Identity security is one of the most significant challenges that IT organizations face. An identity compromise can ruin an organization, and it is the number one attack vector for hackers. Your traditional, not so secure way to log in, consists of entering your username, and that familiar password. You know, the one you probably use […]
Our business ecosystems have begun rapidly changing, with cybercriminals evolving rapidly, a new vocabulary is developing. A new addition to the lexicon of many is the concept of “Security Posture.” Another techy-word, referring to the strength and security of your IT infrastructure. Putting an increased presence on internet-born vulnerabilities for business technology. How you manage current hardware and software purchases, policy & procedure generation and controls.
What Makes-Up Your Security Posture
Any of these singular aspects are defined under cybersecurity, your security posture develops the likelihood of a breach, and what it would take for hackers to gain access to these critical pieces of network technology, but also the state of your employees, and if they can spot similar threats, making these difficult for many to observe.
In the context of managing cybersecurity, larger organizations, including Directors of IT, Chief Technology officers, and any compliance officer, must make decisions based on the deliberation and analysis of their security posture. Generating a better understanding surrounding certain aspects of your cybersecurity approach, but this is simply not enough anymore. In today’s connected age a more holistic approach is needed to meet regulations and compliance. Read more
Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.
For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit. One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.
As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.
- Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
- Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
- Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
- Domains – 32% of all spoofed domains or websites were using SSL to deliver content.
Most Phished Brands through HTTPS:
- Microsoft Office365 or OneDrive – 58%
- Facebook – 12%
- Amazon – 10%
- Apple or iTunes – 10%
- Adobe – 4%
- Dropbox – 4%
- DocuSign – 2%
By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.
Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.
(Email Pictured Below)
Clare Computer Solution’s partner and security experts, Webroot, revealed the findings on their 2019 Threat Report, displaying many “tried-and-true” attack vectors or methods are still at the top of the list, with new threats emerging every day. It would appear the attackers are innovative, to say the least. This comes just in time, as many of our partners spoke to these very claims at the 2019 RSA Conference hosted just last week in San Francisco, California.
Hal Lonas, Chief Technology Officer at Webroot reports:
“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”
Clare Computer Solutions Couldn’t Agree More; Here are some from Webroot’s 2019 Security Report highlights:
- A staggering 40% of malicious URLs were found on “good” or “safe” domains. Legitimate websites are frequently compromised to host malicious content. To protect users, and employees data cybersecurity needs URL-level visibility or domain-level metrics to accurately showcase these dangers. Far too often, standard antivirus or endpoint protection can lack the capabilities, leaving these links in an employee inbox.
- Phishing attacks have increased by 36%, with the number of malicious sites swelling to 220% from last year. We’ve even seen phishing sites use SSL Certificates, and HTTPS to trick unknowing users into believing they’re secure and legitimate. Microsoft’s latest Security Intelligence Report, confirms this with analytics reporting 250% increase in phishing messages being sent through Office 365.
- 77% of spear phishing attacks impersonated financial institutes, and most likely to use HTTPS over other types of target. With over 80% of financial institutions finding compromised links residing on an HTTPS page.
- Google followed by Microsoft, and UPS/FedEx ranked among the most impersonated brands in phishing overall for 2019.
- Security Awareness Training reports from Webroot and KnowBe4 both show an average of 80% less likely to fall for phishing attempts, especially with phishing simulations, and on-demand training.
- One-third of all malware makes attempts to hide inside of %appdata% folders. What makes these locations price for hiding, is the commonality between paths. Every user directory, with full user-permissions, will install here and are hidden by default in most operating systems. Although malware can and will hide almost anywhere, the most common locations are as follows:
– 29.4% in %appdata%
– 24.5% in %temp%
– 17.5% in %cache%
- Devices using Windows 10 are at least 2x more secure than those systems still on Windows 7. Webroot has reported a steady decline in malware on Windows 10 machines in the business space.
Furthering your Security Measures
While ransomware was less of a problem in 2018, it has become more targeted, and companies, customers, and employees will fall victim to ransomware. In 2018 many attacks saw the use of Remote Desktop Protocol (RDP) as an attack vector. Leveraging tools to scan systems with inadequate RDP settings. It’s these unsecured RDP connections that hackers can use to gain access to a given system and browse through all its shared data. Further providing criminals with sensitive information that ransomware can exploit.
Begin furthering your security measures today, with the use of a cybersecurity assessment. Easily track your current security posture, and rely on the experts to build you a roadmap for securing your business. Dive-deeper into your network than ever before, with the use of our Security Posture Assessment from Clare Computer Solutions. If you wish to view the Webroot report, you can find that here.
Security awareness training is seen by many as something “nice to have,” while several SF Bay Area business owners have begun implementing our on-site training in a necessity to any business looking to protect their network and backups from encryption.
Your decision to adopt user-based education has been passed over year-after-year due to budget constraints or a lack of in-house experts to demystifying technology. Small to medium-sized businesses have suffered from these types of constraints for years when compared to larger, resource-heavy organizations.
Though it’s clear end-user education doesn’t have to be a need for many business owners, as recently as August 2017, a Better Business Bureau study uncovered almost half of SMBs with 50 employees and under, regard security awareness training among their top 3 most proactive IT expenditures, alongside, firewalls and endpoint protection.
This increase comes as no surprise, as the cybersecurity landscape has become more dynamic than ever. The average small to medium-sized business faces annual losses of over $80,000 when everything is said and done. Your staff is the front line to your business, and even the most advanced security stacks, have limitations. If you’re not educating end-users by now, you’re putting your organization into harm’s way.
Here are a few tips and trips for SMBs looking to get started with end-user training, or security awareness training:
Gather Company Buy-In
As with any new programs, starting at the ground level will ensure success. Start with building a culture of security. Yes, it might require multi-factor authentication, or additional hoops to jump through. Begin generating the “buy-in” from the surrounding management teams, sending out an email explaining the value of security awareness, phishing details, and the latest in security trends, and reports for your information technology(IT) team.
Starts with Phishing
In the current technology landscape, security awareness should begin with the MOST COMMON attack vector, email phishing campaigns. With thousands of interactive tools and designs built to mislead and steal your credentials, there is no shortage of examples, and videos showing the intricate workings. Begin with the basics, and go through the varying amounts of phishing threats. Your staff should be able to identify and mitigate any phishing attempts after your training concludes.
Share results with End Users
Use this feedback to inspire smarter habits among staff, identifying key objectives for security awareness training to engage in at a later point. Who knows, maybe you will uncover security gaps left behind by a past managed IT, provider. Raise the level of cyber awareness throughout your organization, sharing the latest encounters internally with your staff. Chances are these criminals are working more than one of you at work and this can help employees understand the impact of poor online habits and motivate them to practice better behaviors.
Continuous Training: Set up your phishing and training program
Once your users are engaged and understand the value, the next step is setting up a training program for new employees. There is no one-size-fits-all program, but we recommend running at least one training courses per year. Depending on the needs of each organization, presentations can be tailored to highlight industry-specific security.
As the business scales, you will want to scale the frequency and adjust intervals throughout the year. Our Security Awareness Training includes real-world phishing scenarios that have been defanged from the wild.
When you start seeing the impact that proven security awareness training has on your employees, you’ll wonder how your business ever managed without it. Contact us to schedule your no-cost, no-obligation security awareness training for your organization.
They say recognizing a problem is the first step in solving it. But when it comes to cybersecurity, many SMBs don’t believe they have a real problem on their hands. Many simply believe that hackers will focus their attention exclusively on large and well-heeled organizations, and aren’t interested in smaller businesses. Unfortunately, this couldn’t be further from the truth, and it’s this mentality that leaves businesses highly susceptible to attacks.
1) Not If, but When
Many small businesses don’t invest sufficiently in IT security resources and protection. This may be due in part to the fact that they may not know they’re being targeted. According to the Ponemon Institute 2016 State of SMB Cybersecurity Report, hackers have breached 50% of the 28 million small businesses in the United States have no clue they’re being targeted.
2) Evolving Threat Landscape
Trying to keep pace with the changing nature of cyber threats is a full time. Many cannot afford the cost of internal IT security staff, which is why it’s imperative that their MSP keep them protected from zero-day threats.
3) Users Don’t Always Know Security Best-practices
In the last year, phishing was involved in 90% of breaches, which makes end users both the weakest link and the first line of defense. The best way to counter this threat is to train and educate end-users on the impact of their online behaviors. A well-trained user can help prevent threats like ransomware, drive-by downloads, keyloggers, and many more.
4) Lack of Effective Security Policies and Protocols
Companies should have documented policies in place to ensure all passwords are strong and regularly changed. Although these actions are “status-quo,” two-factor authentication is many. Access rights to network files, folders, and file shares need to be tightly controlled to avoid malware wreaking havoc on networks.
5) Exposure to Multiple Vector
All the ways that users’ can interact with the internet must be considered, from emails, attachments, links, to web browsing and network activity. Effective endpoint security starts with protecting each of these vectors from cyber attacks. Featuring multi-layered protection to defend you from threats that use different exploits to gain access to your network.
6) Complex Security Creates Admin Challenges
Consider not only the costs of buying cybersecurity software but also the operational expenses of the latest in security technology. Systems that use best-in-class solutions paired with minor automation can make security both more affordable and more effective. Using these solutions allows internal teams tasked with administration’s job easier.
7) Out-of-Date Systems
By following a rigorous patching regime, you can avoid many of the application vulnerabilities used to comprise networks. At times, patching can feel unimportant, but with the help of our staff, and a little automation, patching management has become smoother, and more cost-effective. WannaCry, 2018’s biggest cyber-scare could have been avoided completely by simply patching systems to best practices.
8) Murky Network Visibility
Having accurate information about your network technology, and what’s connected to it, is vital in protecting users from both internal and external threats. Network monitoring tools can identify network anomalies and counter threats before they do harm to your systems. Knowing can be half the battle, and being able to pinpoint affected systems and the potential path of destruction.
9) Poor Backup Practices
Faced with attacks like ransomware, SMBs must have an effective back-up and retention policy. 60% of companies that suffer from a cyber attack are out-of-business within 6 months due to the sheer amount of data loss. There are many on and off-premise cloud-based backup systems that will help avoid such fate. Unfortunately, for companies willing to pay the ransom these days, it will not guarantee you will get your data back.
Regulations affect several of the largest industries, and securing endpoints are a routine compliance requirement for most. It has become vital to understanding your compliance obligations and ensuring sufficient security is in place, to protect your business.
Clare Computer Solutions has the tools and experience to handle any aspect of your IT security. With tools to assess and remediate vulnerabilities. Clare Computer Solutions handles multiple networks, so we can apply this broad experience to expertly advise on your company’s technology strategies. Contact us today to begin the conversation on securing your business.
Logging into systems has been common for information workers for decades. The idea was, only you would know your login and password, and this would keep your information safe. The company data you’re protecting is more important than ever, and the tools cyber-criminals employ to get access to your data are growing in sophistication – making multi-factor authentic the best fit for most businesses.
Security experts have been recommending multi-factor authentication as a means of protecting access to systems for years, but what does the term mean?
What Is Multi-factor Authentication:
Multi-factor authentication adds different levels – in addition to what you know, it may also employ “who you are,” (Biometrics) or “what you have.” (physical token, or personal device) Using more than one level of authentication makes “hacking” into your accounts nearly impossible. The largest benefit to most businesses securing their data with multi-factor authentication is the use of single sign-on.
We’ve grown accustomed to passwords that must be changed every so often. However, multi-factor authentication often employs information that is generated when you try and log in, and is used only once, creating a different set of credentials each time.
Does this add complexity to the user experience? Yes, by design – but if you’ve ever watched someone quickly scan an access card (something they have) and then enter a quick code (something they know) to access a facility, you can see how quickly this can become routine.
Adoption of Multi-Factor Authentication:
For many vertical industries, companies must comply with regulations regarding physical and technical security. Those who provide services, or support to those companies should also be familiar with its compliance as well. Multi-factor authentication is no longer an “enterprise product.” Being found in such technology as Office 365, Microsoft 365, G-Suite (Gmail), or the latest cloud environments.
Wish to Enhance Security in Business-Line Applications?
Clare Computer Solutions can help your company evaluate options for multi-factor authentication, and then implement the solution that best suits your needs. Contact us to get started – the stakes are too high to wait.
The malware is known as ” Ransomware ” has many variants which utilize an array of methods to find a series of entry points (usually an attachment to an email) to infect and encrypt a company’s servers and data. Once the virus finds an entry point, it will begin to rapidly encrypt all the drives it can quickly access within the infected system.
You will become aware that the infection has occurred when someone attempts to access a file that has been encrypted or it hits the Server Operating System. There are no tools or Data Recovery Services that can decrypt your data; it is unrecoverable in this state.
All is not lost once your system has been compromised. We have found that there are two solutions that work the best once your system is compromised. Your two options are to restore your system from the last good backup or simply attempt to pay the ransom.
The IT industry does not encourage the payment of the ransom – and doing so does have risks. Sometimes a decryption key is never sent or won’t work, and the criminals don’t have an IT support team!.
But if you have no backup process for your data or you’re unsure and cannot take a chance on an unchecked backup then you may have no choice but to attempt to pay the ransom.
Prevention is the Best Option – Use These Steps
Educate Your Staff:
One of the most common causes of infection is an employee clicking on a link or opening a file sent from a legitimate source they might have corresponded with in the past. Train them to recognize “suspicious” emails
Employ Content Scanning / Filtering on Email Servers:
All incoming email must be scanned for viruses; this is the primary entry point for Ransomware. The next is websites that are infected; this is where a web content filter should come into play. If the website is infected the web filter will prevent its entry.
Maintain Patch Levels for OS and Applications:
It is an industry best practice to keep the workstations, server operating systems and applications up to date and patched as this will help prevent infection to your network.
Block End Users from Executing Malware:
Newer Antivirus and Malware programs such as Symantec, Malwarebytes and Webroot have products that work well for this service. You can configure and use “Group Policies” to implement software restriction policies to prevent the threat of Ransomware from running in the protected system areas.
Install and configure Host Intrusion Prevention:
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) solutions are very helpful but do require a certain amount of administration such as monitoring for alerts, notifications, and events.
Limit User Access to Mapped Drives:
If users do not need access to drives or sharing privileges then remove them from the shared list. Group rights and login scripts will help to map drive access in your company.
Deploy and Maintain Backups:
The most important solution we constantly offer to our clients would be to constantly backup your system – we cannot stress this enough. The biggest takeaway from this article is that the best protection is a solid backup scheme. We prefer image-based backups like Datto, Storagecraft, and Veeam.
This is not a complete list of all the methods or solutions that can be used; however these are the most common and cost-effective methods of prevention. Remember, doing something is better than doing nothing at all. Again, if you take nothing else away from this article please make sure that you have a solid backup solution in place and it is working.
For more information about Ransomware and how Clare Computer Solutions can protect your company, contact us or visit our website at www.clarecomputer.com to find out what CCS can do for you.