Best Practices in Cyber Security 2018

Best Practices in Cyber Security 2018

The cyberthreat landscape changes on a daily basis.  There is no one size fits all solution and there are no magic bullets. It has been said that the price of liberty is eternal vigilance. The same holds true for cyber security. There are four pillars of security- end point protection, perimeter protection, monitoring and end user vigilance.

They say that those who don’t learn from history are doomed to repeat it, and matters of cyber security are no exception. Threats will often follow trends, and so by reviewing what has happened in the past, we may be able to glean some insight into what will be important in the future.

If the first half of 2018 was any indication, there are a few things that will be of most concern to IT professionals and end users.

Ensure All Endpoints Have Appropriate Security Measures

It’s staggering to consider how many end points any given business could have, each providing a route in for threat actors. Between company-provided devices, personal mobile devices, and Internet of Things devices, there are plenty of opportunities for a company to be attacked.

As a result, as 2018 progresses, businesses must be aware of what threats exist, as well as better prepared to protect themselves against them. This includes strategies that ensure your organization’s digital protections are properly maintained while remaining cognizant of physical security best practices. Pairing encryption and access control, as well as mobile device management, can create a much safer environment for your data.

Cover your 6’s

Your network needs to have not just the firewall appliance – but a comprehensive suite of tools that can help you recognize suspicious behavior. It is more than just a static device. It has to be paired with analytical tools that can give you insight into your network. Additionally, an external firewall or web filtering service can protect you from unseen threats on a multitude of levels. It is not just hardware and software anymore. You need to have the resources available to alert you to threats, cut down the noise from repeated alerts and investigate areas that you should not be in yourself – e.g. the Dark Web.

Get Back to Basics With Security and End User Education – Cyberawareness Training

While it may sometimes be tempting to focus on the massive attacks and breaches that too-often dominate the headlines, no business can afford to devote their full attention to those vulnerabilities and overlook the more common threats. This is primarily because once they do, they become exponentially more vulnerable to these attacks through their lack of awareness and preparation.

Part of being prepared for the threats of the coming weeks and months is to make sure that your employees are also up to speed where security is concerned. Educating them on best practices before enforcing these practices can help to shore up any vulnerabilities you may have and maintain your network security. This includes restricting employee access to certain websites, requiring passwords of appropriate strength, and encouraging your employees to be mindful of exactly what they’re clicking on.

Continuing to Improve Security Measures

Finally, it is important to remember that implementing security features isn’t a one-time activity. Threats will grow and improve in order to overcome existing security measures, and so if they are going to remain effective, these security measures must be improved as well.

While regulatory requirements can provide an idea of what security a network should feature, they shouldn’t be seen as the endpoint. Instead, those requirements should be the bare minimum that you implement, along with additional measures to supplement them.

We are here to help. If you would like to explore the options of a completely managed firewall, DNS filtering, or cyber awareness training- we can assist. First- get a baseline of where your organization is at. We have a suite of FREE tools that can help show you your susceptibility to phishing, spoofing and whether your organization’s credentials are for sale on the Dark Web.  We can also do an onsite security assessment to analyze your network’s vulnerabilities.

For your free tools, please visit:  http://downloads.primetelecommunications.com/CyberAwareness-Free-Tools or give us a call at 847 329 8600.

We are your managed technology solutions professionals and are here to listen!

 

 


phishing / a fish hook on computer keyboard with email sign / computer crime / data theft / cyber crime

Data breach. Customer information stolen.

 

Prime Telecommunications in cooperation with ID Agent is excited to offer this guest blog post from Megan Wells. Megan is a data journalist and content strategist at InvestmentZen who has written content on how data theft impacts Americans, technological interventions for personal and commercial finance and content for IBM and NASDAQ. With her examination of costs and the impact of Data Breaches, she shares how detrimental identity theft can be for businesses and their employees.

Data breach. Customer information stolen. Identity theft. Those words are enough to cause panic to a small business owner or manager. However well protected they think they are, they fail to realize that criminals on the Dark Web are one step ahead.

Many don’t understand what a data breach is and think it only happens to big companies like Equifax, Target and Home Depot. Yet, employee errors account for 30% of data breaches as the following examples show and small businesses have employees, right?

  1. A medical office employee emails patient data without encrypting the email.
  2. An employee attaches a document to an email that contains a customer’s SSN and account number.
  3. Malware enters a company’s servers through an internet download and steals customer and business data.
  4. A hacker breaks into the business network and downloads credit card data.
  5. A company laptop with customer information on it gets stolen.

Any company that stores customer information, regardless of size, is vulnerable and at risk for a data breach. And data breaches lead to identity theft for business owners and customers.

The negative press to a business from a data breach is bad enough. The risk of identity theft to customers and owners takes it to another level. Over $16 billion was stolen from consumers in 2016, roughly $1,300 per victim. While that amount may seem low (in perspective), the time involved is not. Theft caught early might take eight hours to resolve; for many, however, hundreds of hours are spent reclaiming their identity. Then there’s the person that never fully restores his or her identity–one in four victims faces this reality.
It’s in a business’ best interest to do everything possible to reduce its exposure to data breaches and the high cost of damage control (negative press, lost revenue, customer reparation). Businesses and consumers must work together to safeguard nonpublic, personal information. All our identities and millions of dollars are at stake.


Meltdown and Spectre

How To Explain Meltdown And Spectre To Your C-Level and employees

OK, 2018 has just started and it has totally borked all networks in the whole world. That’s a fine mess we’re in to start off the year. 🙂

Meltdown and Spectre are CPU hardware design flaws that we techies understand. In a nutshell, Meltdown breaks the isolation between the user app and the OS, so the app can do a memory dump and steal any data in it. Spectre goes further. It breaks the isolation between apps. It’s harder to exploit but harder to mitigate.

However, how to explain this to your C-level and end-users is another story.

First thing to understand is that the vulnerable machine has to have malware running to exploit this vulnerability. And who are the most prone to let bad guys into their machine to start with? Right… users.

Another excellent reason to step them through new-school security awareness training immediately, because Meltdown and Spectre are going to be with us for a while.

We have just released our brand-new 2018 flagship 45-minute training module and a whole new batch of new videos from a new publisher.

I strongly recommend to not waste this crisis and require all staff to start the new year with a refresher awareness course, pretty much right away.

So now, how to explain this to everyone in your organization?

I suggest you send the following to your C-level execs and employees. You’re welcome to copy, paste, and/or edit:

“Computer researchers have recently found out that the main chip in most modern computers—the CPU—has a hardware bug. It’s really a design flaw in the hardware that has been there for years. This is a big deal because it affects almost every computer on our network, including your workstation and all our servers.

 

This hardware bug allows malicious programs to steal data that is being processed in your computer memory. Normally, applications are not able to do that because they are isolated from each other and the operating system. This hardware bug breaks that isolation.

 

So, if the bad guys are able to get malicious software running on your computer, they can get access to your passwords stored in a password manager or browser, your emails, instant messages and even business-critical documents. Not good.

 

So, What Are We Doing About This?

 

We need to update and patch all machines on the network. This is going to take some time, some of the patches are not even available yet. We also may have to replace some mission-critical computers to fix this.

In the meantime, we need you to be extra vigilant, with security top of mind and Think Before You Click.

 

[OPTIONAL] To help you stay safe online in the office and also at the house, please step through this new security awareness training module which will take you 45 minutes. Consider it an urgent “lunch & learn” because of this hardware bug.” (Thanks, Mr. Intel…)

Here is a good site with an FAQ and videos about this SNAFU, that you can refer people to if they want to know more. For instance, antivirus does not protect against this vulnerability.

This was written by Stu Sjouwerman, Founder and CEO, KnowBe4, Inc.