Do you know those horror stories you catch every so often where a huge business has their network hacked and millions of their customers and employees have their personal and financial information leaked onto the Dark Web? Your organization isn't likely as big as theirs, but regardless of how much money, people, and diverse revenue streams an organization has, having its network breached and its customers’, or its employees’, information strewn about over the Dark Web is not an ideal scenario. 

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

How Do These Threats Work?

These attacks work similarly to how a phishing attack or a spoofed email would, as a user is promised one thing but winds up receiving something very different. While a malicious application may perform the task it claims to, it also may redirect the user to a phishing website or ad (making the cybercriminal some money) or simply steal some of the user’s information, like their birthday or email address.

Defining VPN

The virtual private network is a tool designed specifically to protect data as it is transferred over the Internet. The best way to describe it is as an encrypted tunnel that protects the interception of data that is being sent from one place to another. 

Data Backup and Recovery

Data backup is a critical process that every business that depends on their IT needs to have. If data is the lifeblood of your business, then you need to protect it. Your business most assuredly has data that, if lost, would put you back. Why risk it when a solution for this problem is a simple fix? You need data backup.

The User Experience and How Security Fits

Let’s face it, the majority of Internet consumers have no idea about data security until something terrible happens. Until they get malware, or get their identity stolen, or their accounts hacked, they assume that there is enough built-in security to facilitate any behavior online. This is not ideal, obviously, but there are a small number of people, around 29 percent, that have enough security awareness to avoid certain websites. 

October saw five vulnerabilities patched in Chrome, with two of those vulnerabilities being classified as zero-day threats. A zero-day threat is an attack that is already being used by cybercriminals by the time security researchers identify it. With the head start that the zero-day threat gives them, these cybercriminals have a dangerous advantage.

What is Smishing?

When cybercriminals use phishing scams, they aren’t using advanced technologies to crack their target’s digital defenses. Instead, they hack users by exploiting the assumptions, bad habits, and ignorance of the target to get them to release sensitive information.

Attackers circumvent cybersecurity measures by sending messages purporting to be from an authority figure or trusted contact, thereby convincing the user to undermine their protection. A notorious example of phishing is the email from the persecuted royal family, known as the "Nigerian Prince scam."

How to Approach Your IT Spending

When determining an IT budget, perspective is an important part of the process. It can be tempting to view your IT as just another cost of doing business, but it really is more than that. Your technology (and the state it is in) has a major effect on how your business runs. If it is lacking, other things will as well. In some cases, employee morale will suffer, your productivity will slow, and your incoming cash flow will falter.

To begin, let’s examine the data that we currently have available, courtesy of Statista: in 2019, there were a total of 1,473 data breaches recorded. The first half of 2020 saw 540 breaches reported. Crunching the numbers, these 33 percent fewer breaches have impacted what other sources assert to be 66 percent fewer people.

Your Main Hospital Wireless Network Needs to be Locked Down

First of all, your main office Wi-Fi cannot be used for guest access. The same network that your computers, tablets, laptops, and other equipment run on needs to be completely segregated from the rest of the traffic and secure. This might be pretty obvious for most healthcare professionals, especially those who have an understanding of HIPAA compliance, but it’s worth mentioning because it poses such a huge security risk (and breaks compliance).

Let’s discuss what this signifies, and how this may shape how users authenticate themselves in the future.

Defining CAPTCHA

Short for Completely Automated Public Turing Test to tell Computers and Humans Apart, CAPTCHA has long been the standard tool used by Google to prevent automated spam from polluting the Internet by requiring (in theory) a human being to interact with content in some way before allowing access or a task to successfully be completed.

Strategy #1 - Know the Value of Your Assets

By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses. 

What’s the Exploit and Who Does It Affect?

The vulnerability in the CISA’s emergency directive affects all supported Windows Server operating systems. It’s been named Zerologon, and If left unpatched, it could allow an unauthenticated threat actor to gain access to a domain controller and completely compromise your network’s Active Directory services. The vulnerability gets its name because all the hacker has to do is send a series of Netlogon messages with the input fields filled with zeroes to gain access. 

What Exactly is Passwordless Authentication?

Instead of using passwords, you would effectively verify your identity through alternative means such as a verification app, a predefined security token, or even biometric information. These forms of authentication aren’t exactly new--most smartphones have a biometric authentication system onboard--but now they are beginning to become the predominant way that IT administrators set up their authentication systems. 

Tesla’s Near-Sabotage

In August 2020, a Russian businessman was indicted on charges of conspiracy to intentionally cause damage to a protected computer after he attempted to recruit a current Tesla employee to install malicious software on the automaker’s Gigafactory network. 

Healthcare

We’ll start with healthcare, as it is the most prevalent. Healthcare data is protected, and that protection is regulated, and all for good reason. This information is the most personal information an individual has and it has no business being in possession of anyone but the provider, the insurer, and the patient. The most well-known regulation for healthcare in the United States is called the Health Insurance Portability and Accountability Act (HIPAA). It was developed to keep personal health data and personally identifiable information (PII) secure. This was necessary as there have been new systems implemented to transfer health and insurance information between healthcare providers and insurers. 

Getting Employees to Identify Threats

The average employee comes to work and produces. This isn’t a problem until their lack of awareness of other matters hurts the company. Often met with “that isn’t my job”, it has to be explained that security concerns are a part of their job. Employees often can’t see how it is their responsibility, but since 90 percent of data breaches happen because of user negligence, it has to be explained that it could put the entire business in peril. Their cybersecurity efforts can literally save their jobs. 

#1: Is security a priority when we build processes?

Your business has a way that it does what it does. Are those processes created with both physical security and cybersecurity in mind? The amount of threats your business is subject to is literally innumerable. Each day new threats are created and used to try and steal money and data from businesses just like yours. When building your business’ processes, the first consideration that isn’t “can I make money this way” has to be about how to secure your business from outside threats.

Let’s go over how you can review how much of your data these Chrome extensions can access, and how you can adjust these permissions more to your liking.

Fair warning: This will naturally require you to change a few settings, so don’t be afraid to reach out to your IT provider to confirm these changes are okay to make and for assistance in doing so.