Author Archives: Vic Levinson

phishing / a fish hook on computer keyboard with email sign / computer crime / data theft / cyber crime

Tips to Combat Phishing via Social Media

Tags :

Category : Cyberawareness

Phishing, the practice of trying to lure unsuspecting victims to click on links to install malware or divulging confidential information, is a tactic which unfortunately involves more than just malicious emails. Phishing attacks can also take place in other environments such as via texts, phone calls, or social media.

Facebook, in particular, seems especially prone to these types of nuisances, such as those involving fake websites set up by scammers in the hopes of tricking people into divulging their account information. Facebook does offer some tips to combat these efforts (such as being on the lookout for sloppy messages, messages which claim to have attached passwords, malicious links, or requests for confidential information). However, the threats also involve fake charity requests for victims of the latest natural disaster.

How can you avoid phishing? Below are tips from email security organization Proofpoint for both consumers and IT departments, which I combined with commentary based on my own experiences

Be wary of fake news
Social media con artists use divisive political content to enrage voters and spread misinformation. Avoid “fake news” or news of dubious accuracy and refrain from clicking on links sent to you or posted on social media. Think like a newsroom: You need to confirm accuracy. If you see a news story, verify it on an online news site. Never blindly repost information without checking for accuracy, no matter how much you might wish it to be true.

Be wary of bots

Keep an eye out for bot accounts and block them since they aren’t likely to promote honest or legitimate content. Be cautious of any Twitter and Facebook accounts where something doesn’t look quite right, or he/she seems especially aggressive. Telltale signs of a bot include accounts with random names/numbers, accounts which frequently repost items, accounts posting material which doesn’t seem relevant to the context of a discussion or thread, and accounts which contribute no actual content but just share/retweet other accounts.

Investigate details behind questionable ads

Use Facebook’s “Info and Ads” to determine the motivations behind ads. For instance, when you see a political ad on Facebook which seems suspect or sensational, click the ad and then click the page associated with it. Facebook’s goal is provide “increased accountability for bad actors, which will help to prevent abuse on Facebook” and to “bring additional transparency to Pages and the ads they’re running.”

If the ad comes from a less-than-reputable source, disregard future content from this page or entity as phishing attempts are more likely from these types of accounts.

Avoid clicking links
Do not click on Twitter Direct Message (DM) or Facebook Messenger links unless you are positive they are reputable. They might contain malware or direct you to credential phishing sites that will attempt to steal your passwords or financial information or install malware on your system or device.

Links can also be obfuscated by adding a bunch of unnecessary words or random characters to what seems like a legitimate site in the hopes that you’ll be fooled into opening them. For instance, a link to www.americanexpressfinancialserviceadvice.com or www.citibank2018BBB.com might seem OK at first glance but look closer. You can highlight the link and press Ctrl-C to copy it, then open a text editor like Notepad and press Ctrl-V to paste it in for closer inspection.

Use a quality filter
If it is not already on, activate your quality Twitter filter. This tool (which is enabled by default) helps you locate the quality tweets amongst the noise generated by bots and other low-value entities.

To check your setting, click your profile picture at the top right of the Twitter site and then choose “Settings.” At the “Settings” screen, select “Notifications” from the left column. Check the “Quality filter” box to enable the filter.

Note, Twitter states this “does not filter notifications from people you follow or accounts you’ve recently interacted with.”

Also, verify that Twitter accounts purportedly owned by famous people or governmental officials really are who they say they are by ensuring there is a blue circle with a check in it next to their name or Twitter handle.

Finally, unfollow pages of dubious accuracy or pages prone to promoting sensationalistic “click bait” ads or posts.

Want to read the full article? https://www.techrepublic.com/article/10-tips-to-combat-phishing-via-social-media-platforms/?ftag=TREa988f1c&bhid=22565946068539068551870113317293


7 Red Flags for email

7 Red Flags You NEED to Educate your Staff on for each email they receive







Email hacking is one of the most common forms of cyber attacks today. It takes place every day and throughout the world. You may be familiar with the email attack that occurred in 2016 during the Presidential Election. John Podesta fell for a phishing attack, which led to the release of a decade’s worth of emails. The hacker posed as Google and alerted Podesta to change his password because of suspicious activity on his account. By clicking on the link within the email, hackers were granted full access to his inbox.

Situations like this happen to businesses of all sizes, and the rate of these cyber attacks is only increasing. Your goal is to protect your business against these attacks, which can be difficult if the employees are not properly trained to identify potential threats. People are tricked into giving hackers information because they are not aware of the warning signs to look out for. However, here is a list of seven red flags to look out for and include in your security training for your staff.

1. “From” Line

The first thing to pay attention to is the address you are receiving the email from. Pay close attention to the sender because the person may appear to be someone you know but in reality, it could be a spoof. Hackers know that people are more likely to trust an email from someone they can recognize, which is why they make the email address appear to be from an existing contact. Let’s look at a quick example of this.

Real Email: amanda@wellsfargo.com
Spoofed Email: amanda@welsfargo.com

Notice that an “l” is missing from “wellsfargo” in the spoofed email, therefore it appears legitimate but the domain is not accurate.

2. “To” Line

Sometimes, the hacker will send an email to many different people. If you do not personally know the other people in the “to” line or you are being cc’d on a strange email, that should be a red flag. This is the second aspect of an email to pay attention to in order to detect email fraud and prevent email hacking.

3. Hyperlinks

Always be cautious of clicking on embedded links within an email unless you are sure it is from a trusted source. Before you click on a link, you can hover over it with your mouse to see the destination URL before you click on it. If the URL does not match what the text says, it’s not a good idea to click on the hyperlink.

4. Time

Consider the time you receive an email and compare it with the normal time you receive similar emails. Do you generally get an email from the CEO of your company at 2 a.m.? If not, this is an indication of a potentially spoofed email.

The same goes for the specific time of year. Be extra cautious around holiday or tax season, as cybercriminals typically increase phishing attempts when financial information is being shared or online shopping is heightened.

5. Attachments

Attachments may seem harmless, but some can contain malicious viruses or another form of malware. So, as a rule of thumb, do not open attachments that you are not expecting. If a sender does not normally send you attachments, this is a sign that it could be a fraudulent email. In addition, if the attachment has a strange file type such as .exe or a duplicate file type such as .xls.xls you should not download or open it.

6. Subject

Phishing attempts usually try to trick you with scare tactics or immediate action. If the subject line seems fishy, such as “Need wire transfer now” or “Change password immediately”, validate the source before you take any action. The subject may also be irrelevant or not on topic with the rest of the email content, which can be another red flag.

7. Content

The sender may be urging you to update your information or change your password in order to avoid a consequence, which instills fear and prompts action. This is another method to look out for as hackers use this to trick you. In addition, if the grammar or spelling are incorrect and the email seems out of the ordinary, confirm the legitimacy before you click on links or download any files.

So there you have it, seven simple red flags to look out for when examining an email. Never click on links, download files, or transfer money unless you are sure the email is legitimate. We recommend a two-step verification process to establish validity. For example, if you receive an email from your CEO requesting a wire transfer, we recommend you also confirm via phone or in person. This two-step verification process validates the sender through multiple mediums, which helps avoid falling for scams.

It is important for all businesses to take email hacking seriously. Hackers attack corporations and individuals, so understanding social engineering methods is crucial in addition to having proper spam filters and firewalls installed. Lack of employee education is what makes it difficult to properly secure an environment. However, you can use these tips to educate employees both within your company to reduce the risks of a cyber attack.

If you want to see how susceptible your company is, we have a whole suite of free tools for you to measure your vulnerability. See how phish prone your employees are, how strong passwords are or whether or not your domain can be spoofed.

http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools


password

Important Tips for Improving Password Security







Sometimes it is the simplest or most obvious things that can be easily overlooked or taken for granted in life. The IT space is no different and many of the most basic elements, like password management, can often times be overlooked. While it’s not the sexiest of topics, passwords are something we use every day and should be at the forefront of any security plan.

Passwords are the first line of defense against malicious activities in the digital space.

We hear all the time about the importance of strong passwords, and many websites or software require certain password criteria that force them to be difficult to guess. However, the actual execution of these recommended practices is often lacking. The trouble usually lies with the end user who doesn’t take care of their passwords or doesn’t make them difficult enough. Here are some simple, yet highly effective tactics to keep the bad guys out of your information and IT systems.

Hackers’ Tricks
Before we look at the techniques to prevent hackers from gaining access to private information, let’s take a quick look at the most common means these folks use to crack the password code and get the proverbial “keys to the kingdom.”

Guessing – Some people think that no one could ever “guess” their password at random, but hackers are much more sophisticated than that. This technique is not simply sitting in front of a screen and typing many different combinations. First, the hacker finds personal information online and then uses sophisticated programs to help ‘guess’ how that personal identification can be turned into a password.
Dictionary-based attacks – Programs run names and other information against every word in the dictionary.
Brute force attacks – Just like it sounds. By simply running all combinations of keystrokes with a user name, passwords are discovered all the time.
Phishing – Beware of Phishing schemes! These scams try to lure you in with fake offers then track your keystrokes in order to steal private information. If the email or IM request looks odd, ignore it and please don’t click on anything. The trouble is that people are oftentimes tricked into giving away valuable data without even knowing.
Shoulder surfing – Not all hackers are technical whizzes. Shoulder surfers try to catch you entering a password in a public place like a coffee shop or even at a gas station (debit card PINs are vulnerable).

Password Security Tips
So what is your company to do? Educate employees on strong password practices. There is simply no way to guarantee a bulletproof password. If someone wants something bad enough and is smart enough they can figure out what they need to do to get it. Most are not that patient though so any deterrents are usually enough to make them give up and find an easier target.

Some best practices to be teaching employees include:

  1. Make sure password length is at least 8 characters
  2. Don’t use real words
  3. Use both upper and lower case characters
  4. Include numbers and special symbols when allowed
  5. Don’t use personal data
  6. Make patterns random and not sequential or ‘ordered’
  7. Don’t get lazy when it comes to your passwords. Take the extra time to think of something creative, complex and something only you would remember. 

What else can be done? Here are some “do’s” and “don’ts” for password safety.

Do:
1. Create different passwords for different accounts and applications. If you create only one password for everything you do online, you are exposing yourself unnecessarily. Sure it’s easier to use one but it provides more chances for someone to figure your password out, and if they do, gives them a great starting point for accessing other personal data of yours.
2. Keep corporate and personal passwords separate.
3. Change your passwords often (ideally every month)
4. Always log off your computer or lock it when you leave it for any period of time

Now Some Don’ts:
1.Don’t write passwords down or store then in the office

2.Don’t store passwords on any device

3.Don’t give passwords in emails or IMs

4.Don’t give your manager your password

5. Don’t discuss passwords with others

6. Don’t use the “it’s easy to type’ rule (like asdfjkl;) since that will be easier for a lurker to see what you typed

After reading this, I’m sure you feel like you have some work to do. It’s never too early to start utilizing these recommended practices and you may not even know what data may currently be exposed or at risk.

Changing your passwords and using the above techniques can help protect you and your staff from malicious web attacks. Don’t overlook the importance of password management – it could make all the difference when a hacker sets his targets on you or your business.


Security

5 Things Everyone Gets Wrong About Anti Virus







It shouldn’t be news to anyone that cyber threats are on the rise. As advanced hacking techniques continue to proliferate in the wild, the requirement to have an effective security solution has never been more pressing.

With the market awash with vendors making bold claims, and news stories making even bolder headlines, it can be hard to separate the fact from the fiction. If you’re new to offering endpoint security, here are five basic things you need to know to ensure that you get right about the options available.

1. Viruses Aren’t the Only Threat

Security threats have evolved beyond all recognition from the early days of the computer virus, but most security solutions still carry the term “anti-virus” in their name, which is really something of a misnomer in the modern threatscape.

The reality is that cyber attacks take many different forms that have nothing to do with being a virus, and they can range from the indiscriminate to the highly targeted. These include ransomware, spear-phishing, drive-by attacks and both software and hardware vulnerabilities that can lead to loss of customer and corporate data. Attackers are now even weaponizing machine learning to produce highly-targeted campaigns, at low cost to themselves.

Also, don’t forget that threats can come from within; disgruntled employees know the weaknesses of your system better than any outsider. Good endpoint security needs to be able to detect bad behaviour no matter the point of origin.

2. Malicious Files Aren’t the Whole Story

Most people think that security software works by scanning files on the local computer and deciding whether they are malicious or not. Like the term ‘anti-virus’, that’s a bit of an old-fashioned way of thinking about it. Although there are still legacy AV programs that primarily work in that way, even they will usually offer some additional functions such as blocking malicious websites or detecting excessive use of resources typically used by ransomware and crypto-miners.

However, for truly effective protection, you should be looking at security solutions that do more than that. Today’s cyber criminals are able to leverage fileless attacks, change DNS settings to re-route your network traffic and inject code into legitimate processes. A legacy AV solution that primarily focuses on scanning for malicious files is, like last week’s soup, well past its sell-by-date.

3. Trust Is a System Weak Point

As we hinted in the previous point, untrusted software is not the only danger to the endpoint. Even first-party and established software brands can be leveraged to breach a system.

While MS Office Macro attacks have a long history, Macro-less attacks such as DDE can exploit vulnerabilities that will bypass many security solutions because they appear to be coming from trusted applications. Similarly, most businesses will likely have a need for legitimate PowerShell operations, and yet PowerShell-powered attacks are becoming increasingly common. You need a security solution that’s smart enough to allow PowerShell to maintain your productivity, but also able to ensure that it can tell the difference between malicious and legitimate behaviour.

Modern malware can also run without interference on many systems running AV solutions if it is able to operate with system-level privileges, whether through a privilege escalation vulnerability or other methods of infection. This is because many AV packages take the wrong approach by granting trust by identity, rather than by behaviour. When security solutions take this kind of “whitelisting” approach, the endpoint is left vulnerable to supply chain attacks and fake certificates.

4. There’s Power in Simplicity

Security software doesn’t have to be hard to use, and you shouldn’t have to be a security expert to manage it. Unfortunately, a lot of security software gives business owners just that impression, overcomplicating things with diagnostic tools and components that require specialist training courses to master. Be sure to choose an endpoint solution that minimizes maintenance tasks, presents a clean, easy-to-understand interface and provides one-click remediation.

You want a solution that anyone in your team can quickly learn and operate. It’s important for business continuity that knowledge of your security solution is not tied to specially-trained members of staff. Who knows how long before they move on, taking their expert knowledge of your security solution with them?

5. Security Is a Mindset, Not a Product

Probably the biggest thing you can get wrong about AV software is believing that it can solve all your security issues in one fell swoop. Threats come in many shapes and forms: from indiscriminate ransomware attacks to disgruntled employees. What’s your plan of action when (don’t think “if”) a breach occurs? How will you respond? Failure to have a response plan in place could mean greater damage to your customers, your data and your reputation.

Main Takeaway

Ignore the stereotype of sophisticated cybercriminals targeting billion-dollar businesses. Most attacks are opportunistic and target not the wealthy or famous, but the unprepared. According to a 2018 SentinelOne survey of US companies, 56 percent suffered a ransomware attack in the last year. Given that the majority of organizations will be hacked over their lifetime, it is incumbent upon organizations to have a fallback position.


Cyber secuirty

Cyber security myths you should stop telling yourself







While many cyber security myths persist, some are more damaging than others, here are four common cyber security myths and their impact on risk.

Cyber security preparedness is one of the major obstacles facing businesses today, and due to its importance, it can be a magnet for myths. Attacks emerge and cripple systems availability or swipe data quickly and unexpectedly. It happens so fast that the myths so many businesses hold onto as facts are only apparent in the aftermath of an attack.

Myth 1: Small organisations are low-value targets for hackers.

Thinking you’re not a target is one of the biggest mistakes a company can make. According to data collected from more than 2,200 confirmed data breaches, 58 per cent of security event victims were small businesses. But why would malicious actors target small companies?

Compute resources are valuable – malicious actors seek out available computing resources as network nodes to expand their bot networks, which they use to initiate DDoS attacks, for crypto-jacking, to propagate ransomware and spam or for numerous other crimes. Malicious actors build their networks by leveraging free resources, and your systems might be among them.

No matter the size of an organisation, data is valuable and power. Every organisation stores some data that’s critical to its business but holds little value to others. Malicious actors exploit this by unleashing ransomware that cuts off data access, availability, or both, crippling the organisation. Malicious actors then generate revenue through ransom payments.

Small businesses can be an indirect victim and used as a stepping stone into other targets. Malicious actors might target seemingly innocent, low-risk third-party vendors to get to those vendors’ customers. This has been evidenced by the cyber-espionage group known as Dragonfly, which successfully “trojanised” legitimate industrial control system (ICS) software. To do so, the group first compromised the websites of the ICS software suppliers and replaced legitimate files in their repositories with their own malware infected versions. Subsequently, when the ICS software was downloaded from the suppliers’ websites it would install malware alongside legitimate ICS software.

Myth 2: There’s no reason to invest in security when organisations with tight security controls still experience security breaches.

Some organisations rationalise a small cyber security budget by arguing that investing in security is a losing game. They hear about security breaches at large organisations, with presumably large cyber security budgets, and assume if these organisations can fall victim, then what chance does their organisation have?

Tools are just one pillar of a solid security strategy, people and process are equally important. An organisation allocating budget toward security might not be focussing it to the most effective areas. An organisation can have a big budget for tools but if it lacks the right cyber security talent or its processes are faulty, it can still get hit.

Research has illustrated how long it can take before an intrusion is detected. The time taken by firms to detect breaches increased by 40 per cent from 2016 to 175 days on average in 2017, according to the latest M-Trends report by security firm FireEye. Organisations that invest in reactive security controls, in combination with proactive security controls such as Intrusion Prevention Systems (IPS), may identify suspicious behaviours earlier and limit the damage.

Organisations that shrug off tight security controls are focusing solely on the immediate effects of infiltration, not on the total cost of the security incident. Granted, security controls are not 100 per cent effective at detection and prevention, but they can save significant time and money during each of the subsequent incident response stages: analysis, containment, eradication, recovery and post-incident activities.

Myth 3: Our organisation has not been breached before, so we’re still safe.

Often, organisations incorrectly assume their security risks remain relatively static, when they don’t have a way to effectively evaluate those risks. Projecting future risks based on historical events can be dangerous.

Defining the scope of what to secure requires identifying exactly how many applications, servers, network devices, storage devices and more are within an organisation. When faced with either insufficient or overwhelming amounts of data, the scope may be simplified, and assumptions drawn that can lead to vulnerabilities.

Organisations might assume a particular server doesn’t contain sensitive data and is less likely to be the target of an attack. But it might not be data that malicious actors are after, as mentioned; servers might be valuable as a foothold into another environment. Lastly, people often underestimate risk due to future aversion – the problem of assuming that because the future is unknown it cannot be tested.

Myth 4: Security is an expense, not a revenue generator.

Organisations prioritise investment in services that generate revenue, especially when budgets are tight. This can leave cyber security, viewed as an expense, on the back burner, when it should be considered a revenue generator.

Data breaches continue to rise globally, and cyber security will influence buying decisions. Organisations that store personal, financial and other sensitive data need to ensure that it is secure. So, businesses can influence customers’ perception of security by proactively marketing the high level of security they adhere to, differentiating their company from their competitors.

Data breaches are only one impact from an adverse security incident. Another is downtime. Consumers can’t purchase products or pay for services if a web site, or the infrastructure that supports web transactions, is unavailable. When the global ransomware WannaCry attack crippled the NHS, hit international shipper FedEx and infected computers in 150 countries in 2016, NHS staff in the UK were forced to revert to pen and paper and use their own mobiles after the attack affected key systems, including telephones.

During the same attack, operations of FedEx’s TNT Express unit in Europe were disrupted by the attack and the company’s following published earnings revealed the cost of falling victim to the attack to be an estimated $300 million in lost earnings.

Whether it’s assuming that an organisation is not a target or that security spend is only ever an expense, buying into these common cyber security myths can set a business up for serious disruption, unhappy customers, a tarnished reputation, not to mention the cost of recovery.

Want some help? Download our free tools and see how your company compares!

By  Security 


Cyber hygiene

Do you have good cyber hygiene?







 

It is cyber security month. Here are the habits that every computer user needs to maintain for good cyber hygiene.

We know it’s important to have good habits in many parts of our lives, from our work to our daily hygiene. However, quite a few of us forget that we need to have good computer habits, too. Developing wise practices in connection with our computers and smartphones can make our lives much easier and help us to stay much safer on the internet.

Back Up Your Files

One thing that many people fail to do is back up their files. All it takes is one catastrophic computer crash and days or even months of work can be lost. Priceless family photos, fun videos with friends, key work files, and important school assignments that were a work in progress can be lost. Backing up your files isn’t that hard nor is it expensive. And, to make things even better and easier, you have many different options from cloud-based backups (such as GoogleDrive, OneDrive, or DropBox), convenient USB thumb drives, portable hard drives, and even specialized backup drives. A good practice is to make sure your files are backed up daily, or at least weekly.

Keep Your Software Updated

Software updates can be a pain, but they are vital to ensuring that your computer and software runs smoothly. In fact, one of the major reasons that updates are released is to fix bugs and issues that could make your computer vulnerable to cyber threats. Hackers know about these bugs and vulnerabilities. If you don’t allow your system to install the patches and fixes, then you are making yourself a prime target for a cyber attack.

Keep in mind that you don’t have to perform updates in the middle of your work anymore. Most software (and smartphones) will give you options for when the update should take place, so you can choose times when you aren’t busy on your computer.

Be Smart When Using Public Wi-Fi

Public Wi-Fi in places like fast food restaurants and coffee shops can be tempting to use when you need an internet connection, but they can also be dangerous. These public Wi-Fi networks are a common target of hackers, and even hackers with minimal skill can quickly figure out things like your social media credentials and more.

If you do have to use public Wi-Fi, take safety precautions such as turning off network discovery, file sharing, and printer sharing and make sure your firewall is turned on. Don’t be an easy target for hackers.

Make Use of Antivirus Software and Passwords

Would you leave your front door unlocked if you lived in a high-crime neighborhood? Well, the internet is a high-crime neighborhood. Failure to use updated anti-virus software and good passwords is the same as leaving your door unlocked. You can’t afford to make it easy for the wrong people to access your personal and financial information.

Your first line of defense lies in the passwords you choose. Don’t use easy to guess passwords, and don’t use the same passwords for everything. Include letters and symbols with your passwords to make them harder to crack, and add some numbers for good measure.

Your second line of defense, much like a deadbolt for your front door, is anti-virus and firewall software. They don’t have to be expensive in order to do a good job of protecting your computer. It is also vital that you keep your anti-virus and firewall software updated and don’t ignore alerts they provide.

Be Careful with Email

Going back to our analogy of living in a high crime area: if your doorbell rang in the middle of the night, would you fling the door open and invite whoever it was inside? You would probably want to make sure who it was, and even check their ID if they claimed to be some kind of official demanding access to your home. Strangely enough, far too often we inadvertently provide access to individuals with malicious intentions when we click on links in emails without making sure where those emails are really from.

In short, don’t open an email unless you have a good idea of who it is from, and beware of clicking links in emails even if they seem to be from friends. Be cautious about opening attachments, too. In short, be as careful with your email as you are with your front door.

Conclusion

You work hard to keep yourself safe from physical dangers such as criminals and disease. It makes sense that you should work just as hard to keep your electronic devices safe, too. Backing up files (including documents, photos, and videos), keeping your software updated, and being smart when on public Wi-Fi is a good start. Add to that antivirus and firewall software, robust passwords, and the careful use of email and you are on the road to developing excellent computer habits that will keep your files, data, and personal information safe.


UCaaS in Chicago

3 Ways to Increase Laptop Security While On-The-Go







  1. Physical Security

There are ways to lock your laptop down from outside of the machine. First, be sure that your laptop bag is always on your person, or that you use a padlock to keep the zipper securely closed. Most work benches at the airport have legs that you can easily secure the carry strap to. Or you can utilize a cable lock to secure it to something like a chair fastened to the ground or a building pillar.

Second, always keep a Kensington lock in your bag, and break it out every single time that you use your laptop in a public area. These are inexpensive, and you can always ask your IT provider if they have any spares. Trust us, if you’re showing initiative to protect company assets, your company will listen.

If you are in a hotel, a good way to keep your belongings safe is to put the ‘Do Not Disturb’ sign on the door. If that is posted, then the only foot traffic that should be in your room is your own. If something turns up missing and you and the Hotel are the only people with keys to your room, then this helps narrow down the search for the thief.

  1. Software Security

We’re not talking about McAfee or Norton here, but something more along the lines of location software. Some examples of this may be Lojack for Laptops if you have a Windows machine, or Find My Mac if you are an Apple user. To help protect your information, these applications will setup passcodes that the thief will have to hack to bypass. Also, they can provide the location of your device if it’s missing or stolen.

  1. Backup Solution
    If, in fact, your device does go missing, you know as well as we do that your work can’t be put on hold. It will continue to pile up – causing a mess of inconveniences – but the world doesn’t stop, even if your laptop is stolen. You need to be able to back up your most valuable data and recover it at a moment’s notice with a legitimate backup solution. And we’re not just talking about a file backup like Dropbox or Google Drive. A truly reliable backup solution allows for virtualizations of your laptop, so you can login to this virtual copy of your machine and it’s just like you’re sitting in front of it again.

Cyber awareness

You May Not Think You Need a Security Penetration Test – But You Absolutely Do







 

Humans are notoriously bad at calculating risk – which is part of the reason why our applications, servers, and endpoints keep getting hacked so often. It’s often difficult to keep up with patches and updates to mission-critical programs – and we let them go out-of-date. Many businesses believe they are too small and barely worth a hacker’s efforts so they install antimalware and antivirus and hope that is enough. On the other hand, many small businesses believe they’ve already spent so much on business IT security that it may not be worth investing in more.

Because of these various fallacies, a successful cyberattack will nearly always come as a surprise. Specifically, the surprise is the extent to which the attack is successful, and the damage that it does.

For example, you wouldn’t be surprised to learn about a convenience store robbery, but you might be surprised if a single robbery put a store out of business. A single cyberattack, however, can and will erase a small business – 60% of small businesses close forever six months after a single successful breach.

Similarly, you wouldn’t be surprised to learn about a bank robbery, but you’d be surprised if a single robbery were able to loot a bank’s entire vault. As the result of a single cyberattack, however, over 140 million social security numbers were stolen – accounting for nearly half the country.

Small Businesses Have IT Security Options

What do you do about this? You can buy new security projects until your budgets are exhausted (see: defense-in-depth), but that does nothing to help you if a single successful cyberattack can expose your entire customer base. Any successful security strategy must instead focus on eliminating the element of surprise. Business leaders must understand that:

Whether you’re a small business or a massive enterprise, no amount of security spending will make you safe from hackers.

Therefore, you should take pains to understand where your vulnerabilities lie, and how an attacker will choose to exploit them.

Some vulnerabilities will be fixable, and some won’t. The ones that are fixable should be fixed as soon as possible; if there are vulnerabilities that can’t easily be fixed, solution partners like Prime Telecommunications help small businesses architect security plan to ensure that you meet the gaps in security that enable cyberattacks to penetrate the network.

In technical terms, the disciplines that will allow you to achieve this state of awareness are known as vulnerability scanning, penetration testing, and risk management.

Vulnerability IT Scanning: Building the Foundation of Security Awareness

Your network runs countless applications. If these applications aren’t constantly updated, or if they aren’t updated correctly, they represent a crack in the edifice of your security. On the other hand, new vulnerabilities in these applications crop up on a regular basis. One security vendor now predicts that companies will discover one new zero-day (a previously unknown application vulnerability) per day by 2021.

A vulnerability scan will most likely use automated tools to crawl your internal and external network for unpatched vulnerabilities and tell you what needs to be brought up to date. Your internal network relies on a complex web of application dependencies. Applying a patch to one application may mean that the applications depending on it fail to work in an expected manner. In some cases, there is no easy fix. If your computers are vulnerable to Spectre, for example – a vulnerability affecting three billion computers – they are essentially un-patchable. The Spectre vulnerability cannot be patched.

On the other hand, the Spectre vulnerability is extremely hard to exploit.In order to determine which of your vulnerabilities must be patched – no matter the expense or difficulty – and which may be left alone, you will need to undergo a penetration test.

Vulnerability & Penetration Testing: Hacking for Good

The difference between vulnerability scanning and penetration testing is the difference between knowing that a vulnerability exists and knowing how an attacker would exploit it – or if an exploit is even possible.

Penetration tests are great for businesses because they are the truest example of how an actual attacker would approach them. Your pen tester will use the same tools and techniques that an attacker would use to:

  • Perform reconnaissance on your network
  • Find attack surfaces
  • Exploit vulnerabilities
  • Trace the path from your perimeter to your mission-critical data and applications

While many business leaders may have trepidation about letting an outsider take such a deep look into their organization, the opportunity presented by regular professional penetration tests cannot be understated. Given sufficient time, your penetration tester will almost certainly be able to find their way to critical or compromising data. Along the way, however, you’ll be able to answer questions such as:

  • How long will it take an attacker to go from my network perimeter to my data store?
  • What vulnerabilities in my network are most appealing to attackers?
  • What indicators of compromise (IOCs) will an attacker produce as they infiltrate my network?
  • Will my security operations center (SOC) be able to detect the attacker in any way?
  • When the attacker reaches their target, how much of my critical data will they be able to see?
  • As the attacker exfiltrates data, will there be any signs? How much data will an attacker be able to steal before they are caught?

Vulnerability testing takes a hard look at the vulnerabilities that exist on the network from within. Assessments can be required by regulation or third parties but should be considered a best and recommended business practice for all organizations. Vulnerability assessments measure organizations against over 10,000 possible vulnerabilities and provide a clear path to wellness. Vulnerability Assessments may uncover the need for additional actions such as penetration testing or other network services to improve and organization’s vulnerability profile.

Security risk evaluation : Mitigating Cyberattacks with Risk Assessment

Let’s say that a vulnerability scan indicates a vulnerability in your perimeter and that a penetration test indicates that this vulnerability could be exploited to reveal critical data. A risk assessment would give you a number of possibilities that would minimize you and your customers’ exposure to legal and criminal threats in case of a breach.

For example, a risk assessment could tell you to:

  • Immediately patch the vulnerability – if this temporarily breaks dependent applications, so be it.
  • Map the gap in your security and align an action such as encrypting the data behind it. If an attacker steals that data, it will be of no value to them.
  • Partner with a Security as a Service team that can monitor and proactivelymitigate attacks trough security tools and techniques to safeguard data that can’t be compromised (such as your client’s social security numbers).
  • These are just a few of the range of options that a risk assessment might offer, all of them varying in difficulty and expense.

Your potential courses of action in response to a potential vulnerability will vary a great deal based on the kind of data you’re protecting and the kind of attackers who may be out to get you. Some forms of personal data may be less sensitive than others – it’s bad if you lose a customer’s address or email, but much worse if you lose their credit card or social security number. Similarly, depending on your company’s profile, you are not able to afford a data breach if your company has certain compliance and regulatory laws it must uphold.

These recommendations and decisions are best guided by risk management professionals. With a skill set that’s one-part hacker and one-part lawyer, these individuals can help you maximize your protection from attackers while minimizing your risks under compliance regimes such as HIPAA, PCI-DSS, and the forthcoming GRPR.

By undergoing regular vulnerability scans, penetration tests, and risk assessments, you’ll massively reduce the likelihood of a damaging security breach. What’s more, you will be less likely to find yourself surprised by a security breach and you are more likely to understand your risk posture by proactively protecting your data to your acceptable security level.

Take the first step by reserving your security-risk evaluation. A Prime Telecommunications security expert will provide options and help you decide which type of security best practice will help you secure your data, mitigate risk and sleep better at night.


cyberattacks

Understanding the Different Types of Cyber Attacks







 

There are three kinds of businesses: those that have been attacked, those that are being attacked and those that are clueless and don’t know anything about cyber attacks.

In today’s high-tech world, we are constantly vulnerable to cybersecurity threats. The ability to identify different types of cyber attacks is a useful way to protect yourself.

There are several types of attacks that commonly occur on the Internet. These attacks include Denial of Service (DoS), Man in the Middle (MitM), phishing and spearphishing.

Denial of Service (DoS) Cyber Attacks

A denial of service attack overwhelms a system’s resources so that it cannot respond to service requests. This type of attack is launched from a large number of host machines infected by malicious software and controlled by the hacker.

Unlike other types of attacks, DoS attacks do not provide hackers with access to personal information. Usually, they are done simply for the satisfaction of causing harm to a company. The may also be launched by a competitor trying to damage the company’s business.

Common types of DoS attacks include:

There are various ways to protect against DoS attacks and the method you choose will vary depending on the type of attack you want to avoid. Firewalls can be useful in TCP SYN and ping-of-death attacks, while various types of filtering can protect against botnets. To protect against teardrop and smurf attacks, you will have to disable various components of your computer system.

Man in the Middle (MitM) Attacks

These attacks occur when the hacker inserts himself or herself between the communications of a client and a server. Session hijacking and Internet Protocol (IP) spoofing are both forms of cyber attacks where the attacker mimics an IP address so that the victim believes that he or she is communicating with a trusted source. The attacker can use this method to gain access to valuable information.

With these types of cyber attacks, encryption can be used to protect yourself. Encryption ensures that any communications come from a trusted source.

Replay attacks are also common MitM attacks. A hacker will save old messages and try to resend them at a later time, once again mimicking a trusted source. These attacks can be avoided by using session time stamps or nonce (a random number of character strings that changes with time).

Phishing and Spearphishing

Phishing involves an email that appears to be sent from a trusted source. However, it is actually delivered with the intent of gaining access to personal information or to panic the user into opening an attachment or clicking on a link.

Often, the attachment or link loads malicious software into the computer. Spearphishing is a similar type of attack, but is personalized to the chosen victim.

Protect Yourself through Common Sense and Sandboxing

Luckily, many attacks can usually be circumvented by using common sense. If you see an email that looks suspicious, stop before opening it. Analyze the email and the header. Hover over links to see where they will take you before clicking on them.

You can also use sandboxing to protect yourself. Testing an email in a sandbox environment allows you to safely open attachments and click on links without making yourself vulnerable to an invasion. Another option is to forward a suspicious email to your IT department for analysis.

Protecting your personal information on the Internet is not easy, but it can be done if you are familiar with the various types of threats and know how to avoid them. Stay safe!


Network RMM

Who’s Monitoring Your Network?







A business’ network is relied upon heavily for many daily functions, and there are many places problems can occur. According to CompTIA, four leading security concerns are attacks from ransomware and malware, viruses that can get into your network and destroy data, and hacking attacks from cybercriminals. Along with these, there is also the possibility of outages caused by poorly-functioning circuits, and these outages result in lost productivity and revenue. Network monitoring can find and resolve these problems before they cause damage. Read on to learn about the role of network monitoring.

Why You Should Monitor Your Network
Network monitoring is a proactive way of detecting threats to the security of your network, resolving them before they cause serious problems. This can save your company both time and money, when network monitoring is part of an overall managed services plan. Possible cyber attacks can be prevented, thereby protecting your company from data loss and compromise of reputation. Not only that, but circuit monitoring can find bottlenecks that slow down your system and cause data loss and leakage. Access to your network can be tracked, finding unauthorized access by former employees, or social media usage that consumes a great deal of bandwidth.

The Advantages of Remote Network Monitoring
By having your IT service provider monitor your network remotely, your business can rest easy knowing that issues are caught and fixed without a trip to your office and can be fixed before data is compromised or systems are slowed down. This helps keep IT costs down by preventing problems before they get out of hand. Your network is protected from viruses and malware because patches are kept up-to-date. Remote monitoring can help keep things running smoothly and enhance productivity by helping your business focus on long-term goals while resting easy about security.

Your network is crucial to the success of your business, and monitoring can help keep it secure. If you have questions, or need to set up a managed service plan including network monitoring, contact Prime Telecommunications today.


Click hear fool

Request your Free Network Evaluation