alt tag

Security Posts


The Internal SMB IT Security Threat: Overconfidence In Cybersecurity Preparedness

Tuesday, August 15th, 2017

According to a 2017 published study by Advisen and Experian, one of the biggest threats facing small businesses comes from within, such as overconfidence in the organization’s ability to protect itself and recover from cyber security attacks. While businesses in the survey aren’t claiming to have exceptional cyber security plans and policies in place, there is a disconnection on how well prepared companies to believe they are compared to third-party security experts. Modesty is an often overlooked virtue in business cyber security; knowing that your business needs to continually evolve and improve practices is a defense mechanism of its own.

The People Problem

email-1903444_1920

Hackers are shifting their attention to a different part of the system when trying to break in: the human aspect. Hackers are using increasingly sophisticated phishing scams through email, web-linking, and phone calls to trick humans into handing over information instead of dealing with strong technical security implementations.

According to the Experian survey, “80 percent of legal experts and 68 percent of brokers were concerned, versus just 61 percent of risk managers”, pertaining to employees able to successfully identify and avoid phishing and social engineering attacks. Businesses, then, need to emphasize employee education on avoiding phishing and social engineering attacks.

Internal Vs. External Perspectives

According to the Experian survey, on a preparedness scale of 1-to-5, business risk managers rated their employee education programs 3.36. However, legal experts and data brokers gave those same programs 2.91 and 2.57 scores respectively. This disconnect is important because it shows that businesses tend to realize that they have a lot of room for improvement but they undershoot how far their practices need to grow.

Fortunately, firms aren’t as off-base when it comes to assessing preparedness versus other businesses: 54 percent of companies report that their IT security preparedness is better than their competition. Employees further removed from the metaphorical front-lines may be more confident. According to a Deloitte study, 76 percent of business executives are “highly confident” in their firm’s ability to respond to a cyber security attack.

Looking Ahead

Different businesses face different challenges. According to a FICO survey, telecommunications businesses were the most confident whereas healthcare organizations were the least confident in their company’s cyber security protection. However, the healthcare industry perspective could stem from hackers narrowing-in on the hospitals and healthcare providers as the top target. The legal industry and financial service industry businesses are also major targets for cyber attacks.

The silver-lining in the Experian survey is that businesses and security experts are in agreement on what their biggest security concerns should be: phishing for personal/financial information, ransomware attacks, and IoT vulnerabilities. Is your business looking to improve its cybersecurity practices? The IT consulting experts at MPA Networks can help. Whether it’s through desktop support and management or disaster recovery solutions, your company can always work to improve cyber security. Contact us today!

Addressing the Unique Ransomware IT Security Issues in Healthcare

Tuesday, August 8th, 2017

Ransomware, a type of malware that holds a computer hostage and tries to force the victim to pay money to recover access, is a nightmare for any business, but the healthcare industry faces the more severe side of a ransomware attack. The healthcare industry receives a whopping 15 percent of all ransomware attacks across all industries. It’s therefore essential to look at why the healthcare industry is such a prime target so businesses can adjust their IT security strategies to keep both information and patients safe.

ecg-1953179_1920

Why is the Healthcare Industry a Prime Target for Ransomware?

While the malware family tree is fairly expansive, the ransomware branch alone is responsible for 72 percent of all malware attacks in hospitals for 2016. Even though industry experts say victims should never pay the ransom, one study found as many as half of victims have done exactly that. Unfortunately, this pattern persists because it works. The healthcare industry, with an emphasis on hospitals, exhibit three behavioral patterns that make them prime targets:

  • Hospitals have a reputation for running on older operating systems with known vulnerabilities hackers can exploit. Hospitals may need to use outdated operating systems to work with vital, legacy software. Alternatively, it could also be an IT oversight. Even Macs are vulnerable to ransomware.
  • Healthcare operations may need access to specific computers and files immediately or they risk losing a patient’s life, so this makes them a prime target to pay the ransom. When faced with paying a $500 unlock fee or risk a patient dying, there’s not enough time to look at other options.
  • Hackers assume healthcare operations are financially well off and can afford to pay the ransom.

Phishing with Spears, Not Nets

Since healthcare operations are such a prime target, hackers are going as far as creating ransomware-infection mechanisms that emulate specific software. For example, the ransomware infection mechanism may create a window that’s designed to look like a common patient information window. However, instead of closing the window or saving changes, the window forces the computer to download malware. These attacks are often aimed at specific employees with top-level-access.

What the Healthcare Industry Can Do

  • Backups Are A Lifeline: The more often your business runs data backups, the less information it stands to lose. Frequent backups allow your business to access versions of files just a few hours to days old, which minimizes the damage ransomware can inflict.
  • Emphasize Keeping Software Up-To-Date: Ransomware rarely reinvents the wheel and instead relies on exploiting known security holes that vendors have already patched up. Making sure every program on every computer in your business updates to the latest version as soon as possible will offer exceptional ransomware protection.
  • Use the Cloud: Ransomware has a very difficult time seizing data from applications run through the cloud. Therefore, switching to a cloud platform offers additional security.

While the healthcare industry is a prime target for malware, all businesses need to be concerned about the many types of ransomware in the wild. If you would like to learn more about how your healthcare business or other type of company can protect itself from ransomware, contact the experts at MPA today!

You might also want to read: The “Seven Deadly Sins” of Ransomware.

Looking at USB/NFC Keys for Extra Account Security

Tuesday, August 1st, 2017

Hijacked accounts are an IT security nightmare, so it makes sense for your company to look at new technology for better ways to keep your digital assets safe. While security professionals are working out new ways to look at what account credentials are, sometimes with mixed results like with Samsung’s iris-scanner:  it’s clear that the username/password system alone isn’t enough anymore. According to PC World, a new device-based authentication key called “YubiKey” plugs countless security holes by requiring the connecting of a physical device to a computer or smartphone to access accounts.

hacker-1944688_1280

Increased Security, Tougher to Crack

The authentication device solution owes its lineage to the 2-step verification system, which forces the user trying to access the account to enter a time-sensitive key sent to the user through a secondary device to access an account. Usually, to save effort, these systems flag a device as allowed after a one-time authentication. The YubiKey changes that requirement so that the access key device needs to be physically connected to the device accessing the account: disconnecting the device means logging out of the account. This offers increased security because it prevents people from accessing accounts on stolen, authenticated devices and prevents anyone else from being able to use the account at the same time as the key holder.

Avoiding the SMS Pitfall

Physical authentication devices do not need to transmit a key to the user, only send the key to the site hosting the account which makes them much more secure. In 2016, hackers found a way to intercept 2-Factor authentication system messages sent over SMS text-messaging, which put a huge dent in the method’s dependability. Hackers strike businesses incredibly frequently, so any way that your company can stay ahead of them helps.

USB is the Standard-Bearer, NFC is Forward-Thinking

The biggest problem many new security methods face stems from cross-device compatibility. If the authentication device won’t work with a person’s computer, phone, or other devices, it’s not going to be widely used. However, the YubiKey works around this problem by being compatible with both the USB ports devices have been using since 1994 and NFC found in many newer devices that may lack a USB port. Supporting standards like USB and NFC eliminates the most substantial barrier between the authentication device and the end-user.

However helpful devices like the YubiKey are, progress doesn’t stop there. A similar device called “Token,” which is a biometric token ring acts as an authentication device and can also require a fingerprint scan for additional protection. If your business is looking to take a step forward in IT securitycontact the experts at MPA Networks today!

Is Your Office Router Secure?

Tuesday, July 25th, 2017

network-connection-414415_1920

In June 2017, WikiLeaks released secret documents that exposed the tools the CIA uses to infiltrate public and private networks through routers.

These documents have shined a light on how easy it is for someone to hack a router. This begs the question, are your business’ IT security practices keeping your data safe? There’s plenty your business can do to protect your routers, which are often loaded with security holes from nefarious individuals.

Change the Default Admin Name and Password

It’s very common for routers to ship with manufacturer-specific default admin credentials – these are often as simple as using the name “admin” for the admin name and having a blank password. Changing these to a unique name and secure password will go a very long way in protecting your network. To put the severity of this issue into perspective: hackers took advantage of default credentials on IoT devices to launch a massive attack on important Internet infrastructure servers in late 2016.

The information is easily accessible. There are websites like routerpasswords.com that store the default credential settings for just about any router on the market. However, these sites themselves can be helpful for individuals who reset a device to factory settings and forget the default credentials.

Change the SSID

LifeHacker recommends changing your network’s broadcast name, or SSID, because the default names usually give away the router’s manufacturer and may give hints as to the model number. Knowing the brand makes it much easier to break into a router because manufacturers tend to leave the same security holes across many models.

Change the Firmware

If the router supports its alternative firmware like DD-WRT or Tomato, installing either will give the router a security edge. In addition to changing the firmware to something other than what the manufacturer uses, which will render brand-specific firmware exploits useless, these alternative firmware implementations are more secure than what comes stock. If you can’t change the firmware, just make sure your IT staff keeps the router running the latest official version.

Disable Unused Features

Improve router security by turning off any feature your company isn’t using. Disabling features can also disable the security exploits that existing within the features themselves. Unused features can include things like remote administration, Telnet access, WPS, and UPnP.

How to Tell If You’ve Been Hacked (and What to do Next)

A good hack is an invisible hack, so your business should periodically check to see if your network security has been compromised. Hackers can try to accumulate a massive network of hacked routers to perform IoT botnet-style attacks, which may only show occasional performance drops as symptoms.

Checking the router is pretty straightforward. Technology expert Kim Komando recommends using the online tool F-Secure Router Checker to scan for issues. If the test identifies a hacked router, the fastest way to resolve the problem is to run a factory reset on the router, update the firmware, set secure credentials, and reconfigure the network.

The router is just one part of your company’s network; the experts at MPA provide network management services that address both performance and security.  Contact us today to learn more!

Flaws in 2-Factor Authentication Methods Could Leave You Vulnerable

Tuesday, July 11th, 2017

If your business is using 2-factor authentication, or 2FA, methods to secure your important accounts, you may need to investigate better ways to implement the practice. Security experts widely recommend using 2FA, a system which utilizes a second security level of authorization in addition to a password to keep hackers out of accounts even when they have the password. However, not all delivery methods for transmitting that second code, token, or credential are equal.

According to Mashable, hackers have found a way to exploit the SMS text message-based delivery code method popular with services like Twitter.

technology-1940695_640

The SMS Flaw

SMS messaging proved itself as a viable solution for getting a device capable of receiving 2FA authentication codes into the hands of the average person because most people already own a compatible device. Using text messaging is very practical because SMS-compatible cellular phones are so widely used that it’s almost expected that a user already has a compatible device; it doesn’t even need to be a smartphone to utilize this method.

However, a 2017 bank account draining heist is shining a light on how hackers can exploit SMS-based code delivery by re-routing or intercepting text messages. Instead of manipulating the account or security platform, the hackers hit the vulnerable text messaging system instead. According to Ars Technica, hackers were able to exploit the widely used Signaling System No. 7 telephony system to redirect 2FA token messages from banks to bypass security. This method can work on any platform using SS7.

Should My Business Stop 2-Factor through SMS?

Your business should not abandon 2FA just because hackers found one way to break through it. Using 2-Factor is still more secure than not using it: it still creates an additional step for the hacker to get through. However, it does mean that your business should consider switching over to alternative code delivery methods whenever applicable.

  • Look for applications like the Google Authenticator app for enabling account access, which uses secure HTTP communication to send the validation code instead of SMS.
  • While they include an additional expense, 2FA security key fobs offer far more secure options over SMS.
  • Services typically send an email alert whenever a new device is used to access the account: pay attention to these because they can alert you immediately if your account has been hijacked. You can change the password at this time to minimize any damage.

If your business is looking to plug its potential security leaks, the IT consulting experts at MPA Networks can help. Finding the right tools for your business’s unique needs is an important part of any security strategy. Find out more and contact us today!

79% of Businesses Were Hacked in 2016. Was Yours One of Them?

Tuesday, June 27th, 2017

broken-business-2237920_640

Getting caught off-guard in a cyber security attack is a disaster for any business, large or small—and the frequency of attacks is only getting worse.

According to the CyberEdge 2017 Cyberthreat Defense Report, hackers successfully compromised security at least once for 79.2 percent of businesses over the last 12 months.

These figures may be alarming, but keep in mind that all businesses can (and should) be taking proactive steps to prevent attacks, and to make a quick recovery from any breaches. Here’s how you can protect yourself, with help from a Managed Service Provider.

Increase in data breaches

Even if your business has not been attacked in the past year, the odds of staying under the radar aren’t in your favor. In 2016, businesses experienced a 40 percent increase in data breaches over 2015. The situation is especially bad for smaller businesses: 60 percent of small companies that suffer a major cyber attack go under within six months.

Less severe incidents are more common, but businesses are typically ill-prepared for them. A staggering 63 percent of small business owners report their websites have come under attack by hackers or spammers; of those attacked, 79 percent say they have no plan for what to do if it happens again. Most businesses find that mobile devices and social media services are the weakest links in their online security.

Protective Measures against Cyber Attack

The best protective measures against digital security threats are to secure networks, websites, applications, and social media platforms, and to implement a reliable backup system. The following tips provide a baseline to help your business minimize its security risks:

  • Use unique, secure passwords for all accounts including internal services, external services, email, and connected social media to prevent data breaches.
  • Activate “2-Step Verification” for applicable services.
  • Use Secure HTTP for websites and applications that pass personal information.
  • Take advantage of desktop management services; make sure computers are running up-to-date software to minimize exposure to known security holes.
  • Keep antivirus and anti-malware software updated; run scans on a frequent basis to protect from malware infections.
  • Program internally developed services to prevent SQL injection.
  • Secure the Wi-Fi/Internet and manage employee credentials.
  • Secure mobile devices, tablets, and laptops so they can be disabled if lost or stolen.

In Case of Emergency: Disaster Recovery

Ransomware is major concern for businesses these days: 61 percent of businesses say they were compromised at least once by malware demanding payment to return data. Unfortunately, some companies that decide to pay the ransom still don’t get their data back. The best thing your company can do to protect itself from ransomware is to limit the amount of damage an attack can do through backup and disaster recovery. Using the “3-2-1 backup rule” and running frequent backups can be the difference between losing all of your data permanently, and losing a single day’s work.

Digital security should never take a break. If your business is looking to build a better defense against cyber threats, the experts at MPA Networks can help with both desktop and server management. Contact us today to learn more.

Android and IOS: Is the Device Just Old, or Is It Obsolete?

Tuesday, May 23rd, 2017

clocks-33832_640

When trying to determine if a piece of technology is simply old or completely obsolete, keep in mind that there are different criteria for Android and iOS devices than for desktop and laptop computers. An employee stuck using an obsolete device is likely, after all, to argue that replacing it would increase their productivity.

On the flip side, replacing functional devices too often can spiral out of control into unnecessary expenses.

An IT consulting firm can help your business understand how long a device should remain in use, a safe time range for buying older models, and how to plan upgrade cycles.

When Does A Device Become Obsolete?

The general rule is that a device becomes obsolete about four years after its release. This means that trying to save money by purchasing older devices on the cheap may not work out well, as they are unlikely to receive updates as long as a newer device. Usually you can buy only the most recent and second most recent smartphone devices new, but older refurbished devices are readily available.

Performance Issues with Old Devices

Determining if a device is aging vs. obsolete is pretty straightforward: If the employee can still complete all necessary work with the device, it is not yet obsolete.

However, older devices often have performance issues; notably, they may operate slower than the latest models. Older devices using Android often receive updates late, too, so users won’t receive security and interface improvement patches as soon as they’re available.

When Does a Smartphone Become Obsolete?

Forbes paints a pretty grim picture of aging devices, declaring that smartphones have about two years before they’re obsolete. Still, users can typically continue on without any major problems for an additional year or two.

Once obsolete, however, many devices are prone to disruptive conditions:

  • Security updates are no longer provided.
  • Vital applications are no longer compatible with the operating system.
  • The web browser ceases to display web pages correctly.

When Does Apple Consider Devices Obsolete?

Officially, Apple considers any product more than five years old obsolete, meaning the company tends to support their devices for a little longer than Android distributors. Apple usually supports iOS devices with the latest operating system for about four years. At this point the device will not receive updates, but it will still likely work for a while longer.

The device typically hits the obsolete category when it no longer runs the most recent version of iOS. If you buy an iOS device that’s already been on the market for two years, you’ll have to plan to replace it in another two years. A one-year-old device will be good for at least three years.

How Long Can Android Users Expect Operating Upgrades?

Android devices have a two-tier obsolescence system in which system updates stop coming and applications stop working. Android is a much more difficult case to gauge because updates need to come through Google, go to the manufacturer, and then reach the phone provider.

Android users can expect operating upgrades for two years after the phone is released, and a few additional months of security updates; both are soft obsolescence moments. What finally ends an Android device’s life (or, at least, its usefulness) is application incompatibility after about four years, which is dependent on the developer. Most try to support the oldest version possible, but this is not always the case.

If you want to make sure your employees are using up-to-date devices that increase productivity, MPA Networks can provide an IT and productivity assessment. Contact us today.

Scheduling Security: Take Control of Your OS Updates

Wednesday, May 10th, 2017

update-1672385_640

It happens to everyone: You turn your computer back on after you intended to leave the office, or come in early to get a head start on a new project, only to be greeted by a 20-minute operating system (OS) update session. This common workplace frustration turns what should have been a four-minute job into a half-hour ordeal, forcing you to stay behind or defeating any time gains from starting early.

OS updates provide essential security fixes that keep your business safe, but the platforms have a knack for pushing updates at what feels like “the worst possible time.”

Here’s what you can do to remain one step ahead of your updates at all times.

Change the Default Settings

Don’t leave operating system updates on their default settings, because they’re likely to interfere with work when you need the devices. The solution to this productivity- and attitude-killing problem is to adjust the system settings to force the updates at a specified time when your team won’t need them. Other software, like Office, Photoshop, and web browsers, tend to be less of a problem, since their update sessions are usually much quicker.

Updates Are a Security Issue

The worst solution to update inconvenience is to disable automatic updates. While updates that don’t add any new features may seem irrelevant, they’re actually doing lots of work keeping you safe behind the scenes in areas like IT security and virus/malware prevention.

According to TrendMictro, malware and other security exploits tend to target known security holes that have already been closed through updates and patches. Instead of finding new exploits, it’s easier for hackers to continue to exploit the old ones and take advantage of users who do not update their computer software.

Schedule Around Work to Increase Productivity

Microsoft usually posts their updates on the second Tuesday of every month, which is commonly known as “Patch Tuesday.” However, this may not work well with your business if it disables employee computers Tuesday night or Wednesday morning. The ideal time for updates will differ depending on your business, but for the typical Monday-to-Friday 9-to-5 office, you will be best served by installing updates around 2 a.m. on Sunday morning. Devices can even be individually customized for each employee based on their personal schedule.

The IT Consulting experts at MPA Networks, serving San Francisco, San Mateo County, San Jose, and other San Francisco Bay Area cities, are ready to help your business make technology work for you, not against you. Scheduling updates is a desktop management and support issue, which IT Managed Services can deliver. Contact us today to find out how we can help you better manage your office computers.

The Three Copies Rule: Why You Need Two Backups

Wednesday, May 3rd, 2017

usb-932180_640

Anyone who has ever lost years of work due to computer failure will tell you that backing up your devices can save you considerable heartache and frustration. Reliable, redundant, and regular data backups are your business’s best strategy for disaster recovery—but two copies of your data may not be enough.

IT pros across the world have developed the “3-2-1” backup philosophy to maximize your restoration capacity following a data disaster.

The “3-2-1” Concept

The “3-2-1” approach is simple:

  1. Store three copies of your data.
  2. Utilize multiple storage formats.
  3. Keep one copy off-location.

TrendLabs says that having two backups of your data (meaning three copies total) is all about redundancy. IT professionals have nightmares about experiencing computer or server failure and preparing to restore the backup, only to find that the backup has failed as well. Your business can prevent this situation only by keeping two backup copies of all your important data.

We can’t stress often enough that three copies means three separate devices. Backing up data to a second hard drive in the same computer, or a connected SD card, does not count. This will only protect your data in the event that one of the hard drives breaks.

Some useful backup devices include:

  • External hard drives
  • NAS
  • Cloud storage
  • DVD/Blu-Ray discs
  • Flash drives
  • SD cards

Two Formats: Diversify Storage Media

Using different types of storage for backup improves reliability: It not only diversifies the factors that could cause the backup to fail, but also acts as an extra layer of protection. For example, if both backups are on external hard drives and exposed to a large magnet, both would be destroyed. However, a second copy stored on optical media or a flash drive would survive.

The two backup locations could include a backup external hard drive and cloud storage, or a DVD archive and an onsite NAS server. According to PC & Tech Authority, NAS servers are a great backup option for offices with several networked computers. We’ve discussed storage format longevity in previous blog posts if you need help deciding which one is right for you.

Keep at Least One Copy Offsite for “Catastrophe Recovery”

Catastrophe recovery is another way to describe a worst-case disaster recovery scenario: for instance, the hard drive didn’t fail, but a flood leveled your office, or someone stole both the computer and the backup in a burglary. In order to prevent an outright catastrophe, it’s not safe to keep every copy of your important data under the same roof.

This means, of course, that one of your backup copies should be stored in a secondary locationthe farther the better. The offsite backup could be, for example, a cloud backup, or an external hard drive stored in a bank deposit box. When working with a non-cloud, off-site solution, it helps to swap out two storage devices on a weekly basis.

If your company is looking to streamline its disaster recovery practices with IT Managed Services, contact the experts at MPA Networks today.

Top 5 Security Tips for Email and Social Media Accounts

Wednesday, April 26th, 2017

email-2151046_640

Email and social media accounts provide a wealth of cyber security challenges for businesses. Hackers often look for exploits in account operations to steal information and seize control—both of which can be extremely damaging and difficult to combat.

A compromised account is a problem for any business, but the confidential nature of financial, legal, and healthcare data means the stakes are even higher for these industries.

The following five tips highlight ways your business can protect its digital assets from malicious seizure and abuse.

1. Protect Yourself with Internal Accounts

Old, unused email and social media accounts aren’t just clutter: They’re metaphorical Trojan horses. Staff should use an internal email address (e.g., yourbusiness.com) whenever this is feasible. It’s possible that an email or social media provider will recycle unused account names at some point, which can be used to steal access to any contingent account still tied to the original. However, internal accounts may not always be possible in cases like Google services requiring a Google account.

2. Use Stronger Authorization Credentials

While only available on some platforms like Google and Apple, 2-step verification is among the best available security practices to keep your accounts safe. These systems work by sending a text message with a time-sensitive code to your mobile device that needs to be entered any time someone logs in to the account using a new device. Even if the password is compromised, 2-step verification prevents account access without the associated mobile device.

3. Avoid Reusing Passwords

If you can’t use 2-step verification, a strong, unique password is your next best option. Email addresses are often used by different online services as an account identifier and password recovery method. If someone is able to reactivate an old email account, or create a new one that uses the same address, they can use “forgot” or “reset” password commands for accounts tied to that email address in order to seize access.

This situation is especially hazardous when staff members use the same password for all accounts. In these cases, email-based password recovery systems will not just restore access, but hand over the password.

4. Delete Over Deactivate

Make sure accounts are actually deleted, not just deactivated. Old, deactivated accounts become low-hanging fruit for hackers that your staff isn’t paying attention to. To put it bluntly, the more accounts tied to your company’s internal services, the more venues hackers have to exploit. Limit your exposure by closing unused accounts.

5. Remove Contingent Permissions

If you’ve deleted an account, it’s wise to remove any internal permissions in other services tied to it to prevent someone else from creating a new account with the same details. Email-related logins may still work on other services even after the account has been deleted.

For example, don’t just delete a departing employee’s Gmail account; remove their account permissions from Google Analytics and Facebook account management as well. Your team should also make sure any contingent service accounts connected to that email address are removed. It may help to work with an IT consulting service to devise a cleanup procedure for employee departures.

If your business is looking to secure its digital assets, MPA Reliable Networks Email service is a great place to start—not just for its risk mitigation security benefits, but also its productivity and continuity perks. Contact us today for more information.