Tag: malware

Posted on

ZERO TRUST – Every Email is Suspect

Electronic mail has become a standard for communications around the globe. Email can contain not just text, but can deliver documents, photos and videos and other media. Email allows people to contact others at any time and respond on their own schedule. Where previous methods of communicating with someone far away were expensive and time-consuming, email allows people to stay in touch no matter where they are as long as they can connect to the internet.

Yet email is not a fully secure communication medium, and a lot of people are just now figuring out just how vulnerable they may be. What was once considered a trusted means of communication has now become something to be suspicious of. For most users today, it is best to approach emails with a high degree of suspicion (zero trust), especially if they ask for personal information or contain links or attachments.

With email, someone could intercept the messages or even store messages without your knowledge or control. The smallest human error can have ripple effects that turn into waves of trouble because messages cannot usually be taken back. And then there are the threat actors, of which there are too many and they are far too clever.

Phishing has become a highly popular method of cyber-attack, probably because it works so well. It involves tricking people into giving away sensitive information like credit card numbers, social security numbers, and passwords. Phishing is fueling (phueling?) opportunities for malware infections and identity theft which can lead to financial loss, reputation damage and more. Any information an attacker can gain helps them get even more information and go deeper into the organization.

Protecting against phishing attacks requires vigilance and following best practices such as using strong and complex passwords, and two-factor or multi-factor authentication (MFA). Also, it is crucial that users avoid clicking on links in emails, and everyone should verify the email authenticity before responding, especially if sensitive information is involved.

To check the identity of the sender, mouse over (put your cursor over) the email address and it may show you the actual sender address. While the email may say the message came from somebody you know, you may find that the actual sender address is an obscure email address you don’t recognize.

Mouse over links in the email but don’t click on them. When you hover your cursor over the link, it may show you the actual url the link goes to. Like with email addresses, links can be named something other than the actual url. If it is a url or website name you recognize and trust, then type the url into your browser instead of clicking on the link, just in case.

Use multiple channels for communication. This means you should not just communicate with co-workers and others using email. It is always a good idea to have some other form of trusted means of communicating with someone, such as via telephone or a messaging application. When you receive an email requesting sensitive information or an email with file attachments, you should communicate with the sender on one of your other communication channels to verify the authenticity of the email or attachment.

Never ask the sender to verify their identity over the same channel as the original communication. If it is a hacker, you’ve just verified to them that they reached their target.

jm bunny feetMake Sense?

J

Posted on

Business Data Loss is a Growing Problem

The portable computer was the secret business weapon of yesterday and is today’s essential business tool. The processing power, portability, storage, and connectivity available with laptops, tablets and smartphones has created a seamless extension to the office. Business users can work with their applications and data from just about anywhere. While mobile devices are valuable when it comes to conducting business, they also pose additional security risks. Increased efficiency, mobility, and accessibility can also mean an increased potential for a data breach or business data loss.

The workforce of today is mobile enabled. Business users, owners and managers, accounting advisors and business consultants can access all the information and analytical capability they need to perform their jobs and make informed business decisions, capturing and collecting important information while keeping productivity at the highest levels no matter where they are.

“87% of businesses rely on their employees to use their personal mobile devices to access company apps”, according to a post by Perillon. Some studies have estimated that as much as 80% of the data a company has (like customer files, contracts, financial data, product specifications) might be stored on portable devices. This means that mobility comes with risk, which is why Mendelson Consulting and Noobeh cloud services utilize cloud-based platforms and services to keep data safe and secure.

According to business data loss statistics compiled by Businessdit.com, the two most common causes of data loss are hardware failure (40%) and human error (29%). Overall, malware causes 35% of all data loss, taking advantage of the 21% of files that businesses are not protecting at all.

The stats show that it takes approximately 206 days on average to even detect a data breach, the costs of downtime and losses average around $1,410 per minute for small businesses, and 22% of SMBs close after a ransomware attack.

Data loss or theft can create big business and legal problems, too. Customer or client privacy may be compromised, sensitive information may be exposed, and confidential plans may be made public if a business doesn’t take steps to secure mobile data.

“The average cost of a data breach in 2021 was $4.24 million. That’s a huge increase from the $3.86 million cost in 2020. And it’s only going to get more expensive in the future. Companies need to be prepared to deal with the fallout from a data breach, which can include everything from legal costs to damage to their reputation.”

Businessdit.com

There’s an old saying that there are only two types of businesses: those who have lost their data and those who will. Imagine the potential chaos, risk exposure, reputation damage and the expense of losing your valuable business data or having it exposed to unauthorized parties.

While computing mobility delivers a host of advantages to the business and the user, care must be taken to ensure security, privacy, and confidentiality of the business information and protecting against business data loss.

Increased exposure to liability is a reality for any mobile business, and the risk is only multiplied by the number of systems a company has in the field. Smart businesses reduce risk by deploying secure yet versatile platforms for their workers that allow data to be stored and protected in centralized environments rather than on individual computing devices.

Via the cloud, businesses of all kinds are reaping the benefits of new and innovative service delivery, achieving the freedom and functionality a mobile working model demands. Mendelson Consulting and Noobeh cloud services have the cloud solutions and managed IT services that provide the mobile capability businesses need, but with the additional protection, additional security, and ongoing management that the value of the data demands.

jm bunny feetMake sense?

J

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J

Posted on

Better QuickBooks Hosting: Noobeh Cloud Solutions on Azure Help Businesses Avoid Data Loss, Improve Application Performance and Implement QuickBooks Integrations

They said back in 1999 that the desktop was dead, but desktop software is far from gone. In fact, application hosting services for products like QuickBooks desktop editions just keeps growing in popularity because it delivers the access, mobility and managed services businesses need.

Service providers have been hosting QuickBooks for years, and I’ve been right there all the way, ever since the model was originally developed. In fact, the company I worked with is still selling that original service model today while many other providers have come along to follow it and take advantage of the opportunity.

Using the cloud to support accounting and other business processes makes a lot of sense, and the best part is that it doesn’t require businesses adopt the online versions of the software that just doesn’t work as well. I have a background in accounting so I understand the issues of working remotely with clients, when the business is done in one place but the accounting is done in another. And I love the technology and finding ways to make it easier and more efficient to get small business accounting done.

The benefits of using hosted QuickBooks services are many.

Anytime/anywhere access and fully-managed service are among the most obvious benefits for QuickBooks desktop users, but the advantages of centralized information and applications, secure support for mobile and remote workers, and real-time integrations and analytics capabilities can be transformational for the entire business.  Having the means to affordably extend applications to the entire workforce and keep everyone working with the same data in real time can become the foundation for improved processes, greater efficiency and better business performance.

Among the key benefits of the application hosting model is the fact that businesses are not forced to adopt software subscription services or invest their data in web applications that do not provide the functionality or features required. Even more, the business can elect to move their hosted system back to in-house computers, because the hosting is simply an alternative platform for running the software the business owns. You can take your ball and go home if you don’t want to stay.

With all the benefits of hosting QuickBooks, there are also risks involved, especially when working with shared hosting platforms.

Shared hosting platforms are architectures where the service provider spreads the cost of their infrastructure across many customers to help keep the costs down. Using conventional technologies to create divisions between customers on servers, networks and so on, services providers can deliver at a lower cost when they are able to generate revenue from lots of customers for the same pieces of equipment. As more customers are added, more servers are joined into the network. After a while, there are many servers handling the customer load.

Unfortunately, the greater the number of servers, the more complicated and costly it becomes to update the platform. This is among the reasons why many service providers have aged platforms, with server operating systems that are going out of support and offering only legacy desktop views. In addition to compatibility and modernization, a big problem with allowing the platform to age is that it becomes less secure and more difficult to keep protected.

Protecting against disaster is not the same as doing backups.

Many hosted QuickBooks customers have been faced with the ugly reality that their service provider backups are not enough to recover from disaster. This is largely the fault of the providers and is somewhat by design.  Businesses hosting their financial and other business applications and data want to know that their information is safe and secure. Performing data backups is part of the promise of protecting customer data, so most customers believe that their service provider is backing up in a way that ensures the data can be recovered.

What most hosting customers don’t understand is that the provider backups are there to help the provider recover from disaster and not necessarily to get the customer back where they were.

Hosting companies know that they need to do backups so they can support customers when files get deleted or become corrupted. Hosting companies typically do regular backups of customer data, but they do not necessarily retain individual backup data sets and they often backup all customer data together. This means that the backup data is constantly being updated, and that fully restoring the data of just one customer may be problematic. Service provider backups are there to support the continued operations of the service provider and may not provide the level of archive or retention needed by the customer. Just to make sure their data is safe and recoverable, I strongly recommend that clients keep any hosted data archived in at least one other location off the host’s platform.

In just the past year, outages caused by malware have been experienced by service providers Cetrom, Skyline, Cloud9 and Insynq, demonstrating just how devastating an outage can be when the service provider doesn’t have adequate protections in place.

In many cases customers lost data because the service provider wasn’t able to recover it from compromised or nonexistent backups. Suggesting that customers should have their data backed up locally is never part of the marketing or onboarding with the QuickBooks host, but it is often the fallback position in times of trouble.

Perhaps the most troubling aspects of these provider failures are that many of the problems stem from the shared nature of the platform.

When we first started building QuickBooks hosting services the hardware and software to make it work was terribly expensive. To approach some level of affordability, a shared platform approach was developed. This allowed the service to scale while offering a lower cost of service to customers. When the services were initially developed, there was concern about protecting from viruses and Trojans, but the nature of malware in the wild was not nearly as troublesome as it has become. Things were manageable.

But technology has evolved and so have the threats and bad actors.

The smarter bad guys should be forcing platform providers to reconsider their shared management and delivery models.

Affordable computing resources are available from platforms like Microsoft Azure and Amazon AWS, offering small businesses the opportunity to have not only powerful and scalable platforms for their business IT, but also offering a means of operating privately. Not being forced to operate in the same network or on the same VMs as other companies means not having to worry about the behavior of other people or applications in your business network. It also means that the focus is on recovering your system if disaster strikes, not on recovering the systems of hundreds or thousands of other businesses at the same time.

Considering the move to a more private cloud hosting solution is an important way to reduce risk and improve IT performance for the business.

When they were in-house, the networks were private and no other businesses were sharing the servers. Moving to the cloud should not radically change that profile, and should offer customers the same privacy from outsiders and the same flexibility to implement whatever applications the business needs.

The Microsoft Azure platform provides this capability and businesses can benefit without compromising the budget. With private accounts on the Microsoft Azure platform, our customers are able to take advantage of the current and emerging technologies while safely and affordably supporting their business requirements, which is something the shared platforms fail to offer.

Make Sense?

J

Posted on

The nasty surprises hackers have in store for us in 2018

“Hackers are constantly finding new targets and refining the tools they use to break through cyberdefenses. The following are some significant threats to look out for this year.

More huge data breaches

The cyberattack on the Equifax credit reporting agency in 2017, which led to the theft of Social Security numbers, birth dates, and other data on almost half the U.S. population, was a stark reminder that hackers are thinking big when it comes to targets. ..

Ransomware in the cloud

… The biggest cloud operators, like Google, Amazon, and IBM, have hired some of the brightest minds in digital security, so they won’t be easy to crack. But smaller companies are likely to be more vulnerable, and even a modest breach could lead to a big payday for the hackers involved.

The weaponization of AI

This year will see the emergence of an AI-driven arms race. Security firms and researchers have been using machine-learning models, neural networks, and other AI technologies for a while to better anticipate attacks, and to spot ones already under way. It’s highly likely that hackers are adopting the same technology to strike back…”

Source: The nasty surprises hackers have in store for us in 2018

Posted on

Securing Business Data When Mobility is the Target

driving1-ANIMATIONToday’s workforce is a mobile workforce. Technology has enabled businesses to allow their employees to reach beyond the office walls, doing business and operating effectively from just about any location.  SaaS, online access to business data, and smart phone technologies have brought flexibility in working models previously only imagined by the workforce tethered to business locations and office computers. Yet this flexibility comes at a price if the business is to keep up with securing and protecting data assets as readily as it extends access to them.  The bad guys are well aware that mobile computing and remote access working models are growing in adoption with businesses, and are finding ways to take ever-greater advantage of the situation.

Teleworking, which is not quite the same thing as telecommuting, is on the rise and it doesn’t look to be a trend that will slow down any time soon. According to GlobalWorkplaceanalytics.com, “telework is defined as the substitution of technology for travel”.  Those who work sometimes from an office, but sometimes not, are teleworkers. Working at the office during the day and then taking work home at night makes you a teleworker. The primary tool of the teleworkforce is the smart phone – the mobile computer with built-in connectivity and enough processing power to handle many basic office workloads.

  • 50% of the US workforce holds a job that is compatible with at least partial telework and approximately 20-25% of the workforce teleworks at some frequency
  • 80% to 90% of the US workforce says they would like to telework at least part-time. Two to three days a week seems to be the sweet spot that allows for a balance of concentrative work (at home) and collaborative work (at the office).
  • Fortune 1000 companies around the globe are entirely revamping their space around the fact that employees are already mobile. Studies repeatedly show they are not at their desk 50-60% of the time.  http://globalworkplaceanalytics.com/telecommuting-statistics

The number of teleworking employees is on the rise, and so is the variety of devices used to facilitate mobile working.  Smartphones, tablets and phablets and, of course, laptop computers are used by mobile workers – often in addition to the company-supplied desktop in the office. The variety and number of computing devices per user is growing. Knowing this, businesses must take increasingly expansive steps to strengthen and secure remote access systems and business data, yet many organizations are just beginning to fully realize that the mobility they extend to their users is part of the reason for the increasing number of data breaches and attacks against business information systems.

Cybercriminals and their crafty programs are often able to steal important information or access a network by first infecting computers and devices used for telework.  Many of the devices available to the attackers are not company-owned, but are introduced to the system by contractors, vendors and employees (BYOD or bring-your-own-device users).

Even if the device isn’t a vehicle delivering a nasty payload into the network, data breaches may still occur when business information is stored on an improperly secured device. Most people who work with computers have some recognition of the potential for virus attacks and malware, but far fewer recognize the threat potential of attacks against mobile devices such as phones and tablets, and even fewer may implement meaningful protections on those devices.

“To prevent breaches when people are teleworking, organizations need to have stronger control over their sensitive data that can be accessed by, or stored on, telework devices,” said Murugiah Souppaya, a NIST computer scientist. [1]

Providing guidance and information to the public on such topics, NIST (National Institute of Standards and Technology) is revising its publications on telework to cover growing use of BYOD and how contractor and vendor devices are increasingly used to access company information resources.  Two new publications – one for organizations and one for users – are now available for review and comment.  You can find them here.

“As one of the major research components of the National Institute of Standards and Technology, the Information Technology Laboratory (ITL) has the broad mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology through research and development in information technology, mathematics, and statistics.”  [NIST Information Technology Laboratory Mission]

The rising number of threats, attacks and breaches caused by compromised devices used for teleworking is nothing to take lightly, and protecting against them shouldn’t be approached as a merely perfunctory obligation. Organizations must create and consistently update policies and requirements relating to protecting information accessible by remote workers if they intend to reduce business risk and provide assurances to stakeholders and customers that the information is adequately guarded.  But it doesn’t stop with the policy; businesses must also make an effort to properly educate their users (employees, contractors, vendors, etc.) on those policies, ensuring that all parties involved understand the responsibilities and requirements and strictly adhere to them.

jmbunnyfeetMake Sense?

J

[1] http://www.nist.gov/itl/csd/attackers-honing-in-on-teleworkers-how-organizations-can-secure-their-datata.cfm