Cyberattacks Using SSL Encryption Swells the Success Rate of Malware to 400%

Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.

For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit.  One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.

As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.

  • Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
  • Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
  • Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
  • Domains – 32% of all spoofed domains or websites were using SSL to deliver content.

Most Phished Brands through HTTPS:

  1. Microsoft Office365 or OneDrive – 58%
  2. Facebook – 12%
  3. Amazon – 10%
  4. Apple or iTunes – 10%
  5. Adobe – 4%
  6. Dropbox – 4%
  7. DocuSign – 2%

By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.

Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.

(Email Pictured Below)

7 Cybersecurity Tips That Give Your Business an Unfair Advantage in 2019

Clare Computer Solution’s partner and security experts, Webroot, revealed the findings on their 2019 Threat Report, displaying many “tried-and-true” attack vectors or methods are still at the top of the list, with new threats emerging every day. It would appear the attackers are innovative, to say the least. This comes just in time, as many of our partners spoke to these very claims at the 2019 RSA Conference hosted just last week in San Francisco, California.

Hal Lonas, Chief Technology Officer at Webroot reports:

 

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

Clare Computer Solutions Couldn’t Agree More; Here are some from Webroot’s 2019 Security Report highlights:

  1. A staggering 40% of malicious URLs were found on “good” or “safe” domains. Legitimate websites are frequently compromised to host malicious content. To protect users, and employees data cybersecurity needs URL-level visibility or domain-level metrics to accurately showcase these dangers. Far too often, standard antivirus or endpoint protection can lack the capabilities, leaving these links in an employee inbox.
  2. Phishing attacks have increased by 36%, with the number of malicious sites swelling to 220% from last year. We’ve even seen phishing sites use SSL Certificates, and HTTPS to trick unknowing users into believing they’re secure and legitimate. Microsoft’s latest Security Intelligence Report, confirms this with analytics reporting 250% increase in phishing messages being sent through Office 365.
  3. 77% of spear phishing attacks impersonated financial institutes, and most likely to use HTTPS over other types of target. With over 80% of financial institutions finding compromised links residing on an HTTPS page.
  4. Google followed by Microsoft, and UPS/FedEx ranked among the most impersonated brands in phishing overall for 2019.
  5. Security Awareness Training reports from Webroot and KnowBe4 both show an average of 80% less likely to fall for phishing attempts, especially with phishing simulations, and on-demand training.
  6. One-third of all malware makes attempts to hide inside of %appdata% folders. What makes these locations price for hiding, is the commonality between paths. Every user directory, with full user-permissions, will install here and are hidden by default in most operating systems. Although malware can and will hide almost anywhere, the most common locations are as follows:
    – 29.4% in %appdata%
    – 24.5% in %temp%
    – 17.5% in %cache%
  7. Devices using Windows 10 are at least 2x more secure than those systems still on Windows 7. Webroot has reported a steady decline in malware on Windows 10 machines in the business space.

Furthering your Security Measures

While ransomware was less of a problem in 2018, it has become more targeted, and companies, customers, and employees will fall victim to ransomware. In 2018 many attacks saw the use of Remote Desktop Protocol (RDP) as an attack vector. Leveraging tools to scan systems with inadequate RDP settings. It’s these unsecured RDP connections that hackers can use to gain access to a given system and browse through all its shared data. Further providing criminals with sensitive information that ransomware can exploit.

Begin furthering your security measures today, with the use of a cybersecurity assessment. Easily track your current security posture, and rely on the experts to build you a roadmap for securing your business. Dive-deeper into your network than ever before, with the use of our Security Posture Assessment from Clare Computer Solutions. If you wish to view the Webroot report, you can find that here.

Domain Name System DNS does not mean Do not Secure network infrastructure for IT Support with Clare Computer Solutions

Domain Name System: DNS Doesn’t Mean “Do Not Secure”

Recently, the U.S. Department of Homeland Security(DHS) and Cybersecurity & Infrastructure Security Agency(CISA) have begun the tracking of a Domain Name System (DNS) hijacking campaign. With using the following techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for agencies’ domain names and launch attacks keeping your organization as the man-in-the-middle, including:

  • Compromised credentials or obtained via account w/ with to make changes to Domain Name System records.
  • Modifying any of the original addresses, mail exchange, name servers, and other Domain Name System records.
  • EstablishDomain Name System records value and falsy-obtain encryption certificates for the executive branch.

How Staff Can Address these Domain Name System Attacks?

  1. Audit Your DNS records – By reviewing business records associated with services offered to users and the public to verify their location.
  2. Update DNS account passwords – Begin to modify your passwords on every account that has the power to make changes to agency Domain Name System records. Utilizing a password manager can assist in providing better passwords to secure this even further.
  3. Leverage multi-factor authentication (MFA) – Implement MFA for all accounts on systems that can make changes.
  4. Track certificate transparency logs – Monitor certificate transparency log-data for certificates issued by CISA OR DHS.

So, What Exactly is at Risk Here?

Software or SaaS applications have become more prevalent than ever, with threats associating with data theft beginning to soar, with a record of 28% increase on attacks related to Office 365 and Googles GSuite. By utilizing these three key strategies, you can begin securing your business and turn Domain Name System from Do Not Secure, into another fortified line of network defense. By shielding your network with a filtered Domain Name System and utilizing browsing policies, you can successfully keep users safe from malicious sites, and their downloads. This keeps networks secured, with minor tweaks to an Office 365 environment, also preventing harmful attachments out of email inboxes.

  1. Domain Name System (DNS) – Begin switching towards a Domain Name System (DNS) service that can actively monitor and block known malware sites to begin reducing the risk of exposure to malware. Unless you’ve custom-configured some settings, it’s likely that a site’s DNS provider is your current Internet Service Provider. DNS providers can block this type of access in two methods. Blocking a request made from a user, or by preventing malware from “phoning back home” with your data.
  2. Internal Policies – These style of filters work to block harmful sites and downloads at the browser level. Similar to the DNS provider at the network level, these systems calculate the risk and based on the amount of potential harm done, will flag these malicious downloads for greater review. Most that need the power to download from harmful websites do receive notifications, although they can go ignored in some cases.
  3. Email Filtering – In the latest statistics from WebRoot, Microsoft, and Sophos, report ransomware’s #1 attack-vector is still email delivered payloads. Far too often, recipients open files without realizing it wasn’t a file, but instead a malicious application. Microsoft does give Office 365 administrators the ability to block any of the 100 different file types. Although in most cases, businesses need attachments to be sent via email, that’s when the use of Microsoft Ondrive to view files can assist your organization.

If your business feels this is out of the scope of your current provider, or would like another expert opinion, give us a call to schedule a time to chat with one of our technology specialists, or have us visit your site. Reach out to us, and let us know if you need DNS help.

ccs anti spear phishing help and fixes sf bay area

The Latest Spear Phishing Scams to Pass-Through Your Email Filter

Unfortunately, everything malicious isn’t always caught by your email filtering or anti-virus. Because of the rise in email born attacks over the last few months, we’ve begun debunking some of the most well-known spear phishing emails sent to local business owners. With an estimated 91% of successful data breaches started by spear phishing, this type of scam has garnered a lot of media attention. Once reserved for the C-level executive, spear phishing has grown, targeting managers and other employees as an essential component of a social engineering attack.

Did You Know That 91% of Successful Breaches Start with a Spear Phishing Attack?

1. “Funding for Your Business DocuSign Scam”

One of our partners here at CCS sent this brilliant example of a spear phishing scam, that can get past ANY email or web filtering.

This message sails through filters and protects devices as it’s presented as a close-to-real document. Utilizing Adobe DocuSign, this example is built to grab your information, not to deliver a malicious payload.

DocuSign IT Support Company finds Phishing email example

By reviewing documents, and clicking the entirely legit DocuSign page, it will spawn what appears as a loan application. By completing this form, it will send your information directly to the hackers. Making it even easier for them, towards the bottom of this application there is a place to upload your last three paychecks or pay stubs.

Spear Phishing Email Form Top 1

If someone in your account’s receivables, accounting, or finance department were to submit this information, the damage could be extensive, and bankruptcy has unfortunately become a harsh reality for small-to-medium sized businesses due to the potential repercussions.

Spear Phishing Email Example Form 3

2. Unwitting Job Applicant Victims to Malware Ad Attacks

The way spear phishing works is by evoking trust and credibility to entrap victims into providing information that grants them access to personal records, employee information, and company data.

Like many professionals in the SF Bay Area, I’m on LinkedIn, where thousands of people are searching for employment opportunities. Given you’re on a website that knows your job title, industry sector, GPS Location, etc. it wouldn’t raise suspicion in most cases.

That’s exactly what these hackers were counting on when they hosted several malicious LinkedIn Ads to target a bank employee. The victim was a financial company employee that was contacted by, and even held a Skype call with the potential “new-employer.” Once the interview was conducted, and the employee’s defenses are down, cybercriminals asked the employee to install a program called “ApplicationPDF.exe” that would generate his application.

Because this program was able to bypass anti-virus and suspicion, it’s believed the hackers were attempting to gain access into the network of financial records, debit cards, and control over localized ATMS.

We often begin seeing employees as the easiest line of defense in your cybersecurity. It’s stories like these that continue to keep our clients vigilant with security and elevate the awareness employees have to surround these malicious threats and looking for red flags. In this case, the PDF application was the scam that allowed access into localized network operations.

 

Steps Towards a Spear Phishing Remedy:

By focusing on the unique needs of your network, and it’s users there are low-cost solutions for making major strides in stepping up spear phishing prevention. With the implementation and setup of policies, permissions, and email filtering, begin minimizing the risk your business can incur. As part of our commitment to the SF Bay Area Community, we have begun offering Security Awareness Training for companies looking to strengthen their security posture. We understand the uniqueness of your business, and so do each of our employees. Leverage our staff, and knowledge to toughen-up security today.

Secure Now, or Pay Later: “Collection #1” Data Breach Reports 773 Million Personal Records

A developing story regarding one of, if not the largest data breach dump of all time. Deemed “Collection #1” for its collated structure. Collection #1 was a series of data dumps from over 2,000 databases, and this data breach hits close to home. After being alerted early Saturday, January 19th, 2019, I noticed an odd email forward from a website I’d never seen or heard of, alerted me that an older personal email and password was compromised. Taking this notice, we’ve used our experts to dig deeper into the Collection #1 data breach.

By starting with the raw-data first, Collection #1 is a set of email addresses and passwords that have totaled 2,692,818,238 rows, of spreadsheets, with decrypted passwords. Made up of several smaller breaches organizations, forums, social platforms make up the varying sources. In total, the data creates 1,160,253,228 unique combinations for emails and passwords. (emails are NOT case sensitive) It should be noted, 772,904,991 unique emails and 21,222,975 other personal data records were released on the dark web on Friday, January 18th, 2019.

Origins of this Data

To further heighten the stakes, with the original documentation pictured above, we can see hackers are neatly formatting their data-dumps, and this shows the delimited text formats (commas, semicolons, syntax) further proving the original origin of this data. Posted late last week on the popular dark web service MEGA, over 12,000 separate files were collected, totaling 87GB of data that has since been removed from the dark web site. Referencing the image below, the expanded view shows the file listing and the many alleged sources. (it’s very difficult to discover the source of data breach information)
Clare Computer Solutions MSSP Managed Security Service
What I can say, is I checked, and verified my own personal data, though it was inaccurate, it was credentials, that I personally used several years ago. Like many of you reading this, I’ve bared witness to my data being in these breaches and although it’s always outdated credentials it still provides me with a sense of dismay, though I know it’s not personal.

How “Hashed Passwords” are Used in Hacking

As I’ve mentioned, there was a mix of “hashed” and “de-hashed” passwords that were cracked, and output to plain-text. These massive files are used with automation tools to resplendently attempt numerous credentials. For an example, if you head over to HIBP, and you enter the word “P@assw0rd” it will return the password as being cracked or broken 51,000 times, so this is obviously ill-advised though it meets common password standards, like upper case, lower case, number, and 8 characters long.

So, What’s at risk here?

In short, if you’re involved in this data breach, many of your passwords could already be compromised, in this case, used for credential stuffing. Credential stuffing is the process of automated injection of breaches usernames, emails and password pairs to gain fraudulent access to your accounts, once reporting with access, they leverage this same list across banking, emails, and website servers.

The cold reality of this situation is 140 million emails were taken with 21 million in passwords not already disclosed or discovered. My hope is that many will be prompted to broaden their security posture and look past the basic steps in password difficulty. There is something big to take away from all these breaches occurring. Two-step verification could prevent access to many business’ vital applications that are now being moved to the cloud or online.

To learn more about the launch of our latest security initiatives, head over to our Managed Security Services page, to learn the latest technology used to combat cyber attacks in for small to medium business. Providing greater uptime maximization, and peach of mind through fully securing your network.

Remote Desktop Protocol clare computer solutions IT services protection,

Ready to Ditch the Protocol? Reasons to End Remote Desktop Protocol

Remote Desktop Protocol (RDP)has been known to IT professionals for years, added into our arsenal since the original release with Windows NT 4.0. This provided the technical people the ability to treat any system or task as though it were local. Before we go further, it’s worth noting most Ransomware attacks occur through the open-ports in your network. These ports are what leadership sometimes use to remote into a work machine. You’re internal IT uses this to assist in taking control of your work PC to troubleshoot a problem.

Quickly, the productivity tool was adopted, widely seen by many as an initial attack vector. From a security standpoint, any software or program that takes remote control of your PC is worth of severe scrutiny. In the wrong hands, RDPs can assist cybercriminals in deactivating device’s in the organization’s network, concerning endpoint protection, and deliver nasty payloads of malware.

Using a publicly accessible Remote Desktop Protocol session to reach systems creates major concerns surrounding your network vulnerability. Public sessions are targets, with cybercriminals discovering new ways of conducting port and IP sweeps. According to Tyler Moffit, Webroot’s Senior Threat Analyst and partner “It’s a matter of when not if.

Recent reports suggest the state of banking security as half of all banks in the SF Bay Area have left remote access and control interfaces like Remote Desktop Protocol, openly accessible from the internet. Shocking finding for many in an industry built on securing customer information.

Turning Remote Desktop Protocol into an Attack Vector

Although most cyber attacks are from the results of lateral movement through your IT network, malicious payloads will spread between each system, fully compromising and stealing each PCs data. By adding pubic accessible Remote Desktop Protocol, you compromise those with weak credentials, using password breakers to easily accomplish these lateral movements, from user to user.

With four high-level options for securing your environment, and managing them with more security:

  1. Consider eliminating the Remote Desktop Protocol access by changing the default TCP ports and leveraging a virtualized network, or VLANs to critical systems. A more secure option would be to block all RDP connections through none whitelisted IPs. Additional solutions are available when it comes to logon monitoring and activity summaries with heightened visibility utilizing multi-factor authentication.
  2. Secure all systems and endpoints first, with solution designs to monitor and remedy any network anomalies. Similar to that of an RDP session from other workstations and notify your technical team or leadership.
  3. Utilize paid encryption Solutions for remoting into work systems. Some of the most popular remote solutions are TeamViewer, LogMeIn, and Screen connect all companies through encrypted connections to release communications as need.

Ready to Ditch the Remote Desktop Protocol?

With security threats and attack vectors mounting, remote desktop options are out there, and your Managed Service Provider or IT Consultant should be attending to the major attack vector. Companies must begin to recognize the security dangers across their network, and how to best leverage their current technology investments. Paired with our award-winning suite of solutions, better secure the access to RDP, the data, or black all remote sessions until further notice, per security posture.

To learn more about what Managed IT Support can do in terms of your networks RDP, contact us today to get started in discovering network vulnerabilities, the criminals will leverage.

SMB cybersecurity practices clare computer solutions

Uncovering the Gaps: 7 Proactive Cybersecurity Best Practices for Bay Area Businesses

For businesses, the traditional approach towards cyber security is focused on defending against threats, and prevention. As criminals become bolder, and tactics grow in sophistication, defense and prevention aren’t enough. “Over 80% of businesses are looking for third-party help with cybersecurity,” according to Webroot’s 2018 Report. By following these practices, you can securely position your company from a secure-data standpoint.

  1. Focus on Risk – Instead of achieving a 100% fully-secured business, shift the conversation towards how much risk to a business, and it’s data, each employee’s faces. Come to terms with the idea “100% Secured” is unattainable. Cybercriminals can and will always find new ways to attack. By implementing cybersecurity metrics that track logs and security patching. By uncovering how many applications lack the latest security patching, your team can uncover any security vulnerabilities that have not been addressed.
  2. Prioritize the Data – Each business has that information, that remains at risk. For many of your businesses, it would be employee health records, customer information, bank routing numbers. This sensitive data should get the highest level of security. This ensures a harder time for hackers to access info, and work to educate employees on protecting these valuable assets.
  3. Cyber Clean-Up – It’s always good practice to stay vigilant about security maintenance, to prevent commonly overlooked threats, such as ransomware, and phishing attacks. These “housekeeping” tasks are typically strengthening endpoint security, administrative rights for hardware access, and folder structure, schedule and automate patching roll-ups, data backups, and overall response planning in preparation of an event.
  4. Security Stand Out – While it’s obvious for most business to leverage security as a differentiator, it might be less clear for employees, who interact with multiple businesses each day. From financial firms to outsourced HR, or even healthcare, all of them require strong security, to protect employee data or their clients.
  5. Regulatory Churn – New regulations, such as Europe’s recently released, General Data Protection Regulation (GDPR) often cause concerns for businesses based in the United States, but selling in Europe. Businesses are told to comply but lack the tools and know-how to bring systems, and processes to standards. Compliance managers were force-fed regulations, in hopes to determine how best to position the tools and services needed. As a trusted IT service partner, we assist companies in the discovery, and remediation of non-compliant networks to meet business needs, and compliance standard, making for great security.
  6. Boosting Security Expertise – With a threat landscape, similar to that of the wild west, cybersecurity must change with it. Shrouded in secrecy, the threat landscape has never been more open to knowledge sharing. If your company doesn’t have the time to research the specific threats linked to your business, maybe it’s time to meet with us or attend an awesome cybersecurity event.
  7. Build a Culture – Due to the constant threat of cyber attacks, security awareness training should employ best-of industry security habits, such as password changes, encrypting mobile devices, and avoiding public Wi-Fi, when accessing sensitive data. It’s ok to work while on-the-go but use a VPN, or a remote desktop receiver with 2-factor authentication.

Something most businesses lack and your competition forgot about. Win more business and increase your bottom line, by keeping network uptime maxed, and efficiency within your processes intact. Realize the Power of Technology with the help of a trusted IT service provider. Contact us to begin an uncovering the gaps in your cybersecurity today.

bay area disaster recovery and business continuity solutions

Managed Service Provider Best Practices for Protecting Your Employees

Cybercrimes are reaching all-time highs, with many organizations being hit with at least one of the 230,000 attacks that occurred in 2017. As a Managed Service Provider, it’s our job to make security a priory for clients in 2018. By following 3 simple best-practices, we use to begin protecting NetCentral Partners. Built to enhance MSP security, mitigate client risk, and grow your revenue.

User Education

Effective anti-virus is essential to keeping your business protected, but it’s simply not enough. With increased risks and social engineering, many have found the need for user education as a major objective for 2019. By educating end-users through security awareness training can reduce the cost of infection or data breaches. These tactics have evolved, and are beginning to target businesses through social engineering, and the favorite method for delivering an attack.

Common Social Engineering Includes:

  • Typically, an email from a trusted friend, contact, or colleague, whose account has been compromised. The message will usually have a URL link to open or download, and invoice or website.
  • Phishing emails, comments, or text messages luring readers to confirm the legitimacy of your accounts. These are usually fake email vendor emails that have been spoofed or recreated by these criminals.
  • Fraudsters are more common in major business cities like San Francisco, Oakland, San Jose, California. These criminals leave USB or zip-drives around the company’s premises, in hopes a curious employee takes it. Hoping a curious employee will insert the temporary storage it into a computer providing access to company and personal data that is saved on your systems.

These attacks are usually devised through relevant and timely education can minimize your exposure to breaches caused by user error. By training our partners and clients on social engineering, and other tactics including ransomware, email passwords or data protection, you assist in fostering the behavior with which you wish to see across your organization.

Backup & Disaster Recovery Plans

Your IT support team should always stress the importance of backups and creating a disaster recovery plan, with regular testing of each asset. If hit with ransomware, without a secure backup, businesses face the intended ultimatum. To pay the ransom and risk the money or lose countless amounts of company data.

We’ve continued to offer our clients options to fit their network, with automated cloud-based backups and physical appliances for any company’s data retention policies to avoid encryption. With access to data anywhere at any time, the best form of proactive support comes with the industry knowledge gained from building business continuity plans.

Things to Consider:

  • Who declares the disaster?
  • How are employees informed?
  • How will you communicate with customers?

The secret to building the perfect disaster recovery plan for your business comes after the plan is implemented. The most common failure point for many businesses before NetCentral support is a failure to test a backup solution. Then a small-scale disaster or accident occurs, and your business can’t restore its data. Imagine the loss of business financials, intellectual property, client data. Insurance won’t pay you for lost information, and your disaster recovery plan is the only thing between business risk and your employees. Once a plan has been implemented and adopted by the staff, it’s important to develop your process.

Patch Management

Patch Management continues to be one of the largest areas of vulnerability for businesses with more than 2 “production” servers. Most updates are security related and should be updated as needed. Outdated technology, including an operating system (OS) or Java, are common exploits in several of this year’s largest cyber attacks. By staying atop of operating system updates, you prevent your business from learning a “very costly lesson.” A great example, of this, was back in 2017, with Windows 10. Win10 initially only marked 15% of malware files, while Windows 7 machines saw over 63% according to Webroot’s 2018 Threat Report.

Patching Process

Your patching process should feel like “a never-ending cycle,” of auditing existing systems to generate a complete inventory of all your production systems, their standardization, and operating systems and applications. By building these standards with a trusted IT support team, your patching process will become easier. Through the classification of vulnerabilities, higher priorities can be remedied, while lower vulnerabilities begin to be automated, never disrupting your workday again.

By following these best practices, your business can begin thinking like an MSP. This will ensure the safety of your business, but also securing customer data. Business owners looking to scale operations should be looking to align business objectives, with an MSP that focuses on your IT experience, if you’re in need of IT Support and Services, we can help! Contact us, to begin talking about your IT stance.

3 MSP Best Practices for Protecting Your Users

Cybercrimes are reaching all-time highs, with many organizations being hit with at least one of the 230,000 attacks that occurred in 2017. As a Managed Service Provider, it’s our job to make security a priory for clients in 2018. By following 3 simple best-practices, we use to begin protecting NetCentral Partners. Built to enhance MSP security, mitigate client risk, and grow your revenue.

User Education

Effective anti-virus is essential to keeping your business protected, but it’s simply not enough. With increased risks and social engineering, many have found the need for user education as a major objective for 2019. By educating end-users through security awareness training can reduce the cost of infection or data breaches. These tactics have evolved, and are beginning to target businesses through social engineering, and the favorite method for delivering an attack.

Common Social Engineering Includes:

–  Typically, an email from a trusted friend, contact, or colleague, whose account has been compromised. The message will usually have a URL link to open or download, and invoice or website.

–  Phishing emails, comments, or text messages luring readers to confirm the legitimacy of your accounts. These are usually fake email vendor emails that have been spoofed or recreated by these criminals.

–  Fraudsters are more common in major business cities like San Francisco, Oakland, San Jose, California. These criminals leave USB or zip-drives around the company’s premises, in hopes a curious employee takes it. Hoping a curious employee will insert the temporary storage it into a computer providing access to company and personal data that is saved on your systems.

These attacks are usually devised through relevant and timely education can minimize your exposure to breaches caused by user error. By training our partners and clients on social engineering, and other tactics including ransomware, email passwords or data protection, you assist in fostering the behavior with which you wish to see across your organization.

Backup & Disaster Recovery Plans

Your IT support team should always stress the importance of backups and creating a disaster recovery plan, with regular testing of each asset. If hit with ransomware, without a secure backup, businesses face the intended ultimatum. To pay the ransom and risk the money or lose countless amounts of company data.

We’ve continued to offer our clients options to fit their network, with automated cloud-based backups and physical appliances for any company’s data retention policies to avoid encryption. With access to data anywhere at any time, the best form of proactive support comes with the industry knowledge gained from building business continuity plans.

Things to Consider:

–  Who declares the disaster?

–  How are employees informed?

–  How will you communicate with customers?

The secret to building the perfect disaster recovery plan for your business comes after the plan is implemented. The most common failure point for many businesses before NetCentral support is a failure to test a backup solution. Then a small-scale disaster or accident occurs, and your business can’t restore its data. Imagine the loss of business financials, intellectual property, client data. Insurance won’t pay you for lost information, and your disaster recovery plan is the only thing between business risk and your employees. Once a plan has been implemented and adopted by the staff, it’s important to develop your process.

Patch Management

Patch Management continues to be one of the largest areas of vulnerability for businesses with more than 2 “production” servers. Most updates are security related and should be updated as needed. Outdated technology, including an operating system (OS) or Java, are common exploits in several of this year’s largest cyberattacks. By staying atop of operating system updates, you prevent your business from learning a “very costly lesson.” A great example, of this, was back in 2017, with Windows 10. Win10 initially only marked 15% of malware files, while Windows 7 machines saw over 63% according to Webroot’s 2018 Threat Report.

Patching Process

Your patching process should feel like “a never-ending cycle,” of auditing existing systems to generate a complete inventory of all your production systems, their standardization, and operating systems and applications. By building these standards with a trusted IT support team, your patching process will become easier. Through the classification of vulnerabilities, higher priorities can be remedied, while lower vulnerabilities begin to be automated, never disrupting your workday again.

By following these best practices, your business can begin thinking like an MSP. This will ensure the safety of your business, but also securing customer data. Business owners looking to scale operations should be looking to align business objectives, with an MSP that focuses on your IT experience, if you’re in need of IT Support and Services, we can help! Contact us, to begin talking about your IT stance.