Technology Advisor Blog

Key Takeaways:  Verizon Data Breach Investigations Report

Posted by Ann Westerheim on 7/29/19 5:07 PM

DataBreachMeterEach year Verizon publishes the much-anticipated Data Breach Investigations Report (DBIR).  The report is built on real-world data from 41,686 security incidents and 2,013 data breaches provided by 73 data sources, both public and private entities, spanning 86 countries worldwide.    We'll cover some of the key take-aways in this post, and if you're interested in more information, we recommend checking out the full report.  

One of the key take-aways is that small businesses are a prime target with 43% of breaches affecting SMBs.  Too many small businesses believe they're under the radar and this isn't the case.  Large, well-known businesses make the headlines when a breach occurs, but SMBs aren't safe.  Ransomware as a service has become a big money maker.  Any business that stores financial or other protected information is a target, and in the case of ransoware, what really matters is how important is the data to youCan your business run without access to your data for days or weeks while you try to recovery from a ransomware attack?    

Another significant data point  is that email is still the top threat vector for hackers to deliver malware to targets. After reviewing millions of malware detonations, Verizon found that the median company received over 94% of their detected malware through email.  We have a mantra:  "Think before you click!"  Fake invoices, fake resumes, fill inboxes of busy professionals.  We strongly recommend email security scanning AND employee training based on actual phishing test cases.

One of the biggest concerns from the report is that while attackers are quick to extract stolen data, defenders are distressingly slow to detect that compromise even occurred. On average, 56% of the breaches identified in this report ‘took months or longer’ to discover. The time it takes hackers to gain a foothold then actually compromise the asset can be measured in minutes. Many businesses don’t realize they are breached until the stolen info becomes public.  We strongly recommend detection tools and Dark Web monitoring to help make sure threats are detected early for the fastest response.

Data breaches continue to make headlines and this is the world we now live in.  It seems no matter what defensive measures security professionals put in place, attackers are able to circumvent them.  No organization is too large or too small to fall victim to a data breach and no industry vertical is immune to attack.  It's a scary situation, but there's actually a lot you can do at an affordable price to stay protected.

Having a sound understanding of the threats you and your peer organizations face, how they have evolved over time, and which tactics are most likely to be utilized can
prepare you to manage these risks more effectively and efficiently.   We strongly advise all businesses to work through a disaster recovery plan to make sure you have the right safeguards in place appropriate to the size of your business, and to maximize your chances of a speedy response to a threat.   The great news for SMBs is that many tools that were previously only available to enterprise class businesses are now available at an affordable SMB price.  The foundational security from years past, (firewall, antivirus, and security patches) are NOT enough to have an adequate protection level for today's threats.   

Call us for a security assessment and we'll help make recommendations to stay protected.  

 

Tags: cybersecurity, ransomware

Professional Tax Preparers:  Do you have a Written Data Security Plan?

Posted by Ann Westerheim on 7/25/19 9:01 AM

Check ListThe IRS has issued a reminder to all practitioners that all "Professional Tax Preparers" must create a written data security plan to protect clients.  

The IRS and Security Summit partners are reminding tax preparers to take time this Summer to make sure the plan is in place.  It's required by Federal Law!

“Protecting taxpayer data is not only a good business practice, it’s the law for professional tax preparers,” said IRS Commissioner Chuck Rettig. “Creating and putting into action a written data security plan is critical to protecting your clients and protecting your business."

The FTC-required information security plan must be appropriate to the company’s size and complexity, the nature and scope of its activities and the sensitivity of the customer information it handles. This is very similar to the Massachusetts Data Protection Law requirements that went into effect in 2010. 

According to the FTC, each company, as part of its plan, must:

  • designate one or more employees to coordinate its information security program;
  • identify and assess the risks to customer information in each relevant area of the company’s operation and evaluate the effectiveness of the current safeguards for controlling these risks;
  • design and implement a safeguards program and regularly monitor and test it;
  • select service providers that can maintain appropriate safeguards, make sure the contract requires them to maintain safeguards and oversee their handling of customer information; and
  • evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Its important to note that the plan is to be designed around the company’s size and complexity.  The security coverage doesn't need to be expensive, but it needs to be comprehensive.  There are so many affordable options available to smaller organizations, so don't put this off and risk your clients and your reputation.

Summer is a great time to step up security!  Ekaru has a lot of training materials and affordable security options for small businesses, so if you have any questions about your existing security and risk level, give us a call!  

For more information, you can access the full IRS post here.

Tags: MA Data Security Law, cybersecurity, ransomware

Cybersecurity Awareness Training - Everyone Needs to Get Involved!

Posted by Ann Westerheim on 5/2/19 10:38 AM

Ann - Nancy - Cameron - Cyber-Training-CroppedAnn - Ekaru-Cyber PresentationLast week, Ekaru hosted a Cybersecurity Awareness Training session at the Cameron Senior Center in Westford, MA.  It's part of our mission to raise cybersecurity awareness for EVERYONE.  

Everyone needs to know how to stay protected in today's environment, and it's important to know what protections need to be in place for the people who you work with who are trusted with protecting your information.

The presentation covered the current state of the cybersecurity landscape, and offered some practical tips to spot the most common scams.

The world has changed a lot over the past years, and so much of our lives are conducted on line through banking, health records, social media, and more.  By now, everyone knows the Cybersecurity Basics:

  • Protect your computer with Antivirus Software
  • Keep your security patches up to date
  • Use STRONG passwords
  • Backup your data

The thing is, the bad actors know this too and they’ve developed some new tricks using social engineering to trick you into divulging your personal information or bypassing your security.  Cyber-crime is now bigger than all other forms of organized crime, and its important to know how you can protect yourself.

The rise of cryptocurrency has allowed criminals to collect money anonymously, and this has led to an explosive growth in cyber-crime.  With basic protections in place by most users, email has become one of the most common attack vectors.

Ransomware, which is a type of malicious software designed to block access to a computer until a sum of money is paid is one of the most damaging threats.  You may think that your data wouldn’t be worth much to a criminal, but that’s not what matters.  How much is your data worth to you?  Typically, Ransomware is spread through email, so watch carefully for messages that contain links for documents, and keep in mind that the bad actors have many tricky tools to use to trick you into opening that message.

Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information or payment.

There are three common types of phishing scams:    Brand impersonation, Business eMail Compromise (BEC) Scam, and Blackmail

In a Brand Impersonation email, you may get a fake message from Microsoft to update your password, or a fake email regarding a FedEx Delivery.  Amazon, LinkedIn, UPS, and Bank of America are commonly impersonated brands.

In a Business eMail Compromise Scam, you may get an email that looks like its from a trusted source like boss, attorney, or friend, but it’s not!  Beware that many people have lost money in fake wire transfer scams through email.  If you’re buying or selling a home watch out for any last-minute bank changes.  People have lost their homes over this! 

Losses due to BEC (Business Email Compromise) scams have doubled in 2018, compared to 2017 figures, and have reached a whopping $1.3 Billion, according to the yearly FBI internet crime report.

Blackmail emails will contain threatening language and ask for a payment to prevent further harm.  They can be very detailed and scary, but they are just mass-marketed threats. 

Things to watch for:  Watch out for a sense of urgency in the email, names that may be slightly off, and other threats.  Be extra careful opening attachments or clicking on links. 

Trust your gut, and call the company directly to speak to someone who can verify the request.  Don’t reply to the email and don’t call any numbers listed in the email.

Stay safe on line and Think Before you Click!

Tags: cybersecurity, ransomware

13 Ransomware Statistics All Businesses Must Know

Posted by Ann Westerheim on 1/23/19 8:45 AM

13 Ransomeware StatisticsBig businesses make the headlines but small businesses are NOT immune to Cyber Attacks!  

Industry leader Datto surveyed over 2400 IT professionals who deal with ransomware and other cyber threats every day, and the results are something every SMB needs to be aware of.

From 2016 to 2018 there has been a 79% increase in ransomware attacks.  35% of IT pros reported multiple attacks for the same SMB in the same day.  Only 1 in 4 attacks are reported, so the news is not making it to the general population.  The cloud and Apple products are NOT immune.  The average cost of the downtime associated with an attack is $46,800.  

One of our missions at Ekaru is to help SMBs create a technology roadmap and we recommend that you download the Ransomware Report to get started. We highly recommend sharing these statistics with your team to raise awareness in your organization.  Ongoing training is one of the key components to help keep your business safe.  Also, please ask about new technologies you can put in place to help safeguard your business.  Antivirus and firewalls are no longer enough to protect against advanced threats, and if you haven't completed a security risk assessment in the past year, now is the time!

Keep your data safe!

Tags: cybersecurity, ransomware

Cyber Attacks Increasing - Cape Cod Community College Hacked for $800,000

Posted by Ann Westerheim on 12/12/18 12:01 PM

Cyber Attacks and Small BusinessCyber threats are real and they're local.  Major corporations like Marriott make the big headlines, but too many smaller businesses and institutions think they're "under the radar".  Attacks are widespread and they're automated.  The average firewall is getting hundreds of thousands of intrusion attempts per month, over 50 ransomware attempts, and twelve phishing attempts.   All it takes is ONE user clicking on ONE wrong link and a lot of damage can be done.

Recently Cape Cod Community College was hacked for over $800,000.   In this particular case, a user opened an email that looked like it was from another college, and the user didn't have any suspicions at first.  What they didn't know, was that malware targeted their financial transactions.  The college worked with the FBI and were able to get some of the funds back, but this is actually quite rare.  The college is beefing up their cybersecurity protection now, but waiting until disaster strikes will help next time, but can't undo the damage incurred in this attack.

Working with hundreds of local businesses, we've seen a big increase in the number of threats this year, and we're advising everyone in our community to review all the risks, and make informed decisions about the level of protection needed.  The protection in place over the years (Firewall, Antivirus, Security Patch updates) just isn't enough to protect against the latest threats.  More tools are available to SMBs and the first step is to understand the risks involved.  The level of protection you had in the past is not enough.

"Cybercrime is now larger than all other forms of organized crime put together"  Michael George, Continuum Navigate.

A business class firewall is one of the most important layers of protection against intrusions, and we recommend Sonicwall, recognizedas the leader for SMB protection, but that's just one layer of protection.

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through October 2018 including  a 117 percent increase in the number of ransomware attacks.

  • 9.2 billion malware attacks (44 percent increase from 2017)
  • 3.2 trillion intrusion attempts (45 percent increase)
  • 286.2 million ransomware attacks (117 percent increase)
  • 23.9 million web app attacks (113 percent increase)
  • 2.3 million encrypted threats (62 percent increase)


In October 2018 alone, the average SonicWall customer faced:

  • 1,756 malware attacks (19 percent decrease from October 2017)
  • 819,947 intrusion attempts (17 percent increase)
  • 57 ransomware attacks (311 percent increase)
  • 8,742 web app attacks (185 percent increase)
  • 152 encrypted threats (12 percent increase)
  • 12 phishing attacks each day (19 percent decrease)

For more information, read the full Sonicwall Report

We want everyone in our community to fully understand the changes in the threat landscape and what can be done to help better protect your businessCall us to schedule a time to review your current level of protection so you can understand  the protections you have in place, and where there may be gaps that need to be considered.  There is no such thing as 100% security, but understanding the risks and making an informed decision about the level of risk you can tolerate is critical for protecting your business. 

Tags: cybersecurity, SMB, ransomware

Got Ransomware?  What's your Disaster Recovery Plan?

Posted by Ann Westerheim on 10/30/18 1:50 PM

Social Graphic - RansomwareDisaster recovery is a basic element of good business continuity planning. You've probably heard the phrase and like many businesses, it's something you'll get around to "later". 

Business continuity planning refers to the broad range of plans created so that a business can continue to be operational no matter what negative event might occur. Business continuity planning addresses severe, catastrophic events, loss of a key employee, director, or other principals in the organization, severe natural disasters that incapacitate a physical location, employee mistakes, and insider threats, etc. Basically anything that can go wrong!  Disaster recovery planning is one piece of this broad planning. Specifically, disaster recovery plans refer to how to quickly recover from some event that compromises your IT infrastructure.

In general, smaller businesses - which often have no IT support staff - will utilize the services of a managed service provider, like Ekaru,  to develop disaster recovery plans.
 
One piece of your disaster recovery planning needs to address how the business can protect its data from a ransomware attack. Unlike more well known viruses, ransomware doesn't just access your data, it locks it down so it is unusable. The business model behind this approach is simple: They are betting you will have no segregated backups and will be willing to buy back access to your data.  Ransomware isn't about how valuable your data is to your attacker, its about how valuable your data is to you.
 
We strongly advise multiple layers of security to protect your data.  There's no such thing as 100% security, so in addition to all the security measures you put in place, a rock solid backup is required.  Plan in advance what your Recovery Point Objective needs to be:  how much data can you lose?  15 minutes?  One hour?  One week?  The frequency of your backup matters.  Also, what is your Recovery Time Objective?  How long can you wait to get your data back?  Some backups may take a week or more to recover?  How much will that cost your business to be down for a week.  Every business has a different level of risk they can live with.  New threats mean this is a question that needs to be constantly revisited, and you may find some gaps that you can't live with.  Plan IN ADVANCE to make sure you fully understand your current risk level, your options to decrease your list, and then make a decision about your level of protection.  One of the worst phone calls we get is from the business got hit with data and it's too late to talk about protection.  You don't need a complicated plan, but don't get caught by surprise.

Tags: backup, cybersecurity, ransomware

Ransomware:  Don't be a victim!

Posted by Ann Westerheim on 10/23/18 2:26 PM

Ransomware_Blog_10-2018We hear routinely in the news that a major corporation or government agency has had its data integrity compromised, with millions of pieces of personal data accessed. In these cases the criminals behind the attack hope to get money by selling that data to other criminals. In the case of ransomware, the criminals want your money, and try to get it by holding your data hostage. Plain, old fashioned kidnapping with a hi-tech spin.  It's not about how much your data is worth to them, it's about how much it's worth to you.
 
It's not just happening far away, the attacks are local as well.  Earlier this year, the Leominster School District here in Massachusetts got hit with Ransomware and ended up paying $10,000 Ransom.  
 
What can you do to avoid falling victim?
 
Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your operating system, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren't totally sure of. Some people recommend sending the email back to the sender, but we advise against this because you may just be "raising your hand" for the bad actors.  If you get, for example, an email from your credit card company, instead call the number on the back of your card.
 
The most important thing you can do to make sure your data cannot be held ransom is strictly adhering to a regimen of backups. However, even backups may not be foolproof. If your data has been infected and you are unaware of it, or the backup is not segregated from your network, your backups may also be corrupted. Given the severe consequences of a ransomware attack to any business, consider having a security evaluation done by a managed service provider who will have the security expertise to advise on the best backup protocols for your situation.
 

Tags: cybersecurity, ransomware

Subscribe by Email

Most Popular Posts

Browse by Tag

See all tags...

Connect With Us

Older Blog Posts

For older Ekaru blog posts, go to ekaru.blogspot.com.