waves of cyber-attacks that are both highly coordinated and far more advanced than ever before seen. Endpoint attacks have become complicated multi-stage operations, ransomware hits small business and enterprises alike, and stealth crypto mining got criminals into unsuspecting corporate networks. The year has been awash with massive data leaks, expensive ransomware payouts and the realization of a completely new and extremely complicated threat landscape. The bad guys have upped their threat game in a big way.

Diligence is required to help protect valuable business information assets. Following these four rules of thumb will help the business avoid becoming easy prey and can provide a foundation for greater system security and a more streamlined approach to identity management, applications and access.

jm bunny feetMake Sense?
J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J