Tag Archives: O/S Patch Compliance

Cyber Crime

Network Security Precaution for Meltdown and Spectre Vulnerabilities

The technology industry is working to patch two network security flaws known as Meltdown and Spectre Vulnerabilities. These hardware bugs can expose information being processed or stored in memory on your computer.

While there are no known exploits, malware or phishing schemes specific to these network security vulnerabilities, this reminds us of the importance of Network Security best practices to protect Windows PCs and Macs, as well as Android and Apple iOS Mobile Devices. While the industry rushes to patch these network security vulnerabilities, here are some considerations to protect your network.

Keep your Operating Systems Patches Up to Date

Make sure you install security updates for your operating system and applications. Apple (AAPL), Google (GOOG), and Microsoft (MSFT) have already released some patches. You can do this manually through automated updates, or subscribe to a managed service to keep your network current. Keeping your browser up to date will also prevent websites from attacking your processor to steal your password and other privacy data.

Don’t Forget Updates on Mobile Devices

The Meltdown and Spectre Vulnerabilities serve to remind us of the importance of keeping smartphones, tablet computers, and other mobile devices updated with the latest operating system and related security patches. Also, remember to download software only from trusted sources. Employers should remember to review acceptable use policies to ensure they are up to date and that employees comply with company mobile device acceptable use.

Train Your Employees on the Importance of Network Security

Your employees are on the front line of defense for network security. Through periodic education and training your employees will implement strong passwords and change them regularly. They will also be adept at identifying malware and phishing schemes to better protect your network.

Your network is the backbone of your technology infrastructure. Securing your network is a critical component of your technology strategy. If you have questions or concerns about your network security, contact your technology advisor today.

The Importance of Maintaining Network Compliance

Network SecurityLast month’s blog provided information about ways to “Avoid Being Held Hostage by Ransomware.” Eight days later, on May 12, 2017, there was a global outbreak of the Wanna Cry Virus. With Cyber Threats on the rise, the importance of maintaining network compliance is top of mind with business owners and IT professionals alike. Industry compliance regulations, including PCI, HIPAA, and SOX, drive best practices in Network Compliance. However, most businesses today rely heavily on their systems to access Cloud Services, Voice, and Data Networks for mission-critical applications that run their business. What can you do to maintain network compliance?

Automate Your Network Administration

Keeping operating systems and network configurations up to date is a top priority for network compliance. Each device that connects to your network needs to have up-to-date operating system security patches, anti-virus definitions, and malware threat prevention in order avoid un- intended intrusion of your network. There are abundant tools and managed services to help your business stay up to date without adding to your internal labor cost.

Proactively Monitor Your Network

Monitor your network to identify any systems that are out of compliance. Proactive monitoring can also identify unauthorized devices connected to your network. You can monitor your network traffic to identify unusual use of network bandwidth. Aside from slowing down your systems, excessive bandwidth may be the result of a malware-infected device that is exploiting your network.

Documenting Your Network Security Controls

Achieving compliance with documented security procedures including password policy, systems maintenance, backup procedures, and compliance measures, is critical to following most industry compliance regulations. It is a  best practice to update these procedures annually. Reviewing your Network Compliance policies gives your business an opportunity to stay up to date and serves as a reminder of the importance of maintaining network compliance.

Contact your Technology Advisor if you have questions about maintaining network compliance or other concerns regarding ransomware and other related Cyber Threats.

How to Avoid Being a Ransomware Hostage

RansomwareRansomware, spyware, phishing schemes, and other Cyber attacks are commonplace in today’s world of technology. According to a recent article in Forbes, ransomware attacks grew at an accelerated pace in 2016 with reports of 638 million attacks, almost 200 times more than the number of ransomware attacks in 2015. Most experts agree that Ransomware attacks will continue to occur–so what can you do to avoid being a ransomware hostage?

Not All Ransomware is Created Equal

Before you panic, find out what type of Ransomware you are up against. Scareware is a type of Ransomware that tricks you into thinking you have a bigger problem. A simple scan may quickly remove the pop from your browser cache and get you back on your way. Some ransomware is truly nasty — your entire system may be encrypted, meaning you will need to wipe your system and start over if you have a good backup. Otherwise, you may find yourself hostage to the cybercriminals to unlock your data.

An Ounce of Protection is Worth a Pound of Ransom

Data protection is an important element in minimizing the impact of Ransomware. Make sure your network security is fully compliant. Backup your data, update your antivirus definitions and make sure your security patches are up to date. Consider using Cloud Backup, Security as a Service, and Managed IT services to keep your network up to date. Having a strong offense to avoid ransomware is your best defense.

Don’t Forget the Human Element

Train your employees on a regular basis on the importance of staying vigilant against Cyberattacks and how to avoid being a hostage. There are many resources to get training for your team. Periodic updates about threats and security procedures serve as a reminder to your employees to ensure they adhere to best practices.

If you need security training or are interested in a review of your network, security vulnerability, or other technology infrastructure, contact your Technology Advisor today.

Cybersecurity is Everybody’s Business

Cyber SecurityIt is no surprise, technology flattens the world for many businesses. What’s more, nearly every business sector finds it necessary to collect, maintain, analyze, and monetize user data. Many think Cybersecurity risks only apply to highly regulated industries, such as legal, healthcare and financial services.

Cybersecurity Risks Go Beyond Borders

Factors outside industry, including geographic considerations and sensitive consumer data, can create cybersecurity risks that need to be managed. These factors run the gamut of domestic and international laws, regulatory bodies, and private-party business agreements. Cybersecurity compliance can touch every business to some degree.

Internet of Things (IoT) and Cybersecurity

Adding to the list of concerns are non-traditional technologies entering your businesses network. IP-enabled technology called Internet of Things (IoT) is rapidly being adopted in the workplace.  The Cybersecurity threat is moving beyond desktops, laptops and services. A new generation of mobile devices–Point of Sale (POS), IP video surveillance, embedded sensors, VoIP, and others–is just the first wave of emerging technologies that need to be secured.

How to Minimize Cybersecurity Risks

There are many things a business can do to reduce Cybersecurity threats. According to the Computing Technology Industry Association (CompTIA), the following elements are the building blocks for a cybersecurity program:

  • Documented policies, procedures & standards

  • Asset management

  • Identity & access controls

  • Risk management

  • Vendor management

  • Physical & environmental security

  • Compliance

  • Privacy

  • Remote access

  • Data backups

  • Data destruction

Cybersecurity threats are a reality of today’s world. The risks of data compromise and/or loss can cost more than dollars; such risks can cost your reputation. Your business is only as secure as your Network. If you have questions about your business needs, ask your technology advisor about how to manage Cybersecurity threats to your business.

What is Ransomware and How to Protect Against It

RansomwareRansomware is a type of malware designed to block access to your computer until a sum of money is paid. Ransomware issues have impacted many individuals with home computers; however, it is only a matter of time before this malicious software attacks business. Starting with Cryptolocker in 2013, Ransomware exploits have become increasing sophisticated and have cost individual companies thousands of dollars in ransom.

Here are some tips to take to help your business avoid being held captive by Ransomware.

Backup to the Cloud to Recover from a Ransomware Attack.

An inadequate backup strategy without real-time backups or offsite backup could hamper your ability to recover from a Ransomware attack. Being able to recover data from your Cloud Backup could get your systems up and running in a hurry, avoiding the need to pay ransom.

Keep Your IT Assets Up to Date and in Compliance

If your systems get behind in operating system and applications patches and updates, you may create a security hole that can be compromised by Ransomware. Many managed security and managed service offerings include proactive management and delivery of these important updates so your network will not be held hostage by ransomware.

Training Your Employees to Detect and Report Ransomware

Your employees are your front line of defense when it comes to your systems security. Make sure your employees know how to identify a phishing email and understand the risks of opening documents and attachments (including unfamiliar file extensions or .exe file formats) from unauthorized sources. Ensure your employees understand what Ransomware is and how it can impact your company’s productivity and drain financial resources. Make sure employees are clear on procedures to quickly report any security breach to avoid widespread distribution of a Ransomware attack.

To avoid unnecessary downtime and costs associated with Ransomware, it is important to proactively protect your computer systems. If you have any questions about steps to take to avoid Ransomware in your organization, contact your trusted technology advisor.

Does Your Business Need Network Monitoring?

According to a recent Trends in Information Security report by CompTIA, malware, hacking, privacy and data loss/leakage top the list of serious concerns over security threats. Companies large and small have been victims of these security threats. While large corporate security breaches makes the news, smaller companies may not have the vigilance to detect, and the resilience to survive a network security breach. Hackers have evolved and are now more sophisticated than ever. Network Monitoring can identify security exploits before it is too late.

 

Network Monitoring is Proactive

Just like getting your vital signs checked at the doctor’s office, network monitoring is a proactive way to detect a network security threat. Network Monitoring scans for viruses, malware, patch compliance and any unauthorized access to help determine network health and compliance. By using intrusion detection when a system has been breached, you are immediately notified. It’s important to proactively monitored your network and act swiftly.

Network Monitoring Saves You Time and Money

By remotely monitoring and managing your network and related IT assets, your IT Service Provider may be able to detect and remediate security issues without ever coming to your office. This will result in an overall reduction of IT costs. Routine IT tasks, including Patch Management will ensure that all Application and Operating System (O/S) patches are up to date thus protecting your business against vulnerabilities. In addition, keeping software up to date may give you productivity features and benefits.

Avoiding Downtime and Increasing Security

Secure remote support is an important element for delivering an IT Managed Service. In addition to remote support, many IT Service Providers offer remote network monitoring, managed backup and managed security in their IT Managed Service offerings. By adopting the Managed Service Model your IT Service Provider can proactively manage your IT needs in a secure and cost effective manner.

Don’t wait until you have a security breach to add proactive network monitoring to your line of security defense. If you have concerns about your network security contact your IT service provider today.

Windows 10 – Best Windows Ever?

windows-10The new Windows 10 operating system is purported to be the best Windows ever. The combination of ease of use for new users, automatic updates, and built in security features is causing small to medium sized businesses to breathe a sigh of relief as business owners dream about spending less time and money on training and more energy on making money – finally.

Windows 10 is Easy to Use

The new OS combines the interface of Windows 8 with the Start menu of Windows 7. This is a godsend for small business, because it means not having to train employees to complete mundane tasks, such as syncing a Bluetooth device. Such options are readily available on the Start menu now. The Windows 10 Start menu is designed to be easy for new users. Check out some of the things users can now do right from the Start menu:

  • Find settings
  • Reboot
  • Launch applications and place apps into the program list
  • Find documents
  • Adjust desktop resolution

In addition, the new OS is designed for all platforms, especially smartphones. When using Windows 10 on your smartphone, it will only display the finger-control interface. All in all, Windows 10 is great for SMBs who want to avoid high training costs.

Automatic Updates!

Microsoft experienced the pain first-hand of customers complaining about having to upgrade from Windows XP and later from Windows 7 to 8. Microsoft Vice President for Operating Systems, Terry Myerson, explained that the company never wants to be in the position of having to convince people to buy the next version of Windows again. The plans for Windows 10 include a continuous series of upgrades performed automatically. This means that in the future, questions about what version of Windows you’re running will become meaningless because everyone will have the same version as universal upgrades begin to take effect, making business as seamless as ever.

Enhanced Security Features

Windows 10 is offering new ways to protect users from dynamic script-based malware and other forms of cyberattack. Specifically, they’re using AMSI (Antimalware Scan Interface), an interface standard that allows applications and services to integrate with any existing antimalware product on your PC. Applications can use AMSI to scan files and employ other techniques to identify malicious behavior. This means that your device will automatically be inspected on a much deeper level than before.

Windows 10 has made quite the leap, and those who have tested the new OS report only good news. To learn more about how the new Windows 10 OS can improve your small to medium sized business, contact your trusted IT advisor today. 

It’s Time to Take Cloud Security Seriously

While cloud security concerns are top of mind with many business owners, the benefits of the cloud far outweigh the risks. Nevertheless, as companies deploy cloud computing, taking cloud security seriously will ensure a smooth transition to the cloud.

Top Cloud Security Concerns

If you are moving your business to the cloud it is important to understand and address your security needs. For many companies, the top concerns of cloud security are cloud service provider’s encryption policies, business continuity and disaster recovery capability, data protection and data integrity. There are a number of other critical concerns, such as the physical security, identity and access management, and regulatory compliance.

How to Protect your Data in the Cloud

Create Strong Passwords

An important step you can take to protect your data in the cloud is to create a policy for passwords within your organization. By requiring a string of text combining numbers, letters (both uppercase and lowercase), and special characters your employees will avoid common passwords that are easily hacked. Also, ensure that your company policy requires changes to passwords regularly and asks employees to use unique passwords when accessing the cloud from their desktops.

Network Compliance

In addition to creating strong passwords, it’s important for your company to keep your network in compliance. Your network is secure as its/ weakest point of access.  Ensure desktops, laptops, tablets and smartphones are maintained with the latest operating system patches and are protected by up to date antivirus and antimalware definition updates.

End User Training on Security

Employees with a clear understanding of security policy and related risks will help keep your data protected in the cloud.  Employees educated in the importance of password protection and network compliance may help allay cloud security concerns.  According to CompTIA’s 9th Annual Information Security Trends study, only 3 in 10 customers report engaging in heavy and comprehensive review of their company’s security policies.

Has your company reviewed how you want to handle security, reliability, compliance, and legal issues related to your cloud service? If not, consider contacting a cloud computing professional to review your cloud security policies today.

Can You Survive a Network Security Attack

Businesses are under constant attack from a variety of network security threats.  Cybercriminals hack databases for passwords for unauthorized access to your network.  Undetected Malicious software (malware) can trap and forward passwords. Viruses can infect your hard drive and destroy application data and files without your knowledge. Businesses large and small face these network security threats on a daily basis; larger organizations, however, may have more resources to fight attacks.  Small businesses may be more vulnerable to downtime and loss of productivity because of thinner margins and resources. Here are a few steps you can take to survive a network security attack.

Prevent Network Security Attacks Before they Occur

Protect your network by making sure all devices are in compliance with the latest anti-virus and malware updates. Ensure your operating system (O/S) patches are up to date. Protect your network with strong passwords and require your employees to change them regularly.  Discourage writing passwords down, and make sure employees are aware of the risks of a network security attack.

Lock Down your Mobile Devices

Mobile devices including smartphones and tablets are particularly vulnerable to theft and loss. Passwords on these devices can be easily cracked leaving your applications and data vulnerable to unauthorized access. Train your employees to report theft or loss of mobile devices quickly, and make sure that all data on the device is encrypted.  Having the ability to track and wipe data from these devices is another option to ensure you can survive a network security threat.

Backup Your Data

Online Backup and Cloud Backup are affordable options to have quick access to applications and data if you lose data because of a network security threat.  Additional options include having a failover system to quickly restore your information and get your business back up and running should you have a systems failure.

Compromising your critical information from unauthorized access, virus infection, and loss can be devastating for any business.  It is likely that small businesses have higher exposure and will have greater difficulty recovering from a network security threat. Contact your network security expert to find out your best options to avoid the consequences of a network security threat.

Heartbleed Bug: What a Business Owner Should Know

The name Heartbleed OpenSSL Vulnerability (aka Heartbleed bug) is as scary as it sounds. Some reports say up to two thirds of all secure websites (e.g. those with a web address starting with a green https://) are using OpenSSL.  It has been reported that Google was first to discover the Heartbleed bug  that compromised sites including Yahoo, Tumblr, Flickr, Amazon, and other websites relying on OpenSSL for security.  This security breach may provide hackers access to accounts, passwords, and credit card information.

Heartbleed and Your Systems

Business owners using OpenSSL for their email, website, eCommerce applications, or other  web applications should take action to prevent data loss or theft.  The fix for the Heartbleed bug should be installed on your operating systems, network appliances, and other software to ensure that confidential information is protected.  Consider having your IT professional test your public web servers to determine if they are safe.

Heartbleed and Your Employees

Your employees may have used websites that were exposed to the Heartbleed bug.  This means their username and password combinations may have been compromised by hackers tapping into what was supposed to be encrypted communications.  Employees should be reminded to reset passwords within the guidelines established by your company.  There are plenty of resources on creating a secure password.  Microsoft offers tips for creating a strong password on their website.

The Need for IT Security

Because the Heartbleed bug is pervasive, most internet users need to change passwords on sites like Gmail, Yahoo, and Facebook.  The Heartbleed bug is a wake-up call to the importance of having an IT Security policy that includes strong password policy, employee training, and systems compliance.  As applications get more complex, more issues like Heartbleed can be expected.  The Heartbleed OpenSSL Vulnerability highlights that applications have security risks, and it is just a matter of finding them.