Posts

What Exactly Is a Security Posture & What Does It Mean to Your Business

Our business ecosystems have begun rapidly changing, with cybercriminals evolving rapidly, a new vocabulary is developing. A new addition to the lexicon of many is the concept of “Security Posture.” Another techy-word, referring to the strength and security of your IT infrastructure. Putting an increased presence on internet-born vulnerabilities for business technology. How you manage current hardware and software purchases, policy & procedure generation and controls.

What Makes-Up Your Security Posture

Any of these singular aspects are defined under cybersecurity, your security posture develops the likelihood of a breach, and what it would take for hackers to gain access to these critical pieces of network technology, but also the state of your employees, and if they can spot similar threats, making these difficult for many to observe.

In the context of managing cybersecurity, larger organizations, including Directors of IT, Chief Technology officers, and any compliance officer, must make decisions based on the deliberation and analysis of their security posture. Generating a better understanding surrounding certain aspects of your cybersecurity approach, but this is simply not enough anymore. In today’s connected age a more holistic approach is needed to meet regulations and compliance. Read more

Cyberattacks Using SSL Encryption Swells the Success Rate of Malware to 400%

Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.

For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit.  One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.

As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.

  • Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
  • Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
  • Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
  • Domains – 32% of all spoofed domains or websites were using SSL to deliver content.

Most Phished Brands through HTTPS:

  1. Microsoft Office365 or OneDrive – 58%
  2. Facebook – 12%
  3. Amazon – 10%
  4. Apple or iTunes – 10%
  5. Adobe – 4%
  6. Dropbox – 4%
  7. DocuSign – 2%

By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.

Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.

(Email Pictured Below)

7 Cybersecurity Tips That Give Your Business an Unfair Advantage in 2019

Clare Computer Solution’s partner and security experts, Webroot, revealed the findings on their 2019 Threat Report, displaying many “tried-and-true” attack vectors or methods are still at the top of the list, with new threats emerging every day. It would appear the attackers are innovative, to say the least. This comes just in time, as many of our partners spoke to these very claims at the 2019 RSA Conference hosted just last week in San Francisco, California.

Hal Lonas, Chief Technology Officer at Webroot reports:

 

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

Clare Computer Solutions Couldn’t Agree More; Here are some from Webroot’s 2019 Security Report highlights:

  1. A staggering 40% of malicious URLs were found on “good” or “safe” domains. Legitimate websites are frequently compromised to host malicious content. To protect users, and employees data cybersecurity needs URL-level visibility or domain-level metrics to accurately showcase these dangers. Far too often, standard antivirus or endpoint protection can lack the capabilities, leaving these links in an employee inbox.
  2. Phishing attacks have increased by 36%, with the number of malicious sites swelling to 220% from last year. We’ve even seen phishing sites use SSL Certificates, and HTTPS to trick unknowing users into believing they’re secure and legitimate. Microsoft’s latest Security Intelligence Report, confirms this with analytics reporting 250% increase in phishing messages being sent through Office 365.
  3. 77% of spear phishing attacks impersonated financial institutes, and most likely to use HTTPS over other types of target. With over 80% of financial institutions finding compromised links residing on an HTTPS page.
  4. Google followed by Microsoft, and UPS/FedEx ranked among the most impersonated brands in phishing overall for 2019.
  5. Security Awareness Training reports from Webroot and KnowBe4 both show an average of 80% less likely to fall for phishing attempts, especially with phishing simulations, and on-demand training.
  6. One-third of all malware makes attempts to hide inside of %appdata% folders. What makes these locations price for hiding, is the commonality between paths. Every user directory, with full user-permissions, will install here and are hidden by default in most operating systems. Although malware can and will hide almost anywhere, the most common locations are as follows:
    – 29.4% in %appdata%
    – 24.5% in %temp%
    – 17.5% in %cache%
  7. Devices using Windows 10 are at least 2x more secure than those systems still on Windows 7. Webroot has reported a steady decline in malware on Windows 10 machines in the business space.

Furthering your Security Measures

While ransomware was less of a problem in 2018, it has become more targeted, and companies, customers, and employees will fall victim to ransomware. In 2018 many attacks saw the use of Remote Desktop Protocol (RDP) as an attack vector. Leveraging tools to scan systems with inadequate RDP settings. It’s these unsecured RDP connections that hackers can use to gain access to a given system and browse through all its shared data. Further providing criminals with sensitive information that ransomware can exploit.

Begin furthering your security measures today, with the use of a cybersecurity assessment. Easily track your current security posture, and rely on the experts to build you a roadmap for securing your business. Dive-deeper into your network than ever before, with the use of our Security Posture Assessment from Clare Computer Solutions. If you wish to view the Webroot report, you can find that here.

Domain Name System DNS does not mean Do not Secure network infrastructure for IT Support with Clare Computer Solutions

Domain Name System: DNS Doesn’t Mean “Do Not Secure”

Recently, the U.S. Department of Homeland Security(DHS) and Cybersecurity & Infrastructure Security Agency(CISA) have begun the tracking of a Domain Name System (DNS) hijacking campaign. With using the following techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for agencies’ domain names and launch attacks keeping your organization as the man-in-the-middle, including:

  • Compromised credentials or obtained via account w/ with to make changes to Domain Name System records.
  • Modifying any of the original addresses, mail exchange, name servers, and other Domain Name System records.
  • EstablishDomain Name System records value and falsy-obtain encryption certificates for the executive branch.

How Staff Can Address these Domain Name System Attacks?

  1. Audit Your DNS records – By reviewing business records associated with services offered to users and the public to verify their location.
  2. Update DNS account passwords – Begin to modify your passwords on every account that has the power to make changes to agency Domain Name System records. Utilizing a password manager can assist in providing better passwords to secure this even further.
  3. Leverage multi-factor authentication (MFA) – Implement MFA for all accounts on systems that can make changes.
  4. Track certificate transparency logs – Monitor certificate transparency log-data for certificates issued by CISA OR DHS.

So, What Exactly is at Risk Here?

Software or SaaS applications have become more prevalent than ever, with threats associating with data theft beginning to soar, with a record of 28% increase on attacks related to Office 365 and Googles GSuite. By utilizing these three key strategies, you can begin securing your business and turn Domain Name System from Do Not Secure, into another fortified line of network defense. By shielding your network with a filtered Domain Name System and utilizing browsing policies, you can successfully keep users safe from malicious sites, and their downloads. This keeps networks secured, with minor tweaks to an Office 365 environment, also preventing harmful attachments out of email inboxes.

  1. Domain Name System (DNS) – Begin switching towards a Domain Name System (DNS) service that can actively monitor and block known malware sites to begin reducing the risk of exposure to malware. Unless you’ve custom-configured some settings, it’s likely that a site’s DNS provider is your current Internet Service Provider. DNS providers can block this type of access in two methods. Blocking a request made from a user, or by preventing malware from “phoning back home” with your data.
  2. Internal Policies – These style of filters work to block harmful sites and downloads at the browser level. Similar to the DNS provider at the network level, these systems calculate the risk and based on the amount of potential harm done, will flag these malicious downloads for greater review. Most that need the power to download from harmful websites do receive notifications, although they can go ignored in some cases.
  3. Email Filtering – In the latest statistics from WebRoot, Microsoft, and Sophos, report ransomware’s #1 attack-vector is still email delivered payloads. Far too often, recipients open files without realizing it wasn’t a file, but instead a malicious application. Microsoft does give Office 365 administrators the ability to block any of the 100 different file types. Although in most cases, businesses need attachments to be sent via email, that’s when the use of Microsoft Ondrive to view files can assist your organization.

If your business feels this is out of the scope of your current provider, or would like another expert opinion, give us a call to schedule a time to chat with one of our technology specialists, or have us visit your site. Reach out to us, and let us know if you need DNS help.

10 Reasons Why SMBs Are Vulnerable to Security Attacks

They say recognizing a problem is the first step in solving it. But when it comes to cybersecurity, many SMBs don’t believe they have a real problem on their hands. Many simply believe that hackers will focus their attention exclusively on large and well-heeled organizations, and aren’t interested in smaller businesses. Unfortunately, this couldn’t be further from the truth, and it’s this mentality that leaves businesses highly susceptible to attacks.

1) Not If, but When
Many small businesses don’t invest sufficiently in IT security resources and protection. This may be due in part to the fact that they may not know they’re being targeted. According to the Ponemon Institute 2016 State of SMB Cybersecurity Report, hackers have breached 50% of the 28 million small businesses in the United States have no clue they’re being targeted.

2) Evolving Threat Landscape
Trying to keep pace with the changing nature of cyber threats is a full time. Many cannot afford the cost of internal IT security staff, which is why it’s imperative that their MSP keep them protected from zero-day threats.

3) Users Don’t Always Know Security Best-practices
In the last year, phishing was involved in 90% of breaches, which makes end users both the weakest link and the first line of defense. The best way to counter this threat is to train and educate end-users on the impact of their online behaviors. A well-trained user can help prevent threats like ransomware, drive-by downloads, keyloggers, and many more.

4) Lack of Effective Security Policies and Protocols
Companies should have documented policies in place to ensure all passwords are strong and regularly changed. Although these actions are “status-quo,” two-factor authentication is many. Access rights to network files, folders, and file shares need to be tightly controlled to avoid malware wreaking havoc on networks.

5) Exposure to Multiple Vector
All the ways that users’ can interact with the internet must be considered, from emails, attachments, links, to web browsing and network activity. Effective endpoint security starts with protecting each of these vectors from cyber attacks. Featuring multi-layered protection to defend you from threats that use different exploits to gain access to your network.

6) Complex Security Creates Admin Challenges
Consider not only the costs of buying cybersecurity software but also the operational expenses of the latest in security technology. Systems that use best-in-class solutions paired with minor automation can make security both more affordable and more effective. Using these solutions allows internal teams tasked with administration’s job easier.

7) Out-of-Date Systems
By following a rigorous patching regime, you can avoid many of the application vulnerabilities used to comprise networks. At times, patching can feel unimportant, but with the help of our staff, and a little automation, patching management has become smoother, and more cost-effective. WannaCry, 2018’s biggest cyber-scare could have been avoided completely by simply patching systems to best practices.

8) Murky Network Visibility
Having accurate information about your network technology, and what’s connected to it, is vital in protecting users from both internal and external threats. Network monitoring tools can identify network anomalies and counter threats before they do harm to your systems. Knowing can be half the battle, and being able to pinpoint affected systems and the potential path of destruction.

9) Poor Backup Practices
Faced with attacks like ransomware, SMBs must have an effective back-up and retention policy. 60% of companies that suffer from a cyber attack are out-of-business within 6 months due to the sheer amount of data loss. There are many on and off-premise cloud-based backup systems that will help avoid such fate. Unfortunately, for companies willing to pay the ransom these days, it will not guarantee you will get your data back.

10) Compliance
Regulations affect several of the largest industries, and securing endpoints are a routine compliance requirement for most. It has become vital to understanding your compliance obligations and ensuring sufficient security is in place, to protect your business.

Clare Computer Solutions has the tools and experience to handle any aspect of your IT security. With tools to assess and remediate vulnerabilities. Clare Computer Solutions handles multiple networks, so we can apply this broad experience to expertly advise on your company’s technology strategiesContact us today to begin the conversation on securing your business.

Your Security Policies Protect More Than a Multi-Generational Workforce

Every generation approaches technology differently. A 55-year-old, manager is going to think about data-security differently, then a 22-year-old just starting their career. Recent studies have shown that different generations have dynamic attitudes and behaviors regarding digital security, requiring businesses to move from a one-size, “fits-all mentality,” to a more tailored approach. Could this new-age workforce be your next vulnerability?

Viewing Security Policies Differently

Recent studies conducted by our partners, “Webroot Security” have shown, younger generations, think about online security less than their older counterparts. Younger generations can/will make the assumption, inherent levels of security, exist in the workforce. This is even more of a reason for layering security and to establish a plan via company-wide, security policies.

A 2016 Webroot survey found, despite a reputation for being less “tech-savvy,” 49% of baby boomers reported having anti-virus solutions installed on their devices; only 10% more than millennials. The survey found, that 49% of millennials were concerned about someone gaining access to their social media accounts, versus 33% concerned with someone gaining access to their email accounts.

82% of millennials re-use passwords for websites and applications, compared to 70% of baby boomers. It was also reported, that 86% of baby boomers hardly download free applications or software to work devices without consulting your company designated IT support.

Our partners, at Citrix, surveyed workers to find which generation posed the greatest risk to sensitive information in the workplace, and millennials received 55% of the vote. It should be noted – baby boomers as being the most susceptible to phishing and social engineering attacks. (33%)

Tailor Your IT Security Approach

  1. Identify and build contextual access controls so users have access to apps and data; nothing more.
  2. Automatically prevent employees from running unauthorized apps on corporate hardware or worse, networks.
  3. Extend protection to mobile platforms, but give users the freedom to access data securely on the go.
  4. Embrace virtualization and containerization for critical apps and data.
  5. Gain visibility via analytics, so you can be proactive about security.
  6. Increase Cyber-Awareness Training for users.

These steps won’t solve every security problem, but they will go a long way in helping to better secure your workforce; regardless of age.  With the cyber-landscape evolving faster than ever, applying education, training, and remediation with the assistance of your staff has become paramount. Like many, knowing where to start is half the battle, and if you need a kickstart – Contact Us – to schedule your free Cyber-Awareness Training today.

 

How Simple IT Fixes, Could Save Your Business Millions

Opportunity makes the cybercriminal – and online travel giant Orbitz disclosed Monday, March 18th, that hackers gained access to one of its “older platforms.” Upon gaining access, the hackers now have such data as credit card numbers, street addresses, legal names, and more. While not to the scale of an Equifax or Yahoo! breach, many can rest-assured knowing the site DID NOT contain any social security information. Although offering free credit monitoring, through AllClear ID to more than 880,000 people, a total cost of $13,156,000. Orbitz is an example of how simple fixes could have prevented a $13-million-dollar mistake.

HOW COULD WE HAVE BEEN HACKED?

Phishing emails have become commonplace amongst criminals, many times, you see exploits being sold on the dark web to other hacker’s and cybercriminals, to hurt your brand’s reputation. Although indirect, your business can suffer from these effects, like that of Orbitz. Having to fix this fatal error, Orbitz has offered those affected, a years-worth of free credit monitoring. What makes this case unique, is preventative maintenance could have saved all parties involved, at minimal cost.

Three Tier Approach:

When preventing Ransomware, and doing general cybersecurity you should focus on three major components.

1. Education – You must train staff members on the trials and tribulations to these threats. As many have reported, since last-year these styles of attacks have grown 500% since 2017. As everything becomes more connected, it will become vital to train your staff on spotting phishing emails, like that used in the Orbitz hack.

2. Backups & Storage – Once inside, criminals gain access, to all saved payment data. Best practice tells us, that old data should ALWAYS be encrypted and archived for safe keeping. From a technical standpoint, you should always check with local regulations on how to handle your industries, online payment information. Although hackers and ransomware exploits can encrypt your backups, most attacks don’t bother looking through achieved data, as the process becomes far too time-consuming.

3. Email & Web Filtering – You must gain control over inbound messaging. The largest attack vectors for ALL breaches and ransomware is email phishing. Filtering provides you the ability to filter incoming messages from high-volume attack countries like Korea, Serbia, Vietnam. Don’t allow outside attachments from cybercriminals into your network. Email and web filtering will provide you the ability to better control inbound messaging.

Assuming you have a backup appliance, built a retention policy, and educating your employees, are the BARE MINIMUM you need for starting a company culture of security. Instead of purchasing 880,000 people a years’ worth of credit monitoring, focus on the preventative measures in your organization.

Don’t know where to start?

Our staff is well-versed in the threat landscape and would be happy to assist your organization in building a better stance on security, and ward-off cybercriminals looking to hurt your business. Clare Computer Solutions has been serving the SF Bay Area’s IT needs for over 30 years. Contact us today to get started.