“How Could You Let This Happen?”

Those are words we never want to hear, no matter what the situation. Something undesirable has happened, we were expected to have prevented it, but it happened. By the time the question is being asked, there isn’t much to do except damage control.

When it comes to information security, sadly, this question is asked all too frequently. Attackers continue to refine their skills while, at the same time, more and more aspects of business are being digitized and moved online. If you don’t have a robust and constantly improving security posture, sooner or later you’re going to hear those words directed at you.

In the previous blog post, Make vs. Buy, we discussed the economic tradeoffs of investing in internal expertise versus leveraging external expertise. Maintaining effective information security is like running on a treadmill that doesn’t have a stop button…if you aren’t constantly moving forward it’s going to get ugly real fast. Staying up to date on the latest security trends, vulnerabilities, and solutions is a full-time job, and when you factor in PCs, phones, servers, networking gear, and other technologies, more than just one person can handle.

Read more

Seamless Cybersecurity & Two Emerging Threats

For most businesses, the pandemic has been a rush of implementing new policies and procedures while at the same time, trying to keep end-user Cybersecurity fortifications intact. Organizations that acted early following the shelter-in-place safety procedures are still focusing on maintaining or improving their Cybersecurity needs.

Most users can work from home and many have implemented tools to allow for a remote workforce. Many firms are adding collaboration tools to their remote strategy, with the hope of improving teamwork and collaboration more efficiently. However, this new workflow and new tools can expose your business to additional risks.

At Clare Computer Solutions we have uncovered at least two troubling new trends to keep an eye on:

Read more

Four Risks to Consider with VPN Deployments

With the sudden and rushed deployment of Virtual Private Network (VPN) services to further support new remote workers, many companies are discovering firsthand, the struggles of implementing a VPN into their network. Without the needed experience, the configuration can leave your network, endpoints, and data vulnerable to attack.

Proper implementation, ongoing management and monitoring of this device is the key to success. Clare has been assisting clients with implementing new solutions for over 30-years. Our approach is to assure your business objectives are addressed while highlighting potential risks and vulnerabilities. We will review the overall network architecture to identify and address potential access control concerns, issues of scaling and load challenges, authentication concerns, and, finally, endpoint protection as part of our design discussions. A thorough implementation will ensure a successful and secure VPN solution. Read more

Average Ransomware Payment Rises Again

COVID-19 continues to create opportunities for the “bad actors” to wreak havoc. In this week’s blog we discuss the latest security concerns created by the COVID-19 pandemic, specifically around Ransomware. This quarter saw a 33% increase in ransom from Q1 2020, with average payment requirement of $111K! It’s the seventh straight quarter that system hijackers have reaped more money and shows that this security breach continues to grow. Compare this to the previous numbers we shared in which the average ransom in Q4 2019 had increased from $84,116 reflecting a staggering increase from $41,198 in Q4 2018. Read more

COVID-19 Relief Aid Phishing attempts have increased by 6000% – Is your Business vulnerable?

Uncertainty about the availability and allocation of financial relief funds for the COVID 19 pandemic has confused small business owners while simultaneously creating new opportunities for cyber attackers to prey on unsuspecting victims. Per a recent article published by IBM and Morning Consult, nearly 40 percent of small business owners believe they’ve been targeted with malicious coronavirus (Covid-19) spam emails. This new phishing scam has created an open door for those bad actors to wreak more havoc during this already stressful time.

Since mid-March, Covid-19 related phishing lures mimicking the Small Business Administration (SBA), the World Health Organization (WHO), banks offering relief funds, the U.S. Federal Reserve and other government organizations, have spiked by 6,000 percent, according to the report. For example, spam that impersonates the SBA and promises government relief funds trick victims into opening a spoofed application attachment that triggers a malware infection. With this continued rise of phishing attempts Security Awareness Training has never been more important. As you can see from the statistics below people are expecting to receive COVID-19 information and updates. As such, users may let their guard down and be easily tricked. “The data and intelligence should remind us that there is no honor among thieves,” the report reads. “Cyber criminals will continue to view times of uncertainty as an opportunity, seeking new ways to exploit targets when they have their guard down.”
Read more