Software vulnerabilities are an unfortunate part of working with technology. A developer puts out a software release with millions of lines of code. Then, hackers look for loopholes that allow them to breach a system through that code.
The developer issues a patch to fix the vulnerability but it’s not long before a new feature update causes more. It’s like a game of “whack-a-mole” to keep your systems secure.
Keeping up with new vulnerabilities is one of the top priorities of IT management firms. It’s important to know which software and operating systems are being attacked.
Without ongoing patch and update management, company networks are vulnerable while these attacks are completely avoidable. 82% of U.S. cyberattacks in Q1 of 2022 were due to exploiting patchable vulnerabilities.
What new vulnerabilities are lurking in products from Microsoft, Google, Adobe, and others? We’ll go through several. These were recently noted in a warning by the Cybersecurity and Infrastructure Security Agency (CISA).
Make Sure to Patch Any of These Vulnerabilities in Your Systems
Microsoft vulnerabilities include those in three of its products. Internet Explorer (IE) is one of them. Microsoft discontinued IE in June of 2022. You should remove this from any computers that still have it installed.
You’ll see the acronym “CVE” used in the vulnerability names. This is an industry-standard naming structure. It stands for Common Vulnerabilities and Exposures.
Here is a rundown of these vulnerabilities and what a hacker can do:
- CVE-2012-4969: This Internet Explorer vulnerability allows the remote execution of code. This is a “critical” vulnerability because of the damage it enables. Hackers can release this via a website. Thus, formerly safe sites can become phishing sites when hackers exploit this loophole.
- CVE-2013-1331: This is a flaw in the code for Microsoft Office 2003 and Office 2011 for Mac. It enables hackers to launch remote attacks. It exploits a vulnerability in Microsoft’s buffer overflow function. This allows hackers to execute dangerous code remotely.
- CVE-2012-0151: This issue impacts the Authenticode Signature Verification function of Windows. It allows user-assisted attackers to execute remote code on a system. “User-assisted” means that they need the user to assist in the attack. Such as by opening a malicious file attachment in a phishing email.
Google Chrome and applications built using Google’s Chromium V8 Engine are also on the list. These applications are targets of the following vulnerabilities.
- CVE-2016-1646 & CVE-2016-518: These both allow attackers to conduct denial of service attacks. They do this against websites through remote control. This means they can flood a site with so much traffic that it crashes.
- Those aren’t the only two code flaws that allow hackers to crash sites this way. CVE-2018-17463 and CVE-2017-5070 are two others that both do the same thing. Like all these others, they both have patches already issued that users can install to fix these holes.
People use Adobe Acrobat Reader widely to share documents. It makes it easy to share them across different platforms and operating systems. But it’s also a tool that’s on this list of popular vulnerabilities.
- CVE-2009-4324: This is a flaw in Acrobat Reader that allows hackers to execute remote code via a PDF file. This is why you can’t trust that a PDF attachment is going to be safer than other file types. Remember this when receiving unfamiliar emails.
- CVE-2010-1297: This memory corruption vulnerability. It allows remote execution and denial of service attacks through Adobe Flash Player. Like IE, the developer retired Flash Player. It no longer receives support or security updates. You should uninstall this from all PCs and websites.
Netgear is a popular brand of wireless router. The company also sells other internet-connected devices. These are also vulnerable, due to the following flaws.
- CVE-2017-6862: This flaw allows a hacker to execute code remotely. It also enables bypassing any needed password authentication. It’s present in many different Netgear products.
- CVE-2019-15271: This is a vulnerability in the buffer overflow process of Cisco RV series routers. It gives a hacker “root” privileges. This means they can basically do anything with your device and execute any code they like.
Patch & Update Regularly!
These are a few of the security vulnerabilities listed on the CISA list. You can see all 36 that were added here.
How do you keep your network safe from these and other vulnerabilities? You should patch and update regularly. Work with a trusted IT professional to manage your device and software updates. This ensures you don’t have a breach waiting to happen lurking in your network.
Automate Your Cybersecurity Today
Patch and update management is just one way that we can automate your cybersecurity. Contact us today at 716-373-4467 x 115, firstname.lastname@example.org or fill out the form below to learn how else we can help by scheduling a consultation today.
Article used with permission from The Technology Press.
Have you felt more secure from cyberattacks because you have a smaller business? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.
Well, a new report by the cybersecurity firm Barracuda Networks debunks this myth. Their report analyzed millions of emails across thousands of organizations. It found that small companies have a lot to worry about when it comes to their IT security.
Barracuda Networks found something alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.
Why Are Smaller Companies Targeted More?
There are many reasons why hackers see small businesses as low-hanging fruit and why they are becoming larger targets of hackers out to score a quick illicit buck.
Small Companies Tend to Spend Less on Cybersecurity
When you’re running a small business, it’s often a juggling act of where to prioritize your cash. You may know cybersecurity is important, but it may not be at the top of your list. So, at the end of the month, cash runs out, and it’s moved to the “next month” wish list of expenditures.
Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.
Hackers know all this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.
Every Business Has “Hack-Worthy” Resources
Every business, even a 1-person shop, has data that’s worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.
Here are some of the data that hackers will go after:
- Customer records
- Employee records
- Bank account information
- Emails and passwords
- Payment card details
Small Businesses Can Provide Entry Into Larger Ones
If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.
Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.
Small Business Owners Are Often Unprepared for Ransomware
Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks.
The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware.
Even if a hacker can’t get as much ransom from a small business as they can from a larger organization, it’s worth it. They often can breach more small companies than they can larger ones.
When companies pay the ransom, it feeds the beast and more cyber criminals join in. Criminals who are newer to ransomware attacks will often go after smaller, easier-to-breach companies.
Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity
Cybersecurity Training is another thing is usually not too high on the list of priorities for a small business owner. They may be doing all they can just to keep good staff. Plus, priorities are often sales and operations.
Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.
In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.
Phishing causes over 80% of data breaches.
A phishing email sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.
Teaching employees how to spot these ploys can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus.
Need Affordable IT Security Services for Your Small Business?
Reach out today at 716-373-4467 x 115 or email@example.com to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.
Article used with permission from The Technology Press.
Heads Up Financial Institutions!
The Federal Trade Commission (FTC) announced the first cybersecurity updates to the Gramm Leach-Bliley Act (GLBA) Safeguards Rule since 2003. The new rule strengthens the required security safeguards for customer information. This includes formal risk assessments, access controls, regular penetration testing and vulnerability scanning, and incident response capabilities, among other things.
Most of these changes go into effect in December 2022, to provide organizations time to prepare for compliance. Below, details the changes in comparison to the previous rule.
Background on the Safeguards Rule
GLBA requires, among other things, a wide range of “financial institutions” to protect customer information. Enforcement for GLBA is split up among several different federal agencies, with FTC jurisdiction covering non-banking financial institutions in the Safeguards Rule. Previously, the Safeguards Rule left the implementation details of several aspects of the information security program up to the financial institution, based on its risk assessment.
The Safeguards Rule broad definition of “financial institutions” includes non-bank businesses that offer financial products or services — such as retailers, automobile dealers, mortgage brokers, non-bank lenders, property appraisers, tax preparers, and others. The definition of “customer information” is also broad, to include any record containing non-public personally identifiable information about a customer that is handled or maintained by or on behalf of a financial institution.
Updates to the Safeguards Rule
Many of the other updates’ concern strengthened requirements on how financial institutions must implement aspects of their security programs. Below is a short summary of the changes.
Overall Security Program
Current rule: Financial institutions must maintain a comprehensive, written information security program with administrative, technical, and physical safeguards to ensure the security, confidentiality, and integrity of customer information.
Updated rule: The updated rule now requires the information security program to include the processes and safeguards listed below (i.e., risk assessment, security safeguards, etc.).
Effective date: December 2022
Current rule: Financial institutions are required to identify internal and external risks to security, confidentiality, and integrity of customer information. The risk assessment must include employee training, risks to information systems, and detecting and responding to security incidents and events.
Updated rule: The update includes more specific criteria for what the risk assessment must include. This includes criteria for evaluating and categorizing of security risks and threats, and criteria for assessing the adequacy of security safeguards. The risk assessment must describe how identified risks will be mitigated or accepted. The risk assessment must be in writing.
Effective date: December 2022
Current rule: Financial institutions must implement safeguards to control the risks identified through the risk assessment. Financial institutions must require service providers to maintain safeguards to protect customer information.
Updated rule: The updated rule requires that the safeguards must include
- Access controls, including providing the least privilege;
- Inventory and classification of data, devices, and systems;
- Encryption of customer information at rest and in transit over internal networks;
- Secure development practices for in-house software and applications;
- Multi-factor authentication;
- Secure data disposal;
- Change management procedures; and
- Monitoring activity of unauthorized users and detecting unauthorized access or use of customer information.
Effective date: December 2022
Testing and Evaluation
Current rule: Financial institutions must regularly test or monitor the effectiveness of the security safeguards and make adjustments based on the testing.
Updated rule: Regular testing of safeguards must now include either continuous monitoring or periodic penetration testing (annually) and vulnerability assessments (semi-annually).
Effective date: December 2022
Current rule: Financial institutions must include cybersecurity incident detection and response in their risk assessments and have safeguards to address those risks.
Updated rule: Financial institutions are required to establish a written plan for responding to any security event materially affecting confidentiality, integrity, or availability of customer information.
Effective date: December 2022
Workforce and Personnel
Current rule: Financial institutions must designate an employee to coordinate the information security program. Financial institutions must select service providers that can maintain security and require service providers to implement the safeguards.
Updated rule: The rule now requires designation of a single “qualified individual” to be responsible for the security program. This can be a third-party contractor. Financial institutions must now provide security awareness training and updates to personnel. The rule now also requires periodic reports to a Board of Directors or governing body regarding all material matters related to the information security program.
Effective date: December 2022
Scope of Coverage
Updated rule: The FTC update expands on the definition of “financial institution” to require “finders” — companies that bring together buyers and sellers — to follow the Safeguards Rule. However, financial institutions that maintain customer information on fewer than 5,000 consumers are exempt from the requirements of a written risk assessment, continuous monitoring or periodic pen testing and/or vulnerability scans, incident response plan, and annual reporting to the Board.
Effective date: November 2021 (unlike many of the other updates, this item was not delayed for a year)
In addition to the above, the FTC is also considering requirements that financial institutions report cybersecurity incidents and events to the FTC. Similar requirements are in place under the Cybersecurity Regulation at the New York Department of Financial Services. If the FTC moves forward with these incident reporting requirements, financial institutions could expect the requirements to be implemented in early 2023.
Financial institutions with robust security programs will already be performing many of these practices. For them, the updated Safeguards Rule will not represent a sea change in internal security operations. However, by making these security practices a formal regulatory requirement, the updated Safeguards will make accountability and compliance even more important.
Interested in speaking with an experienced team member about the material covered in this article? Contact us today at 716-373-4467 x 115 or firstname.lastname@example.org to schedule your appointment.
Benjamin Franklin once said, “An ounce of prevention is worth a pound of cure.” This age old advice is easily applied to the digital world we live in today. Computers, applications and networks are under constant attack by hackers who are extremely motivated by big financial gains.
An effective patch and vulnerability management program has the ability to stop most hackers dead in their tracks. It greatly reduces the risk associated with the exploitation of a neglected or un-patched computer system.
Year after year, we learn that the vast majority of successful cyber-attacks have exploited unpatched computers and / or unpatched applications. What is even more interesting is that most of the patches for these compromised systems had been available to install for months, if not years prior to the cyber-attack.
There is no doubt that the combination of routine vulnerability scanning and the timely installation of system patches will make it much more difficult for a hacker to compromise your computer systems and information.
Here are 7 steps to help you build an effective patch and vulnerability management program:
Inventory Systems and Applications
Before we attempt to patch computers, operating systems and applications, we first must know of their existence. It is important to maintain an inventory of all computing assets. If possible, use inventory software to assist with the task but at the least, make sure the inventory is completed using manual means.
Monitor for Vulnerabilities
Vendors will release patches at regular intervals as new vulnerabilities are discovered. You must know when new patches are available to install otherwise, you risk not installing patches in a timely manner – or installing them at all. Good mechanisms to use for monitoring vulnerabilities include a combination of:
- Checking the vendor website and subscribing to mailing list
- Regular vulnerability scanning
- Checking vulnerability databases, such as the National Vulnerability Database
- Relying on an enterprise patch management tool.
Click here to learn more about our Security Assessment and to request your Free Baseline Security Assessment.
Selecting Patches to Apply
Deciding which patches are ultimately installed is typically based on the criticality of the patch, importance of the system being patched, the resources required to install the patch and assurance of post install system functionality. It is good practice to at a minimum, install all “Critical” and “Security” patches.
Prior to installing patches, it is important to install patches in a test or non-production computing environment. This will assure that the installation of the patch will not cause any adverse outages or system disruption when it is ultimately installed in a production computer environment.
Despite the testing efforts completed in the previous section, it is still conceivable that the installation of a patch will create unanticipated issues or outages. For this reason, it is important that you verify the system or application being patched has recent data backup that can easily be restored if needed.
The National Institute of Standards and Technology (NIST) recommends that patch installation should be automated using enterprise patch management tools or alternative options. Manually installing patches is expensive and inconsistent. Where possible, be sure that systems are automatically updated according to your patch management program parameters.
The installation of a patch should always be confirmed by either re-scanning the system with a vulnerability scanner and / or reviewing log files.
Patching Equals Prevention
All Databranch Comprehensive Care and Foundation Security clients have scheduled automatic patching and Windows updates on their devices. To learn more about how we can help take this off your IT plate, call 716-373-4467 x 15, email email@example.com or visit us here to learn more.
Request your free security risk assessment and consultation with a Databranch Security Expert here:
Article curtesy of CyberStone.
Few things invoke instant panic like a missing smartphone or laptop. These devices hold a good part of our lives. This includes files, personal financials, apps, passwords, pictures, videos, and so much more.
Electronics now hold just as much personal information and banking information as your wallet does, probably more. This makes a lost or stolen device a cause for alarm.
It’s often not the device that is the biggest concern. It’s the data on the device and the ability of the device holder to access cloud accounts and websites. The thought of that being in the hands of a criminal is quite scary.
There are approximately 70 million lost smartphones every year. The owners only recover about 7% of them. Workplace theft is all too common. The office is where 52% of stolen devices go missing.
If it’s a work laptop or smartphone that goes missing, even worse. This can mean the company is subject to a data privacy violation. It could also suffer a ransomware attack originating from that stolen device.
In 2020, Lifespan Health System paid a $1,040,000 HIPAA fine. This was due to an unencrypted stolen laptop breach.
The Minutes After the Loss of Your Device Are Critical
The things you do in the minutes after missing a device are critical. This is the case whether it’s a personal or business device. The faster you act, the less chance there is for exposure of sensitive data.
What Types of Information Does Your Device Hold?
When a criminal gets their hands on a smartphone, tablet, or laptop, they have access to a treasure trove. This includes:
- Photos & videos
- Access to any logged-in app accounts on the device
- Passwords stored in a browser
- Cloud storage access through a syncing account
- Text messages
- Multi-factor authentication prompts that come via SMS
- And more
Steps to Take Immediately After Missing Your Device
As we mentioned, time is of the essence when it comes to a lost mobile device. The faster you act, the more risk you mitigate for a breach of personal or business information.
Here are steps you should take immediately after the device is missing.
Activate a “Lock My Device” Feature
Most mobile devices and laptops will include a “lock my device” feature. It allows for remote activation if you have enabled it. You will also need to enable “location services.” While good thieves may be able to crack a passcode, turning that on immediately can slow them down.
What about “find my device?”
There is usually also a “find my device” feature available in the same setting area. Only use this to try to locate your device if you feel it’s misplaced, but not stolen. You don’t want to end up face to face with criminals!
Report the Device Missing to Your Company If It’s Used for Work
If you use the device for business, notify your company immediately. Even if all you do is get work email on a personal smartphone, it still counts. Many companies use an endpoint device manager. In this case, access to the company network can be immediately revoked.
Reporting your device missing immediately can allow your company to act fast. This can often mitigate the risk of a data breach.
Log Out & Revoke Access to SaaS Tools
Most mobile devices have persistent logins to SaaS tools. SaaS stands for Software as a Service. These are accounts like Microsoft 365, Trello, Salesforce, etc.
Use another device to log into your account through a web application. Then go to the authorized device area of your account settings. Locate the device that’s missing, and log it out of the service. Then, revoke access, if this is an option.
This disconnects the device from your account so the thief can’t gain access.
Log Out & Revoke Access to Cloud Storage
It’s very important to include cloud storage applications when you revoke access. Is your missing device syncing with a cloud storage platform? If so, the criminal can exploit that connection.
They could upload a malware file that infects the entire storage system. They could also reset your device to resell it, and in the process delete files from cloud storage.
Active a “Wipe My Device” Feature
Hopefully, you are backing up all your devices. This ensures you have a copy of all your files in the case of a lost device.
Does it look like the device is not simply misplaced, but rather stolen or lost for good? If so, then you should use a remote “wipe my device” feature if it has been set up. This will wipe the hard drive of data.
How We Can Help
No matter what size company you have, mobile device management is vital. Get in touch with us today at 716-373-4467 x 15 or firstname.lastname@example.org to arrange a quick chat to learn more about your options and how we can help you identify and address any potential security risks.
Article used with permission from The Technology Press.
Many small businesses make the mistake of skipping policies. They feel that things don’t need to be so formal. They’ll just tell staff what’s expected when it comes up and think that’s good enough.
However, this way of thinking can cause issues for small and mid-sized business owners. Employees aren’t mind readers and things that you think are obvious, might not be to them.
Not having policies can also leave you in poor legal standing should a problem occur. Such as a lawsuit due to misuse of a company device or email account.
Did you know that 77% of employees access their social media accounts while at work? Further, 19% of them average 1 full working hour a day spent on social media. In some cases, employees are ignoring a company policy. But in others, there is no specific policy for them to follow.
IT policies are an important part of your IT security and technology management. So, no matter what size your business is, you should have them. We’ll get you started with some of the most important IT policies your company should have in place.
Do You Have These IT Policies? (If Not, You Should)
Password Security Policy
About 77% of all cloud data breaches originate from compromised passwords. Compromised credentials are also now the number one cause of data breaches globally.
A password security policy will lay out for your team how to handle their login passwords. It should include things like:
- How long passwords should be
- How to construct passwords (e.g., using at least one number and symbol)
- Where and how to store passwords
- The use of multi-factor authentication (if it’s required)
- How often to change passwords
Click here to learn more about how Databranch can help you setup a password manager.
Acceptable Use Policy (AUP)
The Acceptable Use Policy is an overarching policy. It includes how to properly use technology and data in your organization. This policy will govern things like device security. For example, you may need employees to keep devices updated. If this is the case, you should include that in this policy.
Another thing to include in your AUP would be where it is acceptable to use company devices. You may also restrict remote employees from sharing work devices with family members.
Data is another area of the AUP. It should dictate how to store and handle data. The policy might require an encrypted environment for security.
Cloud & App Use Policy
The use of unauthorized cloud applications by employees has become a big problem. It’s estimated that the use of this “shadow IT” ranges from 30% to 60% of a company’s cloud use.
Often, employees use cloud apps on their own because they don’t know any better. They don’t realize that using unapproved cloud tools for company data is a major security risk.
A cloud and app use policy will tell employees what cloud and mobile apps are okay to use for business data. It should restrict the use of unapproved applications. It should also provide a way to suggest apps that would enhance productivity.
Bring Your Own Device (BYOD) Policy
Approximately 83% of companies use a BYOD approach for employee mobile use. Allowing employees to use their own smartphones for work saves companies money. It can also be more convenient for employees because they don’t need to carry around a second device.
But if you don’t have a policy that dictates the use of BYOD, there can be security and other issues. Employee devices may be vulnerable to attack if the operating system isn’t updated. There can also be confusion about compensation for the use of personal devices at work.
The BYOD policy clarifies the use of employee devices for business. Including the required security of those devices. It may also note the required installation of an endpoint management app. It should also cover compensation for business use of personal devices.
Wi-Fi Use Policy
Public Wi-Fi is an issue when it comes to cybersecurity. 61% of surveyed companies say employees connect to public Wi-Fi from company-owned devices.
Many employees won’t think twice about logging in to a company app or email account. Even when on a public internet connection. This could expose those credentials and lead to a breach of your company network.
Your Wi-Fi use policy will explain how employees are to ensure they have safe connections. It may dictate the use of a company VPN. Your policy may also restrict the activities employees can do when on public Wi-Fi. Such as not entering passwords or payment card details into a form.
Click here to read more about choosing the right VPN for your company.
Social Media Use Policy
With social media use at work so common, it’s important to address it. Otherwise, endless scrolling and posting could steal hours of productivity every week.
Include details in your social media policy, such as:
- Restricting when employees can access personal social media
- Restricting what employees can post about the company
- Noting “safe selfie zones” or facility areas that are not okay for public images
Get Help Improving Your IT Policy Documentation & Security
We can help your organization address IT policy deficiencies and security issues. Contact Databranch today at 716-373-4467 x 15 , email@example.com, or fill in the field below if you would like to schedule a consultation to get started.
Article used with permission from The Technology Press.
Public networks expose your business to security threats. Switching to a VPN can greatly help in reducing those threats.
Many companies rely on public networks for communication and data sharing. It allows them to cut costs and allocate their funds elsewhere.
However, it also raises several security issues.
For starters, the network provider might be monitoring the activity, which gives them access to customer details, emails, and critical files. As a result, sensitive information can end up in the wrong hands, compromising the organization’s reputation.
Another potential consequence is losing access to bank accounts, credit cards, and invaluable resources. These issues can lead to huge losses for any business.
Your business might be facing the same risk whenever a team member connects to a public network.
To eliminate it, you need to switch to a virtual private network (VPN). They offer online anonymity and privacy, enabling you to conduct your operations away from prying eyes.
Still, you can’t go for just any VPN. This article features the 10 factors to consider when choosing the right one.
The 10 Factors for Choosing a VPN
Factor 1. Location
The location of your VPN servers is essential for a few reasons.
For example, the greater the distance between your server and your business, the higher the chances of facing latency issues. That’s why to ensure a seamless surfing experience, stick to the nearest server available.
Furthermore, you can also consider a VPN from the same place as the content your team needs to access to overcome geographic restrictions. If your work requires research from the UK, for example, find servers from that country.
Factor 2. Price
Using free VPNs might be tempting, but they deliver a lackluster experience. To start with, they can log you out of internet activities and are often chock-full of disruptive ads.
You’re much better off investing in a paid platform. They come with various robust features, a larger number of servers, and configurations to bolster your security.
Factor 3. Device Compatibility
Another detail you should consider is the compatibility of your VPN.
In most cases, you need software that can work with several devices, such as your smartphone, laptop, and tablet. Otherwise, cross-platform work will suffer.
Factor 4. Capacity
Before choosing your VPN, make sure to determine the amount of data you can use. That means if your operations warrant tons of online resources, you should pick a solution that supports considerable data allocation.
Moreover, check the number of online servers. The higher the number, the more efficiently your platform can support resource-intensive tasks.
Factor 5. Protocol Support
Protocols are rules that stipulate connections between the client (software on your device) and the server.
There are different protocols, but the most widely used ones include PPTP, OpenVPN, IPSec, SSL, SSH, and SSTP. Each offers varying speeds and levels of security, both of which are vital to your company.
For instance, OpenVPN is an open-source protocol and one of the safest options for enterprises. It runs on 256-bit encryption keys and advanced ciphers, offering robust protection against cyberattacks. Plus, it features excellent firewall compatibility.
Factor 6. Data Logging Policies
VPNs log user data to streamline customer support and limit available connections. However, you need to consider what information they’re logging.
In most cases, this includes session times and IP addresses. But some providers can also log your software, downloaded files, and web pages you visit.
When looking for a suitable VPN, be sure to read the data logging policy to determine the information the app will store. You should also verify the company is transparent; if someone tries to deceive you, turn down their offer.
Factor 7. Availability of a Kill Switch
No cybersecurity measure is fail proof – VPNs are no exception. Overloaded platforms can trigger IP leaks, interrupting your private connection and exposing your true address when online.
To avoid this scenario, look for platforms with a built-in kill switch. It disrupts your devices’ access to the internet in case of IP leaks. The kill switch stops transfers of unencrypted information and can help prevent cybercriminals from obtaining your data.
Factor 8. Updates
Your VPN provider needs to roll out regular updates to ensure you can perform your operations safely and efficiently.
If they don’t openly specify the update frequency on their webpage, find out when the last update was on your app store. It should give you a clue on how frequently the updates get sent out.
Factor 9. Centralized Management
Centralized management enables you to control VPN distribution more easily, allowing you to manage access permissions and user accounts. Some of the best apps even feature gateway or role-based access management. It permits users to access only those segments of the network they need to perform their jobs.
Another important consideration here is control from your console. IT administrators should have permission to open and delete accounts as well as check the devices linked to the platform.
Lastly, your organization might benefit from VPNs with IP whitelisting. They allow administrators to approve the IP addresses of your enterprise to ensure only members with a verified IP can use corporate resources. This feature provides granular control over network accessibility.
Factor 10. Customer Support
Customer support might be the most significant factor. Your provider should be easy to contact through different portals such as telephone and email.
Easy accessibility lets you inform the VPN developer about various issues. For instance, they can help restore your network if it goes down and prevents unwanted exposure.
Most client support teams are highly accessible, but make sure to verify this by reading customer reviews.
SAFEGUARD AGAINST CYBERATTACKS WITH A BULLETPROOF VPN
Loss of data can happen at any time, which can give your competitors the upper hand and tarnish your reputation. Switching to a VPN can greatly increase your businesses cybersecurity. Users will also need to enable multi-factor authentication when they are connecting to a business network via a VPN connection, and Databranch can help identify and configure the best solution.
Contact us today at 716-373-4467 x 15 or firstname.lastname@example.org if you would like to discuss your VPN options. You’ll also want to patch up any other cybersecurity vulnerabilities and we can help you make that happen.
Article used with permission from The Technology Press.
Conducting a vulnerability assessment is important because the exercise will identify security flaws that exist in your IT environment before they are discovered by a malicious computer hacker. Once the vulnerabilities are discovered you can correct them and lower your risk of becoming a victim of a cybersecurity attack.
What Will a Vulnerability Assessment Do?
A vulnerability assessment will discover common security weaknesses such as:
- Operating systems and applications that are not current with the latest security updates or patches.
- Unsecure legacy operating systems that are no longer supported by manufacturer.
- Open ports on perimeter defenses and other devices that allow malicious attackers to easily gain access to your private computer network.
- All Common Vulnerabilities and Exposures (CVE) that exist on the computer network.
Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. There are currently over 163 thousand CVE records catalogued and made publicly available by the CVE program. You can explore the database at www.cve.org.
Why does this matter? Because it is important to recognize that new information security flaws are discovered regularly and then shared publicly. Sharing the information is not restrictive. Everyone can search the CVE database, including the hackers that intend to attack your computer network!
What Happens After the Assessment?
Executing routine vulnerability assessments will discover all the known vulnerabilities on your network before the bad actors have an opportunity to exploit them. Vulnerability assessments are nonintrusive and not disruptive.
Typically, a vulnerability assessment can be completed in a day or two. The results of a vulnerability assessment are documented and provided to the stakeholder complete with recommendations around remediating any weaknesses found.
It is important to conduct vulnerability assessments regularly, at least every quarter if not more frequently. This is due to the dynamic nature of information technology. Many changes occur on a day-to-day basis that can introduce new exposures associated with information security. Examples include:
- The introduction or removal of employees and business process.
- The implementation or elimination of hardware, software, or business applications.
- Configuration changes made to any element of the technology environment.
- Newly discovered bugs and flaws found in off the shelf commercial software products.
Security shortcomings found during a vulnerability assessment can almost always be fixed. Many times, the fixes are very easy to accomplish. Roughly 60% of all reported cybersecurity breaches occurred because the bad actors exploited common vulnerabilities and exposures (CVE).
This means that roughly 60% of all reported cybersecurity breaches could have been prevented if the victim had simply conducted a vulnerability assessment and made small improvements to their cybersecurity posture that would have eliminated a substantial amount of risk.
Interested in setting up a vulnerability assessment? Contact Databranch today at 716-373-4467, email@example.com , or click here to set up a meeting with one of our experienced team members.
Content was provided courtesy of CyberStone.
What are Local Admin Privileges?
Many companies allow their employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.
Users generally enjoy the freedom that local admin rights provide, especially in a company with limited IT personnel. Instead of waiting for an available IT worker, you can go into your computer and make the adjustments that you desire.
However, providing users with local admin rights will leave holes in your cybersecurity.
Why You Should Reconsider Local Admin Privileges
1. Prevents Malware from being Downloaded
Restricting users’ ability to install software not only prevents them from installing unnecessary programs onto their computer, but it can also stop an employee from accidentally clicking and installing malware.
Employees come into contact with malicious software more than they realize. This could be through an attachment on a phishing email, a malicious website link, or if they decided to scroll through social media on a company device.
Around 66% of cybercriminals rank email phishing as their attack vector of choice. Unsuspecting employees may be fooled by an illegitimate email without thinking twice. Without local admin privileges, then there is an increased chance the malware will be stopped since the employee doesn’t have the authorization to install software onto their computer.
2. Decreases the Privileges for Potential Hackers
If a hacker were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers.
Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.
Restricting local admin privilege’s for your employees is a great way to decrease cybersecurity threats from happening in the first place. However, security measures like Password Managers or using MFA can decrease the damage done by a hacker if a computer were to be compromised.
According to Microsoft, MFA can block over 99.9% of account compromise attacks. This means that even if a hacker knows your credentials, they will not be able to log in because they won’t have access to your MFA code.
If this is something you are interested in setting up for your organization, give us a call at 716-373-4467 or email firstname.lastname@example.org.
3. Minimizes the Risk of Costly Downtime
Receiving malware or having a hacker breach your security system could cause your company to shut down while the issue is being resolved. All the time you could have been spending working on a project, closing a deal, or procuring new clients is now lost.
This could also result in your businesses reputation taking a hit. Clients will wonder why you’ve had to close for days, weeks, or maybe even months. Plus, you may have to discuss security risks with some clients if their personal information was leaked during the breach.
Interested in calculating what the cost of downtime could be for your business? Click here for Databranch’s Recovery Time Calculator.
4. Prevents Restricted Files and Accounts from Being Edited
Accidentally clicking the wrong button happens to the best of us. You could be reviewing some important client files when your finger slips and presses the delete button by mistake. You may not notice right away and by the time you realize and try to get your information back, it’s too late.
Restricting local admin privileges allows a company to control which files can be modified, deleted, or moved.
On top of this, restricting users’ ability to modify accounts and files not only prevents employees from making a mistake but also prevents hackers from altering your companies settings as well. A hacker who has breached an account with local admin privileges could secretly make an account for themselves or even disable antivirus software.
Principle of Least Privileges
Adopting the Principals of Least Privilege is a great addition to a companies security portfolio. This is when a business only gives their employees the minimum level of access privileges that are needed to fulfill their job requirements.
If the employee needs to download additional software or update a program on their computer, they will need to have IT personnel log into their administrative account and make these adjustments for them.
Here at Databranch, we not only believe in the Principle of Least Privileges but we actively practice it. None of our employee login accounts have local administrative privileges.
MFA and Password Managers
Enabling MFA and utilizing Password Managers is another great way to stay on top of cybersecurity for your business. These applications are easy to use, relatively inexpensive, and extremely beneficial to a company.
Want to talk to an IT Professional about any of the topics covered in this article? You can contact us at today at 716-373-4467 x 15 or email@example.com to set up a meeting, or simply fill out the form below and one of our team members will contact you. We would love to talk about your cybersecurity and how we can help you enhance it.
The global damage of cybercrime has risen to an average of $11 million USD per minute, which is a cost of $190,000 each second.
60% of small and mid-sized companies that have a data breach end up closing their doors within six months because they can’t afford the costs. The costs of falling victim to a cyberattack can include loss of business, downtime/productivity losses, reparation costs for customers that have had data stolen, and more.
You may think that this means investing more in cybersecurity, and it is true that you need to have appropriate IT security safeguards in place (anti-malware, firewall, etc.). However, many of the most damaging breaches are due to common cybersecurity mistakes that companies and their employees make.
The 2021 Sophos Threat Report, which looked at thousands of global data breaches, found that what it termed “everyday threats” were some of the most dangerous. The report stated, “A lack of attention to one or more aspects of basic security hygiene has been found to be at the root cause of many of the most damaging attacks we’ve investigated.”
Is your company making a dangerous cybersecurity mistake that is leaving you at high risk for a data breach, cloud account takeover, or ransomware infection?
Here are several of the most common missteps when it comes to basic IT security best practices.
NOT IMPLEMENTING MUTI-FACTOR AUTHENTICATION (MFA)
Credential theft has become the top cause of data breaches around the world, according to IBM Security. With most company processes and data now being cloud-based, login credentials hold the key to multiple types of attacks on company networks.
Not protecting your user logins with multi-factor authentication is a common mistake and one that leaves companies at a much higher risk of falling victim to a breach.
MFA reduces fraudulent sign-in attempts by a staggering 99.9%.
IGNORING THE USE OF SHADOW IT
Shadow IT is the use of cloud applications by employees for business data that haven’t been approved and may not even be known about by a company.
Shadow IT use leaves companies at risk for several reasons:
- Data may be used in a non-secure application
- Data isn’t included in company backup strategies
- If the employee leaves, the data could be lost
- The app being used might not meet company compliance requirements
Employees often begin using apps on their own because they’re trying to fill a gap in their workflow and are unaware of the risks involved with using an app that hasn’t been vetted by their company’s IT team.
It’s important to have cloud use policies in place that spell out for employees the applications that can and cannot be used for work.
THINKING YOU’RE FINE WITH ONLY AN ANTIVIRUS APPLICATION
No matter how small your business is, a simple antivirus application is not enough to keep you protected. In fact, many of today’s threats don’t use a malicious file at all.
Phishing emails will contain commands sent to legitimate PC systems that aren’t flagged as a virus or malware. Phishing also overwhelmingly uses links these days rather than file attachments to send users to malicious sites. Those links won’t get caught by simple antivirus solutions.
You need to have a multi-layered strategy in place that includes things like:
- Next-gen anti-malware (uses AI and machine learning)
- Next-gen firewall
- Email filtering
- DNS filtering
- Automated application and cloud security policies
- Cloud access monitoring
Databranch provides these foundational elements to all their managed service clients to ensure the protection of their business. Reach out at 716-373-4467 x 15 or firstname.lastname@example.org if you would like to learn more about our Foundation Security Platform and how we can help your organization be more secure.
NOT HAVING DEVICE MANAGEMENT IN PLACE
A majority of companies around the world have had employees working remotely from home since the pandemic, and they’re planning to keep it that way. However, device management for those remote employee devices as well as smartphones used for business hasn’t always been put in place.
If you’re not managing security or data access for all the endpoints (company and employee-owned) in your business, you’re at a higher risk of a data breach.
If you don’t have one already, it’s time to put a device management application in place, like Intune in Microsoft 365 or IBM’s MaaS 360 platform.
NOT PROVIDING ADEQUATE TRAINING TO EMPLOYEES
An astonishing 95% of cybersecurity breaches are caused by human error. Too many companies don’t take the time to continually train their employees, and thus users haven’t developed the skills needed for a culture of good cybersecurity.
Employee IT security awareness training should be done throughout the year, not just annually or during an onboarding process. The more you keep IT security front and center, the better equipped your team will be to identify phishing attacks and follow proper data handling procedures.
Some ways to infuse cybersecurity training into your company culture include:
- Short training videos
- IT security posters
- Team training sessions
- Cybersecurity tips in company newsletters
Click here to learn more about our continuous security awareness training program.
WHEN DID YOU LAST HAVE A CYBERSECURITY CHECKUP?
Don’t stay in the dark about your IT security vulnerabilities. Contact us today if you want to discuss your cybersecurity in greater detail and pinpoint potential risks. We can arrange a quick chat to review our Foundation Security Platform and how it can help enhance your organization’s security posture. Give us a call at 716-373-4467 x 15 or email us at: email@example.com to learn more.
Request your free security risk assessment and consultation with a Databranch Security Expert here:
Article used with permission from The Technology Press.