Tag: cybersecurity

Posted on

ZERO TRUST – Every Email is Suspect

Electronic mail has become a standard for communications around the globe. Email can contain not just text, but can deliver documents, photos and videos and other media. Email allows people to contact others at any time and respond on their own schedule. Where previous methods of communicating with someone far away were expensive and time-consuming, email allows people to stay in touch no matter where they are as long as they can connect to the internet.

Yet email is not a fully secure communication medium, and a lot of people are just now figuring out just how vulnerable they may be. What was once considered a trusted means of communication has now become something to be suspicious of. For most users today, it is best to approach emails with a high degree of suspicion (zero trust), especially if they ask for personal information or contain links or attachments.

With email, someone could intercept the messages or even store messages without your knowledge or control. The smallest human error can have ripple effects that turn into waves of trouble because messages cannot usually be taken back. And then there are the threat actors, of which there are too many and they are far too clever.

Phishing has become a highly popular method of cyber-attack, probably because it works so well. It involves tricking people into giving away sensitive information like credit card numbers, social security numbers, and passwords. Phishing is fueling (phueling?) opportunities for malware infections and identity theft which can lead to financial loss, reputation damage and more. Any information an attacker can gain helps them get even more information and go deeper into the organization.

Protecting against phishing attacks requires vigilance and following best practices such as using strong and complex passwords, and two-factor or multi-factor authentication (MFA). Also, it is crucial that users avoid clicking on links in emails, and everyone should verify the email authenticity before responding, especially if sensitive information is involved.

To check the identity of the sender, mouse over (put your cursor over) the email address and it may show you the actual sender address. While the email may say the message came from somebody you know, you may find that the actual sender address is an obscure email address you don’t recognize.

Mouse over links in the email but don’t click on them. When you hover your cursor over the link, it may show you the actual url the link goes to. Like with email addresses, links can be named something other than the actual url. If it is a url or website name you recognize and trust, then type the url into your browser instead of clicking on the link, just in case.

Use multiple channels for communication. This means you should not just communicate with co-workers and others using email. It is always a good idea to have some other form of trusted means of communicating with someone, such as via telephone or a messaging application. When you receive an email requesting sensitive information or an email with file attachments, you should communicate with the sender on one of your other communication channels to verify the authenticity of the email or attachment.

Never ask the sender to verify their identity over the same channel as the original communication. If it is a hacker, you’ve just verified to them that they reached their target.

jm bunny feetMake Sense?

J

Posted on

4 Rules of Thumb for Better IT Security

Your business is a target. The simple fact of being in business makes it so. There are a lot of bad actors out there who will go to great lengths to get your personal and financial information, and they have many different and innovative approaches to get it. There are some small steps any business can take to make a big impact in protecting business data.

Here we present our 4 Rules of Thumb for better IT security; a starting place if you’re looking for somewhere to begin.

We can’t stress enough that every business should make it a priority to implement some basic information/technology security standards and regular employee training. Having more discussion on the subject helps everyone in the company learn and shows that management is paying attention. Remember that business data isn’t just word documents and spreadsheets. It’s banking and financial and other information, employee information like social security numbers and direct deposit info, customer, vendor information and more. For even a small business, the possibility data exposure or loss isn’t trivial.

NOOBEH cloud services works to keep your QuickBooks on Azure cloud deployment more secure in a variety of ways, but we always start with a few essential policies. These rules and policies can mean the difference between a small IT annoyance or catastrophic failure and data encryption, loss, or exfiltration. If you haven’t implemented these four essential policies in your business IT environment, today is the day to start.

  1. Always use strong passwords, at least 10 to 12 characters, and make them complex. Require passwords to be updated periodically. Don’t reuse passwords and avoid common words or phrases.
  2. Don’t let users operate with permissions greater than required. In applications, consider restricting functionality based on the role or job requirements. On servers and PCs (Windows, Mac, whatever), make sure users are operating as “standard” users rather than system administrators. When you reduce the permissions granted to users you prevent their accounts from performing possibly harmful actions in the system, like installing malware or damaging programs, modifying settings, or even creating backdoor user accounts.
  3. Control user account information and manage it closely. Simply knowing what user accounts exist can give hackers and phishers enough information to begin targeting logins and applying methods to crack them. Part of this includes making sure to remove or disable accounts for user accounts that are no longer needed. Every unused account that remains enabled is just another point of vulnerability. Protect system and administrative accounts and directories (like Microsoft Active Directory). Make certain that you only grant access to sensitive system and account information when absolutely necessary, and only to a completely trusted source. Also make sure to have at least one “break the glass” (back door) admin account you can use if the regular administrative account(s) become compromised.
  4. Limit the installed software to what is needed for the business and keep it current. Make sure operating systems and applications are up to date, and keep browsers and plugins updated to make sure they don’t become the weak link.

Cyber criminals are delivering waves of cyber-attacks that are both highly coordinated and far more advanced than ever before seen. Endpoint attacks have become complicated multi-stage operations, ransomware hits small business and enterprises alike, and stealth crypto mining got criminals into unsuspecting corporate networks. The year has been awash with massive data leaks, expensive ransomware payouts and the realization of a completely new and extremely complicated threat landscape. The bad guys have upped their threat game in a big way.

Diligence is required to help protect valuable business information assets. Following these four rules of thumb will help the business avoid becoming easy prey and can provide a foundation for greater system security and a more streamlined approach to identity management, applications and access.

jm bunny feetMake Sense?
J

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Considering Cybersecurity as Cloud Work Expands

When the pandemic forced many business users to move to remote work, it also forced the network security “boundary” to expand greatly and with great speed. Companies quickly adapted their tools and work so that it could be done somewhat effectively even as the employee working environment changed.  But new security models to match with new working models have not as quickly been adopted.

Business cloud workloads grew, by some estimates, as much as 20% just in the first 6 months of 2020. Yet many of those businesses electing to bring cloud working models to their business also made of the mistake of not expanding their security as they expanded the cloud network. This leaves systems and information vulnerable. Phishing, ransomware, credential theft and web app attacks have increased, catching businesses in their vulnerable states.

“In April to June of 2020 alone, security incidents increased by 188%.”

Even more than on-premises systems, it was the external cloud-based data and applications that were under attack because so many companies expanded their use of cloud services without enhanced security as part of the plan. Any expansion to include the cloud as network also significantly increases security risks. One report found that 35% of businesses made their cloud storage openly accessible to the public, allowing anyone to access it via the internet.

Don’t let your critical information be exposed or put at risk. When you begin using a cloud service, make sure to also address security for the new working mode or it could lead to lost or leaked information or a system breach.

Mendelson Consulting and NOOBEH cloud services take security very seriously. We help our clients keep their applications and data working properly and have a focus on methods to keep information safe regardless of what cloud you work on.

jm bunny feetMake Sense?

J

1 ( https://duo.com/blog/growing-security-safely-in-canada )

Posted on

Building A Solid Foundation for Business Cybersecurity

The cybersecurity threat landscape has changed dramatically in the last few years. No longer primarily a big-business concern, cybersecurity has become a key focus of businesses small and large. Attacks on SMBs are on the rise, perhaps because they represent a plentiful and often easy target. And the cost of damage and disruption to business just keeps going up.

Cybersecurity is not a problem you can simply throw a bunch of money and tools at to fix.

No matter how much great software or fancy systems you implement, the people will always be a big part of the equation. The root cause of over half the data breaches reported is a result of negligent employees or contractors.

That means that nearly half of all attacks are being executed through phishing or social engineering. The only tool you can apply to this problem is education. Efforts should be focused on security awareness and training workers to be more cautious to the point of almost being paranoid. Better to be safe than sorry in this case.

Training workers to be more careful as they work with emails, documents and websites is part of it, but there is much more to making sure the business is addressing the entire cybersecurity issue. NIST (National Institute of Standards and Technology) offers a wide variety of information and guides that businesses can use to learn more about and implement cybersecurity practices. Among these resources is the Cybersecurity Framework.

According to NIST, “the Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes.” It is a highly useful tool in helping the business align and prioritize activities with business requirements, risk tolerances and resources. The standard framework includes elements that are consistent and common across sectors and critical infrastructure, so it can be oriented to any business.

Even if the business is not prepared to delve into the details of a comprehensive cybersecurity policy and guideline, a basic outline and approach cannot be avoided without asking for disaster.

Putting this squarely into the Risk Management category, there is an ongoing process of identifying, assessing, and responding to risk situations or conditions. To manage the risk, businesses need to consider the likelihood that an event will occur and what the potential impact is as a result.

Knowing the acceptable level of risk for reaching the business objective is the risk tolerance. If a business understands its risk tolerance, the company can prioritize cybersecurity activities and make informed decisions about cybersecurity expenditures.

There are five key functions to consider as it relates to cybersecurity risk: Identification, Protection, Detection, Response and Recovery. How the business addresses each of these in the context of the systems and activities is essentially the business’s cybersecurity posture, a high-level and somewhat strategic view of the organization’s management of cybersecurity risk.

The key to building a solid foundation for  business cybersecurity practice is to establish a platform where all the business applications and data can be identified and access secured.

User desktops, productivity applications, operational software and business data can be hosted on private cloud servers, allowing the business to fully-manage data and application access. The server-based model reduces or eliminates the need to sync data to devices, and remote desktops keep user environments secure, patched and up-to-date.

Our consultants can’t write your cybersecurity policies or determine your risk tolerance, but we can help implement a solution that improves fault tolerance, resilience, and recovery.

Make Sense?

J