Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.” This age old advice is easily applied to the digital world we live in today. Computers, applications and networks are under constant attack by hackers who are extremely motivated by big financial gains.
An effective patch and vulnerability management program has the ability to stop most hackers dead in their tracks. It greatly reduces the risk associated with the exploitation of a neglected or un-patched computer system.
Year after year, we learn that the vast majority of successful cyber-attacks have exploited unpatched computers and / or unpatched applications. What is even more interesting is that most of the patches for these compromised systems had been available to install for months, if not years prior to the cyber-attack.
There is no doubt that the combination of routine vulnerability scanning and the timely installation of system patches will make it much more difficult for a hacker to compromise your computer systems and information.
Here are 7 steps to help you build an effective patch and vulnerability management program:
Inventory Systems and Applications
Before we attempt to patch computers, operating systems and applications, we first must know of their existence. It is important to maintain an inventory of all computing assets. If possible, use inventory software to assist with the task but at the least, make sure the inventory is completed using manual means.
Monitor for Vulnerabilities
Vendors will release patches at regular intervals as new vulnerabilities are discovered. You must know when new patches are available to install otherwise, you risk not installing patches in a timely manner – or installing them at all. Good mechanisms to use for monitoring vulnerabilities include a combination of:
- Checking the vendor website and subscribing to mailing list
- Regular vulnerability scanning
- Checking vulnerability databases, such as the National Vulnerability Database
- Relying on an enterprise patch management tool.
Click here to learn more about our Security Assessment and to request your Free Baseline Security Assessment.
Selecting Patches to Apply
Deciding which patches are ultimately installed is typically based on the criticality of the patch, importance of the system being patched, the resources required to install the patch and assurance of post install system functionality. It is good practice to at a minimum, install all “Critical” and “Security” patches.
Testing
Prior to installing patches, it is important to install patches in a test or non-production computing environment. This will assure that the installation of the patch will not cause any adverse outages or system disruption when it is ultimately installed in a production computer environment.
Verify Backup
Despite the testing efforts completed in the previous section, it is still conceivable that the installation of a patch will create unanticipated issues or outages. For this reason, it is important that you verify the system or application being patched has recent data backup that can easily be restored if needed.
Automate Patching
The National Institute of Standards and Technology (NIST) recommends that patch installation should be automated using enterprise patch management tools or alternative options. Manually installing patches is expensive and inconsistent. Where possible, be sure that systems are automatically updated according to your patch management program parameters.
Verify Installation
The installation of a patch should always be confirmed by either re-scanning the system with a vulnerability scanner and / or reviewing log files.
Patching Equals Prevention
All Databranch Comprehensive Care and Foundation Security clients have scheduled automatic patching and Windows updates on their devices. To learn more about how we can help take this off your IT plate, call 716-373-4467 x 15, email [email protected] or visit us here to learn more.
Article curtesy of CyberStone.
Read More
Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.
Electronics now hold just as much personal information and banking information as your wallet does, probably more. This makes a lost or stolen device a cause for alarm.
It’s often not the device that is the biggest concern. It’s the data on the device and the ability of the device holder to access cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.
There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.
If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.
In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
The Minutes After the Loss of Your Device Are Critical
The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.
What Types of Information Does Your Device Hold?
When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:
- Documents
- Photos & videos
- Access to any logged-in app accounts on the device
- Passwords stored in a browser
- Cloud storage access through a syncing account
- Emails
- Text messages
- Multi-factor authentication prompts that come via SMS
- And more
Steps to Take Immediately After Missing Your Device
As we mentioned, time is of the essence when it comes to a lost mobile device. The faster you act, the more risk you mitigate for a breach of personal or business information.
Here are steps you should take immediately after the device is missing.
Activate a “Lock My Device” Feature
Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.
What about “find my device?”
There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!
Report the Device Missing to Your Company If It’s Used for Work
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked.
Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.
Log Out & Revoke Access to SaaS Tools
Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc.
Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option.
This disconnects the device from your account so the thief can’t gain access.
Log Out & Revoke Access to Cloud Storage
It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection.
They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.
Active a “Wipe My Device” Feature
Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.
Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.
How We Can Help
No matter what size company you have, mobile device management is vital. Get in touch with us today at 716-373-4467 x 15 or [email protected] to arrange a quick chat to learn more about your options and how we can help you identify and address any potential security risks.
Article used with permission from The Technology Press.
Read More
Phishing. It seems you can’t read an article on cybersecurity without it coming up. That’s because phishing is still the number one delivery vehicle for cyberattacks.
A cybercriminal may want to steal employee login credentials, launch a ransomware attack, or possibly plant spyware to steal sensitive info. For a hacker, sending a phishing email can accomplish all of this.
80% of surveyed security professionals say that phishing campaigns have significantly increased post-pandemic.
Phishing not only continues to work, but it’s also increasing in volume due to the increase in remote workers. Many employees are now working from home and don’t have the same network protections they had when working at the office.
Why has phishing continued to work so well after all these years? Aren’t people finally learning what phishing looks like?
It’s true that people are generally more aware of phishing emails and have gotten better at stopping them. However, it’s also true that these emails are becoming harder to recognize as scammers evolve their tactics.
One of the newest tactics is particularly hard to detect, the reply-chain phishing attack.
What is a Reply-Chain Phishing Attack?
Just about everyone is familiar with reply chains in email. An email is sent to one or more people, one replies, and that reply sits at the bottom of the new message. Then another person chimes in on the conversation, replying to the same email.
Soon, you have a chain of email replies on a particular topic. It lists each reply one under the other so everyone can follow the conversation.
You don’t expect a phishing email tucked inside that ongoing email conversation. Most people are expecting phishing to come in as a new message, not a message included in an ongoing reply chain.
The reply-chain phishing attack is particularly insidious because it does exactly that. It inserts a convincing phishing email in the ongoing thread of an email reply chain.
How Does a Hacker Gain Access to the Reply Chain?
How does a hacker gain access to the reply chain conversation? By hacking the email account of one of those people copied on the email chain.
The hacker can email from an email address that the other recipients recognize and trust. They also gain the benefit of reading down through the chain of replies. This enables them to craft a response that looks like it fits.
For example, they may see that everyone has been weighing in on a new product idea. So, they send a reply that says, “I’ve drafted up some thoughts on the new product, here’s a link to see them.”
The link will go to a malicious phishing site. The site might infect a visitor’s system with malware or present a form to steal more login credentials.
The reply won’t seem like a phishing email at all. It will be convincing because:
- It comes from an email address of a colleague. This address has already been participating in the email conversation.
- It may sound natural and reference items in the discussion.
- It may use personalization. The email can call others by the names the hacker has seen in the reply chain.
Business Email Compromise is Increasing
Business email compromise (BEC) is so common that it now has its own acronym. Weak and unsecured passwords lead to email breaches. So do data breaches that reveal databases full of user logins. Both are contributors to how common BEC is becoming.
In 2021, 77% of organizations saw business email compromise attacks. This is up 65% compared to the year before.
Credential theft has become the main cause of data breaches globally.
The reply-chain phishing attack is one of the ways that hackers turn that BEC into money. They either use it to plant ransomware or other malware or to steal sensitive data to sell on the Dark Web.
Tips for Addressing Reply-Chain Phishing
Here are some ways that you can lessen the risk of reply-chain phishing in your organization:
- Use a Business Password Manager: This reduces the risk that employees will reuse passwords across many apps. It also keeps them from using weak passwords since they won’t need to remember them anymore. Click here to learn more about our password manager solution, LastPass.
- Put Multi-Factor Controls on Email Accounts: Present a system challenge (question or required code). Using this for email logins from a strange IP address can stop account compromise. You can learn more about MFA here.
- Teach Employees to be Aware: Awareness is a big part of catching anything that might be slightly “off” in an email reply. Many attackers do make mistakes. Our Security Awareness Training will give your employees the tools they need to identify threats. Click here to learn more.
How Strong Are Your Email Account Protections?
Do you have enough protection in place on your business email accounts to prevent a breach? Let us know if you’d like some help!
Databranch has a foundation security suite with systems in place to identify any anomalies before cyber criminals have a chance to do significant damage to your network. Contact us at 716-373-4467 x 15, [email protected], or request more information below.
Article used with permission from The Technology Press.
Read More
One constant about technology is that it changes rapidly. Tools that were once staples, like Internet Explorer and Adobe Flash, age out and get replaced by new tools. Continuing to use discontinued technology can leave computers and networks vulnerable to attacks.
While older technology may still run fine on your systems that doesn’t mean that it’s okay to use. One of the biggest dangers of using outdated technology is that it can lead to a data breach.
Outdated software and hardware no longer receive vital security updates. Updates often patch newly found and exploited system vulnerabilities. No security patches means a device is a sitting duck for a cybersecurity breach.
Approximately 1 in 3 data breaches are due to unpatched system vulnerabilities.
Important reasons to keep your technology updated to a supported version are:
- Reduce the risk of a data breach or malware infection
- Meet data privacy compliance requirements
- To keep a good reputation and foster customer trust
- To be competitive in your market
- To mitigate hardware and software compatibility issues
- To enable employee productivity
Older systems are clunky and get in the way of employee productivity. The efficiency of your employee is only as good as the technology they are working on. Slower machines mean a decrease in progress which can negatively impact your business over time.
Dig you know that 49% of surveyed workers say they would consider leaving their jobs due to poor technology?
Following is a list of outdated technology tools that you should replace as soon as possible. Are any of these still in use within your business?
Get Rid of This Tech Now If You’re Still Using It
1) Internet Explorer
Internet Explorer (IE) used to be the number one browser in the world. But, over time, Google Chrome and other browsers shadowed it out. Including its replacement, Microsoft Edge.
Microsoft began phasing out IE with the introduction of Microsoft Edge in 2015. In recent years, fewer applications have been supporting use in IE. The browser loses all support beginning on June 15, 2022.
2) Adobe Flash
Millions of websites used Adobe Flash in the early 2000s. But other tools can now do the animations and other neat things Flash could do. This made the tool obsolete, and Adobe ended it.
The Adobe Flash Player lost all support, including security updates, as of January 1, 2021. Do you still have this lingering on any of your computers? If so, you should uninstall the browser plugin and any Flash software.
3) Windows 7 and Earlier
Windows 7 was a very popular operating system, but it’s now gone the way of the dinosaur. Replacements, Windows 10 and Windows 11 are now in widespread use. The Windows 7 OS lost support on January 14, 2020.
While it may still technically run, it’s very vulnerable to hacks. Microsoft Windows OS is also a high-value target for hackers. So, you can be sure they are out there looking for systems still running this obsolete version of Windows.
4) macOS 10.14 Mojave and Earlier
Because of the cost of iMacs and MacBooks, people tend to hang onto them as long as possible. Once these devices get to a certain point, updates no longer work. This leaves the hardware stuck on an older and non-supported macOS version.
If you are running macOS 10.14 Mojave or earlier, then your OS is no longer supported by Apple and you should consider an upgrade.
5) Oracle 18c Database
If your business uses Oracle databases, then you may want to check your current version. If you are running the Oracle 18C Database, then you are vulnerable. Breaches can easily happen due to unpatched system vulnerabilities.
The Oracle 18C Database lost all support in June of 2021. If you have upgraded, then you’ll want to keep an eye out for another upcoming end-of-support date. Both Oracle 19C and 21C will lose premiere support in April of 2024.
6) Microsoft SQL Server 2014
Another popular database tool is Microsoft’s SQL. If you are using SQL Server 2014, then mainstream support has already ended. Plus, in July of 2024 all support, including security updates will stop.
This gives you a little more time to upgrade before you’re in danger of not getting security patches. However, it is better to upgrade sooner rather than later. This leaves plenty of time for testing and verification of the upgrade.
Get Help Upgrading Your Technology & Reducing Risk
Upgrades can be scary, especially if everything has been running great. You may be afraid that a migration or upgrade will cause issues. We can help you upgrade your technology smoothly and do thorough testing afterward. You can also contact Databranch today at 716-373-4467, [email protected] , or fill in the form below to set up a vulnerability assessment.
Article used with permission from The Technology Press.
Read More