Posts

Debunking 5 Cyber Security Myths for SMBs

/in

Data Protection & SecurityAs owners and leaders of small and midsize businesses (SMBs), we have limited resources for IT and cybersecurity.  We should not be surprised, therefore, that SMBs face the biggest threat from ransomware and other cyber attacks.  Beyond the cost and risk of ransomware and encryption attacks, SMBs face business email compromise (BEC) attacks and threats to disclose regulated information.  Recovery costs, fines, and legal actions resulting from a successful attack can destroy your business. And yet, many SMBs remain unaware of the risk and/or lacking reasonable data protections and security.  This post intends to debunk five (5) cyber security myths for SMBs.

1My company is too
small to be a target

While note every attack is successful, one global report states that 86% of SMBs have been hit by ransomware attacks, with 20% attacked more than six times. With fewer resources and less focus on cyber security, SMBs represent an attractive target for attackers.  The increase in remote work and use of remote desktop protocols creates additional opportunities for attackers. Securing and managing these services requires time and attention.

The impact of a successful ransomware attack continues to increase.  According to Verizon’s 2020 Data Breach Investigations Report, the average cost of a successful ransomware attack grew from an average of $34,000 to just under $200,000.

2I cannot afford to protect
against cyber attacks

Cyber attacks are inevitable. Protecting your business does not require expensive solutions.  Your cost for endpoint protection for your devices, advanced threat protection for email, and security awareness training is pennies per day per person.  You can deploy multi-factor authentication (MFA), local disk encryption, and the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols for free. You can deploy cloud-based business continuity and disaster recovery (BCDR) for less than traditional backup/recovery solutions.

3I have backups,
so I am safe

Not all backup solutions are equal.  Many backup/recovery solutions for SMBs run on the same servers and networks as your business systems. Ransomware and other cyber attacks will seek out and encrypt/damage backup servers to render your backups useless.  Your backup/recovery solutions should be segregated from your production network and systems to shield them from attack.  Business Continuity/DR solutions offer the additional ability to bring systems back on line in an alternate cloud data center while you recover your primary systems.

4Technology alone
will save me

As with most security protocols, people are your first line of defense.  As many as 93% of cyber attacks begin with a phishing attack. People click on links, unwittingly downloading malware or sharing usernames and passwords.

Security awareness training should be a standard practice within your business.  The training is a proven way to reduce risk, decrease infections and help desk requests, reduce the chances of a security breach and strengthen the overall security posture.

5Cyber resiliency is
too hard to achieve

Cyber Resilience is the ability to withstand security attacks and land on your feet, no matter what happens. Cyber resilience protects your business, customers, and employees from ransomware, business email compromise, and other potential issues and attacks.

While some gaps in security will always remain, you can affordably improve your cyber resiliency.

To overcome these 5 small business cyber security myths, review your security footprint, and improve your resilience, please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Expect an Increase in Cyber Attacks

/in ,

Data Protection & SecurityThe U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.

Fortunately, you have a range of tools at your disposal to protect you business:

  • Next-Gen endpoint protection
  • Advanced threat protection
  • Multi-factor authentication
  • Cyber-awareness training
  • DNS/Web protection
  • Third party breach monitoring

These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.

Please contact us if you have any questions or would like a no-obligation review of your security footprint.  You can also schedule a call with one our Cloud Advisors, below.


Phishing Attacks Spike Amid COVID-19 Crisis

/in

Cyber AttackIt should be no surprise to you that we are seeing a surge in phishing and other cyber attacks, as criminals look to take advantage of the COVID-19 crisis. A sample of recent news reports illustrates the scope of the problem.

  • In April, the FBI issued a warning about COVID-19 stimulus package scams (CNET).
  • In mid-April, Google reported the daily volume of malware and phishing attack emails jumped to more than 18 million per day (The Verge).
  • Last week, TechRepublic reported a surge in phishing emails trying to exploit DocuSign and COVID-19.
  • Hackers are impersonating Zoom, Microsoft Teams, and Google Meet for phishing scams (The Verge 5/12/20).

Understand the Risk

The risk to your business, employees, and customers is greater at time when your systems may be less secure.

If your employees are using home computers while following stay-at-home orders and guidance, your risk of falling victim to an attack is significantly greater.  Most home computers do not have commercial-grade, next-generation endpoint protections and many run outdated versions of the consumer-grade products installed.

CPR is Still the Best Practice

Our model remains the best, holistic method of avoiding attacks at the human and tech levels, and for responding should something slip through.

Communicate & Educate

  • Remind your employees to be on the look out for suspicious emails, phone calls, web links.
  • Encourage your team to get help and verification if a message or interaction appears or feels suspicious in any way (better safe than sorry).
  • Consider testing employees with simulated attack messages and identify those that may need additional training and guidance.

Prevent & Protect

  • Deploy multi-factor authentication (MFA) and, optionally, single sign-on (SSO) services to prevent the use of compromised accounts.
  • Install Advanced Threat Protection solutions for inbound and outbound email to catch phishing, ransomware, and other illegitimate message.
  • Deploy “next generation” endpoint protection on computers and mobile devices to detect, prevent, and undo damage from dangerous files and applications.
  • Put Web and DNS protection services in place to prevent downloading attacks from hacked websites and identity impersonation.
  • Monitor the “dark web” for direct and third party breaches that may compromise your employees’ business accounts.
  • Take advantage of data loss prevention features built into G Suite and Microsoft 365, and consider tools to identify and prevent unauthorized access, permission errors, and data loss.
  • Eliminate the use of “shadow IT” services, particularly free or consumer-grade services by providing those capabilities to employees and making sure they know how to use them.

Restore & Recover

  • Ensure that you back up and can recover your data, regardless of location.  Your data is not just on your physical or virtual servers, it resides in your Microsoft 365 or G Suite environment, in SaaS applications like Salesforce, on desktops and laptops, and on mobile devices.
  • Put business continuity systems in place with affordable services that let you spin up and run images of your servers and workstations in a cloud data center while you recover your primary systems.
  • Have a breach response plan and service in place as an increasing number of attacks are stealing information, as effective data breach response involves:
    • Forensic analysis and recovery
    • Legal compliance with reporting requirements
    • Legal strategies to minimize liability
    • Increased customer service demand
    • Communications with customers, stakeholders, and the media
    • A potential need to provide consumer protection services
    • Cyber Insurance claims management

Fortunately for most businesses, putting these protections in place is affordable and can be done with minimal impact on your employees and their productivity.  Understand your needs, assess the value proposition (include the risks and costs of doing nothing), and deploy a solution that is the best fit for your business.

Please contact us for assistance as you evaluate your risks, needs, priorities, and solutions.

 

Phishing and Spear Phishing

/in ,

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.

 

How to Upgrade Your Endpoint Protection

/in ,

endpoint protection upgrade Most malware and virus protection takes the form of an endpoint protection solution that resides on each PC or Mac. As the system accesses files, the content is compared against a database of malware profiles. These types of solutions are failing more frequently as the number of malware variants skyrockets and the threats get more sophisticated.  Detecting malware depends more on analyzing file behavior patterns than it does the file content. This poses the need for an endpoint protection upgrade to ensure proper protections are in place.

Symantec Endpoint Protection Upgrade

Upgrading Symantec Endpoint Protection is an important step to ensure that your endpoint security solution remains effective against evolving threats. It’s important to note that specific upgrade processes may vary depending on your environment and the version of Symantec Endpoint Protection you are currently using. Here are some steps you can consider when upgrading Symantec Endpoint Protection:

  1. Review the System Requirements: Before upgrading, ensure that your systems meet the minimum requirements for the new version of Symantec Endpoint Protection. Check the product documentation or contact Symantec support for the specific requirements.
  2. Backup Configuration and Data: Prior to upgrading, create a backup of your existing Symantec Endpoint Protection configuration settings, policies, and any important data. This will allow you to restore settings in case of any issues during or after the upgrade.
  3. Check for Compatibility: Verify the compatibility of any third-party software or integrations with the new version of Symantec Endpoint Protection. Ensure that they will continue to function properly after the upgrade.
  4. Plan the Upgrade Strategy: Develop an upgrade plan based on your organization’s requirements. Consider factors such as the number of endpoints, network bandwidth, maintenance windows, and any potential impact on users or critical systems.
  5. Test in a Lab Environment: If feasible, set up a test or lab environment to perform a trial upgrade. This allows you to identify and address any potential issues before rolling out the upgrade to your production environment.
  6. Communicate with Stakeholders: Notify relevant stakeholders, such as IT teams, end-users, and management, about the upcoming upgrade. Provide information about the benefits, timeline, and any potential impact on their workflows.
  7. Obtain the Latest Version: Obtain the latest version of Symantec Endpoint Protection from the official Symantec website or through your authorized Symantec partner. Ensure that you download the correct version for your operating system, and don’t let outdated technology slow your business down.
  8. Read the Upgrade Documentation: Carefully review the upgrade documentation provided by Symantec. Follow the step-by-step instructions and pay attention to any specific considerations or prerequisites mentioned.
  9. Perform the Upgrade: Execute the upgrade process on a test system or a small group of endpoints first, ensuring that everything functions as expected. If successful, proceed with upgrading the remaining endpoints according to your plan.
  10. Post-Upgrade Testing and Validation: After the upgrade, perform thorough testing to validate the functionality of Symantec Endpoint Protection. Test key features, policies, and ensure that endpoints are adequately protected.
  11. Monitor and Troubleshoot: Monitor the upgraded environment closely for any issues or unexpected behavior. Address any problems promptly and seek assistance from Symantec support if necessary.

Remember to consult the official Symantec documentation and support resources for detailed guidance tailored to your specific version and environment.

Cloud-based Alternatives offer Better Endpoint Protection Solutions

Traditional endpoint protection software is limited by the local device resources and the need to minimize performance degradation.  Instead of using a database with megabytes or gigabytes of information, cloud-based solutions compare file content and behaviors against terabytes of information, improving accuracy and dramatically reducing risks. The footprint on the endpoint can be significantly less, avoiding the performance impact of most endpoint protection software. Cloud-based endpoint protection solutions offer the ability to protect users across devices — PC, Mac, iOS, and Android — through a single system and management console.

Leveraging a cloud-based endpoint protection solution can improve your protection against current and evolving risks, at a more cost-effective price.

Our Recommendation

We recommend Webroot SecureAnywhere as our preferred solution for several reasons:

  • Webroot is better at catching behavioral malware, such as ransomware
  • Webroot can coexist or replace your current endpoint protection solution
  • Webroot can protect individual devices, or users across multiple devices and device types
  • Webroot has a small, secure footprint that does not create performance issues

Other Best Practices for Endpoint Protection

mplementing best practices for endpoint protection is crucial to safeguarding your devices and data from security threats. Here are some key practices to consider:

  1. Use a Robust Endpoint Protection Solution: Deploy a comprehensive endpoint protection solution that includes antivirus/anti-malware, firewall, intrusion prevention, and other security features. Regularly update the solution with the latest security patches and definitions.
  2. Keep Operating Systems and Software Up to Date: Ensure that all endpoints have up-to-date operating systems and software applications. Enable automatic updates to receive the latest security patches and bug fixes, reducing the risk of vulnerabilities being exploited.
  3. Employ Multi-Factor Authentication (MFA): Implement MFA for accessing critical systems and sensitive data. MFA adds an extra layer of security by requiring users to provide additional verification factors, such as a password and a temporary code sent to their mobile device.
  4. Enforce Strong Password Policies: Enforce the use of strong, unique passwords across all endpoints. Encourage the use of password managers to facilitate the creation and management of complex passwords. Consider implementing password expiration and complexity requirements.
  5. Educate Users about Security Awareness: Conduct regular training sessions to educate users on common security threats, such as phishing, social engineering, and malicious attachments. Teach them to recognize and report suspicious activities to help prevent breaches.
  6. Implement Least Privilege Principle: Assign users the least privileges necessary to perform their tasks effectively. Limit administrative access to only those who require it. Regularly review and revoke unnecessary privileges to minimize the risk of unauthorized access.
  7. Enable Endpoint Encryption: Encrypt data on endpoints, especially laptops and mobile devices. Full disk encryption helps protect sensitive information in case of theft or loss. Additionally, consider encrypting data during transmission using secure protocols (e.g., HTTPS).
  8. Regularly Back Up Endpoint Data: Perform regular backups of critical data on endpoints. Use both local and off-site backups to ensure data availability and quick recovery in the event of data loss or ransomware attacks. You may also consider evaluating SaaS backup solutions.
  9. Implement Network Segmentation: Segment your network to limit the lateral movement of threats. Divide your network into logical zones with restricted access controls and monitor traffic between segments for potential threats.
  10. Monitor and Analyze Endpoint Activity: Implement endpoint detection and response (EDR) solutions to monitor and analyze endpoint activities in real-time. This helps identify and respond to suspicious behavior, malware, or breaches promptly.
  11. Regularly Conduct Vulnerability Assessments and Penetration Testing: Perform regular vulnerability assessments and penetration testing to identify and address potential weaknesses in your endpoint security infrastructure. This helps proactively identify and remediate vulnerabilities before they are exploited.
  12. Establish an Incident Response Plan: Develop and document an incident or breach response plan outlining the steps to be taken in case of a security incident. Regularly review and update the plan to ensure its effectiveness and alignment with emerging threats.

Upgrade Your Endpoint Protection Today

Try Webroot SecureAnywhere for free for 21 days and let’s see if your current solution is missing any risks. If you like what you see, we can save you money on licenses and support.  If not, we discontinue the service. Get in touch today to see how we can help with endpoint protection and other data protection and security needs.

That Time Your Security Company Sold You Out

/in ,

Privacy Button
As recently reported in Wired magazine, security firm AVG is updating its privacy policy and openly telling customers of its free services that it will sell some of the personal, non-identifying information about you to third parties. The new policy takes effect on October 15, 2015 and while the data may not identify you personally, it will certainly give advertisers, scammers, and hackers a clear idea of who you are and which of your interests they may be able to exploit.

As the policy states:

“We collect non-personal data to make money from our free offerings so we can keep them free, including:

  • Advertising ID associated with your device
  • Browsing and search history, including meta data
  • Internet service provider or mobile network you use to connect to our products
  • Information regarding other applications you may have on your device and how they are used.”

Granted, AVG gets credit for being upfront and honest.

But do you want your security software giving others your browser and search history, a list of applications on your devices, and a history of how you are using your apps?

The Advertising ID being shared means that so long as you have AVG on your device, third parties will know it is you even if they do not know specifically who you are (yet!).

Free is not free.  Lesson Learned.  AVG is telling you that in exchange for free security software, they will sell information about you to people that will use that information to advertisers, marketers, and those will try to scam you, steal your identity, and get you to bypass the very security you want to maintain.

Yes, you can upgrade to AVG’s paid services, but is this a company you still want to trust? Maybe it’s time for a new solution and a realization that even in IT, you get what you pay for.

If you prefer an endpoint security solution form a trusted vendor, contact us to discuss solutions or visit our web site for more information.

 

Security Alert: New Malware Wipes Hard Drives to Prevent Detection

/in ,

computerkey
As first published on ZDnet’s Zero Day Blog, Cisco System’s Talos Group has identified a new strain of malware that will render systems useless to avoid detection and analysis.

Named as the Rombertick strain, the spyware collects data on everything a victim does online, indiscriminately, without focusing on specific areas such as online banking or social media.

Most concerning, however, is the Rombertick’s built in defenses. If the virus detects that it is being analyzed it will attempt to overwrite the Master Boot Record, rendering the PC inoperable. If that fails, the virus will destroy all files in a user’s home folder by encrypting each file with random keys.

In short, once infected, it is nearly impossible to remove without rendering you PC useless.

As Rombertick infection rates are still low, the best protection is good security practices:

  • Make sure you anti-virus software is up to date and switch to (or add) a cloud-based AV solution with continuous updates.
  • Do not click on attachments from unknown senders
  • Block email attachments that include executable scripts or code

While these steps are helpful, a defense-in-depth approach is best at identifying and preventing malware, particularly for viruses that are designed to evade detection.

If you would like to verify the robustness of your anti-virus protection, we can add a cloud-based layer of protection at no cost for a month and help you analyze your results. Contact us for additional information.

Click these links to learn more about our Webroot solutions and additional data protection and security solutions.

 

Ransomware Still Crippling “Protected” Networks

/in ,

cyrptovirus
The rate of infections from crypto-viruses and other ransom-ware continues to rise. Even networks with traditionally strong malware protection are getting caught.

And while with good backups in place, it is possible to recover without paying the ransom, the process time consuming, frustrating, and expensive.

We outline the reasons for the broad failure of anti-virus/malware protection software in this prior blog post, providing 5 failings of most antivirus solutions.

Now, we are offering a risk-free way to assess if your malware protection is up to par.

The Offer

We will install Webroot Secure Anywhere Endpoint Protection, a cloud-based malware protection service that avoids the 5 failings of other solutions, at no cost for 30 days. Based in the cloud, Webroot will not interfere with your current protections.

At the end of the 30 days, you will see what malware, if any, was caught by Webroot that your existing solution has missed.

If your existing solution is not up to par, and you want better protection, we can activate a full subscription to Webroot for you $18 per year per device or less (more than 25% off).

Simply contact us if you are willing to see if your protection is enough, or if you would like more information.

USPS Data Breach: What SMBs Can Learn

/in


As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service.  You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.

You are wrong.

The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.

Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.

Malware is the inbound marketing tool for hackers and identity thieves. 

When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.

Your business needs protection in place, and awareness of the scope of the problem is the first step.  Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.

Please contact us for a complimentary review of your current data protection coverage.

 

How eBay Can Destroy Your Business

/in ,


eBay is putting your business at risk … and not in the way you might think.

This is not about lost productivity, eBay stores, or your merchant account. This is about eBay letting hackers attack your computers.  This is about hackers using eBay to steal usernames and passwords, employee data, and customer data.

As reported by ComputerWorld, eBay is under attack by security professionals for allowing “active content” in ads, which allows hackers to create listings and fake pages with malicious code.  Over 100 eBay listings have already been found to include malicious code designed to steal usernames and passwords.  Many of these listings were hijacked from sellers with 100% ratings and years of successful sales, creating a false sense of trust.

Employees shopping during their lunch break can unwittingly open up your corporate network to hackers, enabling theft of personal and customer information.

While eBay promises to monitor and assess the situation, one simple fact remains:

Even trusted web sites from major corporations can be compromised and pose a threat to your data … and your business.

While preventing people from using the Internet is an option, it is not a realistic option in today’s world.  Active protection is your best option.  Web filtering solutions not only block known malware sites, these services examine the code, content, and behavior of sites for malicious activities like those embedded in the corrupted eBay listings.  Combined with solid endpoint/user protection, you can defend your staff, your data, and your business from attack and data loss.

Web filtering solutions cost less than $3.50 per user per month with an annual contract. Please contact us to learn more or request a quote.

Click these links to learn more about Security Threats and Web-based Malware.