A Cybersecurity Plan Is NOT Optional – No Matter What Size Your Organization Is!

/in , , /by

In 2016, cybercrime was on the rise, and within the past 5 years, the main targets have become smaller organizations.

As organizations attempt to educate themselves on this evolving threat, computer hackers are hard at work looking for new vulnerabilities to exploit. IT professionals and business owners need to keep track of ongoing trends in cybercrime and cybersecurity. Although most data breaches that reach the headlines are large organizations, don’t be fooled – small and medium business (SMBs) face a high level of risk.

Mitigating your risk is an important strategy and now is the time to begin planning for the year ahead.

All equipment must require login with a complex password or pass-phrase. Ideally, each of your passwords would be at least 12 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces. The password would be free of repetition, dictionary words, usernames, pronouns, IDs, and any other predefined number or letter sequences.

All potential points-of-entry should be protected and have detection capabilities. Cyber criminals work digitally — through viruses, spyware, malware, etc. – to extract information without ever physically entering your office. Bryley Systems provides a multi-layer, multi-point of entry approach to protecting our customers’ data.  This approach provides multiple layers of both hardware (network and web access) and software (anti-virus and anti-spyware) protection which are constantly updated.

Security logs should be monitored to detect threats and achieve compliance. Organizations are under constant pressure to protect data and crucial IT equipment. Monitoring logs is a critical component of a security strategy and a requirement for regulations such as PCI DSS, GLBA, HIPAA, SOX and others.

When putting together a cybersecurity plan, it is important to use these guidelines:

Identify. You need to know exactly what you have that is worth protecting. This identification step should include transmitted and stored data, networks, all endpoint devices, machines, users, and systems. Once all assets have been identified, you should perform a security assessment to locate each potential weak link within the assets you have identified.

Security Assessment. A security assessment will give you a clear view of your current weaknesses, potential points of entry for hackers, and the strength of your current security measures.  Computer security is an ever-changing world. Utilizing a layered approach is the best defense against cybercrime. Every organization, regardless of size, should continually manage, evaluate, and update their security infrastructure to lessen the threat of a cyberattack.

Protect. Once you understand what you need to protect, you can take immediate steps to secure those items. Protection involves a variety of measures, including implementing authentication and applying patches and updates to all equipment and software. Some assets may require upgraded technology to achieve the necessary security standard.

Detect. After you have put security measures in place, the next step is to implement the technology to monitor your environment for threats, such as firewall intrusion, distributed denial of service (DDoS), and ransomware attacks.

Respond. There is a saying in the cybersecurity community: “It is not a matter of whether your organization will experience a cyberattack. It is a matter of when.” No matter how good your cybersecurity plan is, you may still experience a threat or a breach. Therefore, it is crucial for your organization, or a designated third party, to decide how to respond to each type of threat. For example, your security tools may handle a threat automatically in one instance, but require a technician’s response in a different type of situation.

Recover. If your organization does experience a breach, you will want to have a recovery plan in place. The plan should spell out what actions should be taken, what tools should be used, and which person or partner will be responsible for recovering data, systems, and applications.

If you would like to improve your 2017 cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Bryley Basics: Working with Webroot

/in , , , /by

Greg Livingstone (Engineer) and Gavin Livingstone (President), Bryley Systems Inc.

Webroot1 is a cybersecurity firm with “…leadership in developing next-generation approaches to prevent attacks, and a proven technology base that spans millions.”2

Webroot’s SecureAnywhere® Nex-Gen Endpoint Security (NGES) is a small-footprint (<1Mb) agent with Cloud-based threat intelligence designed to deliver advanced, next-generation, endpoint security. Webroot NGES offers these advantages:

  • Detection – Behavior-based, predictive/proactive detection
  • Management – Minimal impact with no signature updates
  • Protection – Collective protection among Secured EndPoints
  • Remediation – New threats are journaled to facilitate rollback
  • Threat Intelligence – Machine learning

With its innovative, predictive capabilities, it is becoming the standard end-point protection application of many IT-service providers, including Bryley Systems.

Webroot basics

When Webroot is deployed, this Webroot icon webroot-logo displays on the bottom-right taskbar. Right-clicking on the Webroot icon exposes these options:

  • Scan now – Perform a malware scan
  • Open – Open the SecureAnywhere console
  • Help and support – Show the online help site
  • About – Display the current Webroot version
  • Refresh configuration – Refresh Webroot version*
  • Save a Scan Log – Save scan results to a log file
  • Shutdown Protection – Disable Webroot

scan-now

 

*Refreshing the configuration uploads the current profile, resulting in this message:

secure-anywhere-prompt

Webroot SecureAnywhere console

Selecting Open displays the Webroot SecureAnywhere console, which may also appear in the bottom, right-hand corner during scans. The SecureAnywhere console displays current protection information.

secure-anywhere-icon

Webroot Browsing Security

Webroot SecureAnywhere includes BrightCloud® Threat Intelligence, an add-in for Chrome, Firefox, and Internet Explorer to warn against unsafe browsing.

When enabled, BrightCloud shows the following Reputation icons prefixed to web sites. Hovering over the icon will display a risk statement:

trustworthy Reputation: TRUSTWORTHY – When visiting this website there is a very low probability that you will be exposed to malicious links or payloads.

low-risk Reputation: LOW RISK – When visiting this website there is a low probability that you will be exposed to malicious links or payloads.

moderate Reputation: MODERATE RISK – When visiting this website there is some probability that you will be exposed to malicious links or payloads.

suspicious Reputation: SUSPICIOUS – When visiting this website there is higher than average probability that you will be exposed to malicious links/payloads.

high-risk Reputation: HIGH RISK – This website is a “Malware Site”; there is a high probability that you will be exposed to malicious links or payloads.

These icons are displayed on your Internet browser pages and define the risk associated with clicking on a particular site.

webpage-image

By default, HIGH RISK sites are blocked with the following pop-up.

high-risk-icon

REFERENCES

1Wikipedia history of Webroot.

2Please see the 2015 Frost and Sullivan review WebRoot Smarter CyberSecurity.

Beware! Fake Update Request from Firefox Is a Virus!

/in , , , , /by

By Michelle Denio, Technical Support Supervisor, Bryley Systems

Thanks to a vigilant Bryley Systems client, we can now alert you to a new malware threat.
A Bryley client submitted a service ticket about a Firefox update on his home computer. I was immediately suspicious because the supposed update had come through as a java script file type (.JS), instead of an executable (.exe). Luckily Outlook had blocked the attachment and our client, who was cautious, did exactly what he was supposed to do. He brought it to our attention!

While it appeared to come from Firefox, our research easily determined that this update request is fake and is in fact a virus.

Here are the two links I found on Mozilla:
https://support.mozilla.org/en-US/kb/i-found-fake-firefox-update
https://support.mozilla.org/en-US/questions/1137056

Below is what the fake request looks like. I’ve underlined and circled the source of the update request so you can see that it did not actually come from Firefox. Looking at the source is one of the first steps you should always take when you’re unsure about the validity of an email or a pop-up message. Had our client clicked on the Download, this hacker would have been able to install malware on our client’s computer.

Be Aware! How to Spot Phishing Emails

/in , , /by

Phishing emails are malicious emails sent by criminals attempting to compromise your personal information. They often appear to be legitimate. So beware!

Most phishing emails are disguised as messages from an authoritative entity asking you to visit a website and enter personal information. These websites are set up to gather personal details, which they can then use to hack into your accounts and commit fraud. Some links and attachments in these emails contain malicious software, known as malware, which will install itself on your computer. Malware then collects data such as usernames and passwords.

If you recognize these emails, delete them immediately. Even technically savvy individuals can fall prey to such malicious activity. Being able to recognize these emails will lessen your chances of being compromised. Here are a few tips:

  1. Email Address. This is the first thing you should look at. Criminals use two tricks when crafting email addresses. First, they’ll put a real company’s name before the “@“sign to make it look credible. Second, they’ll use a web address similar to the genuine one. Scammers will craft phishing email addresses almost (but not exactly) identical to the real addresses. Check these emails carefully to make sure they are exactly the same as the real web address.
  2. Generic Greetings. Being cautious of emails with generic greetings such as “Dear Valued Customer” or “Dear Valued Employee”. Look for poor spelling, punctuation or grammar. Scammers will go to great lengths to make their phishing emails look authentic. They’ll use an actual company logo and even the names of people who are employed at the company.
  3. Links. If a link appears within the email, hover your cursor over the link to view the underlying address. Check to see where it would take you if you were to click on the link.
  4. Sense of Urgency. Phishing emails may use phrases such as “act quickly” to create a sense of urgency in order to lure their targets in. These scammers may make you feel as if you’re missing out on something. They want to pique your curiosity or exploit your fear to push you into an instant response.
  5. Name. Look to see whose name is at the end of the email. If it’s from a person, is their name in the email address and does the email address appear valid?

These types of emails are just generic emails which are sent out to large groups of people, knowing that it only takes a few people to click to make the effort worthwhile to the scammers.

Spear Phishing. Criminals who target specific individuals use what is called “spear phishing.” Spear Phishing emails are even more sophisticated than your run-of-the-mill phishing emails, often using personal information obtained from social media pages to make the emails appear credible. These cyber criminals might use your name or tailor the email to reflect your hobbies, interests, where you live or events that are happening locally. They may even make the email look as if it came from the organization you work for. People are sometimes targeted because of their position within the company or because they have access to sensitive data.

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Read this case study about a particularly vicious attack that Bryley remediated.

Cybersecurity – How to Avoid Being the Next Headline

/in , , /by

Understanding cybersecurity is not simple. When we read about a security breach it’s typically caused by an action, or failed security practice of an employee within an organization. No matter the size of the breach, it’s bad press. Data breaches surface daily and these incidents are growing in frequency, size and cost.

It is often more difficult for smaller organizations to maintain security themselves due to lack of resources or even lack of awareness. Small businesses have increasingly become easy targets. In fact, most cyber-attacks occur at companies with fewer than 100 employees. The best way to prevent such breaches is to become better educated and to follow best practices.

  1. Understand the risks. Having a basic understanding of the most common threats is key; everything from phishing, malware, spoofing, systems hacking, social engineering. It’s all bad, and it’s all a threat.
  2. Have a security policy in place that employees understand. Employees are the gatekeepers of your organizations information, so they should be the first layer of defense. Educate all employees about safe practices. Be sure everyone uses complex passwords and make sure personal and confidential information is not easily exposed. Keeping such documentation under virtual lock and key can go a long way to protect confidential information from getting in the hands of the wrong person.
  3. Keep your anti-virus/anti-spam software or other security applications up-to-date. This will help guard against the latest threats and secure your infrastructure.
  4. Verify! Verifying financial requests and confirming details via phone is more secure than email. This practice should be applied to your vendors, clients, and employees.
  5. Practice an incident response plan. Having employees who know what to do in the event of a security breach is the best protection and preparedness you can have. Hackers are often one step ahead of you, but collective accountability is critical.

Having a baseline understanding of your current environment and vulnerabilities is the first step toward building a wall of defense to reduce risk.

Please see the June 2015 edition of Bryley Information and Tips (BITs) for our IT security cheat-sheet.

For more information about ways to defend your company against a cyber-attack, or to inquire about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

What Does a Virtual CTO Do for Your Company?

/in , , /by

By A. Baker, Inside Sales Specialist

Virtual CTO = Trusted Advisor = An Essential IT Service!

Technology advances are continually changing. Is your business leveraging these changes to deliver a true competitive advantage?

While the position of CTO (Chief Technology Officer) is a key role for any business, not every organization warrants a full-time person in this position. Many smaller businesses, from a cost perspective, may not employ a full-time CTO because the question they ask is “can our business afford this overhead?”

Small to midsized organizations compete with much larger , well financed companies. However, they may lack the internal resources, especially when it comes to technology management, required to be competitive.

At Bryley Systems, we believe that SMBs (Small and Midsized Businesses) are the backbone of our economy and our prosperity. And although it’s common for SMB employees to wear multiple hats, many wouldn’t be comfortable leading the technology operations. Bryley Systems has created a way for SMBs to adopt a CTO into their organization without the associated overhead cost and responsibilities normally associated with that role.

A Virtual CTO from Bryley will bridge the gap between the business vision and the more technical decisions needed to be made to support those goals. Bryley has a 30-year proven track record across many business sectors. We’re able to communicate in a language that is easily understandable to ensure that our clients can access the technology required for critical business initiatives.

Bryley’s services are at the forefront of technology and are backed by solid experience. Our tailored offerings are focused from client to client, depending upon their IT needs and business planning. Objectives are achieved, risks are managed appropriately, and the organization’s resources are used responsibly, particularly in the areas of computers, office networks, Cloud selections, software selection, and Wide Area Networks.

The cost effective solution to your CTO dilemma, one that addresses the importance of having a CTO without the overhead, is our virtual CTO . Our technology experts are available to you at all times, at an affordable cost, tailored to your specific environment.

Our Virtual CTO will:

  • Enable you to make informed technology decisions and efficiently manage technology within your organization.
  • Bring expert advice to bear on all your technology requirements and ensure proper documentation of all business processes.
  • Ensure a high return on investments (ROI) for all your technology investments.
  • Save on opportunity costs by managing all your technology issues and enabling you to focus on your business.
  • Audit all aspects of technology and ensure your peace of mind.
  • Manage all your IT vendor relationships and negotiate with vendors for all your technology purchases.
  • And much more.

Have the best of both worlds – strategic IT insight and tailored professional advice with an affordable financial commitment.

For more information about the Virtual CTO and Bryley’s full array of Managed IT Services, please contact us at 978-562-6077 or by email at ITExperts@Bryley.com. We’re here for you.

 

Where the Malware Hides – (It’s not where you think!)

/in /by

5 tips for avoiding those nasty hackers.

Even the savviest of technology users have fallen victim to accidentally getting malware on their computer.  The typical sequence of events goes as follows: The user comes in with PC in hand, lugging all of their computer media with their heads down in shame and wonderment. “How did this happen?” “I don’t go on any bad websites!” They always want me to be well aware that they didn’t go on any “bad websites.”  The obvious culprits are adult content, pharmaceuticals, and/or gambling sites. But malware can hide in otherwise benign websites, too.  A hacker’s goal is to cover large ground with popular websites that have low security. They do this by targeting top visited sites, continually disguising their malware to look like legitimate downloads, and improving these methods by trial and error.

Here are 5 otherwise benign websites, where malware may be hiding:

1. Celebrity Gossip Websites

Some of the most popular search terms have to do with celebrity news.  Intel has put together a list of the top ten most dangerous celebs to search online.  Are your employees searching these celebrities online at work?

2. Movie/Music Downloads i.e. Torrents.

Torrent movie/music downloads are different than iTunes or other paid downloads.  Basically, torrents are free files containing movies, music and sometimes software that has been shared in a peer-to-peer network.  These files are typically pirated and/or infringe upon intellectual property rights.   This is an unmonitored forum, so some files may be disguised as the latest movie, when in fact they are malware downloads.

3. Fake Software Downloads/Updates

Have you ever gotten a pop-up from a reputable antivirus company that is NOT installed on your PC that says “You have x number of viruses.  Click here to clean up.” Or perhaps you’ve seen a no name search engine toolbar that snuck in during another software install.  These are malware downloads disguised as legitimate downloads. The best way to safeguard yourself from these fake software downloads is to just go to the direct website and grab the download yourself. Any website can display fake software downloads/updates.

4. Social Media

One out of five businesses are infected by Malware through Social Media.  Malware can come in a multitude of ways through social media via ads, messages or hyperlinks in posts.  Anything with a hyperlink can be malware or can lead you to download malware.  Hackers love Twitter because it shortens URLs, so the new shortened URL does not reveal any information as to where the hyperlink will take you. Almost everyone is on some type of social media; even your grandparents are on Facebook these days.  Social Media’s popularity is the reason why malware breeds and thrives on these sites.

5. Online Storage

Not all online storage solutions are created equal, but all are susceptible to getting malware attacks.  If the endpoint, i.e. pc and/or laptop, gets malware, and an online storage solution is mapped to that endpoint, then your online storage can also be compromised.  Other more malicious infiltration methods include hackers who crack passwords, access your data, and use your data against you either through sharing or ransomware, in which case they will literally hold your data hostage for a fee.  Some solutions include setting complex passwords, changing those passwords often, installing a reliable backup system and replicating your data.  Also, make sure to log out and don’t save passwords if you are accessing your data on a public computer.

Preventing yourself or your employees from accessing these sites can be close to impossible.  Bryley Systems does offer Secure Network, a managed security service that can deter these malware attacks from occurring and will manage the entire process!  For details, please call 978.562.6077 or email BusinessDevelopment@Bryley.com.

Do I need Cyber Liability Insurance?

/in , , /by

Gavin Livingstone, President, and Mike Carlson, CTO at Bryley Systems Inc. with Bill Percuoco, Sales Executive at DF Murphy Insurance Agency, Inc.

In general, Bryley retains business insurance to address all areas of significant risk; we ensure that we have sufficient coverage for all big-event issues, while usually requesting the greatest deductible possible.  Cyber Liability Insurance is high on our list of must-have coverage; both for ourselves, and for our clients.

Cyber Liability Insurance is designed to protect consumers of technology services or products.1  It provides coverage for data breaches, known or even undiscovered, and is a risk-transfer option designed to address some of the costs of mandatory notification (required within the Commonwealth of Massachusetts and 45 other states) and to deal with the remedial aspects of a data breach.2

Coverage typically includes:

  • Data breach/crisis management costs – Reporting and managing an incident, including remediation
  • Network security liability – Third-party damages due to denial of access
  • Multimedia liability costs – Restitution for defacement of website(s)
  • Extortion liability costs – Losses due to extortion attempts

Organizations that process credit cards are at risk; more so if they store credit-card information on their network.  In addition to credit-card information, a data breach that discloses other types of personal information can introduce extensive liability:

  • Employee information is a risk for any employer.
  • Information collected and retained from medical applications may include confidential medical and/or personal data.

While non-Fortune-5000 organizations are unlikely to be specifically targeted for their data, many of these attacks are broadly distributed, often via forged emails sent to thousands of people.  The attackers gather data from successful attacks and then determine if it is of any use to them.

Another targeted area could be your public presence – web site, Facebook/Twitter, etc.  This is more of an embarrassment than a financial liability, but restoring the web site and regaining access to hacked social-media accounts and the like does have a cost.

Bill Percuoco of the DF Murphy Insurance Agency, Inc. (our insurer), notes that they have recently seen several claims stemming from social engineering where a criminal has tricked an individual into transferring money.  (Social engineering is the psychological manipulation of someone to reveal confidential information or perform a desired action.3)

Due to supporting the technology of our clients, Bryley Systems remains extremely diligent; in addition to our security measures and internal controls, processes, and policies, we have had Cyber Liability Insurance for many years.  Our premiums are based on annual sales, factored by industry, services, policies, security, and risk-exposure; we are likely at the high end since we protect other organizations.

We believe that it is far less expensive to purchase Cyber Liability Insurance coverage than it is to face these situations without sufficient resources.  To that end, we recommend Cyber Liability Insurance to our clients and to all organizations using online technology, particularly those that accept credit cards and/or use online financial, medical, or employee-oriented applications.

1Please see Data breach and cyber liability:  Real risks in a virtual world in the blog at DF Murphy Insurance Agency, Inc. from May 11, 2015.

2Please see Understanding Cyber Liability Insurance from Trusted Choice® Independent Insurance Agents.

3Please see Social Engineering in Wikipedia, the free encyclopedia.

Bryley Basics: Critical steps before opening an unknown attachment or a link

/in , /by

Since Ransomware and other malware often travel as attachments or web-links, Anna Darlagiannis, Manager of Client Relationships, offers these tips:

1. Don’t open an email or attachment or click on a link within an email if you don’t know who sent it to you….period!

2. Check and see who the email was actually sent to.

If the email was sent to a distribution list, then be especially vigilant before opening it.  For example, hackers can assume that a company’s accounts payable distribution email address is accountspayable@companydomain.com or any other variations such as AP@companydomain.com or accounts-payable@companydomain.com.  Hackers recognize that accounts payable departments anticipate attachments marked “invoice” or “PO” or other related keyword(s) and will name the attachment accordingly.  Furthermore, distribution lists are typically posted on a company’s website making these email addresses public knowledge and easy targets.

Tip:  Setup rules within Outlook to have emails that are sent to a distribution list automatically move into a specified folder(s).  This will make it easier to know exactly what email address was used to send you the email.

NOTE:  It is NOT safe to assume that all email attachments and/or links sent to your personal email address are safe to open.

3. Check who sent you the email.

Hackers can spoof a name, but they can’t spoof an email address.  The email may be marked with a familiar name, prompting you to open the email and/or attachment/link, but if you pay close attention to the actual email address, you may be surprised.  (Unfamiliar email addresses should never be opened.)  For example, your boss’s name is John Smith and his email address is JSmith@companydomain.com.  You receive an email that is marked “From: John Smith” and assume this came from your boss.  You go to open the email and find an attachment.  At this point, you must also look at the actual email address before opening the attachment.  If the email address isn’t JSmith@companydomain.com, then delete it and/or block the domain with your SPAM filter immediately and make everyone in the organization aware of what is going on.

If the email address is correct, but the attachment/link/signature/way that the person writes an email looks suspicious, be cautious, call the person that sent you the email (do not email in case the email address is compromised) and ask if what they sent you was in fact legitimate.

4. Scan the attachment with your anti-virus program before opening.

Take the attachment from the email and drag it to your desktop.  From there, right click on the attachment and then scan it using your anti-virus program.  Be sure to update the anti-virus program prior to scanning it, to ensure that you have the latest updates applied to the anti-virus program.

Unfortunately, this approach isn’t full proof.  An anti-virus program may not recognize all viruses, especially if they are newly created viruses.

My final words on Ransomware (at least until next month)

/in , /by

Gavin Livingstone, Bryley Systems Inc.

Ransomware continues to grow at a rapid pace:

  • The FBI received over 2,400 Ransomware complaints in 2015
  • There was a 30% increase in Ransomware cases in Q1-20161
  • Ransomware infections in April 2016 more than doubled2

The most-popular variants and their distribution methods:

  • CryptoWall – Distributed through ZIP attachments on email files
  • Locky – Spreads through MS Office macros or JavaScript files
  • Samas – Propagates on vulnerable web servers

Why it is so attractive to cyber-criminals:

  • There is a direct path to immediate payment from the recipient (versus other, riskier, cyber-crime methods that require selling something, i.e.: credit-card information, to unknown parties that might be law enforcement)
  • It is easily spread through phishing (and now, vulnerable web servers)
  • The technology is constantly improving
  • Anyone and everyone is a target

The impact3:

  • Temporary or permanent loss of sensitive files and information
  • Significant disruption to daily operations during recovery
  • Financial impact to restore (or re-enter) encrypted files
  • Possible harm to the organization’s reputation

A few of the best defenses:

  • Backup your files at least daily and store these backups at a remote location3
  • Keep anti-virus/anti-malware software and operating systems up-to-date
  • Do not click on Web-links on an email or a website
  • Whitelist desired applications; blacklist all others
  • Restrict end-user access and permissions

1Please see “Q1 2016 saw a Record High for Ransomware” by Larry Loeb of Security Intelligence on May 24, 2016.

2Please visit “April 2016 was the Worst Month for Ransomware on Record in the US” by GoldSparrow in Computer Security articles at Enigma Software.

3Go to “Ransomware and Recent Variants” published by the US Computer Emergency Readiness Team (US-CERT) on March 31, 2016.

4Visit “More Ransomware – Jeez I’m getting sick of this topic!” in the May 2016 edition of Bryley Information and Tips (BITs).