What To Do When You’ve Had A Breach

What To Do When You’ve Had A Breach

It’s vital to understand that this doesn’t mean you’re alone. According to PWC in a study conducted last year, not only did 74% of small businesses have a breach, but 90% of large businesses did as well. Both of those numbers, by the way, are up from the previous year. At this point, it’s not a question of if you’re going to get hacked, but when. 

Top 5 Ways Small Business Can be More Secure than Large Ones

Top 5 Ways Small Business Can be More Secure than Large Ones

Small businesses are not at a disadvantage when it comes to network security and cyber security; in fact small organizations actually have a huge advantage.  It isn’t about budgets alone, it is about focus.  I can have the greenest lawn in my neighborhood, if I choose to.  It is a matter of desire.  Your network can actually be more secure and stable than larger ones, giving you a huge competitive advantage!  You just have to make the choice.

Why The Internet of Things Requires IDS

In the world we live in today, there are an endless number of devices that are connected to the Internet. But, are they as secure as possible, or do they blow a gaping hole into your network? Everything from toys to automobiles are connected. In fact, it is not uncommon to find your refrigerator or thermostats connected to the Internet. It has been estimated that by 2020 there will be 21 billion IoT devices in the world. To meet the rush and need of consumers, manufacturers are spending their time measuring how fast they can code, instead of how securely they can do it. We already hear and read many stories about disastrous attacks that are perpetrated with these devices. We also see suggestions for securing such devices, but is that really all that can be done? If only there were a way to monitor your traffic as a whole, to ensure that the only traffic passing through your network is the traffic that is supposed to be there.

How Ransomware Is Getting Through Your Firewall

It may seem counter-intuitive, but ransomware has grown in large part because of how good our security already is. HTTPS traffic is becoming more and more common, and it’s supposed to be a measure of a strong, secure connection from a trusted source. There’s a problem, though: it’s incredibly easy to get an SSL certification that allows your traffic to be run as HTTPS.

Recent Breaches and Security Risks in Private Schools - What You Need to Know

Schools have student and parent information on file, financial records, and medical records.  Schools are simply a plethora of personal identifiable information (PII).  What’s worse is that schools often have limited budgets to work with on securing this information.

My Advice for HVAC Companies

So instead of an attacker targeting a company directly, some simple social engineering would let the attacker know what outside building service providers the company works with.  Armed with this information, the attacker proceeds with targeting the less protected HVAC provider and gains access to the target company, and maybe others they didn’t expect.

You're In Charge

For those of us who work in IT, one of the biggest aspects of our job is making sure our users have an easy experience when it comes to using the network.  Our main goal is to make it easier for them to carry out their daily tasks by providing them a solid technological foundation.  At some point, though, we inevitably end up doing something or giving them access because it’s easier on us.  That’s where we get into trouble.

During almost every security assessment we have done, we find that there are things in place that are very much a “you should know better” situation.  One of the biggest examples is password policies.  We very often go into a network and find that there is either a very lax policy in place, or none at all.  When we bring it to the attention of the IT department, their response is very often, “It made our users mad to have a strong password, so we turned it off.”  This, as we all should know, is unacceptable.  Yes, it’s sometimes frustrating to have to remember a complex password.  In a perfect world we wouldn’t need passwords at all, because everyone would be trustworthy.  Unfortunately, we have to be realistic.  We don’t implement strong passwords because we enjoy making our users work harder.  We do it to protect them, and to protect our network.

When we are presented with the response that it made the users upset, I think of it like this:  Did your mom ever give you a choice of eating fruit and vegetables?  Most likely not.  She knew you didn’t like it, and she probably didn’t want to force you to do it, but she also knew that eating those fruits and vegetables was better for you.  She had the authority, and you obeyed.  Working in IT is no different.  When it comes to the network, you are the parent.  Don’t do things because it’s easier on your users if it means sacrificing the security of your network.  If you do, you’ll end up with a network full of cavities.

Ransomware Prevention

There was recently a severe ransomware threat that was identified called "Locky."  It is currently making its rounds through networks causing severe damage.  If you aren't familiar with ransomware, this is a type of infection on your network that locks your files and holds them for ransom until you pay the attackers.  

Unfortunately there's no "magic wand" in regards to ransomware.  If this or another type of ransomware infects your network, your best course of action is restoring from a backup.  That being said, we all hope it never happens in the first place.  Of course, to prevent it, we have to take measures to do so.

One of the things that will be of the greatest benefit to you is to ensure that your firewall is configured to scan for viruses and malware.  These features usually work based on signatures that are downloaded to your firewall.  The point of antivirus on your device is to prevent harmful content from coming in before it ever gets to your users' computers.  (As a side note, having AV on your firewall doesn't mean you can get away with not having AV on your computers.  You need both to be fully protected.)

The second greatest benefit is to have an APT blocking service or feature on your firewall.  APTs, or Advanced Persistent Threats, are zero-day exploits that haven't yet been identified, but that are still just as harmful.  An APT blocking service is designed to run this potentially malicious content in a simulated environment to see what the possible impact would be.  It should then alert you if the connection was found to be harmful.

With both of these services, once you ensure you have them on your firewall, you then need to make sure they are configured correctly.  One of the things you will hear us talk about in our organization is the importance of your configuration.  You can put in a top-of-the-line firewall with all of the bells and whistles, but until you configure it correctly, you aren't getting the full benefit of its features.  

Secure Messaging Apps

In today’s world, electronic communication is widespread. Gone are the days of calling someone, or writing a letter. Now we say, “Just shoot me a text or an email”. It is our number 1 source for communication. With this move to the digital space, there is also the increased risk of a compromise in the line. Just like wiretaps on phone lines, a tap may be placed to intercept your digital communication as well. What is worse, because of how easy it is to access the digital realm, anyone can perform an interception, not just the service provider or a government agency. So what can be done to keep our information private and secure?

Enter the realm of secure messaging. These are special applications meant to do exactly that, keep your messages secure. While there are many to choose from, most offer the same basic features. The idea is simple; the application encrypts all messages before they leave your phone. In transit, no one has the ability to decrypt those messages except the user receiving them. The one downside is that both parties involved in the communication must have the app installed in order to use it.

These types of applications also have another advantage. Have you ever called looking for a certain individual, just to have someone else pickup and pretend to be them, as a prank or way of screening the calls? One of the features secure messaging can provide is the ability to verify the recipient of your messages. This way you can ensure you are not passing your data on to a third party.

Let’s face it though, your grocery list is not really “secret” information that must be secure. (If someone wants to do my shopping for me feel free!) As such, most everyday users may not find a need for such an app. Businesses, and other various professionals, may on the other hand find such communication very important in relation to safeguarding trade secrets and client information when it needs to be shared. Always use a medium that matches the sensitivity of your information.

References: https://www.eff.org/secure-messaging-scorecard

The Risk of Guest Wireless

Almost every place you go these days the company is offering free wireless internet.  This is very prevalent in retail outlets, for example.  There are numerous marketing benefits to offering this service to clients.  If Macy's wants to know how long my wife spends in dresses vs how long she spends in perfume, they know.  The wireless offer actually is a cheap marketing tool for the organization.  Starbucks has a different agenda in why they offer it, same for Panera and McDonalds.

Healthcare is not amatuer in offering this service.  The purpose is not to gather marketing data or keep clients there longer; rather they are offering it for patients and guest while they are stuck there.  This is a simple low cost offering that makes a small gesture.  However in healthcare, guest wireless can be a dangeous offering if not propoerly configured.  Allow me to explain.

Most guest wireless is either open or secured with a well known password to allow easy access.  Very few restrictions outside of bandwidth control reside on these networks as the intent is to be open and accessible.

The risk comes in with the internal employees using the guest network to bypass the controls of the internal network, that is most likely locked down.  By bypassing the controls of the internal network they can gain access to content that was restricted subjecting themselves to an attack from malware.  Once the device reconnects to the internal network the malware gets in.  Boom.  An attacker has access. 

Another reason is they want to access soemthing for selfish reasons such as access to Facebook or downloading of content. If the content is malicious or the device gets attacked, health records can be one and at risk.

I could list more reasons but the risk is clear.  And so is the solution. Mot of the tests we conduct of guest wireless are missing one key component, a denied access list. A denied access list is a list of devices that are not allowed to connect to it.  This list needs to be populated with any internal device on the network. Apply the list to your guest wireless and you can reduce the risk of an internal device using the guest wireless.  Then you force internal patient information to only be accessible from internal or VPN resources.

This simple tip will plug an often open hole.  There is no silver bullet to security.  Take small steps and increase your security slow and steady.  

Why We Don't Use Facebook

One of our projects that we work on behind the scenes is teaching people about the dangers and threats posed by Facebook.  Facebook itself isn't dangerous, it is all in how you use it.  This week someone was killed over a picture they posted on Facebook.  When we are educating kids and parents on these threats, it would be hypocritical to our message. 

One of the character traits we all posses is being genuine.  We do not want to say one thing and do another.  So we have made the business decison to not use Facebook for a business marketing tool.  We do other types of social media but in a limited form. 

For business to consumer businesses (B2C) we think Facebook is a great marketing and promotional tool.  We wish you the best of luck with your efforts there.  But we will not have a Facebook page for our security training business. 

Not Starting

They will often list endless reasons why they haven't previously done anything about security.  Why they let the system sit knowing it was insecure, why they didn't spend the money on an assessment, or why they have not taken a class on how to secure their infrastructure.  And there we sit trying to discuss starting a remediation project at a cost greater than the testing and maintenance would have been.