Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues - enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.
The late American author Kurt Vonnegut once wrote, “New knowledge is the most valuable commodity on earth. The more truth we have to work with, the richer we become.” Written in the 20th century, it has been put in practice by 21st century businesses. As the Internet has grown, the amount of companies expanded, and the amount of data that those companies collect has grown exponentially, especially now that there is a market for such data.
Disasters are an unfortunate part of doing business in a technology-heavy workplace environment. You need to expect the worst, but it’s often difficult to predict what types of disasters your organization will have to endure. There are a few universal disasters that you’ll encounter, regardless of where in the world your business operates.
Here are four of the most common ways that your business could lose data, and how disaster recovery thwarts them at every turn.
Natural Disasters
All you have to do is watch the local weather channel to get a glimpse of just how unpredictable and apocalyptic natural disasters can be. One minute the sun could be shining, and the next your business could be assaulted by roaring torrents and flash flood warnings. Or, the earth would quake under your feet and you’d never know until it’s too late to do something about it. An even more common occurrence would be an electrical storm or a power outage, which could threaten to bring down your technology or fry its circuitry. The point is that it’s next to impossible to predict what effect a natural disaster could have on your business, but the fact remains that it’s most certainly nothing good.
Hardware Failures
Another common problem for businesses that rely on technology is the hardware failure. If you have resource-intensive servers that are responsible for the brunt of your network operations, you might already be intimately familiar with the devastating effects of a hardware failure. No technology can last forever, so when an untimely hardware failure claims the lives of your server units or workstations, you’ll need to be prepared.
User Error
In much the same way as hardware failure, user error needs to be expected and planned for. You can’t realistically expect your users to never make mistakes. It’s part of human nature. People might accidentally misplace files or hand over credentials to threatening entities. Regardless of how they do so, user error is one of the primary reasons for data losses and data breaches, so it’s crucial that you prepare for this by educating your team on best practices, and implementing data backup.
Hacking Attacks
You might not expect to become the victim of a hacking attack, but no matter how large your business is, you need to consider yourself a target. As long as you deal with sensitive credentials like credit card numbers, Social Security numbers, and other financial or personally identifiable information, you have something of value to hackers. When a hacker attacks, they can either steal or delete your data, so it’s best to have a backup stored in the event of something like this.
Regardless of how your data is lost, you’ll need a way to recover it. The best way for a SMB is to reach out to Info Advantage. We can equip your business with the dynamic BDR solution you need to keep your organization afloat, even when you think that your business will sink. Our BDR solution features only the best and brightest features for your data infrastructure, including fast and efficient recovery times, multiple backups taken per day, and off-site, cloud-based storage.
With BDR, you’ll know that your data is safely stored, just in case you need it. To learn more, reach out to us at (585) 254-8710.
Wireless Internet signals, referred to most commonly as Wi-Fi, are commonplace in every office. Even organizations that don’t often need access to the Internet, like restaurants and coffee shops, have wireless connections available for customers to use. However, just because you can connect to free Wi-Fi, doesn’t necessarily mean that you should.
One of the big problems with free Wi-Fi is that people who use public connections are fully aware of just how dangerous it is; yet, they still want to use it. The Identity Theft Resource Center claims that 78.5 percent of users who connect to free Wi-Fi understand that there are major risks involved, and yet only 26.7 percent use a VPN to keep themselves safe. Thus, free Wi-Fi should be approached with caution. Here are just a few reasons why you need to be careful when accessing public Wi-Fi.
Anyone Can Access It
If the Wi-Fi isn’t protected by a passcode, the network is vulnerable to hacking attacks and other threats. Plus, if the router isn’t configured properly, the passcode doesn’t offer much help. The fact that anyone can access it at their leisure means that there’s virtually nothing stopping hackers from connecting to the router and spying on other users.
It’s worth mentioning that, although we use the term ‘hacker,’ even a mischievous child with a bit of curiosity and the proper know-how could access your files via public Wi-Fi if the connection isn’t secure.
Free Wi-Fi is Highly Used
It’s natural that a free Internet connection will attract attention from people. That said, the more people who connect to a Wi-Fi network, the slower the connection, and the more likely it is to house a hacker. Hackers understand that free Wi-Fi draws plenty of victims, so they’ll use the convenience to find new targets.
Data Isn’t Encrypted
Encryption adds an extra layer of protection to any data that’s sent to and received across an Internet connection. When routers have encryption, hackers have a more difficult time stealing data. Therefore, you should only connect to routers that have encryption, and it’s unlikely that your run-of-the-mill router at your local restaurant has it.
What You Can Do
You may not be able to control who secures their public Wi-Fi routers, but you can take steps to protect yourself if you’re ever in the position where you feel you must use it. Here are three best practices for keeping your devices safe while using a public Wi-Fi network:
To learn more about how you can keep your data safe from prying eyes, reach out to Info Advantage at (585) 254-8710.
Windows is perhaps the most widely-used computing tool in the workplace, and as such, it remains a huge target for hackers of all kinds. Criminals are always trying to uncover vulnerabilities in the operating system, but this time around, Microsoft has truly outdone themselves. Windows 10’s built-in security, according to hackers at the Black Hat conference in Las Vegas, allows for the most secure Windows operating system in several years.
It was expressed that, in comparison to its previous incarnations, Windows 10 is much more difficult to break into. That hasn’t stopped some hackers from trying, though. Among the Black Hat hackers at the convention were many who had tried to pinpoint potential outlets for malicious threats, and while they still managed to come up with a couple of solutions, it became clear that Windows 10 is much more challenging for hackers to infiltrate. Below are a few of the proposed attack models, and how Windows 10 challenges them.
Windows 10 Uses Built-In Anti-Malware Tools
Windows 10 uses what’s called the antimalware scan interface (AMSI), which is capable of identifying and capturing malicious scripts in memory. The idea is that applications can access this information, and any antivirus or antimalware program can process it. For example, Windows Defender and AVG use AMSI. The reason that this is such a huge problem for hackers is that many prefer to use script-based attacks. The kicker here is that while AMSI is a valuable tool to detect and prevent attacks, it requires secondary security protocol in order to be most effective. While it’s great for detecting scripts executed in PowerShell, since PowerShell records logs, it still requires someone to regularly monitor the logs in order for it to be most effective.
Active Directory
Active Directory is a crucial part of how Windows administration functions, and it’s useful for both managing workloads in the cloud, and controlling identity and authentication management on in-house networks. Microsoft Azure uses Active Directory, which can provide exceptional security for an Azure-based cloud computing platform. The problem that admins run into in most circumstances is that any user account can access Active Directory, unless the administrator removes those permissions. Therefore, it falls to your IT administrators to ensure that the credentials for your Active Directory authentication are secured, and to control user permissions to mitigate potential access to AD.
Virtualization
Virtualization-based security is a series of security features that are built into the hypervisor of Windows 10. In essence, Hyper-V can create a virtual machine that isn’t connected to the root partition. This virtual machine can then execute security commands as needed. The idea here is that Hyper-V creates a virtual machine that can’t be compromised, even if the root partition has been taken over. It’s a way of minimizing the extent of data breaches, should they happen in the first place. Of course, if the root contains credentials that allow hackers to access the virtual machine, it’s all over. Therefore, administrators need to take measures to ensure that hackers cannot access the VBS machine.
Of course, no matter how secure an OS is, hackers will always find a way to get in. One way or another, criminals who are determined to bypass defenses will create a way to do so. Microsoft patches known vulnerabilities as soon as they’re discovered to be active, so it comes down to outplaying the opponent. Hackers will inevitably find ways to crack Windows 10’s innate security, so it’s your responsibility to complement your OS’s security with your own solutions.
If you need assistance securing your Windows 10 devices, or any other workstations, servers, or network components, reach out to Info Advantage at (585) 254-8710.
In response to the increasing danger of cyber attacks against computerized cars that are currently in production, Volkswagen has partnered up with three Israeli experts in cybersecurity to form a brand new cybersecurity company dedicated to designing solutions intended to protect such advanced cars and their passengers.
While ownership and investments made by each party have not been made public, the mission of Cymotive--as the new entity is called--is perfectly clear.
As Yuval Duskin, who formerly sat at the helm of the Israeli Security Services and now serves as Cymotive chairman, said: "Together with Volkswagen we are building a top-notch team of cyber security experts. We are aware of the significant technological challenges that will face us in the next years in dealing with the cyber security threats facing the connected car and the development of the autonomous car."
These cyber security threats are far too real. Features like Bluetooth connectivity and computerized dashboards have made modern automobiles tempting targets for tech-savvy criminals. Quite recently researchers discovered that an attacker armed with an inexpensive radio kit could clone their way into any wireless-entry-equipped Volkswagen, potentially opening any of the automobiles equipped with this feature sold since 2000--the number of potential cars at risk reaching into the millions.
Volkswagen, of course, is not the only car maker whose systems are under threat of attack. A few seasoned car hackers recently proved that--by attaching a laptop to the controller area network (or CAN bus) of a Jeep Cherokee--they could take full control of the vehicle’s brakes. Posting proof of their method in a YouTube video, the duo used a local attack but stated that with some more effort, a similar attack could be executed remotely.
However, after submitting their findings to Fiat Chrysler Automobiles (producer of the Jeep brand) the automotive manufacturer waved away the findings, questioning their validity and how appropriate it was for the hacking duo to share “how-to information” that could potentially put public safety in jeopardy. Fiat Chrysler Automobiles also declared that such an attack takes “extensive technical knowledge” and that any security flaws present in the demonstration had since been patched.
However, hackers of a more malicious nature are always seeking out new vulnerabilities that the manufacturers and programmers of whatever system (automotive, computing, or otherwise) may have overlooked. As a result, there is an ongoing (and most likely never ending) race between hackers and developers to come out on top… At least until the next revolutionary technology emerges and starts the race over.
Does the ability of computer hackers to infiltrate your car make you consider downgrading during your next automotive purchase? Let us know in the comments.
Security is one of the most important parts of running a business, especially today when organizations rely so heavily on their technology solutions. Some of the most dangerous threats lurk on a business’s network, watching and waiting for an opportunity to do some real damage. With the right preventative measures, your business can catch these threats in the act before they can accomplish their goals.
Defining Malware
Malware, or “malicious software,” is a blanket term for malicious code that’s designed to cause trouble for the machine that it infects. Malware can inject code into applications or execute viruses and trojans. One of the most common types of malware is called ransomware (perhaps you’ve heard of it), in which the files on a system are encrypted until a ransom is paid to the developer. Malware can have far-reaching and varied effects, so it’s best to keep such unpredictable threats off of your network in the first place.
Defining Rootkits
Just like malware, a rootkit is designed to install on a system. Unlike some types of malware, however, rootkits are designed to allow a hacker to gain control of the system while remaining undetected themselves. In particular, rootkits are dangerous due to their ability to subvert the software that’s supposed to find them, making it optimal to prevent rootkits from accessing your system in the first place.
Defining Trojans
In computing, a trojan is a malicious entity that allows a hacker access to a system through misleading the user. While the purpose can vary from data destruction to theft, trojans are often used to install backdoors and allow access to a system at a later date for the purpose of surveillance or espionage.
Preventative Security Measures
Just like how there are various types of threats, there are plenty of ways to keep your organization’s network safe from them. Here are just a few.
All of the above solutions can be found in what’s called a Unified Threat Management (UTM) solution, which is widely considered to be one of the most comprehensive and useful preventative measures to improve network security. To learn more about UTMs and other topics concerning network security, reach out to us at (585) 254-8710.
Security professionals have been at war with hackers ever since the Internet was created, but a recent NATO decision has affirmed the fact that cybersecurity is a real-world problem, and one that needs to be fixed. Just like land, air, and sea, cyberspace has become a battlefield, albeit a very different kind of battlefield.
The decision by NATO declares that cyberspace can be defined as an “operational domain,” which is an area where conflict can occur. There have been some incidents of cyber attacks that have transcended from the cyber realm, to having effects in the physical world, such as the recent Ukrainian electrical grid hack, or the supposed Iranian hack of a United States dam control system. The idea is that hacking attacks can have direct effects, such as causing blackouts or turning off critical systems.
NATO Secretary General Jens Stoltenberg made a valid observation concerning the decision to add cyberspace to the list of operational domains: “Cyber defence is part of collective defence. Most crises and conflicts today have a cyber dimension. So treating cyber as an operational domain would enable us to better protect our missions and operations.”
Technology is so prevalent in today’s world that it’s practically impossible to imagine warfare, of any kind, that’s not assisted by it; and where there are technology systems, there are networks that can be hacked and taken advantage of. If data that’s deployed to bases or war zones is inaccurate, lives can be lost, rather than protected. Another example would be hacking critical infrastructure, like with what happened in the Ukraine, which left countless citizens without heat, electricity, and other necessities.
In particular, NATO plans on securing its networks and focusing on helping other countries secure theirs, as well as implementing ways to identify where attacks come from, and why. In 2014, NATO changed its policies on cyber attacks to allow NATO to respond in force to any attacks against nations that are involved with the organization, so defining cyberspace as a grounds for conflict shows just how quickly this situation is escalating.
Of course, all of this is easier said than done. Cyber security as a whole is still handled primarily on a state level, and while the US and UK plan on investing in cyber security, other countries find that it’s of low priority, or that it’s too far off to consider at this moment.
This decision by NATO should reaffirm that your business needs to take a cautious, proactive approach to network security, as well as leverage best practices in order to minimize risk while working online. If your business falls victim to a hacking attack, you’ll realize far too late that the online world is a dangerous place filled to the brim with malicious entities. Therefore, it’s in your best interest to take a preventative approach to network security.
Info Advantage can equip your business with the tools needed to keep your IT infrastructure safe. To learn more, give us a call at (585) 254-8710.
Augmented reality is a growing trend in the technology industry, and perhaps one of the best known uses of it today can be found in the extremely popular mobile device app, Pokemon Go. However, hackers have seized the opportunity to infect players who want to “catch ‘em all” with a backdoor called DroidJack - something that certainly won’t help gamers “be the very best.”
The Pokemon series has long been known as one of Nintendo’s most popular gaming franchises, and with the release of Pokemon Go, the series has finally made its way to everyday mobile device users. It’s currently ranked as the #1 most downloaded free app on the Apple Store, as well as the Google Play store. The game was such a hit that Nintendo’s stock increased exponentially overnight, and the app has over 26 million users worldwide - more than Tinder, Twitter, Google Maps, and other mobile apps.
However, like many extremely popular things, hackers have taken this and exploited it to do their bidding. Prior to the app’s release worldwide, many impatient fans downloaded the APK (Android application package) from third-party websites and “side-loaded” it onto their devices. This can only be done by going into Android’s settings and allowing app installation from unknown sources. Normally, this is a red flag for any security-minded mobile device user, as some malware is known to infect devices and download apps without the permission of the user; yet, some Pokemon fans just couldn’t wait, and downloaded the APK without thinking of the consequences; like downloading a backdoor.
Considering how many countries outside the United States, Australia, and New Zealand, are still waiting for access to Pokemon Go, many have chosen to just use the APK to get the app on their device, rather than wait for the official release. One particular source of the APK provides a modified version of Pokemon Go that, upon installation, installs a backdoor onto the device, which allows for remote access to the device and provides full control over the victim’s phone. The infected version of Pokemon Go is so well-done and inconspicuous that the user likely won’t know that their device has been infected. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.
Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png
When downloading any app, it’s crucial that you drive this best practice into the heads of your employees: be sure to pay attention to the permissions required by the apps that you download. For example, there’s no real reason why Pokemon Go would need to make phone calls, edit and send text messages, modify your contacts, and record audio. All of this is just asking for disaster. While exploitation of the APK hasn’t been observed in the wild, it represents a dangerous development in mobile applications, one which shows hackers taking advantage of wildly popular smartphone apps, and turning them into catalysts to spread their malware and influence.
There are two lessons to be learned. Don’t download apps from unknown sources, even if they’re just games, and make sure that your employees know what your policy on mobile apps is on your in-house network. Also, be sure to examine a new app’s permissions, and only download them from the Apple store or Google Play store. Among your millennial workforce, there may be many users of Pokemon Go, so it’s your responsibility to reach out to them, and educate them on these best practices.
After all, “Gotta catch ‘em all,” doesn’t refer to malware infections.
Verizon has taken to publishing a compilation report analyzing data breach statistics with the help of industry partners, a report that is widely regarded as a must-read for the industry. A brief review of the latest edition’s executive summary revealed where information security vulnerabilities lie in industries worldwide and, even more helpfully, what shape those vulnerabilities took. The Data Breach Investigations Report, or DBIR, pulled no punches in outlining what kind of attacks happened in the past year, and how.
The DBIR has its own system of outlining breach types that divide events and incidents into nine categories. Information-based companies appeared predominantly in four of them, with helpful tricks to prevent such breaches from happening again.
Crimeware: Perhaps unsurprisingly, one of the industries crimeware targeted most was the information industry, with the DBIR citing a rise in ransomware (39 percent of all analyzed attacks in 2015 involved ransomware). While the scope the DBIR funnels under the Crimeware title is fairly large (“This covers any use of malware that doesn’t fall into a more specific pattern”), this by no means cheapens the risks - it arguably compounds them, as it only goes to show how many pieces of crimeware exist. To defend against them, the DBIR recommends frequent patches and backups as well as monitoring changes to configurations.
Web App Attacks: Considering that 95 percent of web app attacks were financially motivated in their reports, it’s no surprise that e-commerce platforms were among the most targeted by these intrusions. These attacks are often the result of a successful phishing campaign or the infiltration of a vulnerable site. The other side of web app attacks, content management system breaches, saw plenty of digital graffiti and the repurposing of infiltrated sites as phishing sites. To avoid this kind of breach, the DBIR again recommends timely patches to remove vulnerabilities, as well as utilizing two-factor authentication and input monitoring.
Cyber-espionage: Usually hunting for intellectual property, cyber-espionage attacks prefer sticking to tried-and-true methods of breaching networks, only utilizing more sophisticated methods if the simple ones don’t work. Therefore, at least in this case, basic protections may be enough to divert many of these attacks, and should not be bypassed in favor of more specialized protection. As far as avoiding issues further, keeping patches up-to-date and monitoring changes to configurations will help monumentally, as will isolating compromised devices and separating them from the rest of your network.
Miscellaneous Errors: This category took all of the “Whoops!” issues that lead to compromised security into one bundle to deal with them. While Verizon reports that 40 percent of them were caused by a server issue, many others were triggered by employee mistakes - a full 26 percent included sending a message filled with sensitive data to the wrong recipient. The DBIR suggests strengthened controls on your network as a possible way to keep away from errors, such as data loss prevention software to lock down sensitive info. Additionally, Verizon recommends thorough disposal procedures to any aged-out equipment, as well as to stay focused and learn from the mistakes from your past.
Helpful information, certainly, with all that and more being available for free download at the Verizon Enterprise webpage. But big picture - what takeaway can you not afford to leave on the table? Ultimately, an overwhelming percentage of incidents reported in the DBIR pointed blame, or at least prime responsibility, for many of the errors that led to security breaches to one thing: human error.
Between the willingness to exploit the natural fallacies of human nature by cyber criminals and the human tendency to make mistakes independently, human beings are placed solidly as the weakest link in any cyber security chain. So, if humans are the problem, what is the solution?
In short, vigilance. Strongly enforce best practices regarding security in the workplace, and follow them yourself as an example. Be aware of current trends in cyber security attacks, and prepare yourself and your company accordingly. Identify and install security measures that best fit your needs and abilities.
For help with any of this, be sure to call Info Advantage at (585) 254-8710 first. Our ranks of professionals are here to help you when you need guidance concerning your business’ security solutions. With Info Advantage, you have a much greater chance of being a success than being a statistic.
It’s important that your business uses the most recent version of any operating systems and software solutions used by your workforce, but Internet Explorer “fans” have had a rough start to 2016. Nearly a quarter of all Windows PCs are still using unsupported versions of Internet Explorer, half of which are still running Windows XP.
Tag Cloud
Mobile? Grab this Article
Contact Us
Learn more about what Info Advantage
can do for your business.
Info Advantage
155 Sanford Street
Rochester, New York 14620
