BusinessContinuity_0.jpg

NetConnect Blog - Your Resource For IT Tips, Tricks and News

Dear Ransomware...

Posted by Sean Todd on Apr 8, 2016 1:00:00 PM

Dear Ransomware – let’s get familiar

First, let’s define what ransomware is. Basically, it’s a piece of malware that is able to infect a device that will prevent an end user from either accessing the device itself, or the data on the device. Typically, the person responsible for creating the ransomware will require the user to pay a fee in order to regain access to the infected files or system. Even when you think you’ve got your environment configured with the right layers of software designed to prevent an infiltration of potentially destructive ransomware, there’s still a good chance you may become a victim.

lock_image.jpgSounds like a pain right? Well, it could get much more serious than that pretty quickly. Let’s assume that device is on your corporate network. Let’s also assume that the user of that device has access to files on the network. See where this is going? It now has the potential to affect files across the network. All that business critical data is now that the mercy of a cyber-criminal demanding a ransom payment before giving you back your access, if at all. You don’t just lose access to the files, you have the potential to lose productivity, legal fees, IT services, customer service, etc. it adds up quickly.

So what exactly does this ransomware do? The most common side effect is file encryption. Encryption that is at this point is pretty much impossible to crack. It has the ability to encrypt not only data on your local device, but also data across the network that the user has access to. Without a good backup or paying the ransom, you can say good-bye to your data. Even a backup will only get you back to the point in time where it was last successfully run. That means if you’re backup ran last night, and the ransomware hit today at 4pm, you’ve pretty much lost an entire day of work for not only a single individual, but potentially an entire company.

But I have antivirus, that’s enough right? I hate to be the bearer of bad news, but antivirus software alone simply isn’t enough anymore. You need a layered approach to your preventative arsenal.ransomware2.jpg

  1. Education – Educate yourself and end users on how to detect these threats. Limit the amount of casual internet browsing and if an email seems fishy, there’s a good chance it is. Remember, ransomware can infect you in multiple ways.
  2. Email Filtering – Use a spam service to filter email before it gets to your mail server and inbox. Even users of a hosted email platforms should consider using 3rd party email filtering as an added layer of security.
  3. Web Filtering – Ransomware doesn’t just come from email. It can come from very popular legitimate websites as well. Utilizing some type of web filtering could help prevent access to infected websites or syndicated ads carrying malicious code.
  4. Antivirus – Use reputable antivirus. This is usually the last point in the preventative stage. Having up to date antivirus could be your saving grace, although there are never any guarantees. Even older versions of antivirus with up to date virus definitions could make you vulnerable. Much like the cyber criminals who are continuously trying to evade the various levels of protection, antivirus vendors are constantly evaluating and improving their software in order to combat the latest threats.

It's unfortunate that there are new stories daily of companies large and small being targeted by these malicious campaigns. There’s no doubt it will only get worse before it gets better as these threats are constantly evolving. They tend to get more destructive with each iteration and some aren’t even offering the option to decrypt anymore. Your best defense is a multi-layered approach. The more layers, the less chance of becoming the latest victim. Bottom line, it needs to be taken seriously.

Topics: Email Security, Network Security, Security, Ransomware

Getting Serious About IT Security

Posted by Tyler Voegele on Oct 25, 2013 5:15:00 PM

We can all agree that the Internet, PCs, mobile devices, servers, and other equipment are essential to everyday business, and without them we would not be able to complete our work. Also, everyone knows by now the impact and multitude of viruses, malware infections, and even hackers that can affect our businesses. It's no secret to how much money can be spent on these problems to try to properly resolve them, so why don't we give it as much attention as any other area? We need to be more proactive in our view towards security. More often than not, the only time we think about security is when it is already too late.

Let’s take a look at some statistics to make more sense of how breaches are effected today:

IT SecurityIT SecurityIT Securityhttp://www.verizonenterprise.com/DBIR/2013/

What are your biggest concerns with IT security? Preventing data loss? Preventing outages? Keeping security up-to-date? To better understand you have to determine where your valued assets lie or maybe you want to focus more on certain parts of your business structure. I like to think of security in three seperate layers. It may be an oversimplification, but it's easier to understand where you should focus time and energy when starting to get serious about security. One of the first road blocks many people come to find when beginning to secure the entirety of their network is where extactly to start.

1. External Network/Edge Devices
2. Core Network/Server Structure
3. Endpoint Devices/BYOD 

As I mentioned, this is a very broad view into your network, and at some point we have to look at cost of dealing with security breaches and spending money to be more secure. Let’s say you want to go with the top-down approach. It is a more comprehensive strategy towards IT security and is definetly not the only way it can be done. I’ve outlined some key steps that I think are very important and the components that are involved in each step.

1.       Create Security Policies and Procedures

This is by far one of the most important and hardest steps you will do. You should create an overall security policy document, BYOD security policy, and determine an action plan for an overall security audit, and also establish a risk management framework and determine the level of risk the business is willing to tolerate. After developing these policies you have to train the staff to adhere to them. Training staff is equally as important as sticking to a training schedule.These documents should always be continuously updated to make sure you can adapt to future security needs. After completeing documenation and an action plan you’ll be better equiped at knowing where to spend time, focus resources, and tackle the big projects. Preparation and adaptiveness are the keys to security success.

2.       Inventory Equipment and Data

Finding old, outdated, or decommissioned equipment and replacing or removing it is important to keeping vulnerability out of the business. Eleminating unnecessary or old data, starting to keep track of what you have, and whether or not it is secure is important to keeping data loss to a minimum. Creating an inventory of what equipment is in the network and asset tagging equipment helps logging and maintentence which is the last step.

3.       Fix Secuirty Holes and Update Equipement

Run tests to see where the security flaws in your network are. Having external auditors run tests both internally and externally is a good idea. Updating software, firmware, operating systems, and antivirus are usually a top priority. Applying security patches when needed and creating secure configurations throughout the network is also important. Create a maintenance window for all equipment and devices you've done, getting up to date. Protect your network against external and internal attacks. Manage the network perimeter of devices at all locations. Create filters for unwanted access both internally and externally.

 4.       Harden Network Security

You’ve probably already documented the policies for most of this step. They may include locking down the operating system and software you run. Creating Group Policies for workstations, servers, and users might also be part of  your policies and is also important. Locking down firewalls and other network equipment is probably one of the most important steps to hardening your security. Why? At least 92% of attacks originate from the external facing part of your network. Put in place policies to disable features that allow users to either remove, disable, or inhibit the functions of a firewall and virus protection suite. Managing user privileges, management processes, and limiting the number of privileged accounts is important. Preventing data loss by creating secure backups is a must to save you in case of critical failures.

 5.       Protecting Mobile Users and Endpoint Devices

Securing users that authenticate from the external world is a must. PCs and other media used to access internal resources need to be as secure as the servers themselves. Manage risks related to the use, processing, storage, and transmission of information or data. Data needs to be kept safe and made sure it is not lost or stolen. Apply a security baseline to all devices. Protect the data in transit as well as outside the network. Those who log into the business through mobile means must have guidelines and restrictions in place to prevent any possible data loss.

 6.       Stabilize and Monitor

Establishing a monitoring strategy is important to maintain support of the policies you’ve created and preventing further exploits that could arise. Continuously monitor the network and analyze logs for unusual activity that could indicate an attack. This is were having an IDS or IPS helps immensly. Without de-emphasizing prevention, focus on better and faster detection through a mix of people, processes, and technology. Tentatively monitoring users can be the difference between pinpointing malicious intent whether intentional or unintentional. Further educate the users of the business to keep policies in check and to make sure they are understood.

IT Security
There is no way to absolutely prevent everything from happening. We can only strengthen our ability to try and detect, prevent, and fix threats that can slip through our defenses. Attackers don’t rely on a single tactic to breach your defenses and neither should you. Remember, there is no “one-size fits all” strategy and many of the things I am suggesting are a great start to a security plan you can implement.

Keep an eye out for the next security blog posts defining more detailed approaches to the top-down approach I explained in this post.

Questions? Comments? We’d love to hear from you! Leave a comment or email us with your questions and we will gladly respond!

 Contact NetWork Center, Inc.

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security, Data Backup, Security, Security Technologies, Firewall

Your Unknown Vulnerability: Password Security

Posted by Tyler Voegele on Apr 5, 2013 5:00:00 PM

common security mistakes password resized 600In today's heavily based world of online activity one often overlooks the fact that the vulnerability of your business and personal IT security lies in the strength or weakness of your password. Many of you may have heard about the online services such as LinkedIn, Last.fm, eHarmony, Yahoo! and Evernote having their password databases compromised. Often we think too little too late when it comes to our passwords. Sometimes we assume things are secure just the way they are. We often underestimate the importance strong passwords can have on our corporate infrastructure and our personal lives.

Many of us are still using very simple and easy to guess passwords. According to a list compiled from Antivirus and other IT security companies users still need a lot of work when it comes to their passwords. Here is a brief top 10 most used passwords in our corporate and personal digital lives.

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. Password1
  7. letmein
  8. Password01
  9. 111111
  10. welcome


Reading that list often makes most IT and business professionals chuckle at the thought of our companies’ users even using such passwords, but it can be a problem.

Let's jump right in and talk about the four key things that you should follow to make up great passwords. Some of this may be common sense, but implementing sensibility with these key components is a must.

1) Length

I'm sure it comes to no surprise the length of your password is a big factor in how secure it will be. The length of your password can significantly increase the time it takes to crack it. Adding just one to two characters in your password can be the difference in adding 4 months to 10 years of its ability to be cracked. Realistically, you should have a minimum of eight characters.

2) Complexity

It is a good practice to include a variety of characters such as letters, punctuation, symbols, and numbers. You should also try to avoid common dictionary words as they are much easier to attain by attackers. Combine upper and lower case letters, but try to focus on incorporating a combination of any non-letters. However, be aware that password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."

3) Variation

To keep strong passwords effective, change them often. Encourage or require employees to change passwords every 30 to 90 days. By the time a hacker gets a chance at your secure password it will already be outdated.

4) Variety

Don't use the same password for everything. If you start using similar or the same passwords it makes it much easier for someone to gain access. Be aware of your personal accounts and what passwords are used for which services. If you use the same password for a site that was compromised you should be changing all of the same passwords for other sites as well.

Password Security resized 600

I'm sure we all have not followed at least one category of the top four. Although you know the basics and what makes a strong password, what can make it easier for you to adhere to these best practices? You don't always want to remember 10 character, scrambled passwords that you will forget the next day. That's where the password managers come into play. LastPass, 1Password and Roboform are all great password managing tools. Personally, I use LastPass and use it across my browser as well as a stand-alone application. For a more detailed review of password managers, give this article a read, "Best Password Managers Top 4 Reviewed."

Remember, one of the most important parts of keeping you secure is having a secure password. Use this guide and you will feel better about the security of your business and personal life.

Want to check out how your password stacks up? Check out the following links for a little tool to give you an idea about your password’s strength!

GRC's Interactive Brute Force Password “Search Space” Calculator

The Password Meter

If you are interested in the latest security news, I suggest reading the following articles:

  • There was a large attack to Spamhaus recently (a company that monitors and stops major spamming operations) involving a complex DDoS attack on their network. Read full article.
  • With recent Java exploits on the rise, this article covers how many of us still are using vulnerable versions. Read full article.
  • Crackers don't waste the time to break individual accounts through a Web login, but focus efforts on obtaining databases that contain passwords. Read full article.

Please contact us if you have any questions regarding password security for your organization. 

Contact Us Today!

 

 

 

 

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

Network Security: Your Business is Never Too Small for Attacks

Posted by Sean Todd on Apr 1, 2013 4:59:00 PM

network security preventionThere is a common misconception with many small businesses that the need to follow the same types of security protocols as enterprise environments isn’t necessary because they really aren’t a target of malicious activity due to their size. “Who would want to steal information from us, we only have 25 people”. Nothing could be further from the truth!

First, we define small business as any company having fewer than 500 employees, although this can vary based on the SBA Table of Small Business Size Standards.  For the purpose of this post I want to focus even smaller on those companies with fewer than 50 employees. In my experience these are the companies who tend to have the most issues with viruses and malware, and have the least amount of information gathering utilities to determine the overall health of their network, thus making them the most vulnerable.

Think about the repercussions if your proprietary data was leaked, or someone was able to obtain and exploit your companies’ financial information. The results could easily be enough to shut you down overnight. We need to start thinking about this just as we do our disaster recovery planning.

Here is a brief list of things at stake:

  1. Financial loss
  2. Lawsuits
  3. Reputation
  4. Market Share
  5. Your Business!

network security tipsSo, now that we’ve identified some the repercussions, let’s discuss how these things could happen. It doesn’t always take a targeted hacking attempt to exploit your network. Something as simple as an employee accessing an infected website could allow an attacker to automatically install malicious software that in turn, could send key information back to them.

Out of date software can also put your information at risk. Think Java for example. On several occasions over the last few months exploits have been identified within Java that would allow someone to remotely exploit their browser session without the need for a user name or password. Like the previous example this is internet based vulnerability; the key difference is that it’s out of date software that allows it to happen.

Another possibility would be unsecured remote access. Allowing remote access to your network without a VPN or other means of security opens you up to the potential for an unauthorized intruder to crack weak passwords and access your network along with all information that it contains.

computer securityWe’ve identified risks and dangers, so now we will talk about prevention. What should we do to maintain a high level of network security and protect our assets?

  1. Anti-Virus – We should always maintain up-to-date AV. We want to be sure we have the latest virus definitions applied at all times. Using centralized AV in larger environments is also beneficial because its gives a central point of distributing updates as well as centralized reporting so we can see the overall health of all clients.
  2. Web Filtering – By utilizing a web filter, we get the ability to block potentially malicious websites. The majority of infections we see come via the web, so this is very important. An added side benefit is selective blocking of websites for specific user groups. This means Facebook for those who need it for their job duties, and blocking it for those who don’t.
  3. Software Updates – Utilizing software titles such as WSUS and vCenter Protect gives us the ability to determine from one console the software versions on each machine as well as deploy updates to those who need it.
  4. Password Policies – Enforce strong passwords. Weak passwords are easy to crack, the longer and more complex passwords mean the tougher they are to crack. I would suggest a minimum of 8 characters including the need for numbers, capital letters, and symbols. Also, force regular password changes. Even though routine password changes can be considered a nuisance to many, it’s a necessity to ensure old routinely used passwords are flushed from the system.
  5. Remote Access Policies – At the very least allow remote connections ONLY via an encrypted method. Client VPN, SSLVPN, and Client Access Gateway are all methods of securing remote access. Without this, information can be obtained in transit.
  6. Education – Educating your employees on safe internet habits is one of the most effective things you can do. Network security starts with the end user.

This list is certainly not all-inclusive as there are many other things that contribute to network and information security. I encourage you to spend some time thinking about this topic and educate yourself on real world security risks. If you have any questions or thoughts on this topic please let us know.

Contact Us Today!

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

Why Antivirus May Not be Enough Anymore

Posted by Sean Todd on Dec 17, 2012 4:20:00 PM

Computer security threatsWe see the same scenario unfolding almost daily. An end user calling in describing what appears to be the latest round of viruses or malware infecting their machine bringing all productivity to a screeching halt. We explain the fact that it sounds as though they’ve become a victim and we’ll need to verify and clean and clean the machine if needed, but they can’t believe it as they have anti-virus and it’s up to date.  

Computer viruses exist for a number of reasons. It could be a corporation or country attempting cyber espionage, a disgruntled former employee seeking revenge against a former employer, or perhaps just someone looking for a quick thrill. The motives are endless which translates to a lot of viruses and malware. Symantec estimates that 403 million new variants of malware were created in 2010.

The sad reality is that Anti-Virus is merely a reactive technology only protecting you against what has already been discovered and analyzed by security professionals at any of the dozens of security firms around the globe. These professionals create vaccines much like a flu shot and then release software updates that protect your computer against these known threats. Even if one firm has a virus identified, it doesn’t mean they all do, so you may be protected against different threats based on the type of protection you have.

I’m by no means suggesting doing away with Anti-Virus. As a matter of fact, quite the opposite. Anti-Virus is a crucial tool in your bag of security tricks. What I would recommend is adding additional tools to your bag in order to better protect you and your end-users. Some of these include but are not limited to the following:

  1. Application Whitelisting – Much like Anti-virus prevents viruses from running based on its list, whitelisting only allows applications to run based on its list of allowed programs. If the application isn’t on the allowed list, it won’t be allowed to run.
  2. internet web filteringWeb Filters – The majority of infections of viruses and malware come from the internet. By filtering the allowed traffic you protect your ends users from visiting sites that are known to carry malicious code. In other words, if the filter detects a virus, it will block your users from seeing it. You are more likely to be infected by a legitimate website carrying malware than you are to be infected from one created by a hacker.
  3. Education – Educate your users on safe computer usage. In an age of computers you would think safe surfing would be second nature, but it’s surprising on the amount of infections we see daily that could have been prevented if users were educated on the impact of their computer habits.
  4. Policy – Create a company policy that holds end-users responsible should they choose to ignore safe internet usage. If they choose to purposefully ignore your company policies, they are a liability, and if they choose to adhere, they are an asset.  

computer securityThe seriousness of a virus outbreak shouldn’t be taken lightly. Sure, in some scenarios it may be something as little as a benign pop-up, but it could also be the demise of your business. Take Gauss for example. It has targeted machines in the Middle East and was used to spy on things such as financial transactions, emails, and passwords. Even though you may have identified an infection and run several utilities against it, you can never guarantee it is 100% clean. (RT, Published: 09 August, 2012)

To conclude, a multi-faceted approach is your best option. Relying on one method alone will not provide adequate protection against these threats leaving your end users vulnerable. Review your policies and educate your users before it’s too late.

Contact us if you would like us to review your security processes and procedures. 

Contact Us Today!

 

Topics: Technology Solutions, NetWork Center Inc., Email Security, Network Security

4 Keys to Safer Email

Posted by Sean Todd on Nov 6, 2012 10:58:00 AM

Over the last two decades, email communication has become one of the most important means of business communication. During this time, we’ve learned a lot about how end-users typically use this communication both positively and negatively, and how 3rd parties try to exploit it.

email security1. Email Communication – Email in the traditional sense is an insecure medium, meaning that your message including attachments can be intercepted and read by 3rd parties on the internet. Think about hackers, scammers, and it’s only when we add security layers that we are able to encrypt and secure our messages from end-to-end.

There are other ways we can ensure our communications are secure:

  • The use of an email encryption service. 
  • Password protecting your attachments with the highest encryption available. 
  • Sharing files using a 3rd party secure file transfer.

2. Email Continuity – What happens if my server crashes? How long will I be without email?
How about if I lose internet connectivity, what happens to my email if it can’t get to my server? 

  • By using an email continuity service you greatly reduce if not eliminate the business impact of a server outage. For example, if your central mail server crashes or you lose internet to your mail server and you do not have any kind of email continuity service, you run the risk of mail being extremely delayed, or returned to the sender as undeliverable email continuitycausing you to lose out on important business communications.
  • With email continuity, your mail is spooled on a remote server in the cloud, and if your mail server failed, your end users can simply log into a portal to send and receive emails until your email server comes back online, at which time the portal would sync up with your mail server and things would return to normal. If you completely lost internet, those messages destined to your mail server would simply spool up in the cloud as opposed to being returned to sender. Once the internet came back online, that email would slowly be pushed into the mail server and things would return to normal.

3. Data Loss Protection - Ever worry about proprietary business or confidential client data being leaked and end up in the wrong hands?

  • As much as we trust our end users, mistakes happen. By implementing Data Loss Protection (DLP) you add a layer of security around your information.
  • How Data Loss Protection (DLP) works: you define a set of criteria that essentially triggers either an email block or email encryption, then your email is handled accordingly. An example of information that would trigger an action could be a bank routing number, social security number, or other keywords that directly relate to your business or industry.
  • Without this type of protection, you are leaving yourself vulnerable to the human element. We are human, and we make mistakes.

4. Email Archiving – Email archiving can be important for a variety of reasons, and depending
on your industry or even disaster recovery plan, your specific needs could be different. Some specifics are:

  • email archivingCompliance – Banking, Legal, and Healthcare aren’t the only industries who should be thinking about email retention periods. Any business could find themselves in a situation where the need to locate and produce an email that happened several years prior. Without it, it becomes the said/she said, and you may be on the losing end of the battle. 
  • Disaster Recovery – Email archiving provides a means in which to recover should the worst happen. Should you find yourself in a situation where you lost both your server and primary backup, an email archiving solution provides another layer of disaster recovery.
  • Storage – In a data driven world, almost everything is electronic. Wouldn’t it be nice to free up costly server space? With archiving you offload data to an environment where someone else is maintaining it, and if/when you require it, you can simply log into a portal to find what you need and bring it back.

With our business and personal lives becoming so dependent on electronic communication, it’s imperative that we continually review our email practices. What may have been acceptable 5 years may no longer be relevant, and as laws change, so does our responsibility. Be proactive and protect yourself before it’s too late.

Contact NetWork Center, Inc. to review your current email security. Together we can protect your business critical emails.  

 

Contact Us Today!

 

 

Topics: Technology Solutions, NetWork Center Inc., Email Security, Disaster Recovery, Email Encryption, Email Continuity

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all