alt tag

Posts Tagged ‘ransomware’


Defend Your Network Against Advanced Persistent Threats

Tuesday, July 12th, 2016

computer-1500929_640

If you’ve looked over our previous posts since we’ve started our blog, you know how serious we are about protecting your company from everyday cyber-threats—mainly phishingransomware, and various other malware. Today we’d like to discuss a different form of cyber-threat plaguing businesses over the past decade: what the security community has termed advanced persistent threats, or APT.

What exactly is “persistent” about APT? Most hacking attacks can be classified as “smash-and-grab robbery”: Break into a network and make off with anything of value—user identities, account numbers, cash—and disappear before anyone notices.

An APT attack compromises a network’s defenses and stays as long as possibleweeks, months, or years—discreetly infiltrating servers, eavesdropping on email, or discreetly installing remote bots or trojans which enable deeper espionage.

Their primary goal is information—classified material, trade secrets, or intellectual property—that might draw interest on the black market.

Robbery, Inc.: A Worldwide Enterprise

While unsophisticated hackers might lurk in the shadows like criminal gangs, APTs often emanate from professional environments not unlike a prosperous Bay Area tech company—posh high-rise offices, full-time employees with salaries and benefits, and formal product development teams. The difference is they’re conducting business in China, Russia, and other cyber sanctuary nations where international cybersecurity is unenforced and intellectual property laws don’t exist.

The more extensive an APT infection, the harder it is to isolate and eradicate it—like cockroaches under a kitchen sink. Many enterprise IT managers simply accept APT as a fact of life—conceding that trying to combat these intrusions would actually encourage the culprits to dig deeper into the network.

So if APT makes long-term data theft inevitable, how can you still protect yourself? Make the stolen data unusable.

Alphabet Soup? Fight APT with DLP

The second acronym we’ll talk about today is DLP: data leak protection. DLP encrypts sensitive data so that it can only be accessed by authorized users or workstations with a corresponding decryption key. If that data is intercepted by an APT, it’s rendered unreadable—and worthless.

Multiple name-brand security vendors offer a wide range of turnkey DLP solutions. Low-end products will automatically encrypt data which follows specific patterns (Social Security numbers, 16-digit credit cards), while high-end products can be configured to use complex algorithms and language analytics to locate and protect other specific forms of confidential data (such as client files, product designs, or sales figures). When unauthorized access is suspected, files can be temporarily quarantined against a possible data breach before they leave the company network.

Are APTs already lurking within your network? What proprietary data can your business not afford to lose? How can you evaluate DLP products to find the best solution for you? Talk to us for help.

The “Seven Deadly Sins” of Ransomware

Wednesday, June 29th, 2016

 

seven-1181077_640

Readers of our blog over the past few years know we were among the first in the Bay Area to warn our customers about the growing threats of ransomware—from the emergence of CryptoLocker and CryptoWall to our federal government’s startling admission that they’re virtually powerless to stop it.

Mostly originating from sophisticated cyber-gangs in Eastern Europe, ransomware may be the most profitable organized crime scheme in the world today.

We weren’t exactly surprised, then, when we received 2016 Will Be the Year Ransomware Holds America Hostage,” a 40-page report from The Institute for Critical Infrastructure Technology (ICIT), a non-profit cybersecurity think tank.

The ICIT report is a comprehensive review of the ransomware landscape—from its earliest origins to the major active strains “in the wild” to the likeliest targets (particularly American small businesses). Today we’d like to highlight the seven delivery channels of ransomware and other malware infections—what we refer to as “The Seven Deadly Sins.”

1. Traffic Distribution Systems (TDS)

If you visit a website and suddenly see an annoying pop-up ad, it’s because the website sold your “click” to a TDS vendor, who contracted with a third-party advertiser. Pop-up blockers have rendered most pop-up ads obsolete, but some of the shadiest TDS vendors contract directly with ransomware groups to spread exploit kits and “drive-by downloads.”

2. Malvertising

As we discussed last July, even trusted web pages can include third party ads embedded with malware-inducing code. One click on a bogus ad can wreak havoc.

3. Phishing Emails

From phony bills and résumés to bogus “unsubscribe” links in annoying spam, email recipients can be tricked into clicking a link allowing an instant viral download of ransomware. Research reveals that despite strong security training, up to 15% of employees still get duped by phishing schemes.

4. Gradual Downloaders

Exploit kits and ransomware can be discreetly downloaded in “segments” over time, evading detection by most anti-virus defenses.

5. Social Engineering

Also known as simple “human ignorance,” a user can be tricked into downloading a phony software update or other trusted download link—even ignoring warning messages (as happened to a friend of ours) only to allow a costly malware infection.

6. Self-Propagation

Once inside a single computer, the most sophisticated ransomware strains can automatically replicate through an entire network via the victim’s address book. ICIT expects that self-replicating ransomware will evolve to infect multiple devices within the Internet of Things.

7. Ransomware as a Service (RaaS)

ICIT predicts that the largest ransomware creators will syndicate “retail versions” of their products to less sophisticated criminals and lower-level hackers who’ll perform the day-to-day grunt work of hunting down new victims around the world. The creator collects a percentage of every successful ransom payment.

In the coming weeks, we’ll continue to examine ransomware and other cyberthreats our customers need to defend against. For more on how to protect your company, contact us.

Data Breaches: Dark Times in the Golden State?

Wednesday, June 1st, 2016

lock-156641_640

Being the cyber-security geeks we are, we took great interest in combing through this year’s California Data Breach Report, released by the Attorney General’s office this past February. The report tabulates data collected from breach incidents which expose confidential information of 500 or more individuals, reported to the Attorney General as required by California law since 2012.

Over these past four years, there has been a total of 657 reported incidents, affecting over 49 million Californians—from Social Security and driver’s license numbers to financial accounts to health records, logins, and passwords.

By the Numbers: Not Much News to Us

The breakdown of California data breaches came as little surprise to us:

  • Malware and hacking accounted for over half of all breaches (54%), while responsible for a whopping 90% of all stolen personal records.
  • While physical breaches—lost or stolen unencrypted data on computers and mobile devices—came in a distant second (22%), they were the most reported by healthcare providers and small businesses.
  • Other breaches were attributed to human error (17%) or intentional misuse or unauthorized access by company insiders (7%).

After 178 reported major breaches in 2015 alone, the report estimates almost three in five Californians were victims of loss or theft of data.

Plug the Leaks, Block the Hackers

The second half of the report offers multiple recommendations for preventing data breaches in the future. Specifically discussed is the expanded use of multi-factor authentication (as we’ve already recommended) in place of simple, easy-to-guess user passwords such as “qwerty” or “12345” (as we’ve likewise lamented in a previous post). Stronger encryption standards are needed to protect confidential data, particularly within the healthcare sector.

However, the Attorney General’s primary recommendation is that all business and government organizations adopt their own risk management strategy based around the Critical Security Controls for Effective Cyber Defense, a comprehensive 20-point plan developed by the Center for Internet Security.

While a mishmash of federal and state-to-state regulations offer varying effectiveness against data breaches, the California report cites voluntary compliance with the CIS Controls as “a minimum level of information security that all organizations that collect or maintain personal information should meet,” while falling short of the full 20 standards constitutes “a lack of reasonable security.”

We agree the CIS Controls represent a solid roadmap, effectively “covering all the bases” when it comes to data protection. When you discuss security with a potential MSP partner, mention the CIS Controls as a baseline. If they downplay such a structured approach, you’re probably talking with the wrong vendor.

How well is your company meeting California’s data security guidelines? For a few tips on getting better, ask us today.

New Threat Targets Older Android Devices

Wednesday, May 11th, 2016

phone-716965_640

Smartphone users can be broken down into two camps: those who can’t live without lining up to buy the latest and greatest model the day it hits the stores, and those who hold on to their tried-and-true phone until it suddenly dies one morning.

There’s nothing wrong with sticking with “obsolete” hardware that still serves your purposes just fine.

But if your older Android phone (or tablet) is running an older version of the Android operating system (4.4/KitKat or earlier), you’re the designated target of this month’s new cyberthreat, dubbed Dogspectus by enterprise security firm Blue Coat.

Dogspectus combines elements of two types of malware we’ve already talked about: malvertising, passively spread through online ads, and ransomware, holding the victim’s data hostage until a fee is extorted.

“They Never Saw It Coming”—A Drive-By Download

Unlike most malware, which requires action by the victim (such as clicking on a phony link), a Dogspectus infection occurs by simply landing on a legitimate web page containing a corrupted ad with an embedded exploit kit—malicious code which silently probes for a series of known vulnerabilities until it ultimately gains root access—essentially central control of the entire device.

“This is the first time, to my knowledge, an exploit kit has been able to successfully install malicious apps on a mobile device without any user interaction on the part of the victim,” wrote Blue Coat researcher Andrew Brandt after observing a Dogspectus attack on an Android test device. “During the attack, the device did not display the normal ‘application permissions’ dialog box that typically precedes installation of an Android application.”

“Hand Over the Gift Cards, and Nobody Gets Hurt!”

A Dogspectus-infected device displays an ominous warning screen from a bogus government security agency, “Cyber.Police,” accusing the victim of “illegal” mobile browsing—and suggesting an appropriate “fine” be paid. While most ransomware demands payoff in untraceable Bitcoin, Dogspectus prefers $200 in iTunes gift cards (two $100 or four $50 cards) via entering each card’s printed access code (Apple may be able to trace the users of the gift cards—unless they’re being resold on the black market).

The device’s “kidnapped” data files are not encrypted, as with traditional ransomware strains such as CryptoLocker. But hijacked root access effectively locks the device, preventing any function—apps, browser, messaging, or phone calls—other than delivering payment.

The victim is left with two choices: shop for gift cards (Dogspectus conveniently lists national retail outlets!) or reset the device to its out-of-the-box factory state—erasing all data files in the process. Apps, music, photos, videos all gone.

Short of upgrading to a newer Android device, your best defense against Dogspectus and future ad-based malware is to install an ad blocker or regularly back up all your mobile data to another computer. For more on defending against the latest emerging cyberthreats, contact us.

Prepare Now or Pay Later: More Ransomware Attacks in the News

Thursday, April 7th, 2016

euro-76015_640

We’re only a few months into 2016, but we’ve already seen two high-profile ransomware attacks—where cyber-crooks heavily encrypt a victim’s computer files before demanding payment for a decryption key only they can provide. Two notable incidents grabbed headlines:

  • In January, Israel’s Electricity Authority was hit by what officials termed “a severe cyber attack.” What early media reports described as a possible terrorist plot to knock out Israel’s national power grid turned out to be a multiple ransomware infection that crippled the agency’s IT network—most likely triggered by a employee falling for a phishing scam (as little as clicking a link in a bogus email). The Israeli government didn’t reveal whether they’d paid off the crooks in order to restore the network.
  • Closer to home, one month later Hollywood Presbyterian Medical Center in Southern California gave in to hackers’ demands for 40 Bitcoins—a little under $17,000—to restore access to their ransomware-encrypted network. With patient care potentially in the balance, the hospital decided the quickest solution would be to simply pay the ransom.

Pay or Don’t Pay: Where Do You Stand?

A recent study from anti-virus maker Bitdefender indicates that over half of all U.S. ransomware victims have actually paid off their attackers, while 40% of respondents said they most likely would pay to restore access to their data files if necessary.

This leads us back to the central ransomware conundrum: To pay or not to pay.

As we recently discussed, the FBI considers their hands tied against ransomware attacks (almost all are suspected to be launched from Eastern Europe) and shockingly recommends victims simply cough up the Bitcoins. But there are still very logical reasons why paying off cyber-extortionists is never a wise idea:

  • You’re an instant patsy. A quick ransom payment indicates you’ll give in without a fight—an ideal victim. Expect your attackers to remember that when they run low on cash—or share that knowledge with other cyber-gangs looking for their next “easy mark.”
  • The demands will grow bigger. Think of ransomware attacks in terms of simple economics—the “seller” charges what the market will bear. Today’s most lethal strain of ransomware, CryptoWall 4.0, currently charges victims a standard flat rate of 1.83 Bitcoin ($700). If most readily paid $700 for their precious data today, why wouldn’t they pay $900 tomorrow—or even more?

Protect Your Company Now

  • Back up your entire network regularly. Most ransomware will seek out external backup drives (connected to a computer via a USB port) and infect those files as well—unplug the drive after every manual backup.
  • Make sure all software is fully updated and patched. Ransomware and other viruses seek out vulnerabilities in all common office apps.

The middle of a robbery is too late to create your anti-robbery plan! Contact us to help design and implement your company’s strategy against ransomware and other emerging cyber-threats.

Are Macs “Ransomware-Proof”? Not Anymore

Wednesday, March 23rd, 2016

computer-150097_640

Since Apple famously introduced the Macintosh over three decades ago, Mac users have been confident that their computers are virtually immune to ransomware and other malware threats which plague their Windows counterparts. But those days are over.

On March 4, researchers at security firm Palo Alto Networks detected what they believe is the first “fully functional” ransomware attack aimed exclusively at Apple’s OS X operating platform.

Dubbed KeRanger, the ransomware code was discreetly piggy-backed onto a routine update of Transmission, a popular BitTorrent client (a free Mac utility enabling rapid download/sharing of large files). After lurking on an infected Mac for three days, KeRanger encrypts all or part of a Mac hard drive before demanding an untraceable payment of one Bitcoin (currently the equivalent of about $400) to restore access to the scrambled files.

Hack a Mac? Just Fool the Gatekeeper

Macs are generally less susceptible to viruses and malware thanks to Gatekeeper, a built-in OS X defense feature that rejects software downloads which don’t include an Apple Developer IDessentially Apple’s digital certification for a third-party app they declare legitimate and harmless. In the case of KeRanger, it was fraudulently coded with a Developer ID (Z7276PX673) that had been previously assigned to a software developer in Turkey, enabling it to bypass Gatekeeper and infect the Mac’s hard drive. (How the Turkish company’s Apple certificate apparently fell into the wrong hands is still under investigation.)

After isolating the bogus Developer ID on the morning of March 4, Palo Alto Networks immediately notified Apple, who quickly revoked KeRanger’s certification. The Transmission homepage has also replaced the tainted version of the app with a “clean” update. It was determined that KeRanger was only “in the wild” (at-large and uncontained) within a relatively small window between 11 a.m. March 4 and 7 p.m. March 5.

It Could Have Been Worse

In their haste to begin extorting victims as soon as possible, KeRanger’s developers didn’t complete an additional section of code that would have disabled Time Machine, an OS X feature that restores users’ backup files stored on an external drive—similar to the automated System Restore function in Windows. If they’d spent a little more time refining their “launch version” of ransomware, even backup files would have been hopelessly encrypted without that $400 payoff.

If you’re a Mac user who doesn’t use the Transmission app, you dodged a bullet. But the KeRanger incident is a serious blow to OS X’s reputation as the “hack-proof” operating system. As we’ve discussed, ransomware schemes are the fastest-growing form of cybercrime today, and it was only a matter of time before Macs became a target.

For more information on ransomware and more of the latest emerging cyberthreats, contact us today.

New Ransomware Good Reminder to Practice Thorough Data Backup

Wednesday, February 17th, 2016

close-159133_640

A new combination of a sophisticated password-stealing Trojan, powerful exploit kit, and content-encrypting ransomware is making its way around the Internet infecting Windows users. If it hits your business, you’re looking at a considerable loss of time and finances.

It’s estimated that businesses worldwide spent around $491 billion in 2014 managing the blowback from data breaches and malware infections. Making sure your business is ready to minimize the amount of damage a ransomware attack can do is the best course of action for dealing with cyber threats like these.

Ransomware Refresher

Ransomware has taken system-disabling malware to a whole new level by trying to extort money in exchange for returning control.

Ransomware that employs data encryption programs like Cryptolocker and CryptoWall uses a complex encoding algorithm that locks off important data on the computer—so removing the ransomware will not restore the data.

In many cases, paying the $24 to $600+ demanded to decrypt the information ends up being practical, because restoring the lost data would end up costing more. However, it is possible that even after you’ve paid the ransom the hackers will not restore access to your system. So pay at your own risk.

Kicking You When You’re Down

The new malware fusion doesn’t just lock a user out of their computer or try to steal login credentials; it does both, and tries to use some of that stolen information to hijack websites the user has admin access to (and propagate itself across more systems). According to PCWorld, the new disastrous malware mix uses the “Angler” exploit kit, the credential-stealing “Pony” Trojan, and the “CryptoWall 4” ransomware. If any of your business’s computers are hit with this malware campaign, you’ll have to deal with compromised account login information, possible FTP and SSH website access breaches, and all the data on the infected computer is as good as lost. So you’re not only looking at the expenses for changing passwords, locking down websites, and replacing lost information, but also the dozens of hours redoing lost work.

The Best Defense

Even though malware finds new ways to compromise systems, it is still a best security practice to keep your antivirus and system software up to date to protect your information. However, keeping everything updated can be problem for some companies, as vital software may not work correctly following an update. Additionally, businesses should avoid using computers running old, outdated operating systems like Windows XP that are no longer receiving security updates.

Making sure your important information is also saved in off-device storage (like an external hard drive or on a cloud service backup) is one of the best things your business can do to minimize the amount of damage caused by a system-disabling malware attack. If the system is infected, the backed up data will still be up to date—and instead of losing months of work, you’re looking at a few hours or days instead. Moving work to cloud-based applications with online storage is another good way to prevent loss from malware. If an employee’s computer gets hit with ransomware, any work they’ve been storing or working on through a cloud service is still safe and secure.

Need advice on backing up your data? Get in touch with a local MSP today.

Ransomware Is Getting Even Worse… and The Feds Can’t Stop It

Thursday, January 21st, 2016

money-bag-400301_640

As chaos reigns across much of the Middle East, our government steadfastly insists that “the United States does not negotiate with terrorists—because it will only encourage them in the future.” Meanwhile, visitors to our National Parks are warned never to feed bears and other wildlife—because those hungry bears may come to demand their next meal from campers!

Yet if cyber-gangsters in Eastern Europe hijack an American company’s data with an encryption virus before charging a hefty ransom to remove it, our same government recommends to “go ahead and pay them.” What’s going on here?

“Don’t Say We Didn’t Warn You…”

Over two years ago, we first talked about CryptoLocker and other ransomware—probably the most dangerous cyber-threat to businesses today.

This isn’t just another “nuisance” cooked up by a hacker in his dorm room. International organized crime syndicates have used sophisticated ransomware schemes to extort removal fees—typically between $200 and $10,000, paid in untraceable Bitcoin—from companies in the U.S. and around the world.

The newest strain of ransomware to be spotted “in the wild” is CryptoWall 4. Spread via email attachments and malicious websites, CryptoWall 4 is a “double-whammy”—not only encrypting vital hard drive data, but also scrambling filenames, making it impossible to tell which files have actually been infected.

It’s been determined that CryptoWall’s source is inside Russia—the malware is cleverly designed to ignore computers using Cyrillic-Russian keyboard language (Russian authorities are quick to prosecute Russian-on-Russian cybercrime, while the rest of the world is apparently “fair game”). Previous versions of CryptoWall alone have already robbed victims of an estimated $325 million—in Bitcoin ransom payments as well as lost productivity and residual costs (including legal fees).

Uncle Sam to Victims: Sorry We Can’t Help

What can our government do to bring justice to the victims of ransomware? As we’ve discussed, not much. Given our frosty relations with Vladimir Putin’s regime, Russian law enforcement is in no hurry to cooperate. At October’s Cyber Security Summit in Boston, Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, confessed: “The ransomware is that good… to be honest, we often advise people to just pay the ransom.”

In other words, imagine being robbed at gunpoint on a busy street corner in broad daylight—while the cops watch and shrug. Yes, it’s that scary.

How Can You Protect Yourself?

  • Bitdefender is offering a free downloadable CryptoWall 4 “vaccine” to prevent infection.
  • Ensure all your PCs are always fully updated (Windows, anti-virus, firewalls, browsers) with the latest security patches.
  • Enable pop-up blockers on all browsers, and disable plugins from running automatically.
  • Backup all your data, all the time. Consider backing up the backups.

For more ideas on how to protect your company from ransomware and other emerging threats, contact us.

Fake Phishing: The Ultimate Security Training?

Tuesday, January 5th, 2016

no-entry-909933_640

What is the current state of your company’s IT security training program—if you have one? Many companies settle for an annual group training session to broadly review the major types of cyber-threats—viruses, malware, and phishing.

The problem with once-a-year “standardized” training is that once employees go through it the first time, they may not fully pay attention in the future, thinking they’ve “heard it all before.” That’s when they’re most vulnerable.

“It Won’t Happen To Me”—Until It Does

Recently, a friend of ours—who normally prides himself on being “smarter than the average bear” when it comes to computer hygiene—confessed he finally got duped into downloading malware directly to his desktop PC. He tried updating to the latest version of CCleaner, a popular, trusted freeware utility which removes temporary files, cookies, and other unwanted clutter from a hard drive. But the page he was directed to had two different “Download” buttons… and he clicked the wrong one. After ignoring dire warning screens from his anti-virus program (“It’s only CCleaner,” he reasoned), he discovered he’d actually just downloaded several unfamiliar programs, masquerading as system processes in his Windows “Task Manager.”

The first consequence: an uncloseable pop-up window requesting payment to remove multiple “detected threats” (which he of course declined to pay). Fortunately, he immediately deleted all the “scamware”—via several malware-removal apps—before hackers could unleash more havoc. He was reminded to stay reasonably skeptical of almost everything online—and to never again let his guard down.

Time For Some “Tough Love”?

You can warn someone of looming cyber-dangers until they’re tired of hearing it… but sometimes the best education is simply “learning the hard way.”

A handful of security contractors are helping companies actually test their employees by providing fake phishing emails—which mimic the sophisticated tactics of genuine scams (offering bogus apps, phony “updates,” and more). When they click on a deceptive link, they’re quickly informed they’ve dodged a bullet:

“Oops! You’ve just fallen for a fake phishing email test. Luckily, your computer remains unharmed for now, but keep in mind this is how hackers regularly trick victims into compromising network security…”

One strong proponent of fake phishing is the Department of Homeland Security—which recommends federal employees who repeatedly fail such tests should have their security clearances revoked.

The point of fake phishing tests isn’t to anger or shame employees who unwittingly take the bait. The goal is to prove that cyber-threats are definitely real, and they should take security very seriously. Nobody wants to be the real victim.

For management, the overall “conversion rate” of a fake phishing test is a true metric of an IT security training program. If too many employees allow themselves to be conned by a simulated phishing scam, their existing training isn’t working.

For more ways to boost security measures within your business, get in touch with a local MSP.

The Importance of Being Proactive: Why You Need A Breach Response Plan

Thursday, August 6th, 2015

attention-297169_640

Each month, Microsoft releases a new security bulletin. In May of 2015, forty-six vulnerabilities had been identified and fixed, spanning products such as Windows, Internet Explorer, and Office. In June, it was even more. While some of these vulnerabilities were low-threat, others were more critical, like the numerous Internet Explorer weaknesses that would allow attackers easy access to execute very harmful activity.

As vulnerabilities like these are not always exploited, many companies take a lax approach to security.

Is every single one of your firm’s computers and servers—whether in your office or in a data center—updated with these recent patches? How about the patches from last month? And those from last year?

Implementing effective security measures takes up time, energy, and resources, but cutting corners can be even costlier—and sometimes downright catastrophic. To avoid the detrimental effects of an attack, it’s essential to maintain an updated breach response plan.

Strengthening Your Incident Response Plan

In the Digital Age, the occasional technology breach is inevitable. A well-developed breach response plan can help curtail damage in the event of an attack, natural disaster, or other unforeseen event. Here are a few things to consider when creating your plan:

  • Review your security plan at least twice a year. This will allow for any additions or adjustments as necessary.
  • Compose a list of clients, their appropriate contacts, and proper notification protocol for each.
  • Assign responsibilities to individual parties where detailed action is required. Leave nothing to chance. If it’s a crucial matter, be sure you know exactly who is responsible for handling the task at hand.
  • Compile a guidance list of “proper responses” to execute based on the nature and severity of the breach.
  • Devise a restoration plan in which backups and other necessary files are recovered.
  • Managed Service Providers can help develop well-designed response plans. Their knowledge of malware, virus prevention, and disaster recovery is priceless when a serious threat emerges.

Post-Breach Measures

After a breach, you have to clean up. This can involve following your disaster recovery protocols, using tools to clean up the mess, and notifying your clients and business partners.

Your data may be damaged, and you may need to shut down your company operations while you recover data, software, and operating systems from your backup system (assuming that system has not been damaged too).

You will need to figure out how the breach occurred and implement improved security measures to keep it from happening again. Why clean up the mess, only to get hit again with the same problem? A breach can indicate a security lapse, like ignoring updates and patches for servers, workstations, anti-virus, and anti-malware software.

In some states and some industries, you are legally required to notify your clients, employees, and business partners of the breach.

Traffic Monitoring Tools

Traffic monitoring tools can detect hidden malware and communication traffic between your network and the Internet that might indicate a breach. One of these tools is Unified Threat Management (UTM) software that can be implemented inside your office’s firewall as part of a service program.

With the plethora of managed service providers and security tools available, it’s easier than ever to start creating your incident response plan. Getting ahead on your security is a smart business move that could save you a great deal of time and money in the long run.

Preventing Breaches in the First Place

Be smart. Save labor. Save money.

Hackers are growing in number, not shrinking, and they are being paid more and more for their efforts in ransom, extortion, fraudulent advertising, and other areas. The problem isn’t going to get better—so you need to be prepared.

It’s a real pain to recover from a breach. It’s time-consuming, and it can be embarrassing for your firm’s reputation. Your company’s leadership may even come into question by customers and staff.

That’s why the smartest move is to prevent security problems before they happen.

Ask yourself these questions:

Are your anti-virus and anti-malware systems up to date? (In other words, have you made updates in the last day?)

Is each and every one of the workstations, laptops, and servers in your organization patched and protected against viruses?

Do you have a service program that assures patches are up to date—and if an installation is missed or fails, is someone in charge of fixing the problem?

Do you scan your emails for malware and viruses before they come to your email server, wherever it’s located (in your office or in a Cloud data center)?

Do you scan your emails for malware and viruses repeatedly as they lie in storage on your email server? A virus identified today may not have been known to anti-virus manufacturers a month ago, when you first received an infected message.

Does your firewall have UTM? (See above.)

Does your firewall prevent your employees from visiting a sketchy site or being directed, without their knowledge, to a malware-infected website in an innocent-looking email link?

Lastly, do you have a service program or service procedures that manage all of the above? You can’t “load it and you’re done,” and you can’t “set it and forget it.” These services must be actively managed by your own firm or a skilled Managed Services Provider.

Who Does All the Work?

In large companies, these types of proactive security management are carried out by internal IT staffers, outsourced security experts, or a combination of both.

In small businesses, this type of work is best performed by an outsourced Managed Services Provider. It’s becoming too complicated for internal resources to effectively handle proactive security management without outside advice and services. It’s also too complicated and time consuming, in many cases, for a small IT service shop or a single “IT Guy” to keep up with the rapid evolution of network security threats and barriers.

How Do You Know If You’re Protected?

Simple. Hire an IT consulting firm, an IT consultant, or a Managed Services Provider to perform an audit of your company’s computer network. You want to test at least four things:

  • Your internal network security
  • The security between your internal network resources and the outside Internet (outward flow)
  • The security between the Internet and your inside resources (inward flow)
  • Compliance with any regulatory security that applies to your type of business

After almost every virus attack or security breach we hear about, the affected company’s managers say, “I thought we were covered.”

Last month at MPA, we heard this from the manager of a furniture distribution company in the East Bay after ALL of their data and backups were destroyed by a virus. If that happened to your business, could you survive?

Don’t wait until you have a catastrophe on your hands to find out whether your current coverage is enough. Order a Technology Assessment/Security Audit today.