Category: Security

Categories
Security

Let the 80/20 Rule Be Your Guide for IT Security

b2ap3_thumbnail_eighty_twenty_rule_for_it_400.jpg IT security is something that businesses of all shapes, sizes, and varieties have to be concerned about. You’ll be faced with the question of whether you have adequate security practices on a daily basis. For help with understanding why the smallest vulnerabilities often result in the most data loss, look no further than the 80/20 rule.

This rule, often called the Pareto Principle , is defined as such by Investopedia: “[the Pareto Principle] specifies an unequal relationship between inputs and outputs. The principle states that 20 percent of the invested input is responsible for 80 percent of the results obtained. Put another way, 80 percent of consequences stem from 20 percent of the causes.”

In other words, the Pareto Principle is a strategy that attempts to explain how you should delegate your organization’s security resources in order to maximize the security you get. In this case, you are using your assets to protect your network from online threats. However, you might realize that even if you search and search for network vulnerabilities, you won’t find all of them. There are simply too many threats out there to identify. Instead, you use the Pareto Principle to identify where you can do the most good for your organization’s network security.

This principle can also work in reverse; only 20 percent of the vulnerabilities on the Internet lead to 80 percent of the data loss. When you think about it, this makes sense. How often do you hear about major data breaches in which multiple vulnerabilities were exploited? Instead, it’s usually just one major hack that led to many compromised accounts.

Yet, the biggest part of effectively using the 80/20 rule is determining what your priorities should be, and which threats are the most dangerous. After all, if everything is a priority, then nothing can get done. This results in all-around subpar security that leaves large threats unchecked.

A penetration test can help COMPANYNAME  to find where your organization’s most important security flaws lie. We can locate and resolve your most critical security flaws through a process called Remote Monitoring and Management (RMM), which allows us to connect to your office’s technology solutions and issue the required patches and security updates without an on-site visit. In fact, most situations will only call for remote access, so you can save both time and money with an RMM tool.

In fact, there’s one solution that is capable of protecting the majority of your network without much effort at all. It’s called a Unified Threat Management solution, and it includes all of the major components of network security in one convenient package. With an enterprise-level firewall, antivirus, spam blocker, and content filter, you can know with certainty that one solution covers the majority of the challenges presented by network security.

With COMPANYNAME’s managed IT services, you’re creating many opportunities for enhanced network security, improved network performance, and optimized operations. To learn more about how we make technology work for you, reach out to us at PHONENUMBER.

Categories
Security

From Heart Attack to Hack Attack: Hackers Can Now Control Pacemakers

b2ap3_thumbnail_medical_device_hacks_400.jpg Medical technology has allowed for vast improvements in the way that conditions are treated. For example, the pacemaker allows some people with heart conditions to live longer and more comfortably. However, a European research team has concluded that even pacemakers are susceptible to being hacked, with deadly results.

The researchers made a note to describe the dangers of using implantable cardioverter defibrillators, from a hacking standpoint. Many modern pacemakers have the ability to communicate with other devices. While this capability is designed as a benefit to the patient, allowing the devices to be examined without an invasive surgical procedure, it can have dire consequences if hacked. If the patient is away from the doctor’s office within two hours, the pacemaker can still receive signals from other devices, thus making it vulnerable to a cyber attack.

Hackers can send a signal to the pacemaker that keeps the device from returning to “sleep mode,” which is what makes it vulnerable to exploitation. By analyzing the signals sent to the tested devices, researchers could spot various ways that a hacker would use this exploit. The results varied from draining the battery’s life to stealing personal data that may be stored on it. In other words, the hacker can make the patient’s life rather difficult by either turning off the device, or stealing data and using it to steal their identity. Hackers could even activate the pacemaker’s resuscitation shock without need, jolting the heart and making things difficult for the victim.

There are at least 10 different types of lifesaving devices that are vulnerable to this simple exploit. In fact, the hacker doesn’t necessarily need to know anything about the device itself. The reason why these devices are so vulnerable is thanks to the manufacturers not believing that pacemakers are clear targets of cybercriminals. This led them to release the devices without the IT security necessary to prevent these targeted attacks. The lesson learned: “Nobody will consider pacemakers a target,” is no excuse to use lackluster security.

Keep in mind that this study was conducted by researchers, rather than hackers. Still, have you ever considered the fact that your organization could be at serious risk? Some SMBs are under the impression that their small size means that they aren’t a target. However, most hacking incidents aren’t targeted events, and are instead massive campaigns meant to infect anything and anyone who happens to click on the wrong link. Furthermore, all businesses have some data that’s worth stealing, like employee records and financial credentials, and it needs to be protected properly.

If you want to maximize your company’s security, give COMPANYNAME a call at PHONENUMBER.

Categories
Security

Helpful Suggestions to Improve Password Security

b2ap3_thumbnail_password_security_400.jpg Passwords are important for any online account (and for most accounts in general). Sometimes they might feel like inconveniences, but it’s crucial to remember that these passwords are often the first line of defense, if not the only line of defense, that stands between your data and hackers. We’ll discuss ways that you can augment password security with other powerful measures.

There are two major ways that you can improve password security; two-factor authentication and password managers.

Two-Factor Authentication
2FA provides organizations and users with secondary credentials that can protect their network or online accounts. This type of protection can come in the form of an SMS message, a phone call, or an email sending you a secondary credential. You then enter this code into the app or service, and since you know without a doubt that only you could have access to this code, you can practically guarantee that you’re the only one accessing your account.

Basically, the biggest way this helps your organization is by making it as hard as possible for hackers to infiltrate your network and company accounts. When you involve devices like smartphones with two-factor authentication, you make it much more difficult for hackers, as they would need access to two different devices rather than just one. Reach out to COMPANYNAME and ask us about our two-factor authentication solutions.

Password Managers
A good password is often long and complex, consisting of several different types of characters, numbers, and letters. As you might expect, these types of passwords are rather difficult to remember. Plus, since you can’t (or shouldn’t) use the same password for multiple accounts, you can easily use the password for another account on accident, eventually leading to an account lockout. This is both frustrating and unnecessary. Alternatively, you can keep track of your passwords using a password manager, allowing you to use complex passwords without any problems.

An enterprise-level password manager from COMPANYNAME can allow your organization to take advantage of complex passwords. Your passwords are stored in a secure encrypted database that shields them from hackers. Furthermore, you only pull the passwords as they are needed. There’s no better way to take advantage of complex passwords, as the password manager will keep track of multiple account credentials without you having to remember them.

COMPANYNAME can help your business with all of its password managing needs. To learn more, reach out to us at PHONENUMBER.

Categories
Security

How 2 Keystrokes Can Bypass the Security of Windows

b2ap3_thumbnail_shift_and_f10_400.jpg Usually, when a troubleshooting feature is put in place, it is meant to assist the user in resolving an issue. However, one such feature in Windows 10 could ultimately lead to more problems, as it also can serve as a free-ride vulnerability for an opportunist bystander.

Security expert Sami Lailo discovered that if someone keys in Shift + F10 during a ‘Feature Update’ in Windows 10, they are able to access a Command Prompt window with Admin privileges. Compounding this with the fact that Microsoft updates disable BitLocker while they are in progress, means that someone could feasibly access the hard disk without the aid of any external device.

If that someone happened to be ill-intentioned, they could potentially wreak havoc through the command-line interface. Admittedly, the perpetrator would have to move quickly, but if they had come in with a plan and the foreknowledge of a Feature Update being implemented, they would have plenty of time to do what they had come to do.

Lailo reached out to Microsoft, and the company is now working to resolve this issue.

The current fix? Don’t leave an updating workstation unattended, despite the long periods of time updates can sometimes take.

Once Microsoft releases a patch, businesses and organizations will want to apply it. Keep in mind, any COMPANYNAME clients on our managed services will have the update applied once it is tested. Give us a call at PHONENUMBER to learn more.

Categories
Security

Even Small Businesses Need a Big Security Solution

b2ap3_thumbnail_small_business_security_400.jpg One of the main benefits of a small business is that it’s small. You can make decisions quickly regarding all sorts of matters. Your workforce isn’t nearly as large as other organizations, meaning that you’re a closer, tight-knit group. One of the misconceptions of small business is that they’re not as susceptible to hacking attacks, which can be a dangerous assumption to make.

The reasoning for this is simple: hackers don’t care who you are or what you do. They don’t care if you’re a large business with thousands of employees, or if you’re a small startup in the suburbs of your hometown. They don’t care if you’re in the healthcare industry or if you’re just a small goods manufacturer. All they care about is stealing your data, and if you don’t take measures to protect it, you could be dealing with a major issue that can’t be swept under the rug and forgotten about.

All businesses rely on their mission-critical data to function, and all businesses have information that’s valuable to hackers. For example, most companies have a human resources department that collects information about employees and potential new hires, including Social Security numbers, dates of birth, addresses, phone numbers, email addresses, and so on. On a more personal note, your business’s finance department holds payment information for both your clients and your own business, which could be catastrophic if it were to fall into the hands of hackers.

However, even though hackers will use variable tactics to infiltrate and infect a network with viruses, malware, spyware, or other threats, they often don’t target specific data. In fact, hackers often don’t target specific businesses at all, and instead will send out widespread scams designed to infect any and all who are foolish enough to download a file, or click on a suspicious link. These threats are most often found in phishing emails (scams that are designed to get a user to visit a malicious website, download an infected attachment, or click on a link) that executes a malicious payload. A small business like yours will rarely experience a direct hacking attack specifically designed to infiltrate your exact systems.

Due to this oversight, your business can make significant steps toward proper cybersecurity practices by implementing security solutions that are designed with the enterprise in mind; specifically, a firewall, antivirus, spam blocking, and web content filtering solutions. These security measures are all necessary if you want to minimize your business’s exposure to online threats. They can keep your team from accessing malicious websites, keep threats out of your system, and eliminate the majority of spam that hits your inbox. Furthermore, a powerful antivirus can swiftly destroy any threats that do manage to infiltrate your system.

With a small business, you still need to implement security solutions. There’s no getting around that. What you can do to make it easier on your organization is to contact COMPANYNAME. Our skilled technicians understand the everyday difficulties that come from managing technology, including optimizing security. Ask us about a Unified Threat Management solution that includes all of the above-mentioned services, and don’t forget to inquire about remote monitoring and maintenance that’s designed to detect and resolve abnormalities in your systems. To learn more, contact COMPANYNAME at PHONENUMBER.

Categories
Security

How Downloading Free Adware Can Lead to Malicious Crapware

b2ap3_thumbnail_downloading_unwanted_software_400.jpg One benefit of the Internet is that, if you search hard enough, you’ll likely find a free tool or app for virtually any common computing task. While certainly advantageous, freeware often comes with a hidden price, like having to also download additional, unwanted software, aka, “crapware.” If this freeware isn’t properly managed, it can wreak havoc on your system.

In most cases, the addition of crapware on a PC is obvious, like a browser toolbar suddenly appearing (that’s difficult to remove), or the addition of new antivirus software. Although, in cases where freeware is bundled with malicious crapware or adware, the unwanted applications are designed to be difficult to locate and remove.

How Does this Happen?
In most cases, the addition of crapware on a PC comes from the user being in such a rush to download the freeware that they don’t uncheck the option to also download the adware or crapware that’s bundled with the desired software. Essentially, it boils down to skipping over the fine print. To make matters more annoying, this practice is perfectly legal. After all, by leaving the box checked, the user agrees to the terms and services of downloading the software, which includes the installation of additional software.

In instances such as this, avoiding the spread of crapware can be as simple as making sure that every user on your network knows to uncheck this box when downloading freeware. Or better yet, banning altogether the practice of downloading freeware and unapproved software will almost guarantee that your network won’t become cluttered with unneeded and potentially malicious programs.

Why Does this Happen?
By now, every Internet user should understand that nothing online is truly free–take for example the plethora the free apps that make money by collecting your data and selling it to marketers. Similarly, many of the developers of freeware make money if they can “trick” a user into downloading the bundled adware or crapware. In some cases, developers have been known to make as much as $150 per install.

How Bad is It?
In a recent report by ZDNet, it was revealed that Google issues over 60 million warnings each week to users about the dangers of downloading potentially dangerous software. In fact, Google claims to issue more warnings for unwanted software than they do for malicious threats–three times more to be exact!

To better understand the nature of these software bundles, ZDNet cited a study where it was found “that 59 percent of bundles are flagged by at least one antivirus engine as potentially unwanted, and that some packages are built not to install when the presence of antivirus has been detected.”

You may have encountered a malicious app that originated from a freeware download if you’ve ever encountered a fake “system alert” when using your web browser. With this all-too-common scam, you’re presented with a fake security breach “requiring immediate action.” Often times, the recommended course of action involves the user unnecessarily transferring funds or control of their PC to the scammer.

How Can You Protect Your Business?
In addition to the aforementioned employee training, business owners will want to employ a network security solution that detects and blocks threats associated with downloading malicious software. With a content filter, spam blocker, firewall, and antivirus solution, a Unified Threat Management solution from COMPANYNAME is up for the task of keeping your business safe. Make sure that your company is protected from the worst of the web by giving us a call today at PHONENUMBER.

Categories
Security

Test Your Knowledge of These 3 Common Security Threats

b2ap3_thumbnail_prevent_security_issues_400.jpg Security is a critical part of running your business, especially in a world where organizations require technology for most any task. In fact, some of the most dangerous threats are known to hide within a company’s network, waiting for any opportunity to strike. With the right preventative measures, you can keep your network safe from catching threats before they hit your network in the first place.

Defining Malware
Malware is short for “malicious software,” which is an overarching phrase referring to malicious code designed to cause problems. Malware often injects code into applications to execute viruses or trojans. One of the most common types of malware is a variant called ransomware, which you’ve probably heard of thanks to a number of high-profile infections. When a machine is infected with ransomware, it encrypts the files on the device until the ransom is paid to the hacker. Aside from this rather dangerous strain, other types of malware can have far-reaching and varied effects.

Defining Rootkits
Like malware, a rootkit is at home on a system. Unlike some types of malware, however, a rootkit is designed to allow a hacker to gain control of a system while remaining undetected for extended periods of time. Rootkits are dangerous thanks to their ability to avoid detection by software that’s supposed to find them, like firewalls and antivirus solutions.

Defining Trojans
Trojans are malicious entities that allow hackers to access a system by misleading the user. Trojans are backdoors that can allow hackers access to a system at a later date, and they are often installed alongside other malware to distract the user from taking preventive action. The trojan can be used for a number of purposes, from data destruction to surveillance or espionage.

The Solution: Preventative Security Measures
Since so many threats are blocked by preventative security measures, it would be foolish not to implement them. There are several ways you can keep threats out of your system, including:

  • Firewall: Firewalls act as a bouncer for your network, keeping threats from entering or leaving your infrastructure. They work best when combined with other preventative measures, like antivirus, content filters, and spam blockers.
  • Antivirus: Antivirus solutions detect and eliminate threats that have made it past your firewall solution. Antivirus offers prompt threat detection, which is important since malware that’s left unchecked could cause untold troubles.
  • Spam blocker: Threats often arrive in your email inbox as spam, and the unknowing employee could accidentally click a malicious link or reveal important credentials. A spam blocker eliminates the vast majority of spam from even hitting your inbox.
  • Content filter: A content filter is helpful for keeping your employees from accessing sites known to host malware, as well as inappropriate or time-wasting sites, like social media.

A Unified Threat Management (UTM) solution is a great way to take advantage of all of the above solutions. It’s widely considered to be the most comprehensive and useful preventative measure available to SMBs. If you want to learn more about UTMs, be sure to give COMPANYNAME a call at PHONENUMBER.

Categories
Security

Without Protection, Your USB Ports Could Become RIP Ports

b2ap3_thumbnail_usbad_idea_400.jpg It seems like everything available today can function with a USB connection, be it a thumb drive, device charger, or a desktop device–there are even USB-powered mini fridges meant for a single soda can. Unfortunately, “everything” includes malicious devices and malware.

If a USB drive is infected by malware, you can put your computer and data at risk by merely plugging it in, and there are some malicious USB devices out there that pose some pretty serious threats.

USB Kill 2.0 
Despite being powered by electricity, computers don’t mix well with too much charge, as USBKill.com has capitalized on. Creating a dongle that is capable of siphoning power off of the device it is plugged into, USBKill.com’s proprietary device then releases the energy back into the system as a power surge attack.

Intended for hardware developers to test their devices’ resistances against ‘juice jacking’ (a form of data theft that extracts data as a device is charging), the USB Kill 2.0 permanently damaged–if not destroyed–95% of all devices it was tested with without the company’s proprietary USB protection shield. This shield is what allows the USB Kill 2.0 to be safely used for its intended purpose–to test electrical attack resistance.

What’s more, in some cases when used without the shield, the USB Kill 2.0 wipes data from the device. While this is not what the USB Kill 2.0 is intended to do, this occurs simply because the charge is enough to damage the device’s drive controllers.

Needless to say, a business saboteur could find great use in the $56 USB Kill 2.0 as a method of attack, and there aren’t many effective protections a workplace can implement, besides educating employees to resist the temptation of plugging in any USB device they find.

USB-to-Ethernet Theft
Best practices for workstation security dictate that a system be locked whenever its user steps away, no matter how briefly. However, a security researcher recently discovered a method of extracting data from a locked computer using, you guessed it, a USB-connected device. By disguising itself in a particular way, the target computer adopts the device as the preferred network interface, allowing the hacker to extract data to a rogue computer attached to the cable’s other end in about 13 seconds. The best defense, according to the researcher who uncovered this flaw: don’t leave your workstation logged in and unattended, even with the screen locked.

What a Business Can Do to Protect Itself
Of course, not all USBs are evil carriers of the worst malwares and threats, but by no means should they be used after being found on the street willy-nilly, especially in a workplace setting. In order to protect business workstations and data from threats, simply enforce a requirement to have any USBs fully checked by your IT department before in-office use. Alternatively, consider utilizing a cloud solution as a much safer option to meet your mobile storage needs.

To protect your business from possible saboteurs introducing their USB-based malware, it is also wise to secure exposed ports with locking devices.

While USB devices seem to be the pinnacle of affordable convenience in data storage, they are far more trouble than they are worth, at least in terms of security. There are much safer solutions to implement that feature equal, if not greater mobility than even a flash drive. A cloud solution, for instance, can be accessed from anywhere there is an Internet connection, kept safe in a well-protected, offsite location. New and improved solutions like these make risk-laden devices, such as USB dongles, unnecessary.

For more IT tips, tricks, and solutions, subscribe to our blog.