Lunchbox Leaders: Cybersecurity Unfiltered Recap

Lunchbox Leaders: Cybersecurity Unfiltered Recap

Last Thursday, we aired the first episode of our new webinar series, The Lunchbox Leaders: Cybersecurity Unfiltered. During the webinar, Sean Sweeney, the Senior Director & Chief Security Advisor in Microsoft’s Cybersecurity Solutions Group, led us through best practices for enabling secure remote work.

Sean’s role at Microsoft is enabling end-to-end security and compliance for external customers by ensuring secure digital transfers, but he also advises the market and consumers about Microsoft’s security compliance vision. With the rise of COVID-19, the IT sector has faced many challenges, including logistic scalability constraints and, most obviously, how to adapt to the sudden spike in demand for remote network access.

Sean highlighted three key focus areas for ensuring effective remote cybersecurity:

  • Empowering remote workers to access the apps they need without compromising security
  • Enabling bring your own device(s) BYODs and unifying management across devices and apps
  • Leveraging built-in security to protect data while keeping users productive

When it comes to empowering a remote workforce to access the apps they need without compromising network security, Sean indicated the importance of single sign-on (SSO) and multi-factor identification (MFA), both of which provide greater security in terms of where employees put their credentials and a higher level of scrutiny to screen who has access to certain information.

“Identity is the key perimeter to your network,” Sean said. “Approach network security with a zero trust lens.”

Similarly, when it comes to managing devices (especially BYO devices) and unifying management across devices, Sean emphasized the importance of proactively managing updates, patching, and policy. “Employees often follow the path of least resistance to get the job done,” Sean said. “It is important to provide a simple way for employees to access secure data or they will find another path to get their job done.”

Finally, Sean highlighted the importance of leveraging built-in seamless security features to protect your network. While you can use many different third-party systems, the safest and most effective way to protect against phishing and malware attacks is to utilize the intelligent data classification and dynamic protection actions available through your operating system.

We were glad to be able to have Sean share his insights about enabling secure remote workspaces and learn more about the products Microsoft offers to empower secure network access. Don’t miss the next episode of our series, “Digital Risk: Protecting Your Most Important Asset”, with Matt Solomon of ID Agent – airing on Thursday, July 23rd at noon.

In case you missed episode one (or would like to rewatch), find the full recording online.

Data Privacy Regulations and Your Business

Data Privacy Regulations and Your Business

The protection of data by corporate entities has become an issue of increasing focus for both consumers and corporations around the globe over the past 15 years. Online user activity and behavior has evolved with technological advancements and capabilities. Public interest in how user data is collected and shared has grown more prevalent, casting a light on common corporate practice and helping to spur the creation and passage of data privacy legislation worldwide.

General Data Privacy Regulation (GDPR)

In order to understand how data privacy regulations will affect the U.S, we must first look at the European Union’s policy. On May 25, 2018, the European Union implemented the General Data Privacy Regulation (GDPR). The GDPR lays out seven principles of data protection that must be implemented for organizations that deal with the personal data of those within the member states of the EU. Each of the seven principles of data protection focuses around three key facets of data control and usage:

  • Transparency in all administrative and or corporate interactions with data
  • Minimization of data’s usage and dissemination
  • Strength and continuity of security at all points in the data procurement and use process.

Underpinning each of these facets is the seventh principle of data protection – accountability. The GDPR requires that entities which collect and use user data must be held accountable for their collection and use practices, and must also hold themselves accountable as parties who engage in data collection to uphold all seven principles as part of their business functions. To comply with the GDPR, any entity that wishes to collect and use data must conduct a GDPR assessment to what personal user data is being controlled, where it is located throughout each step of every interaction that occurs between user and the entity’s product, and how that data is secured.

The GDPR also lays out eight privacy rights that must be facilitated by any entity that interacts with or uses consumer data. Each of the eight privacy rights are protected by the seven principles of data protection, and all are again supported by the overarching principle of accountability on the part of entities which interact with user data in any capacity. With the passage of this fundamental legislation, the European Union established for themselves how data privacy and protection would be not only guarded, but also facilitated. Overall, greater clarity has been brought to the concept of data privacy and the importance of this in the mind of the average user.

Data Privacy in the United States

The prevalent and ever-expanding user demand for transparency from entities interacting with data has since come to pass in the United States in the form of the landmark California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020. The CCPA is founded upon and grounded in the core principles of the GDPR, with some notable US provisions, including an incorporation for medical data already covered under the protection of Health Portability and Accountability Act (1996), and financial data covered by the Gramm-Leach-Bliley Act (1999). It is important to recognize that the scope of the California statute’s impact extends far beyond state borders, as the law likely serves as a harbinger of future challenges nationwide with several other states considering similar privacy measures. At the federal level, data privacy is an often discussed and debated issue, though we are likely years away from legislation being passed.

Data Privacy in Pennsylvania

The recent passage of the CCPA has prompted the drafting of similar legislation in Pennsylvania that would give consumers greater control over the collection and sale of personal data. Currently in Pennsylvania, user privacy interests are protected under the Breach of Personal Information Notification Act passed in 2005. This law covers any unauthorized data breach of an entity with a base of over 1,000 users who are residents of the Commonwealth of Pennsylvania, specifically and “materially compromises” security or confidentiality, but does not include the breach of encrypted data.

The proposed legislation, House Bill 1049, is still pending before the Committee on Consumer Affairs but would place restrictions on the sale of consumer data without consent and enable consumers to opt out of data collection entirely in some instances for 12 months. Notable features of the proposed legislation include the right to request deletion of data for all purchasing companies, as well as the right to sue companies that have had a non-encrypted or non-redacted data breach for damages of up to $750 per individual. The implications of the pending bill for Pennsylvania businesses are to take greater measures to protect data and have greater transparency regarding what data is collected, where it is stored, and who has access to it.

Data Privacy Laws and Compliance

Fiscal penalties loom large for entities that do not provide sufficient protections of user data and privacy. While certain pieces of legislation like the CCPA extend beyond data breaches to also cover how data is used, current data breach laws cover only unauthorized access and acquisition of user data.

For any entity with employees working in the EU, or any interactions with or storage of user data taking place in the EU, those entities can expect to be under the jurisdiction of the GDPR and any privacy laws in the states wherein they conduct business in any form. With overlaps in coverage undoubtedly occurring, the need for top-flight security and privacy protection of data is paramount.

Data Privacy Protection

In order to comply with current and assuredly forthcoming regulations around user data protection and privacy, the first step that any business should take is to formulate an executable and sustainable strategy for evaluating data breach risk and ensuring legal interactions with user data in-house and externally.

This process begins by appointing a dedicated company officer who will manage security and compliance for all interactions with user data, company-wide. Note that this position differs from that of a compliance officer in its scope, for it pertains exclusively to data, while a compliance officer oversees much broader sets of laws and guidelines, including those that are inter-company.

While this is a solid measure, it is not the comprehensive solution that businesses need. In order to fully ensure your business stays healthy, protected and compliant there is no better option than contracting a third-party auditor or a managed service provider like PGH Networks. These service providers can help catch any lapses in compliance or possible issues that could lead to a costly data breach, alongside myriad other invaluable cybersecurity services. There is no substitute for the peace of mind that trusted professionals in this arena can offer business owners so they can rest assured knowing they are not assuming unnecessary risks and focus on what makes their organizations successful.

 

How to Tell if Someone is Scamming You Online

How to Tell if Someone is Scamming You Online

Online Scams

Through our everyday interactions online, whether in business or our personal lives, we have the potential to interact with approximately one half of the world’s population, putting the overall count of internet users at approximately 3.5 billion. While most online users share the same purposes – business, learning, and pleasure – there are still other online users who take far-reaching advantage of the freedom and ease afforded to all by our shared online infrastructure, and stealthily manipulate it to perpetrate a variety of internet crimes. We call these nefarious marauders cybercriminals, and the online scams they keep in their virtual quivers internet fraud.

While the methodologies utilized by cybercriminals to perpetrate internet fraud via the vehicle of online scams vary in scope and execution, their overall objective is generally the same: to gain access to funds and identities of others and exploit these precious assets to the fullest extent possible. Knowing this, we cannot help but wonder how cybercriminals manage to lift funds and identities out from under us, and, of course, what we can and should do today to protect ourselves from attacks and theft.

Top Online Scams

Much like crimes perpetrated offline, online scams typically seek to take advantage of already present vulnerabilities in the security surrounding our online lives. These vulnerabilities may not always be apparent to the vast majority of users for the simple fact that we do not understand the narrowing gaps between offline assets – our known identities, and physical currency – and how those assets exist and are used, even legitimately by us, online

To help us better understand the inherent vulnerabilities in our online lives, and the online scams that seek to capitalize on them, we can turn to the FBI’s shortlist of most common online scams, which breaks down the seven most common types of online scams. We’ve included some of the most common among these seven below, along with ways you can protect yourself and your assets from becoming vulnerable to internet fraud.

Phishing/Spoofing

Both phishing and spoofing as tactics for committing internet fraud rely on the trust that users have with people and institutions who regularly communicate with them, including their employers, financial managers, business partners, and banks. When we receive a spoofed email from a cybercriminal, we may think that we are receiving an email from a trusted person or institution because the spoofed email will appear to us just as a legitimate email from one of these sources would on any other day. Within a spoofed email is often a request for pieces of our confidential information, including passwords, credit card numbers, or bank account information. The email may even prompt us to follow a link out to a different website to enter that information, at which point, it can be stolen and used fraudulently.

Malware/Scareware

Malware and scareware are viral, malicious, computer programs that can be installed remotely by cyber criminals when we download content or other software from websites. Cybercriminals can then use this software to steal our information or control our devices while holding the threat of stealing and using our information over our heads to elicit funds from us.

Email Account Compromise

Much like phishing and spoofing, email account compromise is carried out by compromising legitimate business email accounts and utilizing them to send out mass requests to users for confidential information that can then be used to commit internet fraud. Email account compromise can happen to users outside of the business world but tends to be target financial institutions, lending institutions, real estate companies, and law firms.

The best way to protect ourselves against all online scams is to make sure that our security software is updated regularly, monitor the addresses from which emails and other correspondence come to us, and implement multi-factor identification on all of our devices.

Reporting Online Scams

The single best and most important action we can take if we believe we have already become a victim of an online scam is to promptly report what has happened to the FBI, and FTC. Depending upon which sort of online scam we believe has happened to us specifically, and what of ours, if anything, has been stolen and possibly used for criminal purposes, we can report online scams and those who perpetrate them by taking the following steps:

Spoofing/Phishing

Step 1. If you got a phishing email, forward it to the Anti-Phishing Working Group at reportphishing@apwg.org. If you got a phishing text message, forward it to SPAM (7726).

Step 2. Report the phishing attack to the FTC.

If you believe you have been a victim of malware/scareware, email account compromise, phishing and/or spoofing, or any other online scam in which you believe your identity, or confidential financial or personal information may have been stolen, you can and should report what you believe has happened to the FBI, through Tips and Identify Theft.

Secure Your Smart Home Devices

Secure Your Smart Home Devices

As we rely more heavily on technological integration to satisfy our everyday needs and comforts, we inherently assume greater security risks and leave ourselves more vulnerable to cybersecurity breaches. Learn what you can do to keep your devices, information, and home safe from hackers.

Internet of Things Devices

From smart televisions to smart speakers that can control your lights and thermostats, more and more of our lives and home features can now be seamlessly managed by smart technology. For these to work together, they have to be connected to the internet and shared data, a system commonly referred to as the Internet of Things (IoT). Despite their convenience, these IoT devices often lack basic protective measures from outside interference given that their design prioritizes connectivity over security.

When these devices are left unprotected, there is almost nothing stopping those with malicious intent from taking advantage of you. Use these tips to develop a security plan that can keep the things you value safe.

Tips to Protect Your Home & Business

Protecting your devices from unauthorized access requires that the device itself and your internet connections are secure.

Internet Security Starts With The Router

Your internet router is the point of connection to the internet for any IoT device, so starting the security upgrade there is the first step to take. Start by changing the name of your router to make it difficult for hackers to identify the brand and its potential vulnerabilities. Avoid using names that give away information about the user such as your address or last name, which is information that can be exploited by those with malicious intent. Ideally, your router should be capable of creating a virtual private network (VPN), a connection that encrypts your data and masks your IP address to ensure your actions and location are virtually untraceable. If your router does not have VPN software already installed, search online for step by step guides that detail how you can set one up. Once the router is protected, create two networks with unique passwords to keep others from having access to the devices. The best practice is to have your connected devices on a separate network from the one your family and guests connect to on their devices. Both networks should have strong passwords that are difficult to guess and have a WPA2 security protocol. Remember not to include identifying information that would tell hackers what purpose each network serves.

Change The Password

Passwords are the most basic defense against attacks, but keeping the default password for a device or creating a generic password can render this layer of security ineffective. Take the time to give each device a unique and random password. An easy way to update your passwords is to use a password manager that can help you create long passwords that contain a variety of capital and lowercase letters, numbers, and symbols. The password manager keeps your passwords safe with its security features while enabling you to retrieve those complex passwords when you need it.

Disable Features You Won’t Use

IoT devices often contain features and settings that you may not need or ever use. Review the device settings and determine what you need and what you don’t. It can be tempting to leave everything on as an option, but the more features that are enabled the more time your device spends activated, so limit the usage of smart devices to only those features that are essential to your purposes. The connectivity of IoT devices to one another and apps also creates a security risk, so be aware of what permissions outside apps have and limit them to only what is needed for the features you want to use.

Keep Your Devices Updated

Like any phone app or other software you use, your devices’ firmware needs to be updated regularly to maintain safe and efficient functionality. The process to update firmware will vary by device, but taking the time to check for updates periodically and installing them on your device when available can give you bug fixes from the developer or expanded features that up security. Always double-check that you are installing the proper firmware on a device because the wrong firmware will leave your device inoperable.

Remote Work Cyber Security

These tips not only apply to your IoT devices but can also apply to other areas like working from home, work emails and logins, and app passwords. Strengthening your home network security and using a VPN keeps your employer’s information safe whenever you bring work home with you, as a breach on your home network can create vulnerabilities in your work network. Take an assessment of your digital world to see what areas could benefit from upgraded security practices.

How to Prevent Cyber Attacks from Iran

How to Prevent Cyber Attacks from Iran

How to Prevent Cyber Attacks from Iran

With tensions between Iran and the United States reaching a fever pitch following a series of deadly provocations, U.S. businesses should be bracing for heavily anticipated Iranian cyberattacks over the coming months. The Islamic Republic of Iran has a long history of waging state-sponsored cyberwarfare against institutions that threaten their geopolitical or military standing and, as the region’s core technological capabilities continue to evolve, it is more important than ever to protect your valuable data with enhanced cybersecurity measures.

Many of the tactics that Iranian-backed attackers are known to leverage against their targets are not new to the IT world. However, the rate at which these attacks are launched and the number of entities targeted is expected to grow at a dramatic clip given the recent events exacerbating long-standing friction between the U.S. and Iran.

Don’t let your business or organization fall victim to these attacks. The only foolproof way to ensure cybersecurity for your business and to give you the peace of mind you deserve is to hire professional IT support. The future of your business is too valuable, the risks too great and the threats too advanced to effectively prevent on your own.

Should professional IT support not be immediately available, however, it is important to understand what the most prevalent and persistent Iranian cyberattacks are to look out for and how to take preventative measures against them. Here is a breakdown of some common cyberattacks to come from Iran and the immediate actions that can be taken to quickly detect the attacks and mitigate their potential damage.

Credential Dumping

Credential dumping is the process of obtaining account login and password information from operating systems and software. If your organization uses a Linux operating system, the AuditD monitoring tool can be used to detect hostile processes used to open maps files, while those running on a Windows operating system should be on the lookout for unexpected processes interacting with Isass.exe.

To mitigate the damage wrought by credential dumping attacks, consider managing the access control list for “Replicating Directory Changes”, disabling or restricting NTLM, limiting credential overlap and ensuring that local administrator accounts have unique and complex passwords.

Obfuscated Files or Information

Obfuscation is commonly used to disguise easily identifiable code or data within a malware sample. Like with credential dumping attacks, early detection of obfuscation on Windows can be achieved by monitoring for unexpected processes interacting with Isass.exe while the Linux AuditD monitoring tool can be leveraged to watch for hostile processes used to open maps files.

To mitigate the potential damage of these attacks, consider utilizing the Antimalware Scan Interface on Windows 10, which analyzes commands after being processed or interpreted.

Data Compressed

While data encryption is more important than ever due to increasing and evolving threats to data and network security, it is worth noting that many applications that encrypt data first compress the data set, which, in certain cases, may compromise the confidentiality of the transmitted data. In order to block specific file types from leaving the network over unencrypted channels, it is important to utilize network intrusion prevention or data loss prevention tools. Additionally, early detection of this issue can be achieved by monitoring for command-line arguments for known compression utilities and using data loss prevention systems to find compressed files in transit during exfiltration.

PowerShell

Windows PowerShell is a task-based command-line shell and scripting language designed for system administration. To prevent attacks on PowerShell, consider setting the execution policy to execute only signed scripts. You can also remove the applications from systems when not needed, disable or restrict the WINRM Service to help prevent remote uses of PowerShell and restrict PowerShell execution policy to administrators only.

Scripting

Cross-Site Scripting attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. To protect yourself or your business from these kinds of attacks, consider utilizing virtualization and application micro-segmentation tactics like working in a sandbox environment and blocking macros through group policy. Also consider turning off unused features or restricting access to scripting engines.

For early detection of scripting attacks, examine scripting user restrictions for systems that could be considered suspicious, monitor processes and command-line arguments for script execution and subsequent behavior and analyze Office file attachments for potentially malicious macros.

Registry Run Keys and Startup Folders

Adding an entry to the “run keys” in your Registry or startup folder will cause the program referenced to be executed when a user logs in with the account’s associated permissions level. Unfortunately, attacks to exploit these configurations are fairly common and cannot be easily mitigated with preventive controls since they are based on the abuse of system failures. You can detect when these types of attacks are taking place, however, by monitoring the Registry for changes to run keys that do not correlate with known software, monitoring the start folder for additions or changes and looking for chains of behavior that are indicative of malicious behavior, as opposed to isolated events.

Remote File Copy

Files can be copied from one system to another to stage adversary tools or other files over the course of an operation. Cyber attackers do this to bring tools into the victim network through alternate protocols with another tool like FTP.

Early detection of these types of attacks can be achieved by monitoring for file creation and transfer within a network over SMB, monitoring the use of utilities like FTP that typically do not occur, analyzing network data for uncommon data flows and analyzing packet contents to detect communications that do not follow expected protocol.

Spearphishing Links

Certain spearphishing tactics involve the use of links to download malware contained in emails in order to avoid defenses that may inspect email attachments. Avoid succumbing to these attacks by determining if certain websites that can be used for spearphishing are necessary for business operations and blocking access if activity cannot be appropriately monitored. Also consider training active users in your organization to identify social engineering techniques and spearphishing emails with malicious links. Diagnostic techniques to detect link-based spearphishing include inspecting full URLs within emails and employing detonation chambers.

Spearphishing Attachments

Where link-based spearphishing contains malicious malware within the contents of the email, attachment-based spearphishing seeks to entice victims to open an email attachment containing malware.

Luckily, there are a number of steps you can take to mitigate the potential damage from these attacks. Anti-virus can automatically quarantine suspicious files and network intrusion prevention systems can be used to block harmful activity. Additional preventative measures include blocking unknown or unused attachments by default, using email scanning devices to analyze compressed or encrypted formats and training active users in your organization to identify social engineering techniques and spearphishing emails.

To detect these attacks before they cause irreparable damage, consider using email gateways that can identify malicious attachments in transit, detonation chambers or standard anti-virus software, which can potentially detect malicious documents and attachments as they’re scanned to be stored on the email server of the user’s computer.

5 Benefits of Cloud Computing for Small Businesses

5 Benefits of Cloud Computing for Small Businesses

5 Benefits of Cloud Computing for Small Businesses

A Breakdown of Cloud Computing

Managing a business is not easy. With high risks and fierce competition, it is crucial for business owners to access data whenever and wherever a need arises. Technology has made this possible nowadays through cloud computing.

Presently, cloud computing is used as a collective name for different services such as:

  • Cloud storage lets users store and back up files, share and sync them across various devices, and regularly access them.
  • Cloud backup is mainly used for backup in case of data loss caused by a crash or cyber attack.
  • Software or platform as a service provides online services such as Google Apps and Office 365.
  • Cloud hosting enables different services such as data storage, email, internet phone systems, and application hosting.

Traditionally, data can only be accessed from the same computer where it was initially saved. With cloud computing, users can rent cloud space from a provider and connect to it over the internet. Data can then be easily stored and retrieved anywhere and anytime. People just have to go online on their computers or even their phones to get the job done.

There are 4 cloud computing models to choose from based on access and infrastructure management.

  • A private cloud is managed by an internal or a third party IT company. This option offers exclusive access as well as more flexibility, and control.
  • A public cloud is managed off-site by a third party provider such as Microsoft or Google.
  • A community cloud is a private cloud shared between several organizations or enterprises.
  • A hybrid cloud is a mix of private and public cloud services. For example, users can utilize the public cloud for emails while keeping more sensitive data in a private cloud.

Cloud Computing Cost Savings

Cloud computing may cut down the cost of data management and maintenance. Users can choose their preferred deployment model and customize their storage capacity to match their needs and budget.

Companies can also cut back on costs for system hardware and software. Since data will be stored in the cloud, it minimizes the need for physical servers. It also means lower energy consumption and cost. Moreover, using cloud applications is a cheaper alternative to buying and installing different software. Various cloud computing services now offer multi-applications to meet every possible business needs.

Since there is no need for software and server infrastructure, cloud computing also means less start-up expense.
With cloud computing, maintaining the applications and services is the cloud vendor ’s responsibility. This means that businesses no longer has to pay an expert staff to install and update programs and applications as well as run backups on the servers.

Cloud Security

When it comes to security, it is easy to see how cloud-based solutions are better than local systems. It’s obvious, for example, that a cloud computing vendor would have better physical security than an in-house computing system. Cloud vendors and IT providers are both equipped to keep data safe in case of power outages or natural disasters.
With hacking and data theft prevalent nowadays, a username and password combination is no longer enough to keep data secure. Cloud vendors employ multi-factor authentication which combines various methods such as passwords, tokens, and fingerprints to verify users. This level of security is something that a small to medium-sized business usually doesn’t have the resources to implement.

With cloud computing, there’s also no need to worry about data loss in the event of a misplaced or lost physical device. Having cloud storage means that there is always a copy of data that can be easily retrieved on the cloud.
Security patches improve and keep systems up to date as well as fix bugs and security vulnerabilities. Managing patches is a tedious task that includes application and testing. It can also consume a lot of time which small to midsize businesses usually cannot afford. Cloud computing, however, allows comprehensive and efficient solutions that not only reduce downtime but also increase security and productivity.

Cloud Flexibility & Mobility

Cloud computing gives employees more flexibility and mobility. Since data is stored in the cloud and applications are web-based, users can easily take their jobs on the go. This is a big advantage especially for employees who usually work in the field. Applications are also made compatible with different devices now so they can be easily accessed using any internet connected device.

Moreover, in case the office server is down, cloud data is up 24/7 and can be retrieved anywhere and anytime. It means less downtime and continued productivity.

Collaboration Capabilities 

Cloud computing just made collaborating easier than ever. With various applications to choose from, workers can share data seamlessly and efficiently. Emails, instant messages, and video conferences allow users to interact and collaborate on projects. They can also easily save, retrieve, and share data among one another. Additionally, cloud computing enables several people to work on the same document at the same time.
Specifically, Microsoft Office 365 has many tools that will help your team collaborate seamlessly [link to blog article].

Cloud Sustainability 

Depending on the provider, updates to your cloud computing service may be part of the contract. Updates usually are done regularly and automatically on the vendor’s side. Users can, therefore, enjoy the benefits of the service without worrying about the technicalities of maintaining a cloud computing service.

Why Cloud Computing Works 

The world is fast-paced, and the internet makes it even faster. Businesses need to keep up to survive.
Cloud computing provides an affordable solution for small to midsize companies not just to store data but to increase efficiency and productivity. In addition, it helps companies save cost on hardware, software, and manpower. It also provides better data protection as compared to locally managed servers.

One of the biggest advantages of cloud computing is its ability to let people access information whenever and wherever. The flexibility and mobility that cloud computing offers increases users’ productivity and efficiency as well as improves collaboration.

And possibly most important of all, cloud computing takes the burden of maintenance off of the users’ shoulders. Users can now focus more on what matters – making the business prosper.