The Benefits of Proactive Cyber Security Monitoring

cyber security monitoring A business team can take a wait-and-see reactive approach to cyber security, delaying action until it is a victim. Or, it can play a proactive role in anticipating the risks, finding the weaknesses, and putting the processes in place that may prevent or soften a cyber crime from even happening. Cyber security monitoring is one such proactive move that can pay back an initial investment many times over.

Cyber security monitoring involves the collecting and analyzing of information to detect suspicious or unauthorized behavior or changes on a network, triggering alerts, and often taking automatic, precautionary actions. Think of it as a high quality security alarm. You can leave your doors unlocked and check every now and then to see if anything has been stolen and, if so, notify the insurance company. That’s reactive. Or, you can set an alarm and not only will you know when a break-in occurs, but the system can notify the police, lock doors, and stop the break-in its tracks.

Now, or never?

Even the most secure system can be broken into, and even the most experienced IT professional can leak a password. But with proactive cyber security monitoring you can find and respond swiftly to these mistakes, and threats. In contrast, a reactive cyber security policy leaves you vulnerable, and recovery can be slow. According to the Ponemon Institute, it takes an average of 191 days for a business to detect a hack. The consequences of being hacked for days, weeks or months before noticing it may be substantial, with data continuously compromised or leaked, used and shared across a broad network of cyber criminals. The immediate and long-term ramifications of such a delay is likely to far eclipse any cyber security monitoring investment. Just a few months ago for example, Marriott International announced their network had been hacked since 2014, and wasn’t discovered until September, 2018. Information from 500 million customers was compromised.

As one security industry company writes, “You need to assume that your business will be breached at some point and have appropriate monitoring controls and procedures in place to mitigate the risks.”

Cyber Security Monitoring Basics

Cyber security monitoring utilizes a variety of mechanisms to continuously keep tabs on network traffic, and then send out alerts or take action at the right moment. As international cyberthreat intelligence provider Blueliv reports, there are typically four stages to the lifecycle of a breach:

  1. Attempting to get the information, like passwords and network credentials (via phishing or other schemes)
  2. Collecting the information (from people falling for the schemes)
  3. Validating the information (to make sure the information works, often though an automated bot)
  4. Monetizing the information (selling it to a third party, using it to steal data, and so on).

With the right threat intelligence, however, an IT security team can step in and stop the lifecycle midstream. With cyber security monitoring, action can be taken while attackers are still attempting to validate the information, or before they’ve finished fully collecting it.

Proactive Help

From hackers to disgruntled employees, to outdated devices to third-party service providers, companies are routinely exposed to security threats, often from unexpected sources. Quick response time is essential, and automated, continuous cyber security monitoring is the key to fast threat detection and response.

At Single Path our proactive monitoring services have saved our clients countless times, not only from outside threats, but from a whole host of unexpected issues. For example, our proactive cyber security monitoring for the Chicago White Sox revealed signs of imminent failure within their Contact Center Server. We were able to apply a patch to the server before it failed, preventing any disruption to customer service. At Single Path, our 24/7 proactive cyber security monitoring and problem-solving are part of what make us an outstanding partner in the continual battle against cyber security breaches or issues, and is just one of our many IT as a Service offerings.

Contact us to find out more.

6 Ways to Improve Employee Cyber Security Awareness, for Businesses and Schools

According to Accenture’s Cost of Cyber Crime Study, the average cost of cyber crime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.

Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.

  1. Education

Do your employees or staff know:

  • Working remotely using an unsecure Wi-Fi connection leaves computers vulnerable to attacks?
  • Using personal, unsecured devices for work can open the door to compromising an organization’s network?
  • What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?

Chances are, some if not all of those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.

  1. Assign Mandatory Training

Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)

You may want to work with an outside partner to implement training, such as Single Path. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.

  1. Establish and Promote Simple Procedures

More often than not, employees are happy to follow procedures as long as they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.

Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly, and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.

  1. Encourage Reporting of Incidents

The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.

  1. Have Employees Manage Initiatives

Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.

  1. Make Awareness a Part of New-Employee Orientation

Employees expect to learn rules and processes when they start a new job, and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.

Your Employee Cyber Security Awareness Partner

To implement an employee cyber security awareness program it helps to have a proven partner. Single Path has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. Single Path Security offerings are extensive, collaborative and modern.

Ask us how to get started!

Five Top Cyber Security Threats for 2019

Cyber security concerns have been around for as long as there has been cyber-anything. The first computer virus was found infecting computers in the early 1970’s and the first malware author was convicted in 1988. Those early infections were primitive compared to today’s hacking threats, which continue to grow more complex and sophisticated. While it’s vital to be prepared against any contingency, no matter how remote, we consider these to be the top cyber security threats for 2019.

Cryptojacking Rising

Ransomware has grown by 350% according to a report by Dimension Data, and accounts for 7% of all malware. It has been reported that ransomware costs American businesses north of 75 billion dollars a year, with most attacks never publicly disclosed. The biggest increase in ransomware is expected to take the form of Cryptojacking, also known as “Cryptomining malware.” We discussed the problem of Cryptojacking in a recent blog post, in which we described how hackers can hijack computer processing power to mine cryptocurrency. We expect these cyber security threats for 2019 to continue to grow.

Software Subversion Expanding

As Security magazine reports, “While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing.” In other words, the software you download may be infected, giving hackers a back channel into an entire network. Malware has even been detected in open source software libraries. Another variant is this: hackers may offer software that is spelled slightly different than a popular application (such as adding an “s” or leaving out a letter), with the only other difference being the inclusion of malware. So be careful what you download, even if it’s from a seemingly trusted source.

Cybercriminals Uniting

One of the top cyber security threats for 2019 is due to the expanding resources available to cybercriminals. Historically, many cybercriminals have worked alone, or in small groups. That’s starting to change. The proliferation of hacker forums and chat groups have launched a robust black market where cybercriminals buy and exchange malware, botnets and other criminal resources. The availability of these rogue offerings means that even inexperienced, or less able, hackers can launch sophisticated attacks. These “malware-as-a-service” opportunities will only continue to grow, which will result in an increased number of cyberattacks, especially in regards to identity and credit card theft. If you think the threats are numerous now–and they are–an aggressive and nearly overwhelming wave of attacks may be on the horizon.

Synergistic Threats Increasing

GandCrab has been in the news frequently. Discovered in January, GandCrab is a ransomware Trojan horse, encrypting files on a computer and then demanding payment to decrypt them. Just recently, the group behind GandCrab has targeted users visiting adult websites, asking for money to keep silent about their potentially embarrassing visits. This, however, is just a ruse to mask their real intent. When a user clicks on the email link, he or she inadvertently installs the GandCrab ransomware onto his or her computer.

GandCrab has grown to be so large, they are actually soliciting cybercriminals to partner with them. As McAfee reported, “At the end of September, the GandCrab crew started a ‘crypt competition’ on a popular underground forum to find a new crypter service they could partner with.” This will let the GandCrab organization expand its criminal activities in new, unforeseen, ways.

In 2019, many experts, including Security magazine, predicts attackers will continue to combine tactics to create multi-faced, or synergistic, threats. To combat them, organizations will also need to synergize their defenses.

Social Media Misinformation Mounting

The proliferation of Russian-originated Facebook pages influencing the 2016 U.S. presidential elections has been well documented by news sources across the world. So it shouldn’t be a surprise that cybercriminals are eyeing social media as offering rich opportunities for criminal enterprise, with posts and pages displaying an impressive degree of professional-looking design for dishonest purposes. Botnet operators are able to test messaging just like a marketer, including the use of hashtags, to determine the success rates of their misinformation.

Social media platforms are aware of the potential abuse, and are focusing their resources on stopping it, but with so many users, and so much data available on sites, criminals will further focus their resources on these big-scale platforms.

Protect your business from the Cyber Security Threats for 2019

These five cyber security threats for 2019 are just the tip of the iceberg. There are many more threats out there, many of which we may not even be able to imagine yet. The only thing an organization can do is to be prepared with smart, sophisticated technological resources and by adhering to best Internet safety practices. Consider Single Path your partner in anti-crime. Single Path Security Offerings run the gamut from employee training to insider threat solutions. We’ll help you be prepared for the cyber security threats for 2019 and also those still to come.

Ask us how to get started!

Six Steps to Creating an Effective Business Continuity Plan

You take all the recommended cybersecurity precautions. You back up. Your staff is trained on processes. You have firewalls in place, passwords that are hard to decipher, and the most recent security patches in place. Yet, you still worry. You’re not alone. According to a recent survey, businesses ranked cyberattacks as their #1 threat, with data breach a close second. But if you are victimized by a cybersecurity incident, what do you do now? If you have a business continuity plan in place, the answer to that question is easy: follow the business continuity plan.

A business continuity plan is not the same as a disaster recovery plan, although they have a lot of similarities. As CIO magazine explains, a BC plan is about “maintaining business functions or quickly resuming them in the event of a major disruption,” while DR “focuses mainly on restoring an IT infrastructure and operations after a crisis.” In other words, DR is specific to IT, while a business continuity plan is concerned with the continuity of the entire organization (we discussed the six things you needed to include in your disaster recovery plan in an earlier article).

When you create your business continuity plan, make sure you take into account these six criteria:

  1. Conduct a business impact analysis

As Ready.gov reports, your business continuity plan should start with a complete analysis of the consequences of a business disruption and can include:

  • Lost sales and income, or delayed sales or income
  • Increased expenses (e.g., overtime labor, outsourcing, expediting costs, etc.)
  • Regulatory fines
  • Contractual penalties or loss of contractual bonuses
  • Customer dissatisfaction or defection
  • Delay of new business plans

Your Business Impact Analysis should also detail various risk scenarios and prioritize the order of events for restoration.

  1. Get everyone involved

If you are making the assumption that IT security is solely the responsibility of the IT department, think again. Your entire organization should be working together to protect its data and systems. Consider holding a brief workshop on IT security, create a business continuity management committee with members within and outside the IT department, and consider the impact and recovery on each member of your staff.

One crucial area of involvement is with your leadership team. As reported by Disaster Recovery Journal, it’s important for executives to support a culture of collaboration and to be transparent. “If executives support a culture of transparency, people will be more willing to reveal and troubleshoot problem areas in your organization’s processes. Down the road, this could help the organization mitigate a major vulnerability.”

  1. Establish work-arounds

Ready.gov paints this scenario: “Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now?”

Developing manual workarounds eliminates uncertainty. For example, listing contact personnel (along with phone numbers and contact information) and providing specific details, such as how to document transactions manually, gives your team direction. You may need to reassign staff or even bring in temporary assistance if systems fail. How will you do that? Plan it all out now in your business continuity plan.

  1. Keep data on the cloud

The best way to ensure your business can continue to run, is by backing up all your data on the cloud. A cloud service ensures that an organization’s critical data and processes are secure off-site. An organization can then quickly ramp up their systems in the case of a disaster. If you’re not already on the cloud, check out our earlier posts, 12 Reasons to Move Your Business to the Cloud and 9 Facts to Know About the Risks of Moving to the Cloud, and How to Manage Them.

  1. Ready crisis communication efforts

How prepared is your organization to quickly and effectively respond to and communicate with the public—and each other–during or after a cybersecurity incident? If you are hit by a breach, you may need to issue statements to the press, customers, partners, vendors and staff. We recently posted an article about emergency communication preparedness, in which we stressed the importance of drafting some templates that cover various scenarios. As we wrote: “it’s faster and easier to tweak a message than to write one from scratch for a multitude of mediums, and even multiple languages, if needed.”

  1. Test your business continuity plan

The time to ensure your business continuity plan is effective is before you need it. Is it comprehensive? Are there gaps? For example, are contact phone numbers correct? Are you able to restore data from the cloud without significant barriers or challenges? Since the network may be down, are there hard copies of the business continuity plan, and are they distributed to all the members of the team?

As suggested by CIO magazine, testing options for your business continuity plan include a table-top exercise in a conference room with the team looking for gaps, a structured walk-through or “fire-drill,” often with a specific disaster in mind, and disaster simulation testing in which an actual disaster is simulated involving all the equipment, supplies and personnel (including business partners and vendors) that would be needed.

  1. Call Single Path

While all the steps above are important there’s a seventh step that may be just as vital: call an outside partner like Single Path. As experts in cloud services, IT security solutions and more, Single Path works with businesses, schools and other organizations to protect them from cyberattacks and help them recover when they’re hit. Planning, monitoring and adhering best practices go a long way to protecting your customers or clients, team members, vendors and your own business. Calling a partner like Single Path, and getting your business continuity plan published, are important first steps.

Ask us how to get started!

School IT Safety: Five Tips for Smarter Physical Security

At Single Path, we spend a lot of time thinking, acting and working on ways to protect computers electronically—backing up data in case of system failure, keeping private information away from hackers, ensuring safe and trouble-free 1:1 learning environments and more. But we know that keeping schools safe also must include physical security, and technology can play a vital role in maintaining it. Physical security includes the use of on-premise safeguards to monitor and protect the facility from theft, intruders, sabotage and even stopping vandalism.

The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school. But how can you build a secure and safe school environment? Following these five steps is a start, and will go a long way to keeping your school safer.

1. Build a Culture of Security

An organization’s employees are its first line of defense. Train your staff on security awareness, such as locking and encrypting their systems, choosing safe passwords and only sharing confidential information with those who need to know. Making security top-of-mind and habitual is an important component to overall school security.

2. Teach Safety

It takes a village to ensure safety: go beyond your staff to educate everyone. Computers are great resources for children in both learning and social interaction, but schools should also educate them on how to protect their information online and offline, especially in school environments where personal devices may be used. Mark Hickman, COO of global data security company WinMagic said—as quoted in an article from School Planning and Management Magazine—“Teaching about Internet safety and data security is fundamental in providing the tools and knowledge required for youth to understand their role in protecting their valuable personal information.”

3. Secure Rapid Communications

We recently wrote a post, How to Create Your School Cyber-Threat Strategy in which we detailed one of the most important physical security measures you can take—installing or incorporating a robust and simple communication system. The ability to send timely alerts, warnings and information is vital in times of imminent threat such as from a natural disaster or intruder.

4. Assign a Security Manager

An in-depth guideline from the National Center for Education Statistics (NCES) highlights the need for a security manager to lead security efforts. That manager can be a current staff member or a new hire. According to NCES, the Security Manager should have four main responsibilities:

  1. Increase staff awareness of security issues.
  2. Provide for appropriate staff security training.
  3. Monitor user activity to assess security implementation.
  4. Educate the staff and leadership on the importance of security for both the individual and the organization.

5. Be Smart

One of the keys to staying safe is simply being smart and avoiding common mistakes. The folks at biometric software and security service provider Bayometric detailed some common security mistakes. This list is relevant to all organizations, including schools and school districts, and includes:

  • Not keeping and following documented standard operating procedures for security
  • Poor employee awareness about security, not conducting any training or workshop
  • Not taking security breaches or crimes seriously within the organization
  • Cutting budget to security measures to save money
  • Not aware of the security breaches or crimes happening in neighborhood
  • Not listening to safety concerns of employees
  • Poor disposal practices of sensitive documents
  • Unattended security measures or poorly maintained security equipment

Find a Partner

We titled this post “Five Tips” but really, we probably should have made it six—as this final tip is just as important. Find a partner to help. We know you and the staff at your school or organization are busy. We know how easy it is to put things off for later. That’s where we come in. At Single Path, we have worked with businesses, government organizations and schools to provide complete IT and Security Solutions. We can review your current security protocols and make recommendations for improvement, train staff, find, buy and install optimal technology solutions and so much more. Waiting can be a mistake; you never know when security is needed, and tomorrow may be too late. We can help keep your school safe, including staff and students, by providing you with smart security choices now.

Ask us how to get started!

 

How to Create Your School Cyber-Threat Strategy

Cyber-threats are on the rise in our school districts, which often lack the resources to protect themselves, the training to use the resources they have effectively, and even the knowledge to identify which resources are needed.

We wrote about the cyber-threats facing schools in our last blog post. But these problems are epidemic to school districts across the country. As reported by technology and digital learning news source Edscoop.com, “A recent trend in cybercrime indicates that online attackers are increasingly targeting a demographic they know people will rush to protect: K-12 students.” The article details more than three dozen large-scale breaches of student data from cybercriminals from January through October, 2017.

The risk of a cyberattack will only continue to grow, so establishing a holistic cyber-security strategy is critical. Any strategy should include the following elements. Many of these are highlighted in a recent document published by the Council of the Great City Schools, an organization comprised of 70 of the nation’s largest urban public school systems.

1. Physical Security and End-Point Security

On-premises security isn’t only needed to protect students, but the network and computer devices housed inside the school. Using a school-owned computing device is often the easiest way to get access to confidential information. Data centers and control rooms need be locked and monitored. Classroom or office equipment may also be vulnerable to theft, so modern, video surveillance can be a powerful tool, as is locking away machines when not in use, and carefully tracking equipment and reporting lost devices promptly.

2. Employee Training and Network Security

Your network is only as secure as the staff who uses it; an unsecured password can be all a cybercriminal needs to get into your network and see, abuse or share sensitive information. Employee training for proper security protocols is critical for network security, especially for staff who use personal devices in 1:1 environments.

Monitoring who has access to information is also a critical component of network security. As reported by the online security and risk management magazine CSO, “Given the high volume of users entering and exiting a school’s network, establishing the means to identify who can and can’t gain access and which resources they have access to is crucial. For effective cybersecurity, schools should use solutions that can easily identify users and then dynamically assign access to network segments accordingly.

3. Application Security

Hackers can also gain access to your systems directly through your software applications. Downloading and installing regular updates and patches are critical, as we reported in a recent blog post detailing a Cisco networking hack that cut off Internet access and infected more than half a million devices. In that case, those who did not download security patches were left considerably more vulnerable. For that reason, your staff should only use software from trusted sources.

4. Cloud/Data Center Security

With schools moving more and more towards cloud-based solutions, the security of their cloud-based data is a critical component to security. We have touched on the advantages of using cloud computing in a number of past blog posts, including “12 Reasons to Move Your Business to the Cloud”. Cloud computing makes accessing information easier, but demands strict security processes and protections. Still, the benefits far exceed the risks (for many of those risks please see our post, “9 Facts to Know About the Risks of Moving to the Cloud and How To Manage Them”) as cloud computing provides significant back-up security should your data be destroyed or become inaccessible due to disasters both natural and hacker-made.

At Single Path, we are well versed at working closely with school districts to determine their vulnerabilities, providing solutions, and even training staff to ensure policies and protocols are understood and followed. We’re always eager to discuss our many products and services, including Security Solutions and all our Managed/Cloud Services. Let us help you chart a more secure and safer path for your organization.

Ask us how to get started!

Cyber Incidents for K-12 are Rising. Is Your Student Data Vulnerable?

Data leaks are becoming so commonplace it seems like we’re almost becoming immune to them. Another ransomware attack on a business. Another virus crippling a network. Another identity theft scam. But then something happens that shakes us up and reminds us … this is not okay. Such as when an attack hits a little too close to home. For example, this—hackers are now specifically targeting schools.

CNN reported that a school district in Montana was forced to shut down more than thirty schools for three days after hackers infiltrated their network. The hackers sent threatening text messages to staff and students. School Superintendent Steve Bradshaw explained, “The messages weren’t pleasant messages. They were ‘splatter kids’ blood in the hallways,’ and things like that.” The messages also included disturbing references to “Sandy Hook.” But the hackers weren’t done. They also demanded up to $150,000 in bitcoin or they would release stolen school records. At least three other states were hit with similar school data extortion attempts.

Malicious hackers are going after schools because of a combination of weak data security and available information that is ripe for exploitation. As schools rush to incorporate technology in their schools, security protocols are sometimes afterthoughts. Vulnerable information can include social security numbers, birth dates, medical records and financial information.

An attack leaves one school district $10,000 poorer

Can your school afford to send ten grand to a hacker? Leominster Public School district officials recently had to ask themselves that question. A hacker attack left this Worcester County, Massachusetts school district unable to access email, health services, food services, library services, help desk and file services, backup services and more. The attackers demanded $10,000 to decrypt the files. Despite FBI warnings to never pay ransomware, the district felt they had little choice but to pay up. “If we had not used the option of paying the ransom for the decryption of our files, we would most assuredly be in for a much longer recovery at a much higher cost,” said Leominster Superintendent of Schools Paula Deacon. “In the case of one of the file servers, there were over 237,000 files which were encrypted, covering all departments in Central Office.”

According to an article in the Leominster Champion newspaper, the school is now making changes to their network to remove vulnerabilities including replacing old computers. The cost of this overhaul? More than $435,000. 

It’s a bigger problem than you think

How many school cyber incidents do you think have occurred in the last two years? Ten? Twenty? Try more than 330 (and growing)! In an attempt to categorize, defend and combat these threats, EdTech Securities has published a map that includes all manner of school-related cyberattacks including data breaches, phishing attacks and “other occurrences that lead to school and personal information being exposed.”

Check out the Interactive Map

The amount of exposure and consequences of those incidents vary widely. The Wall Street Journal recently reported on a number of cyber incidents including: 

  • Hackers in Iowa’s Johnston Community School District released school and parent information along with threats to kill the children. A hacker claimed the information was released to help child predators.
  • Hackers stole $56,000 worth of paychecks being sent via direct deposit to Atlanta Public School employees
  • Hackers stole $75,000 from employees of the Fulton County School district in Georgia

One state gets ahead

Many school districts are realizing the threats of a cyberattack are all too real, and are proactively working to protect themselves. Schools in Indiana are leading the way. As reported by Indiana Public Media, the Indiana Department of Education has targeted thousands of dollars in cyber funding for certain schools. Schools can apply for matching grants of up to $25,000 to build up their cybersecurity systems and improve 24-hour system monitoring. Says Chief Technology Officer John Keller, “Cybersecurity is a layered concern that goes across really all sectors. I mean, it’s not just a teacher thing or a school administrator thing, it’s our students, our staff.”

What you can do

Waiting until a cyberattack hits can be costly to schools and devastating to the families or staff whose information is breached. Fortunately, there are many resources available. For example, the U.S. Department of Education provides a number of cyber-resources and documents related to Security Best Practices, from a Data Breach Response Training Kit to a Data Security Checklist. But it can be daunting to read and figure out exactly what you need to do, especially without a partner to help guide you.

At Single Path, we work with schools across the country to help them uncover and tighten up weaknesses, implement security measures, and create recovery plans if the worst happens. We can help overhaul your entire system, as we did for Great Lakes Academy in Chicago, provide training like we did for Saint Anne Parish School in Barrington, Illinois, and offer any or all of a full range of security offerings.

Ask us how to get started!

 

Is Your Cisco Network Hardware Leaving You Vulnerable?

Recently, Cisco Systems made the news, but not the sort of news any Internet-related business wants to make. Their network hardware was hijacked, and hundreds of thousands of their customers were victims.

As this blog post from Kaspersky Labs reported right when the attack hit: “According to our sources, there’s a massive attack against Cisco switches going on right now—these switches are used in data-centers all across the globe.”

For those on a Cisco network, this was, and continues to be, a frustrating and potentially nightmarish issue. For those who don’t use Cisco networking switches, this event is a reminder that vulnerabilities exist everywhere, and constant vigilance is crucial.

What exactly went wrong?

More than 200,000 Cisco network router switches worldwide were hacked on Friday, April 6, 2018. This affected large Internet service providers and data centers across the world, especially in Iran, Russia, the United States, China, Europe and India. According to an Iranian government official, “Some 55,000 devices were affected in the United States and 14,000 in China.”

As a result of this hack, many users found their Internet connections blocked, websites down, and screens showing an American flag and the note, “We were tired of attacks from government-backed hackers on the United States and other countries.” It seems machines affected in the United States were collateral damage from an attack meant to hit foreign states. Anarchic hactivists are suspected, although no one has been charged.

Mounir Hahad, head of Juniper Threat Labs, a network and security product manufacturer confirmed initial suspicions when he said, “The vulnerability is severe enough to cause a lot of damage and implant a man-in-the-middle agent [a scheme we discussed in a past blog post], but it doesn’t look like the attacker took advantage of it. I suspect this is the work of a hacktivist group with sympathy toward the U.S., which had no intention to inflict serious damage.”

So, good news, we suppose. But it’s only good news compared to what may have been much worse news. A different group could have caused significantly more trouble such as inserting malicious code into networks, locking users out of systems unless ransomware was paid, and so on. And this could still happen. Cisco acted quickly in response to this problem, but there may be other vulnerabilities still yet unfound or exposed. One hacker news site reported that, according to Internet scanning engine Shodan, more than 165,000 systems were still vulnerable days after the attack. Those who didn’t update security patches may still be.

What can you do now?

If you think your system may have been infected, there are a few steps you can take to check. But even if you’re safe, for now, you may be exposed to other vulnerabilities in the future in unexpected ways. Single Path can help you build up your defenses, protect your systems, and help you rebound if you face a malicious computer attack.

As this story demonstrates, patching is critical for all IT assets, including networking components. Single Path provides a wide range of services, from security offerings like Patching, Desktop Security Risk Assessment and Managed Firewall, Content Filtering & Proxy Services, to consulting services so we can analyze your needs and provide ongoing support and advice. Doing nothing is never a good idea; instead, play it safe and play it smart with Single Path.

Ask us how to get started!

 

Owt trap, noitneverp ssol atad fo tra eht dna noitpyrcne (Encryption and the Art of Data Loss Prevention, Part Two)

With cyberthreats on the rise, and hackers becoming more sophisticated, strategies to protect your files are critical—and encryption is a tool too important to ignore. In our last post, we explained the basics and importance of data encryption. Now, we will dive a little deeper into the different types of encryption strategies and options.

Symmetric vs Asymmetric

If you delve into the world of encryption, the two terms you will commonly find are Symmetric and Asymmetric, which are two different encryption methods. Symmetrical encryption is the older of the two. With symmetrical encryption, both parties need the same code to read the same file. This code can be a word or a series of letters. One party enters a code to encrypt the document, and the second party enters the exact same code to open it. Simple, right? It’s like making a copy of the same key. But what if you don’t know the other party? How do you share the code? Do you email it? Send it in the mail? What if that code is intercepted or falls in the wrong hands?

Asymmetrical encryption on the other hand, uses two different encryption keys—one to lock it, and one to unlock it. This is also referred to as Public-key cryptography. One person has a public key, which encrypts the message or file, while the person on the other ends holds a private key—the only key that can decrypt it. With this approach, since the code does not need to be shared, there’s less risk of the key being swiped by someone else.

One even newer form of encryption that is growing in popularity is Elliptic curve cryptography. This is a form of public-key encryption that is practically unbreakable. It’s a complicated subject, and technology information provider Arstechnica does as good of a job as any in explaining how this works but it’s a bit too complicated to get into here and takes advantage of concepts such as Extended Euclidean algorithms.

How do you want to Encrypt?

Encryption can be simple or complex. It can take very little processing power, or quite a bit. You can encrypt everything or only some things. You can encrypt them only some places or every place. Here are the basic options.

  • Full disk encryption (FDE): An entire hard drive is automatically encrypted. This is particularly useful for a laptop or machine that could be stolen. There are intermediate options for disk encryption, as well—folder encryption, volume encryption, etc.—that aren’t quite full-disk encryption, but in between.
  • File encryption: a way to encrypt data on a file-by-file basis. This is helpful for individual files that have to be shared or protected, while others do not.
  • End-to-end (E2E) encryption: This obscures the content of messages while it is in transit, so only senders and receivers can read it. Such encryption is now embedded into platforms like Facebook Messenger and Apple’s iMessage.
  • Encrypted web connections: The familiar ‘https://’ at the beginning of most URLs (along with the small padlock icon) means your web connection is using Secure Sockets Layer (SSL) or transport layer security (TLS) protocols. This means the data you are sharing on that site, such as credit card numbers, are being encrypted.
  • Encrypted email servers: These are email servers that use S/MIME (Secure/Multipurpose Internet Mail Extensions) so they can send and receive encrypted messages, not just simple text messages.
  • Cloud Encryption: Cloud-Encryption software encrypts all data as it is stored on the cloud. It is still completely accessible (and vulnerable) on a computer, but not on the general network.

Key Management and Other Security Needs

As we detailed in our recent two-part posts on phishing strategies (Phishing Part One and Part Two), there are a great many malicious schemes out there, some more clever than others. So, having a solid encryption strategy will only go so far—you also need a system to keep your encryption keys safe. That’s why key management—the process of storing and keeping encryption keys protected but also accessible—is just as important as keeping the data itself safe.

Computer Weekly suggests the following protocols be kept in place:

  • Have one point of contact for cryptography; don’t spread it among operational users.
  • Ensure the central key repository is well protected.
  • Decide whether your outsourcer will have any role in key management, such as key pair generation, recovery of keys and escrow access.
  • Decide whether information security should manage keys as well as encryption policy.

What you need to know

As the data loss prevention experts at Digital Guardian wrote, “Companies and organizations face the challenge of protecting data and preventing data loss as employees use external devices, removable media, and web applications more often as a part of their daily business procedures. Sensitive data may no longer be under the company’s control and protection as employees copy data to removable devices or upload it to the cloud.”

Fortunately, you don’t need to be an expert on encryption and algorithms—you just need a partner that is. At Single Path, we’re adept at providing security offerings and tools for our clients, so that they are prepared for and protected against malicious attacks. We also provide proactive desktop and network infrastructure patch management, Security Risk Assessment, Managed Firewall Services and more. We’ll keep your data safe, and your organization worry-free.

Ask us how to get started!

IT Security: Four Foundational Layers Every Organization Should Have

IT-securityIt’s not a question of if your business is at risk for a cyber attack. But when. IT security should be at the top of every business’s priorities, and rigorous attention and multiple facets of protection are essential.

Hackers and cyber terrorists are smart and growing smarter. They have access to ever improving technology. While you’re sitting and reading this post, they are probably actively looking for ways to get and exploit sensitive information.

And if you think only big businesses are at risk, then think again.

As we wrote in an earlier blog post, more and more small- to medium-size businesses are falling victim to cyber attacks, often due to the perception of laxer security measures. In the same post, we mentioned that cyber victims may not even be aware of security leaks for months or even years after they happen.

Of course, sometimes a business knows immediately when it has been the victim of an attack. A malicious attack can immediately cripple a network, and the business may even receive ransomware demands—blocking access to data, and possibly deleting or publishing it, until money is paid. But there is no guarantee the payment of a ransom will discourage future attacks; often it encourages them.

So how do you protect your business, and your customers? Here are four layers of protection you should implement immediately, if you haven’t already.

  1. Incorporate artificial intelligence-based security

Endpoint protection is the most common form of security—arming work stations and electronic devices with programs that block or root out malware. We’re all familiar with standard anti-virus software programs, but they are hardly enough to fight off today’s attacks.

Older systems rely principally on signature-based security—software that checks programs against a list of known malicious files, or the signatures of those files within programs. But that form of protection is ineffective against new malware strains, or encrypted ones.

Artificial intelligence-based security works differently. Rather than limiting analyses to specific codes, these programs identify techniques and patterns often associated with malware. They analyze both good and bad software, figuring out what factors, or combinations of factors, are associated with each. The program then calibrates the probability that something could be harmful before accepting it. The more software and malware it examines, the smarter the security system gets. For example, a program that starts encrypting files without notifying the user could be identified as malicious.

But as this article from Forbes explains, analyzing the necessary amount of data to make such decisions would be overwhelming for an IT team; however, “With machine learning, [a] mountain of data could be whittled down in a fraction of the time, helping organizations quickly identify and then mitigate a security incident. Artificial intelligence could be a game-changer for security teams.”

  1. Ensure strong email security

Email is a common entry point for malware, spam and phishing attacks. Deceptive messages can entice recipients to divulge sensitive information, open attachments, or click on hyperlinks that install malware on the victim’s device.

A strong email security system is important which can quarantine dubious emails while letting safer ones through. The best security systems will examine the origin of the email, and analyze its attachments. Tighter security systems often implement email authentication policies, only allowing emails from approved sources.

There are many practical strategies businesses can create to prevent email entry of malware. According to digitalguardian.com, these include:

  • Educating employees of email security risks
  • Requiring employees to use strong email passwords
  • Utilizing email encryption
  • Insist on best practices for BYOD
  • Implement scanners and other tools to scan messages and block emails containing malware or other malicious files before they reach your end user
  1. Limit web access to halt Command and Control

Command and Control capability is a critical component of most malware.

For example, let’s say a user searches online for information, and stumbles on a website embedded with small, malicious files. These files reach out to a central server, which then sends malicious commands to a network of compromised computers. These computers can number in the thousands, their malware lying dormant, hidden, waiting to be activated.

These infected computers, each known as a ‘botnet’ (a combination of the words robot and network) can then launch a concerted, organized and overwhelming attack. Botnet attacks are difficult to defend against using traditional security solutions, and can cause considerable, sometimes irreversible damage.

The best defense? Avoid the infection from happening. Software systems can block user access to different websites or even entire website categories. The same systems can also block links.

  1. Have sufficient and timely back-up protection

Once you’ve been hit by a cyber security breach, avoiding damage and removing it from your system can be costly and even impossible. In the end, your best security may be only as good as your last, best back up. For example, rather than paying ransomware, a better option is to restore your blocked information.

Don’t have a back-up plan in place? What are you waiting for? As outlined in our two part blog post on the benefits of the Cloud (Part 1 and Part 2),

Cloud computing offers easier access to files from any location, seamless integration with existing systems, and also superior back-up opportunities and security protocols. Electronic devices can be backed up regardless of where they are located and who is using them, and can rapidly restore a compromised network.

Ramp up your own IT security

Rooting out malware and keeping your system protected isn’t always easy, and getting rid of it can be expensive. But SinglePath can help you get and stay protected, with an IT security bundle that falls within your budget. We work with small- to mid-size businesses like yours, and make sure the size of your budget doesn’t compromise the size of your security. We’ll create a multifaceted, layered approach that will leave you safe from most attacks.

At Single Path we can provide comprehensive IT security, from managed firewalls to data loss prevention threat solutions to risk assessment. We’re a true collaborative partner that can provide expert advice, ongoing analysis of your needs and support. For your IT security needs and beyond, Single Path is ready to serve … and protect.

Ask us how to get started!