Posts

Data Protection

Customer Notice: Email Advanced Threat Protection

Data Protection

We continue to witness the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks on our customers.  The recovery cost and frequency of attacks are increasing at alarming rates. The average cost for a small or midsize business (SMB) to fully recovery from a cyber attack has increased to between $145,000 and $180,000. This includes loss of direct business, remediation costs, damage to reputation, and employee downtime.  At the same time, the number of ransomware attacks so far in 2019 has doubled when compared with the same period in 2018.

As a managed cloud service provider, you have heard from us that you “should” have more protections in place. Our position is changing: these protections are a “must”.

Multi-factor authentication (MFA) and email Advanced Threat Protection (ATP) are necessary, baseline services for protecting your business. 

Beginning January 1, 2020, we will require and will begin adding Advanced Threat Protection to all of our customers’ email service unless you specifically opt out. If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.  We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

5 Security Threats SMBs Should Not Overlook: Malicious Web Sites

Security Puzzle
As more services move into the cloud, users bring their own apps to their work environment, and we see more integration and interconnect between systems, the nature security risks and threats are changing.  

This blog series looks at some of these threats, why the should be of concern to SMBs, and how SMBs can mitigate the risks.


Many small and mid-size business owners look past security threats in the belief that their businesses do not have trade secrets or other information coveted by hackers.  This view is naive.  Small businesses are ripe for attack because they often have personal, credit, or medical information about their customers and their employees.

Your business may at risk even if you are not a deliberate target. Hackers and thieves cast wide nets to capture personal information for identity theft. For identity theft, your business IT is no different than home computers.

Many businesses respond that they have security in place.  A well managed firewall, a big name malware suite that updates periodically, and spam/virus protection for their email service.

Unfortunately, users are 20 times more likely to suffer a malware attack from a corrupted web site or a phishing attempt then through the “traditional” means of email and file transfers. While traditional malware tools may catch these types of attacks, web-based malware often behaves more like acceptable code.  The recent outbreak of “crypto locker” malware, which encrypts your data and holds it for ransom, is an example of just how ineffective traditional malware prevention alone can be.

The overlooked solution to closing the web-enabled malware threat is known and simple: web filtering.  Web filters not only track sites known to be risky, insecure, or containing malware, they analyze web traffic and behavior in real-time, identifying sites that may be compromised, including those hacked without the site owner’s knowledge.

For most SMBs, adding web filtering to the ecosystem is an affordable increase in IT spending, typically less than $3.00 per employee per month.   Given that a single malware event can take 20 to 60 hours to mitigate at a cost of thousands of dollars, web filtering is a value-add component for most IT ecosystems.


Cumulus Global can assist in selecting a web filtering solution for your business.  Please contact us, or complete the form below, for more information.

How to Spot Phishing Emails

Secure Cloud
“Phishing” is the process through which criminals attempt to steal you from you by getting you to respond to an email that appears to be legitimate.  Here is what to look for to avoid the trap.

URL Mismatch: Hover the mouse over any URLs in the email message and see if the destination URL matches what is in the message.  If not, you have a mismatch and you won’t land where you expect.

Misleading Domain Name:  If the link has an awkward domain name that does not end in a domain you know and trust, be afraid.  Scam artists will use domains like apple.otherdomain.com, hoping you think the link is related to Apple.

Poor Spelling or Grammar:  Companies that send emails to customers proofread them for proper English.  While mistakes happen, if the message reads “we please to lower your car payment”, it is likely trash.

Asks for Personal Information:  If any message — from your bank or your best friend — is asking for personal information like account numbers, credit card numbers, or the answers to your security questions, you are being phished.  Banks and companies you deal with already have this information, there is no need to ask.

Seems Too Good to Be True:  If it seems to good to be true, it probably is.  Enough said.

You Did Not Initiate the Action:  If the email tells you won a contest that you did not enter, or is responding to a call that you did not make, hit the delete button.  Most of these scams will ask for money to pay for award fees or taxes on a prize you did not win.

Wild Threats:  Banks, and even companies trying to collect past due accounts, will not make threats with unrealistic or wild consequences if you do not respond in a certain way. Legitimate collection notices will ask for payment or for you to contact them, they will not ask for account or personal information and threaten to seize assets or contact the police if you fail to respond to the email.  Legitimate companies will also provide a means to call.

Email from The Government:  In the US, the IRS, FBI, and other agencies do not initiate communications via email, they will send you a letter (or a subpoena if it’s really serious).  Be extra suspicious if the message contains a threat or dire consequence.

Not Quite Right:  If the message does not look right — if your gut is suspicious — you are probably right.  Delete the message.

 

When it Comes to Phishing, is Honesty the Best Policy?

Those of us in the anti-spam business have been scratching our heads recently as the number of messages getting through some of the best spam filters has jumped in recent weeks.  Many of these messages are phishing attempts with something in common.

The phishing messages do not attempt to hide their motive.

Huh?

That’s right.  The majority of the message is classic phishing.  Realistic sounding text (often without the grammatical issues) about account validation requirements and legitimate links to a real institution’s web sites.  The “action” link, however, is not hidden.  Recipients see that the link is to some weird URL that in no way looks like the organization supposedly sending the message.

Since spam filters are on the lookout for obfuscated URLs, having the URLs in the open seems to let the phishing messages fly just under the radar.

And clearly, those behind the phishing attack believe the enough recipients will click on the bad URL even though it doesn’t even look safe.  And, the sad fact is, they are probably right.

Recipient Beware.