Security

Assess risks before buying new software

The growing market for cybersecurity products is a sign that businesses are taking the issue seriously. But before your company jumps into investing in any product, ask yourself if it’s really necessary. Find out how you can make the most out of cybersecurity products by conducting a risk assessment.

Uncover threats and vulnerabilities

Every business should evaluate the current state of its cybersecurity by running a risk assessment. Doing so is one of the easiest ways to identify, correct, and prevent security threats. After discovering potential issues, you should rate them based on probability of occurrence and potential impacts to your business.

Keep in mind that risk assessments are specific to every business and there is no one-size-fits-all approach for small business technology. It all depends on your line of business and operating environment. For instance, manufacturing companies and insurance groups have totally different applications to secure.

After tagging and ranking potential threats, you should identify which vulnerabilities need immediate attention and which ones can be addressed further down the line. For example, a web server running an unpatched operating system is probably a higher priority than a front desk computer that’s running a little slower than normal.

Tailor controls to risks

Instead of spending time and money evenly on all systems, it’s best that you focus on areas with high risk. You should address these issues immediately after an assessment, but also put plans in place to evaluate their risk profiles more often.

Assess existing products

Chances are, your organization has already spent a great deal of money on security products and their maintenance and support. By conducting risk assessments more often, you can improve the strategies you already have in place and uncover wasteful spending. You may discover that one outdated system merely needs to be upgraded and another needs to be ditched. Remember, your existing products were purchased to meet specific needs that may have changed immensely or disappeared altogether.

It’s much harder to overcome cybersecurity obstacles if you’re not regularly evaluating your IT infrastructure. Contact our experts for help conducting a comprehensive assessment today!

Published with permission from TechAdvisory.org. Source.

/by

SMB routers targeted by VPNFilter malware

Earlier this year, news broke that a malware strain named VPNFilter was infecting hundreds of thousands of devices. If you didn’t act then, now’s the time. Security experts have updated their threat assessment and its much worse than they originally thought. Small businesses are especially at risk and need to take action.

VPNFilter recap

A team of security researchers from Cisco released a report that a strain of malware had been discovered on hundreds of thousands of routers and network devices. Originally, researchers believed it affected only Linksys, MikroTik, Netgear, and TP-Link devices.

Like many malware strains, VPNFilter infects devices that use default login credentials. But it’s worse than the average cyberattack because it can destroy router hardware and cannot be removed by resetting infected devices.

As if destroying 500,000 routers wasn’t bad enough, VPNFilter lets its creators spy on networks and intercept passwords, usernames, and financial information.

What’s new

Just two weeks after VPNFilter was discovered, security experts announced that it targets 200,000 additional routers manufactured by ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. Worse yet, VPNFilter can alter data passing through infected routers. That means when you enter a username and password into a banking website, hackers could steal that information and show you an incorrect account balance to hide fraudulent deductions.

How to stop VPNFilter

Rebooting a router won’t remove the malware, you need to factory-reset the device. Usually, all this requires is holding down the Reset button on the back of the device for 10-30 seconds. If your router has no reset button or you’re unsure whether pressing it did the trick, contact a local IT provider immediately.

Cybersecurity threats have become so prevalent that even large enterprises struggle to keep their digital assets safe. Outsourcing IT support to a managed services provider like us will give you enough capacity to deal with issues like VPNFilter as soon as they arise. Call us today to learn more.

Published with permission from TechAdvisory.org. Source.

/by

Chrome: From HTTP to HTTPS

, ,

Within the last year, Chrome has helped users understand that HTTP sites are not secure. More websites use HTTPS, a safer protocol, than ever before. So, how can you benefit from this transition? Find out here.

For several years, Google has moved toward a more secure web by strongly advocating that sites adopt the Secure HyperText Transfer Protocol (HTTPS) encryption. And last year, Google began marking some HyperText Transfer Protocol (HTTP) pages as “not secure” to help users comprehend risks of unencrypted websites. Beginning in July 2018 with the release of a Chrome update, Google’s browser will mark all HTTP sites as “not secure.”

Chrome’s move was mostly brought on by increased HTTPS adoption. Eighty-one of the top 100 sites on the web default to HTTPS, and the majority of Chrome traffic is already encrypted.

Here’s how the transition to security has progressed, so far:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

HTTPS: The benefits and difference

What’s the difference between HTTP and HTTPS? With HTTP, information you type into a website is transmitted to the site’s owner with almost zero protection along the journey. Essentially, HTTP can establish basic web connections, but not much else.

When security is a must, HTTPS sends and receives encrypted internet data. This means that it uses a mathematical algorithm to make data unreadable to unauthorized parties.

#1 HTTPS protects a site’s integrity

HTTPS encryption protects the channel between your browser and the website you’re visiting, ensuring no one can tamper with the traffic or spy on what you’re doing.

Without encryption, someone with access to your router or internet service provider (ISP) could intercept (or hack) information sent to websites or inject malware into otherwise legitimate pages.

#2 HTTPS protects the privacy of your users

HTTPS prevents intruders from eavesdropping on communications between websites and their visitors. One common misconception about HTTPS is that only websites that handle sensitive communications need it. In reality, every unprotected HTTP request can reveal information about the behaviors and identities of users.

#3 HTTPS is the future of the web

HTTPS has become much easier to implement thanks to services that automate the conversion process, such as Let’s Encrypt and Google’s Lighthouse program. These tools make it easier for website owners to adopt HTTPS.

Chrome’s new notifications will help users understand that HTTP sites are less secure, and move the web toward a secure HTTPS web by default. HTTPS is easier to adopt than ever before, and it unlocks both performance improvements and powerful new features that aren’t possible with HTTP.

How can small-business owners implement and take advantage of this new interface? Call today for a quick chat with one of our experts to get started.

Published with permission from TechAdvisory.org. Source.

/by

Office 365 will block Flash by 2019

,

Microsoft recently announced plans to eventually stop the activation of Silverlight, Shockwave, and Flash content in Office 365. This is not just the developers disabling bugs with an option to click a link or button to look at content. Within a few months’ time, Flash will be gone from Office 365 for good.

What media will be affected once this is implemented?

Microsoft Silverlight and Adobe Flash or Shockwave content that uses Microsoft’s OLE (Object Linking and Embedding) platform and the “Insert Object” feature will be blocked. However, media that uses the “Insert Online Video” control via an Internet Explorer browser frame will not be affected by this change.

The following timeline shows the various changes that will take full effect by January 2019:

  • Controls in the Office 365 Monthly Channel will be blocked beginning June 2018.
  • Controls in the Office 365 Semi-Annual Targeted (SAT) Channel will be blocked beginning September 2018.
  • Controls in the Office 365 Semi-Annual Channel will be blocked beginning January 2019.

Why did the developers choose to take out the embedded content?

Microsoft pointed out various reasons for making their decision. It cited that malware authors have been exploiting systems through Word, Excel, and PowerPoint files with embedded content, and that most Office 365 users did not use or rarely use the controls anyway.

Aside from this, the developers at Microsoft decided to take action after Adobe announced that Flash would reach its end-of-life cycle by 2020. Silverlight was discontinued in 2016, where enterprise customers would have support for the medium until 2021.

For businesses that still need to look at or embed Silverlight- or Flash-based content in an Office 365 document, Microsoft has provided a support page to guide users on re-activating the controls.

As more websites are transitioning away from Flash in favor of HTML5, Microsoft’s once-popular platform has experienced a steady decline over the years. According to Google, Chrome users who loaded a single web page per day that has Flash media had gone down from an estimated 80% during 2014 to below 8% in early 2018.

For more information about utilizing Office 365 features and other IT related concerns, feel free to get in touch with us today!

Published with permission from TechAdvisory.org. Source.

/by

Mitigating healthcare insider threats

,

The healthcare industry is unique in that the biggest data security threat comes from insider breaches.The main reason for these unauthorized hacks is financial gain. So how can healthcare organizations protect themselves against insider threats? Read on.

#1 Educate – The workforce (meaning all healthcare employees) must be educated on allowable uses and disclosures of protected health information (PHI) and the risk associated with certain behaviors, patient privacy, and data security. For example, when a celebrity is admitted to hospital, employees may be tempted, just out of curiosity, to sneak a look at their medical records, so this must be emphasized as a definite no-no.

#2 Deter – Policies must be developed to reduce risk and those policies must be strictly enforced. The repercussions of HIPAA violations and privacy breaches should be clearly explained to employees. They can be penalized huge amounts of money and violations can also carry criminal charges that can result in jail time.

#3 Detect – Healthcare organizations should implement technology to identify breaches rapidly and user-access logs should be checked regularly. Organizations need to have a strong audit process and ensure that they are regularly monitoring and updating access controls so only authorized personnel are looking at sensitive patient data, and that attempts by unauthorized personnel don’t go unpunished.

#4 Investigate – When potential privacy and security breaches are detected, they must be investigated promptly to limit the damages. When the cause of the breach is identified, steps should be taken to prevent recurrence.

#5 Train – Healthcare employees must undergo regular comprehensive training so employers can eliminate insider threats. From a privacy standpoint, training and education often start with the employees themselves; they learn all about data privacy right off the bat, from the first day of orientation. Still, organizations must remain vigilant and ensure that they are properly prioritizing privacy and security as cybersecurity threats continue to evolve. Healthcare organizations’ IT departments should send out different tips covering a variety of topics regularly throughout the year. And to keep these tips top-of-mind among employees, IT departments should send them via a variety of media, including emails, printed newsletters, and even memos.

Is your healthcare data secure? What other steps can you take to ensure protection for your healthcare provider from insider threats? Call today for a quick chat with one of our experts for more information.

Published with permission from TechAdvisory.org. Source.

/by

Nation-state hackers inflict destructive malware

A destructive, new malware has surfaced in at least 500,000 home and business routers across 54 countries. Security researchers warned that the infected devices could “self-destruct” as the said malware named VPNFilter can maintain presence even after a successful reboot.

How VPNFilter Works

Talos cited the vulnerable devices as Linksys, MikroTik, Netgear, and TP-Link networking equipment, as well as network-attached storage (NAS). Upon infecting a small office home office (SOHO) router, VPNFilter deploys in three stages.

In stage 1, the malware imposes its presence by using multiple command-and-control (C2) infrastructure to capture the IP address of the existing stage 2 deployment server. This makes VPNFilter so robust that it can deal with any unpredictable changes in C2. This stage of the malware persists through a reboot, which makes preventing reinfection tough in stage 2.

Stage 2 involves deploying modules capable of command execution, and data collection and exfiltration. According to the United States Department of Justice (DOJ), this can be used for intelligence gathering, information theft, and destructive or disruptive attacks. Moreover, stage 2 malware has a “self-destruct” feature that once activated by the hackers will overwrite a critical area of the device’s firmware so it stops functioning. This can happen on almost every infected device.

In Stage 3, a module with packet-sniffing capabilities is added to enable monitoring of internet traffic and theft of website credentials. And yet another module is installed to deploy communication support for the Tor network, which can make communicating with the C2 infrastructure harder.

Taking Action

According to Talos, the likelihood of the attack being state-sponsored is high, something the DOJ later backed up. The DOJ attributed it to a group of actors called Sofacy (also known as APT28 and Fancy Bear), the Kremlin-linked threat group believed to be responsible for hacking the Democratic National Committee computer network two years ago.

On the night of May 23, the FBI announced that they have seized a domain which is part of VPNFilter’s C2 infrastructure used to escalate the malware’s effects. This forces attackers to utilize more labor-intensive ways of reinfecting devices following a reboot. With the seizure, the government has taken a crucial step in mitigating VPNFilter’s impact.

Stopping the Malware

Researchers agree that VPNfilter is hard to prevent. While vulnerability has been established, patching routers isn’t easy, something average users might not be able to do on their own. But as with any malware, the impact of VPNFilter can be mitigated, which is done by terminating the C2 infrastructure used.

To minimize exposure, the FBI recommends all SOHO routers be rebooted, which, according to a statement from the DOJ, will help the government remediate the infection worldwide. The justice department, along with the FBI and other agencies vowed to intensify efforts in disrupting the threat and expose the perpetrators.

For their part, Talos offers the following recommendations:

  • Users of SOHO routers and/or NAS devices must reset them to factory defaults and reboot them in order to remove the potentially destructive, non-persistent stage 2 and stage 3 malware.
  • Internet service providers that provide SOHO routers to their users should reboot the routers on their customers’ behalf.
  • If you have any of the devices known or suspected to be affected by this threat, it is extremely important that you work with the manufacturer to ensure that your device is up to date with the latest patch versions. If not, you should apply the updated patches immediately.
  • ISPs will work aggressively with their customers to ensure their devices are patched to the most recent firmware/software versions.

Combat the VPNFilter malware by rebooting affected devices. For more tips, contact our team.

Published with permission from TechAdvisory.org. Source.

/by

Is your data safe from the Facebook data breach?

Businesses have made lots of money using social media to engage with current and potential customers for years now. But after a recent breach, some users are reevaluating Facebook’s reputation. Read on to know how this concerns you and if you must do something about it.

Last month, news broke that a firm known as Cambridge Analytica collected private data from over 50 million Facebook users. The British company supposedly used this information in 2016 to influence voter behavior during the US presidential election and UK’s Brexit campaign.

How did they harvest the data?
In 2015, a Facebook personality quiz app called “This is Your Digital Life” was created by Cambridge psychology professor Aleksandr Kogan. Around 270,000 Facebook users signed up and gave information about themselves in exchange for humorous results.

What users didn’t know was that Kogan’s firm, Global Science Research, struck a deal with Cambridge Analytica to share the information that was gathered. Aside from collecting information about the Facebook users, the app also mined some data about the users’ friends.

Information collected was based on:

  • Data from other platforms that are also owned by Facebook, including Instagram and WhatsApp
  • Advertisers and other third-party partners
  • Apps and websites which use Facebook services
  • Your location
  • The devices you use for Facebook access
  • Payments handled by Facebook
  • Your Facebook connections and networks
  • Messages, photos and other content that other users send to you
  • The information you disclose to Facebook
  • Your activities on Facebook

What happened to the sourced information?
Cambridge Analytica analyzed the collected data to create psychological profiles and invent better political drives to influence whom people would vote for. Although there is still a huge debate about how effective this plans were, there’s no doubt that tens of thousands of users were manipulated into signing away their data without knowing it.

What can I do to keep my information safe?
Remove third-party apps that use your Facebook account. Visit your “Settings” menu and go to “Apps”. You should see the list of all the services that are using information about your Facebook profile. Check on each app, and if you don’t need it or use it anymore, delete it to revoke its access.

If you need more information on how to keep your data secure, feel free to give us a call today!

Published with permission from TechAdvisory.org. Source.

/by

What are watering hole attacks?

When talking about cyberattacks, the first one that usually comes to mind is phishing, a scam that uses email to spread malware or steal personal information. But hackers have a new method to infiltrate your systems, and it’s surprisingly effective. Here’s what you need to know about watering hole attacks.

What are watering hole attacks?
Much like phishing, a watering hole attack is used to distribute malware onto victims’ computers. Cybercriminals infect popular websites with malware. If anyone visits the site, their computers will automatically be loaded with malware.

The malware used in these attacks usually collects the target’s personal information and sends it back to the hacker’s server. Sometimes the malware can even give hackers full access to their victims’ computers.

But how does a hacker choose which websites to hack? With internet tracking tools, hackers find out which websites companies and individual users visit the most. They then attempt to find vulnerabilities in those websites and embed them with malicious software.

Any website can fall victim to a watering hole attack. In fact, even high-profile websites like Twitter, Microsoft, Facebook, and Apple were compromised in 2013.

You can protect yourself by following these tips.

Update your software
Watering hole attacks often exploit bugs and vulnerabilities to infiltrate your computer, so by updating your software and browsers regularly, you can significantly reduce the risk of an attack. Make it a habit to check the software developer’s website for any security patches. Or better yet, hire a managed IT services provider to keep your system up to date.

Watch your network closely
To detect watering hole attacks, you must use network security tools. For example, intrusion prevention systems allow you to detect suspicious and malicious network activities. Meanwhile, bandwidth management software will enable you to observe user behavior and detect abnormalities that could indicate an attack, such as large transfers of information or a high number of downloads.

Hide your online activities
Cybercriminals can create more effective watering hole attacks if they compromise websites only you and your employees frequent. As such, you should hide your online activities with a VPN and your browser’s private browsing feature.

At the end of the day, the best protection is staying informed. As cyberthreats continue to evolve, you must always be vigilant and aware of the newest threats. Tune in to our blog to find out about the latest developments in security and to get more tips on how to keep your business safe.

Published with permission from TechAdvisory.org. Source.

/by

Gearing up for phishing scams in tax season

Paying and filing taxes is already annoying without the threat of refund fraud or identity theft. But phishing schemes, especially during tax season, have become so widespread that you’ve probably already received spoofed emails or calls during the last few years. To maintain the security of your business, you and your employees need to be extra cautious with the emails you receive at tax time.

Phishing baits to watch out for

Phishing attacks often consist of fabricated or compromised emails sent to finance/payroll or human resources employees that are made to look like they’re from an executive in your company. The message might contain a request to forward employee records, including their W-2 forms, but that’s not all…

Another common scheme, which doesn’t only happen during tax season, involves getting a call from a person declaring to be an IRS employee. And no, caller IDs won’t save you because they can forge that, too. The phisher will inform you that you owe them cash from back taxes and they will threaten legal action if you don’t pay via credit card at that instant.

Always remember, the IRS will never contact you on the phone to let you know that you owe them money. And they certainly won’t threaten you or demand payment over the phone. If they really need to notify you of such matters, they’ll use the postal service and will give you a chance to discuss payment terms.

Standard protection protocols

Don’t worry, the usual security measures against these phishing scams are pretty easy to integrate into your business. Begin by developing a policy that bans the request of private details through email. If an employee ever requires such info, they should get in touch with the person directly, follow your established protocols for the transfer of sensitive information, and minimize the number of people involved in the transaction.

Taking security a step further

Data loss prevention (DLP) systems are also valuable weapons against these types of phishing attacks. They evaluate traffic going in and out of your company, such as web usage, emails and instant messages, and virtually anything sent on your network. DLP systems can filter out private details, including Social Security numbers, and stop them from being sent out.

But beware, DLP systems come with a minor drawback, as they can also block legitimate traffic, like when your accounting department sends tax info to your CPA. Fortunately, an MSP like us can properly segregate the good and the bad traffic to avoid confusing and/or frustrating your employees.

Phishing schemes may be a normal occurrence during tax season, but that doesn’t mean you can’t do anything about it. Don’t let the vulnerabilities in your business, particularly the human element, fall prey to cybercriminals. Send us a message right away and we’ll conduct an assessment of the security of your business, as well as design a risk management plan to help counter future complications.

Published with permission from TechAdvisory.org. Source.

/by