Archive for Security

97,000 Cybersecurity Threats Reported to the Government Last Year, More to Come

cyber_security_dhs_priority_400.jpgArguably one of the most imperative assets for any government is an IT infrastructure, and in 2015, the U.S. government is realizing that security breaches are some of the most dangerous cyber threats to watch out for. As evidenced by the U.S. Department of Homeland Security, IT security is just as important as other matters of national security.

As reported by ZDNet, Jeh C. Johnson, Secretary of the U.S. Department of Homeland Security admitted at the annual RSA Conference that cyber security measures are currently high priority, despite not necessarily having the talent to fill this important deficit. 2015 will be the year where cyber security becomes just as important to homeland security as economics or defending the borders.

At the conference, Johnson discussed the details of their plan to jumpstart the government’s IT security infrastructure, which included an explanation of the National Cybersecurity & Communications Integration Center (NCCIC, also known as N-KICK). Johnson believes this center will be integral toward integrating a direct communications outlet between the masses and Homeland Security, which will allow citizens to report security threats directly. In fact, in 2014, the center received around 97,000 security discrepancy reports from private sector firms, and a team works around the clock to resolve them as efficiently as possible.

To no surprise, this is the next step toward increasing national security, especially considering how inundated our society is by technology. In light of the Internet of Things, more devices are connecting to the Internet than ever before, which puts more networks at risk that aren’t prepared to deal with them. Furthermore, hackers are using more sophisticated methods, like spear phishing, to facilitate attacks that are more difficult to protect from. These measures take advantage of the weakness of the human mind, making them more difficult to predict than the garden-variety malware hack.

With even the U.S. government taking cybersecurity more seriously, it should be fair to suggest that it’s more important now than ever that you take responsibility for your business’s network security. There are a variety of threats out there waiting to take advantage of any and all vulnerabilities you provide them with; and if you’re unsure about your security strategy, you can bet that hackers won’t think twice about trying to hack you out of house and home.

We also understand that not all small or medium-sized businesses have the budget to allow for an enterprise-level security solution. That’s why Total Networks makes our Unified Threat Management (UTM) solution affordable and readily available for the SMB. It brings comprehensive security measures that larger businesses enjoy, directly to you in a simple manageable fashion. Give us a call at (602)412-5025 to learn more.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

Block People from Your Network that Have No Business Being There

b2ap3_thumbnail_network_security_400.jpgWhen a company is lax about their network security, this can lead to countless threats swarming the network and invading your systems. Yet, sometimes the most dangerous threats come from within. A common issue comes from employees accessing undisclosed files unintentionally and deleting them, which can cause more damage than you think.

Take, for instance, the food industry. There are several integral employees that a fast food restaurant employs. There are cashiers, managers, and food prep team members. The cashiers require access to the cash registers. The managers require access so they can count the drawers and record the day’s profits. The average food prep employee, though, doesn’t need to access the cash drawers. Therefore, they have no reason to do so.

This is how the principle of least privilege operates. It’s the act of limiting access to crucial assets in an attempt to expose them to the least amount of potential threats. This includes making sure that users only access files that are absolutely required for their position. This entails setting up additional security features that limit which user accesses what files. Depending on the solution, it could be anything from a simple process, like user filtering, to an external program or piece of hardware which restricts access to certain information.

Limiting user privileges on workstations is also a common best practice in the industry. For example, the average user doesn’t need to run programs with administrator privileges in order to function properly. Instead, reserve these rights for only those who need to do so, like your management staff and your internal IT department.

The main reason to limit access to particular data isn’t because you don’t trust your employees. It’s more about restricting access and mitigating risk factors than anything else. The fewer users who have permission to view the confidential data, the lower the chance that security discrepancies can arise. It should be mentioned, however, that no security measure can keep all threats at bay. This is why it’s important to practice maximum caution and take preventative measures to limit the damage that can be done by hacking attacks.

Total Networks has the ability to restrict access to certain parts of your network on a user basis. We can monitor and maintain your network for any suspicious activity, as well as take detailed audits of login attempts, network traffic, and more.

More often than not, even a comprehensive solution like this isn’t enough to keep your business’s network secure. Even with minimal user permissions, threats have a way of worming themselves into your infrastructure when you least expect them to. One way to augment our monitoring services is with our Unified Threat Management (UTM) solution. This consists of most everything your business’s network security could ask for, including a firewall, enterprise-level antivirus, spam blocking, and content filtering services. You’ll be sure that you have the best security measures put in place for your business.

For more information and best practices concerning network security, give Total Networks a call at (602)412-5025.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

Winter is Coming: Dyre Wolf Malware Can Leave Your Bank Account Looking Stark

b2ap3_thumbnail_phishing_attack_400.jpgWith the critically-acclaimed television series, Game of Thrones returning to viewers this spring, it seems apt to discuss a manner of hacking attack called Dyre Wolf. This particular threat is just as fierce as its name implies, and can potentially cost businesses between $500,000 to $1.5 million per attack. It takes advantage of a multi-step phishing process, and your employees should understand how to avoid attacks like these.

The vulnerability was discovered last October, but John Kuhn, a senior threat researcher for IBM, reports that Dyre is following the recent trend of moving toward more sophisticated hacking measures. According to ZDNet, this threat takes advantage of the Dyre banking trojan to infiltrate infrastructures and make off with a hefty chunk of change. They accomplish this by taking advantage of social engineering tactics designed to dupe users into revealing important information about accounts.

Unlike other Trojans that go after individual bank accounts, Dyre Wolf is designed to tackle large organizations that accrue a lot of profits. This is why it’s important to train your team to identify and manage a phishing attack without falling victim to these social engineering threats. Dyre Wolf uses a seven-step process to pull off these expensive hacks:

  • Step 1: Spear Phishing Attacks. The employee will receive a phony email that houses the Upatre malware. This malware is designed to download the Dyre Trojan.
  • Step 2: Execution. The Upatre malware installs itself on the computer when opening an infected attachment.
  • Step 3: Communication. Upatre downloads Dyre onto the infected system.
  • Step 4: Watching and Waiting. Dyre observes the browsing behavior of the infected PC, waiting for the victim to visit one of several hundred banking websites. It then displays a message claiming that there’s an issue with the account, along with a fake support phone number.
  • Step 5: The Fake Phone Call. The user calls the fake number and is greeted by a human voice, rather than an automated one. The hacker then proceeds to gather sensitive information and credentials, unbeknownst to the user.
  • Step 6: The Wire Transfer. The criminal arranges for the money transfer using the stolen credentials.
  • Step 7: DDoS. While the money is being transferred, the targeted organization will experience a distributed denial of service attack. The concept behind this is that the victim’s institution will be too busy dealing with the downtime to realize that they’ve been robbed.

dyre wolf to do

Of course, at the heart of any social engineering hack, the root of the problem comes from employees not understanding how to respond to potential threats. Social engineering thrives off of the average employee not knowing how to counter it; therefore, the best way to take the fight to this new generation of sophisticated hackers is to ingrain best practices into the minds of your workers.

To this end, IBM suggests the following procedures:

  • Make sure that employees understand security best practices, and how to report suspicious behavior.
  • Perform practice mock exercises to get a feel for how well your employees identify sketchy attachments and email messages. These would be designed to simulate real criminal behavior, and as such, should be an effective means for helping you gather information.
  • Offer advanced security training that helps employees understand why they must be on the lookout for suspicious online behavior, and what they can do about it should they encounter it.
  • Train employees on how to respond to banking threats, and make sure they know that banks will never request sensitive information that could compromise your account.

These are just a few ways to handle phishing and social engineering scams. For more information on how you can protect your business from these kind of hacks, give Total Networks a call at (602)412-5025.

Continue Reading →

Posted in: Security

Leave a Comment (0) →

Tip of the Week: Revamp Your Password Policy with a Password Manager

b2ap3_thumbnail_password_security_400.jpgChanging your password is a pain. After you’ve gone several months with the same one, it can be difficult to remember your new password. Despite this, it’s always recommended that you change your passwords often. Unfortunately, when you change all of your passwords often, it’s even easier to forget them. Instead of using a post-it note on your monitor, you should instead try using a password manager.

passwordsFor those who aren’t entirely familiar with password managers, they are applications that can hold all of your login credentials in one secure location for later use. When you navigate your way to the login page of a site, the password manager automatically fills the forms with your credentials.This makes browsing the web much easier, and it makes remembering several complex passwords far more manageable.

For discussion’s sake, let’s take a look at one of the more popular consumer password managers: LastPass. It uses an interface designed for the end user to make dealing with passwords as simple as possible.

All you need to do is add an account’s information to the application, then enter the URL where the information applies. So long as the domain is correct, the credentials will fill in the forms. This way, password managers are capable of protecting you from potential phishing attacks utilizing fake domains that closely resemble those of secure sites. Once the credentials are entered, you can set whether or not you want to autofill the login boxes, as well as whether or not you want to integrate auto-login for the particular website.

Password Best Practices
Despite the immense security that password managers are capable of bringing to the table, you still want to be cautious; especially when it comes to your password manager’s password. It’s best to use a complex string of different characters, including numbers, symbols, and letters. If you’re having trouble coming up with a password, you can do one of two things: use an online password generator, or randomly hit a bunch of keys. You’ll probably get a similar result.

It should be mentioned that, according to ZDNet, some password managers can have trouble on mobile devices. This means that users have to manually use the software in order to get their desired credentials. This minor inconvenience is offset by the incredible efficiency that password managers provide.

There’s a big difference between consumer and enterprise-level password managers, so businesses want to make sure they’re using only the best of the bunch for their solution. These business-grade password managers make sure that employees don’t leave the company and take all of your passwords with them.

For more tips on how to take advantage of the latest security solutions, give Total Networks a call at (602)412-5025.

Continue Reading →

Posted in: Security

Leave a Comment (0) →
Page 1 of 14 12345...»
Facebook Auto Publish Powered By :