Tag Archives: cyber attack

Become Aware and Prepared During Cybersecurity Awareness Month

There’s never a bad time to examine your company’s cybersecurity posture, and even improve your strategy. Threats abound, including security incidents resulting from weak passwords, phishing attacks, and the lack of strong authentication. Read on to learn how you can assess and improve your preparedness for security incidents–it’s not if, but when.

 

Preparedness Starts with Awareness 

October is Cybersecurity Awareness Month. Starting in 2024 the Cybersecurity and Infrastructure Security Agency’s (CISA) theme is “Secure Your World.” Cybersecurity Awareness month is a time for understanding the threats that face all businesses, and perhaps especially small to medium-sized companies. The good news is, you can learn more about what threats affect your network, applications and data, and how to protect your business.

 

Protect Your Business from Common Threats 

 

Common threats include phishing as well as the ransome ware that can infect your network and steal your data. If your data isn’t stolen, it can be encrypted away from you via a ransomware attack. Security incidents can occur as a result of weak authentication of account access (weak passwords and lack of multi-factor authentication). Mishandled operating system updates can lead to not having the latest security updates and bug fixes. 

 

Phishing threats are growing in frequency and sophistication, and can come in through emails designed to trick recipients into giving up security credentials, which can then be used to gain access to a company’s network and data. Phishing attempts, along with variants like “smishing” (attacks via text messaging) and “vishing” (attacks by phone and voicemail) rely on fear and a sense of urgency to trick the recipient into action. Such attacks may include malicious links. Knowing how to recognize and deal with a possible phishing attack includes knowing how to report the email before deleting it, and knowing not to click links. If in doubt about the sender’s address, the recipient can point their mouse arrow at the URL to determine if the address is legitimate. 

 

Weak authentication can also put your company’s network at risk. Security incidents can occur when a password is guessed and the attacker penetrates the network. Examining your company’s password best practices and making sure workers know the practices, can help defend against intrusion. By creating strong passwords (e.g. twelve characters, with a variety of numbers, letters and special characters) individual workers can protect the company’s network. A password management system can help generate and store passwords, and only the password to that system needs to be remembered.

 

Multi-factor authentication (MFA) adds an extra layer of protection. To verify identity, a one-time code or even biometric like fingerprint recognition can determine that the request to access your network is legitimate. Even if a bad actor guesses and uses a password, they can’t access the network. 

 

Keep Current on Operating System Updates

 

On the company level, updating operating systems and applications can help protect your network and data. Operating system updates often include bug fixes and updated security features. Managed updates keeps them happening on schedule and compatible with your network environment. 

 

With its “secure your world” theme, CISA’s cybersecurity awareness campaign can be a template for your company’s efforts to prepare for possible attack. For further assistance, contact your trusted technology advisor today.

Using Workers and Technology to Fight Phishing Attacks

Now that Generative AI (e.g. ChatGPT) is here, phishing attacks may increase both in number and sophistication. How do businesses protect themselves? Awareness is a good first step, but gathering data using a security information and event management system (SIEM) is even better. Read on to learn how SIEM along with education and awareness training can reinforce your company’s efforts to prevent phishing attacks and resulting malware.

 

What is SIEM?

 

Security information and event management (SIEM) combines two separate systems to not only gather information but develop rules to help analysts understand what occurs in your company’s network. Security information management involves the gathering, monitoring and analysis of security-related information across different computer logs–including email applications. 

 

Security event management is involved in helping respond to incidents. SIEM brings the two functions together – the strong log-keeping functions of SIM with the response capabilities of SEM. The information is put together in a standard format, then aggregated and analyzed, helping IT professionals prioritize their threat response. Since SIEM can be outsourced to managed service providers (MSPs), it is possible for small to medium-sized businesses to afford it and not have to hire extra staff.

 

SIEM and Phishing Attacks

 

The security operations center of an average organization can receive tens of thousands of threats, and some can receive ten times more. What’s a small or medium-sized business to do? How do they know they are victims of a ransomware attack until the damage is already done? Security information and event management has the capacity to gather and analyze information about user authentication attempts, separating normal logins from malicious attempts. When unusual login activity is detected, an event is created when it happens.  The SIEM software can then lock out the suspicious user while doing the investigation. While SIEM can show IT teams what’s happening throughout the network, everyone still needs to be aware of phishing emails and what they look like, and trained to act.

 

Train Your Workers, Too

 

Humans are thought of as  the weak spot in protecting against cyber attacks, including phishing emails. But what if, combined with SIEM, they are a strong defense against malware and other dangerous network intrusions? Whether phishing attempts using ChatGPT as the hook will become so sophisticated as to hide normal clues to phishing emails is not yet known. Clues like spelling errors and poor grammar are signs that the email is not from a legitimate sender. Educating workers to look for more information without clicking on malicious links and attachments, can help them identify a phishing email.

 

Technological tools like SIEM can combine with staff training to provide a strong defense against hazards from phishing emails. For further assistance, contact your trusted technology advisor today.

Cyber Resilience Is About More Than Just Technology

Attacks and threats producing attacks continue to occur. How can your company keep up, and protect itself from financial, legal and other consequences? Cyber resilience, the ability to recover from a cyber attack, involves people and processes even more than technological tools. Read on to learn more about helping your organization plan how to keep going in the face of an attack.

 

Cyber Resilience Involves People and Processes

 

Cyber resilience is more than just technological tools protecting your organization. Cybersecurity is part of it, but not all Cyber resilience has to do not just with preventing a cyber attack, but recovering from the damage and evaluating the response. This evaluation may include changes in policies and procedures. According to a CompTIA Community Blog post, people can be the most important asset in defending against – and  in some cases recovering from – a cyber attack. 

 

What Causes Cyber Attack?

According to statistics, more than 50% of cyber attacks and resulting data breaches stem from human error. Lack of training is a primary source of risk. Do employees know what to do if they get a phishing email? Do they know what one looks like? What are your workers’ skill sets, knowledge, levels of training? How well has your company defined processes for cyber security, disaster recovery, and monitoring? Though cyber resilience processes can be defined by executives, everyone plays a part in protecting your company.  

 

Performing a Cyber Resilience Assessment and Moving Forward 

 

While developing policies, processes and procedures can seem daunting, some resources can get you started. A good starting point is evaluating current defenses along with workers’ skills. The National Institute of Standards and Technology provides a framework for preparing your organization’s defenses, one that can be used by SMBs and MSPs alike. Small to medium-size businesses, along with their partners, don’t have to be alone in the fight against cybercrime. 

 

Frameworks for developing procedures, along with resources for training staff, can help your company prepare for and recover from cyber attack. For further assistance, contact your trusted technology advisor today. 

Developing a Culture of Cybersecurity

When it comes to cybersecurity, tools and technology help. What can help even more is making cybersecurity a part of company culture, to the point of safety becoming second nature. Read on to learn more about establishing a culture of cybersecurity. 

 

The Vital Importance of Cybersecurity

 

The attacks just keep coming. In recent years, SolarWinds and Colonial Pipeline are just a couple of well-known incidents. According to statistics, more than half of cyber attacks result from human error–weak or poorly managed passwords, susceptibility to phishing schemes, perhaps even ignorance of company policies and of best practices. The cost of attacks is supposed to continue increasing, to over $10 trillion by 2025. 

 

The Cybersecurity Conversation

 

It’s never too late–or too soon–to openly discuss cybersecurity in your organization. Your executives, both in your IT department and outside of it, can set the tone for your company’s cybersecurity culture. For example, sharing learning from past experiences can show your workers that anyone can learn from mistakes. More than technology and tools, cybersecurity training needs to be an integral part of company culture–it saves costs, preserves your company’s reputation, and keeps your company in business. You can freely discuss cybersecurity in team meetings and everyday work conversations. Ideally, this will get workers of teams talking about ways to keep your company safe and may reach the individual level, encouraging them to evaluate their cybersecurity savvy and improve it. Regular training and retraining should also be part of the organization’s culture of cybersecurity. Staging mock “phishing” attacks to test workers’ knowledge and ability to act, will help to make training concrete. This is where tools and technology can come in, providing engaging ways for workers to understand the importance of cybersecurity.

 

Clear Policies and Procedures

 

Having and clearly communicating policies and procedures helps all employees know what to do in case of emergency, and even how to avoid an emergency in the first place. Does everyone know what a phishing email looks like, and how to report one? Do they know to choose strong, hard-to-guess passwords, and change these passwords periodically? What’s the first thing they should do in a cyber attack? If everyone, from the top executive to the newest trainee, knows what to do, all contribute to the security of the organization. 

 

Establishing a culture of cybersecurity begins at the executive level. Establishing cybersecurity as part of your company’s philosophy, as well as clear policies and procedures, can help everyone understand their role in protecting company systems and data. For additional assistance, contact your technology provider today.

Defense in Depth Provides Robust Cybersecurity

Many companies, while they have defenses against cyberattack, still fight to keep ahead of cyberattacks. What if your company is one of these, and could find a better way to protect your technological assets–data, applications, your network itself–from attack? Read on to learn more about “defense-in-depth” and how your company can use it to build a robust defense in all parts of your network.

 

Definition of Defense in Depth

 

Simply defined, defense-in-depth is a cybersecurity approach in which independent layers of controls are employed to build redundancy. If one control fails, another will take over. If an intrusion occurs, the bad actor can go only so far and will be dealt with before they cause serious harm. All the way from your perimeter to the most sensitive data at the core of operations, controls will keep your data and applications safe from loss and compromise. A first layer is detection, which catches anomalies and reports them to cybersecurity personnel, stopping them from intruding further into your network.

 

Evaluating Your Current Cybersecurity Posture

 

How do you know what an anomaly looks like, and whether it is a cyberattack in the making? Before making the transition to a multi-layered cybersecurity structure, knowing your current cybersecurity posture is important. One thing to consider is what a possible attack might look like. Viewing intelligence from past activity logs, especially when an intrusion occurred, should show you what unusual activity looks like. A next step is identifying your mission-critical data and applications, not to mention your most sensitive data, to determine which assets need the greatest protection and should be at the innermost layer of protection. Finally, what intrusion detection systems can you put in place to detect anomalies in usage?

 

Multiple Modes of Protection

 

A defense-in-depth system contains multiple defenses dedicated to controlling access to physical and data resources, as well as the resources themselves. Physical controls include security (say, at cloud data centers) and technical controls (firewalls and antivirus protection) defend the contents of physical systems. Administrative controls refer to policies and procedures for network security–for example, data-handling procedures and digital codes of conduct. Cybersecurity controls help maintain data integrity within a company’s network; examples of these protections include encryption at rest and encrypted backups offsite. Network monitoring of processes and of possible intrusion, along with endpoint protection, are yet more layers. 

 

Ideally, with defense-in-depth, you can protect your systems by using multiple tools that work better than any one tool by itself. For assistance with this approach, contact your technology advisor today.

Training Your Employees to Help Avoid Cyberattacks

Commonly, employees are thought to be the “weak link” in combating cyberattacks. What if, with thorough training, your employees become your best resource in fighting attacks like phishing, ransomware and malware, and social engineering attacks? These threats can all lead to your network and data being compromised as well as your business losing revenue and your clients’ trust. Read on to learn more about common threats and how to train your employees to have a role in combating them.

Know the Threat Landscape

Threats to cybersecurity abound, and some of the most common are ransomware and malware, which can get to your network via phishing schemes and social engineering attacks. Ransomware is a type of malware in which files are encrypted and become unreadable, and can only be available again if the user pays money (a ransom) to get a key to get the files unlocked. Malware, in general, is malicious software designed to steal confidential information, insert a virus into the network, or both. Commonly, malware and ransomware enter a network via social engineering attacks such as phishing schemes. A bad actor pretends to be someone the victim knows, and tricks them into giving confidential data. For example, the attacker may pretend to be a fellow employee needing assistance that requires access to the network. Instead of trying to find and exploit weaknesses in the system itself, the criminal tries to find “weaknesses” in the victim–a desire to help others, for example. 

Train Employees to Recognize and Prevent Attacks

There are excellent online and in-person training programs to prevent cyber attacks. This training can be a good foundation in knowing more about the risks and how to prevent them. Training is not just a one-time endeavor; rather, it needs to be practiced consistently. Part of training should involve teaching employees how to recognize social engineering attacks, such as phishing. Clues to a phishing email can include misspellings and grammatical errors in the body of the email, along with urgent calls to action (even threats). One way to assess which employees might fall prey to a phishing scheme is to send a fake phishing email with a link in it, and discover who clicks on the link. 

Aside from recognizing attempts to get into a company’s network, there are other common-sense practices to stay safe. One is effective password management, encouraging formulation of strong passwords initially, and changing them regularly. Also, not sharing passwords with others is a basic rule of thumb. Furthermore, discouraging use of unsecured Wi-Fi (which might be used by employees working outside the office) helps keep your network safe.

To learn more about the existing and evolving threats and how to combat them, contact your trusted technology advisor today.

Cyber Security

Train Your People to Fight Cyberattacks

With the advance of technology, many benefits have come to businesses—commerce taking place twenty-four hours a day and the ability to have meetings with workers half a world away, among others—but cybercriminals have learned to exploit technology, using practices such as phishing (planting a fraudulent link in an email) to gain access to business’s data and networks.  With social engineering, Phishing, and Spearfishing on the rise it is important for you to raise employee awareness about these threats. Read on to discover how to keep your business safe from this type of intrusion.

What Phishing is and How to Prevent It

Phishing is an increasingly popular way for attackers to access company data and plant malware in a network. A phishing attempt involves putting a fraudulent link in an email to get the recipient to click on the link and unwittingly import malware into their company’s network. Spear phishing, a related type of attack, focuses on an organization or individual. Employees can be trained to recognize an attempt by looking for clues. One is misspellings and grammatical errors in the message. Another tipoff is a strange or suspicious sender’s address; if it looks strange or suspicious, don’t open the email. Yet another practice is to point the mouse arrow over a link to look at it without clicking. All are things an individual can do, and there are additional effective practices.

Focus on the Fundamentals

The best preventive measures are simple. According to a CompTIA article, getting the basics right is one of the soundest investments a business can make. Prevention, as always, is far less costly than repair. While tools, current antimalware definitions and operating system patches are important, much of your company’s preventive power lies with employees. Developing a culture oriented toward protecting a business’s technological assets is far more effective than placing blame if a phishing attempt gets past defenses. Phishing schemes have become so clever they can catch anyone unaware. An all-day training can be a good start, but the training should be a regular part of your business’ strategy for keeping itself safe.

As technology advances, cyberattack attempts will keep pace. Companies should remember one of their most powerful assets—their people. To learn how to train your employees and develop a culture of security, contact your technology advisor today. 

Cybersecurity Risks and Preventive Action

Even with so much information available about how to protect your network and business from data breaches and cyber attacks, a surprising number of businesses aren’t prepared. Read on to learn about how to make your company an exception.

Know and Understand the Risk          

A recent Forbes article reports on a new survey of 600 IT security and IT Operations decision-makers. The results reveal the level of risk to networks and the level of business’s preparation—and how much education and preparation are still needed. According to survey results, 60% of respondents had a data breach within the last two years, and more than 30% had experienced more than one breach. Vulnerabilities can occur anywhere—in a company’s on-premise systems, or through an employee’s mobile device accessed in an unsecured area. All it takes is one weak spot in the network, to compromise the entire system. Common causes of breaches include lack of security protocols to begin with (52% of respondents), unpatched software (51%), and lack of automation in patch application.

Steps to Protect Your Network’s Security

Instead of simply lamenting the lack of security, these statistics serve to point the way to achieving network security.  Knowing problems common to businesses can guide your business in what aspects of network security to focus on first. Businesses can start by performing a network audit to find any weak spots where network security vulnerabilities may exist.

Be sure to check that OS patches are up-to-date, and that antivirus and anti-malware definitions are current. Monitor endpoints including mobile devices and devices used by remote workers and perform periodic network scans to detect any data bottlenecks or weak spots. Depending on the nature of data your company gathers, and whether the company is subject to special industry regulations, public or private cloud environments can be used to protect and back up data. Just as important as these technical measures is educating your employees about how to recognize malware intrusions that can occur via “phishing” emails and how to identify and report breaches.

While the chance of a cyberattack will always exist, the risk to your business can be minimized. To evaluate and start improving the security of your network, contact your technology advisor today to get started.

The Importance of a Business Continuity Plan

With some parts of the country heading into tornado season, and with natural and man-made disasters a possibility anywhere, there’s no time like now to consider how to keep your business running in the event of a flood, fire, earthquake, or even a cyber attack. A Business Continuity (BC) plan keeps your business running both during and after a disaster, minimizing downtime and the resulting loss of revenue and reputation. Read on to learn more about what such a plan can mean for your business.

The Cost of Not Being Prepared

An event such as a storm or a cyber attack has the potential to severely impact your business. According to technology research firm Gartner, businesses that experience a data disaster have a two-year survival rate of just 6%. Also, for every hour of downtime, $42,000 can be lost. Moreover, the loss of reputation of your business if customer data is lost or leaked, can be significant. If your business is in an industry subject to special regulations (HIPAA, for instance), data compromise can bring about fines and other penalties. To avoid these consequences, and to get the best results from your business’ technology budget, ask questions to assess your risks.

Components of a Business Continuity Plan

One key consideration is which components of your business are mission-critical. Perhaps it’s maintaining access to data that is needed to run the business. Or it’s keeping the data you have safe. Perhaps it’s ensuring employees within your company can communicate with each other by email. Another part of the plan is to determine recovery-time objectives, how long your business can be interrupted without costing revenue through downtime. When it comes to human resources, decide in advance who is going to be responsible for which elements of recovery. Regarding data storage, decide whether you want it stored on-premise, in the cloud, or a combination of both. In developing a plan, imagine different scenarios; your plan in a natural disaster may be a bit different than in the case of a data breach.

Keeping your data safe and your business in business is the goal, whatever the hazard. If you need assistance developing or fine-tuning your business continuity plan, contact your technology advisor today.

Cyber Crime

Closing the Door on Cyber Crime

Businesses today are under constant attack from Cyber Criminals. Ransomware,  including the WannaCry Virus , is an example of a top threat to avoid. With the risk of lost data, lost productivity and lost reputation, isn’t it time to close the door on Cyber Crime? Here are a few tips to defend your company from potential cyber attacks.

Document Operating System Security Patch Policies and Procedures

Take the time to review and update your documented security policies and procedures.  Security and related patch policy should identify who is responsible for application and operation of system patches and system updates. Clearly determine whose responsibility it is to apply the latest operating system and related security patches. Whether this process is manual, or done automatically through a managed service, be sure your employees know which is the case. Also, document your policies to verify all your systems are in compliance.

Review your Cybersecurity Framework

Avoid data breaches resulting from lack of Cybersecurity defence. Ensure your AntiVirus and Malware detection definitions are up to date. Utilize spam filtering and other Cyber Threat detection to protect your business. Consider penetration testing to identify any weaknesses on your network. Also ensure your employees are periodically trained to identify and avoid malware and phishing schemes. If you have suffered a data loss due to Cyber attack, ensure you have a communications plan to notify all stakeholders and authorities within adequate time frames. Having a solid data protection plan including Cloud Backup can minimize your exposure and increase your recovery time.

Study Machine Learning to Combat Cyber Threat

Cybercriminals are using automation, artificial intelligence and machine learning to trick you and your employees to take the bait on phishing, ransomware and other cyber attacks. Why not fight fire with fire? Leading Cybersecurity suppliers  are pouring millions of dollars into research and development to embed Machine Learning to detect and combat Cyber threats. This Machine-to- Machine combat will evolve over time and soon combine with artificial intelligence (AI) to train your employees on how to identify and avoid these cyber attacks in the event your perimeter security is breached.

Cyber threat and related Cyber attacks are a top concern for many business owners. Staying one step ahead to protect your business network is a constant effort. Contact your technology advisor to find out more how you can close the door on cyber crime today.