Tag: MFA

Posted on

Cybersecurity and Small Business

Small businesses face many challenges as they grow and expand, and chief among them is the growing threat of cyber-attack. As the company grows, its value to cybercriminals grows, too. Implementing comprehensive cybersecurity measures is essential to maintaining customer trust and safeguarding important business data against these threats.

There is a belief among small business owners that their operations are too small or insignificant to be attractive targets for cybercriminals. Cybercriminals, on the other hand, more often view small businesses as easy targets. Why is this? Largely because the bad guys know that the smaller companies aren’t spending on cybersecurity services and tools and aren’t always keeping their workers informed about ways they can participate in keeping things safe.

To help protect the business from cybersecurity threats, it is crucial to invest in some key security measures. Longer and more complex passwords, regular software patching and updating, and periodic training for employees on how to identify phishing attempts and what to do with suspicious emails is a good start. Cybersecurity efforts should scale with the business, and this requires strategic planning that is aligned with the goals and objectives of the business.

The best cybersecurity approaches are built on a secure foundation, and this is what helps to support business growth and expansion. For every business, there are four cornerstones of a solid cybersecurity foundation.

  • Identifying potential cyber threats and understanding the business risk they represent.
  • Enforcing strong password protection and role-based access controls.
  • Following best practices in cybersecurity.
  • Managing documentation and vital business information securely.

Cybercriminals know that smaller businesses generally have limited cybersecurity resources, making small businesses prime targets for phishing and malware. What is the potential impact of falling for a phishing email, or what happens if there is a ransomware attack? Each type of threat carries different levels of risk, and growing businesses should be aware of the potential financial, legal and reputational impacts when evaluating their approach.

Businesses can help their users become part of the cybersecurity plan by regularly training them on phishing methods and ways to avoid ransomware or malware. When users know more about emerging threats and how to recognize and report suspicious things, they become valuable assets in the improvement of cybersecurity of the business.

The first line of defense in cybersecurity is the username/password challenge. Many systems today use an email address as the username or user ID, which means it really isn’t much of a challenge to guess. This leaves it to the password to keep the account secure, so a strong and unique password is necessary.

Making another challenge to the authentication adds another layer of protection to the account. Referred to as 2FA or MFA (two-factor authentication or multi-factor authentication), users may be required to respond to an in-app message, provide a code received via SMS or other, or provide a code from an authenticating application to satisfy the login requirements. This additional challenge to the user identity makes it harder for cybercriminals to gain unauthorized access.

Ensuring the protection of sensitive business information requires controlling what users have access to once they are in the system. If someone were to gain unauthorized access, having appropriate role-based access controls in place would limit their ability to get sensitive data. This is often another area of vulnerability for smaller businesses that don’t implement strict document controls or structures, opting instead for an open self-service model that leaves data available to whomever can get logged in.

With businesses changing frequently, it is important to not just create a framework to limit user access, but to keep user and role-based access reviewed and updated regularly. Software and systems also need to be updated regularly. Known software vulnerabilities should be patched and security updates installed on devices, and policies enforcing updates and antivirus/malware detection should be implemented.

We understand that businesses must enhance their cybersecurity strategies to combat the growing number and type of cyber threats, and it can be challenging just figuring out what to do first. Working with a variety of technologies and specialists, we can help secure your digital environment and keep you better-protected from the bad guys.

jm bunny feetMake Sense?

J

Posted on

Prey or Empowered? Small Businesses and IT Security

Now more than ever, small businesses need to be vigilant with their information technology security. Small businesses may not be the big fish in the sea, but there are plenty of them out there to catch. Small businesses tend to make the best targets because they often fail to perform security audits, they may not be willing to invest in the resources needed to protect themselves, and they frequently don’t even carry the right insurance coverages. To hackers, small businesses are easy prey.

“Don’t think you are too small to be affected,” says Erik Knight, the founder and CEO of SimpleWAN. “Every place you have an employee or office is a potential entry point. Take it seriously; if you have something worth taking, a hacker will try to take it.”

https://www.forbes.com/…

There are a few things every business can do to improve the security and privacy of their data. It isn’t an option any longer; these are essential elements in an overall security strategy that can make the difference between staying in business and not.

Use strong passwords, not easy-to-guess words, phrases or sequences (1234 is not a strong password). Passwords should be unique, more than 8 characters in length, and have a mix of numbers, letters, and special characters.

Keep software updated. Whether it is the operating system on your computer or the software you use to write letters, having up-to-date software matters. Developers don’t just upgrade software to fix bugs or introduce new features; software often gets updated because of security issues or vulnerabilities.

Keep networks and connected devices secure to make sure that the computers and connections aren’t introducing weaknesses into your system. Not only are password controls and software updates needed, but firewall security and good anti-virus/anti-malware solutions are also a must. Keeping an eye on the server matters, but the connecting points and end points are where many vulnerabilities exist.

Set up two-factor or multi-factor authentication to further secure logins. 2FA and MFA is like having ID besides just your driver’s license to prove you are who you say you are. Your password, like your DL, is just one factor; you need one more thing to prove your identity for 2FA, like a code from your phone or maybe your fingerprint. The point is that there should be more than just a username and password to access important data.

Restrict use of personal email or social media on work devices. This gets a little trickier with smaller businesses, as many don’t or can’t support providing users with all company-owned devices. There are tradeoffs to allowing users to bring their own devices (byod) versus using company-owned devices. When mobile devices are part of the mix along with desktop and portable computers, it becomes even more complicated and the risk potential increases.

Use encryption for data in transit and data at rest. Encryption is like scrambling the data and then unscrambling it when you access it. In transit, data may be encrypted by a VPN so that it is protected over the wire (in motion) as it is sent and received on the network. RDP is also encrypted, but this remote access method’s main purpose is to keep the data from leaving the server in the first place. At rest, like when it is sitting on a hard drive or other storage location, data can also be encrypted. To open the file or file system, you need a key to decrypt it.

Keep all data backed up and create a way to rapidly recover your server and systems in the event of failure or compromise. Backups are great right up until you find they are as damaged or unrecoverable as your main system, so make sure to have a policy of testing your backups periodically. There are many ways to back up and protect your data, including external drives and cloud storage. If data gets lost or corrupted, you want to be able to restore it from a backup. Regularly audit your backup and data security practices to help identify weaknesses that make the business vulnerable.

Educating employees on the importance of cyber security is among the most important steps a business can take to protect itself. Keeping passwords secure and secret, knowing how to spot a phishing email and what to do and not do with it, not clicking on suspicious links in emails, not sharing personal or confidential information online, and what to do in the event of a breach are all things that should be regularly discussed with workers and supported by written policies.

Managed Azure cloud servers from Noobeh help you keep your business information more secure. Our services demand high levels of security and privacy, and we help our customers keep their data and systems safer and more secure by handling some of the requirements for them.

  1. Strong password policies and MFA is our standard setup, and software updates and patching are part of the service.
  2. Working on the cloud server keeps data on the server and not traversing the network or downloading to individual PCs, so information stays secure and separate from whatever a user runs on their local devices.
  3. Data on the Azure virtual machines is encrypted at rest, and additional encryption is available to add more layers of protection. Data in motion is encrypted, but very little data actually traverses the wire.
  4. Servers and data are backed up regularly with snapshots and file level backups, allowing for simple file restores as well as comprehensive system recovery.

For small businesses, Noobeh has the solution for creating a more secure and better protected IT environment where applications and data can be available to those who need them without compromising the investments already made in training and process development. Moving software and data to a private cloud server allows companies to continue using the software they rely on, just in a better way. Instead of being easy prey to hackers, our customers benefit from higher levels of IT administration, management and protection that empowers them to work the way they need to – any time, anywhere.

jm bunny feetMake Sense?

J

Posted on

Cybersecurity Terms Every Business Owner Should Know, and Zombies are Bad

The world of cybersecurity constantly changes, making ongoing education the key to understanding the threats businesses face and how to possibly deal with them.

Cybersecurity is often defined as a set of techniques for protecting an organization’s digital infrastructure – the networks, systems, and applications – from being compromised by attackers and other threat actors. Cybersecurity is comprised of the efforts to design, implement, and maintain security for any organization network which is connected to the Internet.

Cybersecurity is made up of the technology, people, and processes which create strategies to protect sensitive data, ensure business continuity, and safeguard against financial loss.

To understand what cybersecurity entails, it is important to have a basic understanding of the relevant terminology.

Starting with a few that are frequently misused, here are some cybersecurity terms to add to your business vocabulary.

Data are the bits and bytes. When multiple bits and bytes are combined, they make up information. Knowledge is required to turn information into action.

A threat is the possibility that something bad that might happen, while a risk includes the probability of the bad thing happening and the possible result.

Risk Management is the process of responding to the possibility that something bad might happen. Traditionally, there are four options for managing risk in the business: accept it, transfer it to someone else, avoid it altogether, or mitigate it (reduce the severity).  To manage cybersecurity risk, many businesses establish requirements or controls to identify activities, processes, practices, or capabilities an organization may have. Controls may or may not be mandatory, but requirements generally are.

Information Security, or Information Assurance, is the protection of facts, news, knowledge, or data in any form. Information Assurance is an important aspect of preserving business resources and is often combined with cybersecurity, although it isn’t squarely in that area. Where cyber addresses digital, information security must also address non-digital such as paper, human knowledge or memorized, stone tablets, pictures, and signals or whatever.

Authentication is the process of proving an individual is who they say they are (claiming an identity and then proving it), whereas authorization is the use of access controls to determines and enforces what authenticated users are permitted to do within a computer system. Access Controls are the means and mechanisms of managing access to and use of resources by users.

Audits, in cybersecurity, are usually performed after a security incident. In general, an audit is an official inspection of some type. An assessment is often more like a health check for gauging capability or status. Audits may be performed internally or by outside entities. Compliance is meeting a requirement, whether internal or external. Sometimes these are regulatory requirements where a certification or attestation of some type is shown. Both audits and assessments may be required to be compliant with certain standards or designations.

A cyberattack is any attempt to violate the security perimeter of a logical environment. This could be a single computer system, a local or wide-area network, a cloud server, etc. – whatever is within your “perimeter” and is interconnected with your systems, regardless of location in the physical world. Cyberespionage, on the other hand, is the unlawful and unethical act of violating the privacy and security of an organization for the purposes of leaking data or disclosing internal, confidential, or private information.

And then there’s malware (malicious software), which includes any code that is written for the specific purpose of causing harm, disclosing information or in some other way violating the security or stability of a system. The malware category includes lots of different types of terrible and potentially damaging programs including virus, worm, Trojan horse, logic bomb, backdoor, Remote Access Trojan (RAT), rootkit, ransomware, and spyware/adware and more.

To better-secure your systems, multi-factor or two-factor authentication is suggested. Multi-(multiple) factor and two-factor authentication are a means of verifying a “claimed” identity using two or more types of proof (authentication factors). The password is typically the initial proof provided, and the other factor/method might be SMS to your phone or possibly an authenticator app.

For example: You claim that the email address is your identity, and you verify that by entering your password. That is one “factor” that proves your identity. But if your password gets hacked or revealed, it would be good to have another layer of protection on that login. Two is better than one in this case; MFA (multi-factor) and 2FA (two-factor) authentication is considered stronger than any single factor authentication and requires another method (factor) of identification to prove your identity.

Finally, there are zombies. Yes, Zombies. This is a term that relates to the concept of a malicious network of “bots” (a botnet). Botnets are made up of poor, innocent computers that are compromised by malicious code so that they can run remote control or other agents. The agents give the attackers the ability to use the system’s resources to do nefarious things, like perform illicit or criminal actions. The zombie can be the system that hosts the malware agent of the botnet, or it could be the malware agent itself. Either way, zombies are bad.

Security is an essential consideration for every business, and the Internet and the interconnected design of today’s technology has made things so much more complicated. The most important thing is to be aware of the threat and how that landscape is changing, and to educate team members so that everyone in the company participates in keeping the system, and the business, protected.

jm bunny feetMake Sense?

J

Posted on

The Question You Never Want to Have to Ask

Why MFA Shouldn’t Be Optional

“Do you offer any help for decrypting files due to ransomware?”

This is a question we are asked with more frequency than ever before. And, sadly, it is often followed up with the information that their files were on “an internal server that was missed in the backup protocol by IT”.

Email phishing and brute force attacks are the most common methods cyber criminals use to get into your business network where they can set up to initiate ransomware attacks. The ransomware (malware) encrypts your data, which becomes unrecoverable without the decryption key. Usually, the only way to recover from a malware/ransomware attack is to rebuild systems and restore data from backups. If you have backups.

A “brute force” attack is typically used to get personal information such as passwords or passphrases, usernames, and Personal Identification Numbers (PINS). Scripts or specialized apps are used to carry out a string of continuous attempts to get the information desired. Cybersecurity researchers at Coveware analyzed ransomware attacks during the second quarter of 2021 and found that phishing and brute force attacks on unsecured desktops (remote and local) are among the most popular entry points for starting ransomware attacks. This is at least partly because it is relatively cheap and can be highly effective.

Phishing attacks are when cyber criminals send emails containing a malicious file attachment or hyperlink directing to a compromised website that delivers ransomware. Attacks against desktop logins include methods where cyber criminals use brute force to leverage weak or default usernames and passwords – or even get access because they got legitimate login credentials via a phishing email.

Software vulnerabilities and web-based application services are also among the popular vectors for delivering ransomware or exposing corporate networks to cyber criminals. While this type of attack is somewhat less frequent than the others, they are often leveraged by some of the most sophisticated and disruptive ransomware groups and nation/state bad actors.

  • Sodinokibi – also known as REvil – is responsible for some of the most high-profile ransomware attacks this year, including the massive ransomware attack on customers of Kaseya.
  • Contij – one of the most high-profile attacks by the group was the attack against the Irish healthcare system. Healthcare services across Ireland remained disrupted for months.
  • Avaddon – ransomware distributed via phishing emails.
  • Mespinoza and Hello Kitty are new forms of ransomware recently identified.

All of these have a common purpose in that they take advantage of weaknesses in security and exploit phishing tactics to lay the foundation for an attack on your network and possibly others.

Keeping systems updated, applying security patches and application software updates is an important aspect to keeping things secure. Known vulnerabilities can be exploited to gain access to the network, so keeping up with updates as the vendor supplies them has become more important than ever.

To help protect networks from being compromised, businesses should also apply multi-factor authentication (MFA) to desktop and applications.

MFA is an important tool to help stop intruders from breaching accounts and gaining access to the corporate network, and it can be the difference between keeping your data safe and working or discovering your files are digitally encrypted and completely unusable. Data encryption changes the data into code, and only the decryption key can read the code and return the data to a useable form. If you don’t have the key, the data typically cannot be decrypted.

Cyberattacks continue to evolve in their sophistication and frequency, and consequences of such attacks are growing. Private companies and public agencies alike must adapt their security techniques and embrace new security technologies while providing more end-user education and training.

Mendelson Consulting and NOOBEH Cloud Services take security very seriously and we have the experience and expertise to assist businesses with transforming their operations to be more efficient and effective. Our cloud team works exclusively with private tenant accounts on Microsoft Azure, and offers MFA security and other solutions to protect local and remote resources, helping keep your valuable information safe and available when you need it.

“How can we get started?” is the question you should be asking.

jm bunny feetMake Sense?
J

Posted on

Strong Passwords and MFA : It’s All About the Bots

Robbie the Robot from movie Forbidden Planet

You may have noticed that more online services are requiring strong passwords – cryptic phrases or letter combinations along with symbols and numbers – and Multi-Factor Authentication (MFA). The goal is to keep services more secure than a simple password allows.

These service providers have recognized that their services are far more secure when the user has to prove they are who they are, and prove it in more than one way. A password plus a special code texted to your phone, or maybe an email to your backup email account are examples of MFA. This means that the password alone isn’t good enough to gain access; the user must satisfy an additional challenge to confirm their identity.

Why is this additional level of account security a good idea? BOTS, that’s why.

A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to start them up. Bots often imitate or replace a human user’s behavior. https://www.cloudflare.com/learning/bots/what-is-a-bot/

Bot (like roBOT) does what you tell it. Give it instructions and it runs. Give it some rules to follow and actions to perform when certain conditions are met and off it goes.

The problem with bots is that not just the good guys use them. Bad guys use them… a lot.

Bots can send emails, engage in chats and help you reset your password. They can also carry out cyberattacks at a pace that no human could match. Bots will search for public IP addresses, they’ll pummel an address with intrusion attempts and logins and may keep trying until they’re either successful or they give up. Bots are very good at brute force, because they have all the patience they need. It’s software, so it doesn’t get tired or bored and it can be programmed to not give up.

This is among the reasons for Noobeh’s strict password policy and why we strongly recommend our clients don’t store their passwords to make connecting to the service faster and simpler. Fast and simple is good but not where security is concerned. Our goal is to not only keep your applications and data available for anytime/anywhere access, we want to keep your cloud environment secure and as safe as possible.

Contact us today to get the cloud hosting platform your business needs, along with the privacy and security features the Microsoft Azure platform can provide. Keeping your systems secure isn’t just about keeping your secret password a secret. It’s about putting in place the best methods possible to ensure that your account doesn’t get compromised because a bot guessed your pet’s name.

Make Sense?

J