TechTidBit - Tips and advice for small business computing - Tech Experts™ - Monroe Michigan

Brought to you by Tech Experts™

cyberattacks

Designing A Comprehensive Security Plan For Your Company

After years of being in the industry and watching the evolution of cyberattacks, we feel that there are 13 critical pieces to any cybersecurity plan that we, as your managed service provider, should implement. They are:

Two-factor/Multi-factor authentication

Two-factor authentication is probably the most widely misunderstood security solution, but a critical and effective part of every cybersecurity strategy.

Two-factor authentication is just how it sounds: two separate layers of security. The first is a typical username and password log-in with the addition of a secondary level that looks for something you know, something you have, or something on your body (e.g., fingerprint).

Here are some stats you should know that describe the critical need for two-factor authentication:

  • 90% of passwords can be cracked in less than six hours.
  • Two-thirds of people use the same password everywhere.
  • Sophisticated cyberattackers have the power to test billions of passwords every second.

This sobering reality is why we require two-factor or multi-factor authentication for all of our employees and users of our system, and we highly recommend that you do too.

Password management

The main reason people use the same password everywhere is because it’s impossible to keep track of hundreds of usernames and passwords across various devices and systems.

A secure password is a unique, hard-to-guess one, so it’s understandable why users resort to the use of the same password for each site. This is why we have a password management program built into our procedures. The password manager program generates unique, complex passwords for each site or program then securely stores them in the management program.

When one of our staff needs credentials, they use the master password to open their database of passwords and obtain the login information they need, making it easy to “remember” a complex password and significantly reduce the risk of a breach.

Security risk assessment

A security risk assessment involves reviewing your technology and how you use it, followed by the implementation of security improvements and preventive measures.

The assessment should be performed at a minimum of one time per year, if not more. A full security assessment includes the following pieces:

Identification – When performing a security risk assessment, we first need to take inventory of all of your critical information technology equipment, then determine what sensitive data is created, stored, or transmitted through these devices and create a risk profile for each.

Assessment – This step takes identification to the next level. To complete the assessment step, we need to identify the security risks to each critical asset and determine the most effective and efficient way to allocate time and resources to mitigation.

Mitigation – This is where we solve problems. We have specifically defined a mitigation approach for each potential risk in our network and what security controls will be initiated in case of a breach.

Prevention – We have specific tools and processes to minimize the risk of threats against us and our network in order to help keep you safe.

Information security plan

There is a significant need to safeguard any information that is collected, transmitted, used, and stored within information systems, so the development of an information security plan is crucial. We take this very seriously. We have taken steps to document a plan and designed systems to secure our and our clients’ sensitive business data.

A security program is essentially about risk management, including identifying, quantifying and mitigating risks to computers and data. There are some essential basic steps to risk management:

Identify the Assets – Beyond generating a list of all the hardware and software within the infrastructure, assets also include any data that is processed and stored on these devices.

Assign value – Every asset, including data, has a value and there are two approaches that can be taken to develop the value: qualitative and quantitative. “Quantitative” assigns a financial value to each asset and compares it to the cost of the counter-measure.  “Qualitative” places the threats and security measures of the assets and sets a rank by use of a scoring system.

Identify risks and threats to each asset – Threats to the system go beyond malicious actors attempting to access your data and extend to any event that has the potential to harm the asset. Events like lightning strikes, tornados, hurricanes, floods, human error, or terrorist attacks should also be examined as potential risks.

Estimate potential loss and frequency of attack of those assets – This step depends on the location of the asset. For those operating in the Midwest, the risk of a hurricane causing damage is extremely low while the risk of a tornado would be high.

Recommend countermeasures or other remedial activities – By the end of the above steps, the items that need improvement should become fairly obvious. At this point, you can develop security policies and procedures.

Policies and procedures (internal & external) – A crucial part of an effective cybersecurity plan is the policies and procedures, both for internal assets and external assets. You can’t have one without the other. A general description can be thought of as this: a policy is the “rule” and a procedure is the “how.” With this in mind, a policy would be to effectively secure corporate data with strong passwords. The procedure would be to use multi-factor authentication.

Cybersecurity insurance and data breach financial liability – CyberInsureOne defines cybersecurity insurance as “a product that is offered to individuals and businesses in order to protect them from the effects and consequences of online attacks.”

Cybersecurity insurance can help your business recover in the event of a cyberattack, providing such services as public relations support and funds to draw against to cover any financial losses. It’s something that your MSP should carry as well as your own business.

And just like business liability and auto liability insurance, it is paramount that your business (as well as your MSP) covers themselves with data breach financial liability insurance to cover any event that may be attributed to their activities causing a breach.

Data access management – Access management is determining who is and who isn’t allowed access to certain assets and information, such as administrative accounts.

This is critical for your business as it enables control over who has access to your corporate data, especially during times of employee turnover. Other benefits include increased regulatory compliance, reduced operating costs, and reduced information security risks.

Security awareness training (with phishing training) – Phishing is the number one attack vector today with over 90,000 new attacks launched every month. If your provider is not actively participating in security and phishing awareness training, they will be unable to keep you up on the latest trends in how these malicious actors are attempting to gain access to your businesses data.

Data encryption – At its basic level, data encryption translates data into a different form, making it readable only by the starting and ending points and only with the appropriate password. Encryption is currently considered one of the most effective security measures in use as it is nearly impossible for an outside force to crack.

Next Gen antivirus and firewall – Antivirus is software designed to detect and neutralize any infection that does attempt to access the device and should be on every endpoint.

Many providers are marketing their software as “next generation,” but true next generation antivirus includes features such as exploit techniques (blocking a process that is exploiting or using a typical method of bypassing a normal operation), application whitelisting (a process for validating and controlling everything a program is allowed to do), micro-virtualization (blocks direct execution of a process, essentially operating the program in its own virtual operating system), artificial intelligence (blocking or detecting viruses the same way as a human user could), and EDR/Forensics (using a large data set from endpoint logs, packets, and processes to find out what happened after the fact).

Next generation firewalls also include additional capabilities above the traditional firewall, including intrusion protection, deep packet inspection, SSL-Encrypted traffic termination, and sandboxing.

Business continuity plan – This is a process surrounding the development of a system to manage prevention and recovery from potential threats to a business. A solid business continuity plan includes the following:

  • Policy, purpose, and scope
  • Goals
  • Assumptions
  • Key roles responsibilities
  • A business impact analysis
  • Plans for risk mitigation
  • Data and storage requirements that are offsite
  • Business recovery strategies
  • Alternate operating plans
  • Evaluation of outside vendors’ readiness
  • Response and plan activation
  • Communication plan
  • Drills and practice sessions
  • Regular re-evaluation of the current plan

Your MSP should be able to provide you with a copy of what is included in their plan and how it will affect your business if they do encounter a business continuity event, as well as their backup plan to maintain your critical business infrastructure.

Email security layers – In short, layers limit risk. Email security layers include tactics such as two-factor authentication and spam filters at the basic level (which give your employees time to evaluate a potential threat by removing the words “urgent” or “do right now” from internal subject lines).

As your managed service provider, we are dedicated to helping you maintain effective cybersecurity through these advanced tactics, as well as through a consultative, trusted advisor relationship. You are more than just a number to us and we will do everything in our power to help keep your business safe and running smoothly.

10 Most Important CyberAttacks Of The Last Decade

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

The only way to keep history from repeating itself is to learn from the mistakes of the past. The following is a list of the most significant cyberyattacks from the last decade, as compiled by TechTarget:

Yahoo – 2013
With the unfortunate legacy of being the largest breach in the history of the internet, all three billion Yahoo accounts were compromised. The organization took 3 years to notify the public of the breach and that every account’s name, email address, password, birthdate, phone numbers, and security answers had been sold on the dark web.

Equifax – 2017
Probably the most damaging attack occurred just 3 years ago with the hack of Equifax. The hackers were successful in gaining access to 143 million Equifax customers and information vital to the lives of all. [Read more…] about 10 Most Important CyberAttacks Of The Last Decade

Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
Data breach costs are on the rise, with breach-related spending in the healthcare sector reaching $6.5 million on average, an IBM-sponsored report shows.

Data breaches cost the healthcare sector an average of $6.5 million per breach, over 60 percent more than all other business sectors, according to a Ponemon Institute report, sponsored by IBM. Other sectors spend about $3.9 million, on average.

Researchers interviewed 500 global organizations that experienced a data breach in the last year. The researchers found for the ninth consecutive year the healthcare sector is still the hardest hit financially by data breaches.

The costs are directly related to legal, technical, and regulatory functions, including patient notifications, breach detection and response, and lost business caused by reputational damage, loss of consumer trust, and downtime. [Read more…] about Data Breaches Cost Healthcare $6.5M Or $429 Per Patient Record

Why Antivirus Software Is So Important

Workplaces across the world are constantly under fire from security threats stemming from computer viruses.

As businesses have updated their technology throughout the years, the implicit security that stemmed from the use of typewriters and handwritten documents has diminished.

Now, everyone is connected to their neighbor, making businesses as vulnerable as ever to fraud and theft of sensitive information. To combat it, every workplace should be well-equipped with a proven and trusted antivirus software.

A virus is a malevolent program meant to do any number of things. They can hijack your PC through phishing scams, careless downloads, and even by accidentally clicking on an online advertisement.

Overall, viruses can slow down your PC, steal sensitive data stored on your machine, prevent computers from booting up, and send out messages under your alias. Much like real life, viruses can essentially be “contagious” and spread across a network, making them a business’s worst nightmare. One infection could create a site-wide virus epidemic if it spreads across the network – and some are designed to do just that.

In addition, not all viruses are the same. The term “virus” is really an umbrella for many different types of malware.

For example, there are worms, which make an indefinite amount of copies of themselves to take over your CPU.

Trojans are seemingly good-natured programs, but in reality, they secretly perform some sort of malicious attack whether that is stealing your information or slowing down your PC.

Another example of a virus is spyware, which does not stop your PC from running smoothly, but just as the name states, it spies on your activity and collects sensitive information without your knowledge or consent.

All users need antivirus to keep themselves and their fellow coworkers safe. Antivirus acts as the security guard defending your computer. Its primary task is that of a gatekeeper. It stops viruses from attaching themselves to your workstation before they even become a threat.

Although antiviruses do a stellar job at the gate, some viruses can still slip through the cracks. In these cases, antivirus software can find and remove threatening programs from your device. Most antivirus software notifies you of the removal as well or asks for permission before fully removing the program from your machine.

In order for an antivirus software to be successful and functioning, the developers must be dedicated to updating the antivirus’ database consistently with new information on new threats, so be sure to keep your program up-to-date.

Just as the field of computer science and technology is rapidly changing and improving, so are the viruses and malware that attack your computer. Many antiviruses are consistently updating their databases and rules to account for this growing and changing threat.

Lacking antivirus software for your business is like leaving the door unlocked for hackers and malicious programs to do what they please with your costly computers and sensitive information. The best way to fight a cyberattack is to prevent it from happening in the first place, and antivirus software does just that.

Top Concern For Small Businesses? Cybersecurity

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

While some might assume that fear of an economic recession would be at the top of the list of key issues small business owners concern themselves with, a recent survey found that another issue is of much greater concern: Cybersecurity.

This is no surprise.

For the past several years, cybercrimes and data breaches among companies large and small, governments, and even individual citizens have risen drastically.

While it’s true that many business owners still assume a data breach at their own company is highly unlikely, with the ultimate price tag of such attacks ramping up to the millions of dollars (and recovery being hardly successful), it makes sense that companies are taking notice.
[Read more…] about Top Concern For Small Businesses? Cybersecurity

New Whaling Schemes: CEO Fraud Continues To Grow

In previous years, the first clue that your corporate email has been compromised would be a poorly-spelled and grammatically incorrect email message asking you to send thousands of dollars overseas.

While annoying, it was pretty easy to train staff members to see these as fraud and report the emails. Today’s cybercriminals are much more tech-savvy and sophisticated in their messaging, sending emails that purport to be from top executives in your organization, making a seemingly-reasonable request for you to transfer funds to them as they travel.

It’s much more likely that well-meaning financial managers will bite at this phishing scheme, making CEO and CFO fraud one of the fastest-growing ways for cybercriminals to defraud organizations of thousands of dollars at a time.

Here’s how to spot these so-called whaling schemes that target the “big fish” at an organization using social engineering and other advanced targeting mechanisms.

What Are Whaling Attacks?

Phishing emails are often a bit more basic, in that they may be targeted to any individual in the organization and ask for a limited amount of funds.

Whaling emails, on the other hand, are definitely going for the big haul, as they attempt to spoof the email address of the sender and aim pointed attacks based on information gathered from LinkedIn, corporate websites and social media.

This more sophisticated type of attack is more likely to trick people into wiring funds or passing along PII (Personally Identifiable Information) that can then be sold on the black market. Few industries are safe from this type of cyberattack, while larger and geographically dispersed organizations are more likely to become easy targets.

The Dangers of Whaling Emails

What is particularly troubling about this type of email is that they show an intimate knowledge of your organization and your operating principles. This could include everything from targeting exactly the individual who is most likely to respond to a financial request from their CEO to compromising the legitimate email accounts of your organization.

You may think that a reasonably alert finance or accounting manager would be able to see through this type of request, but the level of sophistication involved in these emails continues to grow. Scammers include insider information to make the emails look even more realistic, especially for globe-trotting CEOs who regularly need an infusion of cash from the home office.

According to Kaspersky, no one is really safe from these attacks — even the famed toy maker Mattel fell to the tactics of a fraudster to the tune of $3 million. The Snapchat human resources department also fell prey to scammers, only they were after personal information on current and past employees.

How Do You Protect Your Organization From Advanced Phishing Attacks?

The primary method of protection is ongoing education of staff at all levels of the organization. Some phishing or whaling attacks are easier to interpret than others and could include simple cues that something isn’t quite right. Here are some ways that you can potentially avoid phishing attacks:

  • Train staff to be on the lookout for fake (spoofed) email addresses or names. Show individuals how to hover over the email address and look closely to ensure that the domain name is spelled correctly.
  • Encourage individuals in a position of leadership to limit their social media presence and avoid sharing personal information online such as anniversaries, birthdays, promotions and relationships — all information that can be leveraged to add sophistication to an attack.
  • Deploy anti-phishing software that includes options such as link validation and URL screening.
  • Create internal best practices that include a secondary level of validation when large sums of money or sensitive information is requested. This can be as simple as a phone call to a company-owned phone to validate that the request is legitimate.
  • Request that your technology department or managed services provider add a flag to all emails that come from outside your corporate domain. That way, users can be trained to be wary of anything that appears to be internal to the organization, yet has that “external” flag.

There are no hard and fast rules that guarantee your organization will not be the victim of a phishing attack. However, ongoing education and strict security processes and procedures are two of the best ways to help keep your company’s finances — and personal information — safe from cyberattack.

Four Questions Every CEO Needs To Ask About Cybersecurity

Leaders in every organization need to make identifying and addressing their cybersecurity needs a top priority. You can begin by starting a conversation between your IT service company and employees at all levels of your company about information security and how best to protect sensitive data, but you need to know the right questions to ask. Here are four questions to ask to get the discussion started and moving in the right direction.

How informed is your team about the vulnerability to and potential impact of cyber attacks on your company?

It’s important to assess the current awareness of everyone in your business about cyber threats and the potential damage from data breaches. It’s likely that everyone has heard of the many well-publicized breaches that have occurred over the last several years, but possibly haven’t considered them within the context of your company.

This is the first step to developing an educational initiative to get everyone up to speed on the problem and identifying the at-risk areas in your system. After that, you can begin to develop a chain of communication to take immediate action in case of a breach and set protocols and expectations for response times. A fast and effective response is critical to limiting data exposure.

What are the specific risks to your infrastructure and what are the best steps to take to address them?

Remember that the threat isn’t limited to just hackers. Many breaches occur because employees click on a link in a phishing email, leave a password lying around where it’s easily seen, or by unknowingly becoming a victim of a social engineering scam by giving it to someone over the phone who is impersonating a company employee.

Then you can begin to identify the resources needed to protect your data, including third-party security software and updated equipment. Simply informing your employees of the threat of such low-tech risks can greatly increase your cybersecurity.

How many security incidents are detected in your systems in a normal month or week, what type are they, and how were others informed about them?

You should have a system in place to detect, monitor, analyze, and record any type of potential security incident no matter how small or seemingly insignificant, and disseminate that information to the appropriate personnel, or perhaps to all employees to raise awareness. You should discuss enhanced alerting and monitoring with your IT professionals.

Does your company have an incident response plan? How effective is it, and how often do you test it?

The only way you can quickly react to prevent or limit the damage from a breach is to have a clearly defined response plan in place. It should document how everyone in your company should react in the event of an emergency. This plan should be available to all employees. It should be tested on a regular basis, at least once each quarter, and updated whenever significant changes are made to your IT infrastructure.

Cyberattacks are just a fact of life these days, and that’s not going to change anytime soon. But by asking your team the right questions, starting a dialogue about how to address the threat, raising awareness and implementing training, and having a response plan in place, although you’ll never completely eliminate them, you can reduce your risks significantly.

Colorado Company Taken Down By Ransomware And What That Means for Your Business

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.
According to Statista, there were 184 million ransomware attacks in 2017 and the average ransomware demand is over $1,000. Individuals, organizations, and companies have fallen victim to these attacks.

Most people recognize the fact that ransomware is a danger, but they may not realize that it can actually destroy their company.

The recent closure of Colorado Timberline after a ransomware attack is a solemn reminder of the seriousness of the dangers of ransomware.

What Happened to Colorado Timberline?
Colorado Timberline, a printing company in Denver, was forced to cease operations for an unspecified amount of time after a severe cyber attack. [Read more…] about Colorado Company Taken Down By Ransomware And What That Means for Your Business

Ransomware Vs Atlanta: How To Protect Your Systems

Chris Myers is a field service technician for Tech Experts.

On March 22, the local government in the city of Atlanta, Georgia experienced a widespread ransomware cyberattack that affected several city applications and devices.

Ransomware is a type of malware that takes over a computer and locks out the user. The attackers then make contact with the victim and request payment. If the ransom is not paid, they may publish the victim’s personal files and data or just continue to block access to them.

In Atlanta, the attackers gained access to some of the city’s applications through a network vulnerability. Once they had locked the city’s systems with a ransomware known as “SamSam,” they asked for six bitcoins to unlock everything. Six bitcoins are currently worth around $51,000 US dollars.

Atlanta chose not to pay the ransom, as there is no guarantee that they would get their files back and they didn’t want to encourage any similar attacks. Instead, Atlanta officials awarded nearly 2.7 million dollars to eight private companies in the first couple days after the start of the attack.

The FBI, Department of Homeland Security, and Secret Service have also been assisting city officials in investigating the attack.

As you can see, the consequences of a ransomware attack can be severe. Nearly a month after the breach, nearly all city functions were still being carried out with pen and paper. With that in mind, what are the best ways to prevent them from happening in the first place?

How to protect yourself against similar cyberattacks

Ransomware attacks usually infiltrate organizations through their network. Therefore, maintaining good network security practices is a must. These can include:

Using strong, unique passwords. Both individuals and companies have a tendency to use shared passwords for different programs, even Windows logins.

If someone gains illicit access to your network or a specific computer, they can’t immediately gain access to all of your program logins and computers if you use unique passwords.

Staying vigilant for phishing. Phishing is another common method of attack for gaining entry to install ransomware. 91% of phishing attacks are targeted at specific people in a company, a technique known as spear phishing.

The attacker will study an organization’s email format, then send a simple email to an employee designed to appear as if it is a common email from a co-worker.

Most of these emails will look completely normal except for the full sender email address, which is usually something odd such as “ejhjsh@jk.cn.”

In many email management applications, the full address is automatically hidden behind the given name of the sender, so staff must be trained to interact with that name to confirm the address.

Securing your network. Ensure that a monitored firewall is in place and that all Wi-Fi networks are password protected with WPA2 encryption.

A VPN, or Virtual Private Network, is also a very good thing to have, especially if you have any staff working remotely.

Keeping operating systems and firmware up-to-date. Patches for known security vulnerabilities are released quite often.

Most of these are to combat specific new threats that are being used or about to be used in the wild. Staying up-to-date with security and operating system patches shores up your defenses against many common attacks.