What to do About Microsoft Ending Support for Your Software

 

Microsoft has announced that it will no longer be supporting a long list of its software. On that list could be many programs you might have been depending on for years, which leaves you wondering what you should do about Microsoft ending support for your software. For example, which software will no longer be supported? Why does it matter if the software isn’t supported, so long as it still works? Isn’t this just an attempt by Microsoft to get me to spend more money with them? What happens if I don’t upgrade? And if I do upgrade, how do I do it? Well, let’s get started answering these questions for you.

Which software will no longer be supported?

A link to the complete list of software is below, but among the most commonly used of those programs for which Microsoft is ending support are these:

• Exchange Server 2010
• Windows Server 2008
• Windows 7

Yes, that’s right...Windows 7 is heading to the scrap heap. For a long while, it was “the Best Windows Ever,” bringing reliability, speed and a whole new look to your desktop, especially after Service Pack 1 was released. It may be hard to believe, but Windows 7 has been around since summer 2009 -- 10 years ago. And even though it still works well, it’s time to say goodbye.

Why does it matter if the software isn’t supported, so long as it still works?

Few things change faster than technology. When the hardware evolves, the software needs to evolve with it, as does how humans interact with them both. So in order to take advantage of the new features and uses of your computers, network and other devices, the software needs to change, too.

But old software not only lacks modern features, but it also opens up security holes. That’s because the old software was never tested in the new environment -- working on newer hardware or connecting to other software or operating on certain new kinds of data -- which causes new openings for breaches and hacks.

That is why Cyber Security Insurance Policies generally require that your software be properly licensed and supported by the publisher. They know that old software just can’t be relied upon to remain secure. And they also know that there won’t be anyone able to properly fix such software.

Isn’t this just an attempt by Microsoft to get me to spend more money with them?

Microsoft, like any technology company, is constantly innovating and working hard to stay ahead of its competitors. If they stop innovating, they lose customers...probably even you. Think for a moment what you would do if your technology were stuck in 2009...or 1999.

And it would be unreasonable to expect Microsoft to invest significantly to maintain old technology that they sold 10 years ago as much as they are investing in new technology that they are selling today or will be selling tomorrow. Why is Microsoft ending support for older software? Because it’s expensive for them to continue to maintain it. And it’s expensive for you to maintain it, too.

What happens if I don’t upgrade?

As mentioned before, old software is vulnerable to breaches and hacks. The short answer is that you are more likely to become a victim of breaches and hacks. It’s also very likely that your Cyber Security Insurance Policy will no longer cover you if they learn you are using unsupported software. And even if they don’t know you’re using old software, once you are breached or hacked, they will see what you are using and very likely refuse to cover you.

It’s not a risk you’ll want to take.

And on top of all of that, you’ll likely spend more money supporting your older software than you will on your more reliable, new software.

If I do upgrade, how do I do it?

How you upgrade your software greatly depends on the software itself. Upgrading desktop software is substantially less complex than upgrading server software.

Upgrading Windows 7 To Windows 10

With Windows 7, you will want to make sure your applications are compatible with Windows 10. If the version you are using is not, then a newer version probably is. You then need to find out whether your computer can run Windows 10. Certain slower processors, memory, and graphics cards might not be supported. Assuming that they are, you might be able to upgrade to Windows 10 in a day or two.

If you’re going to do this, try one machine as a pilot test. If that goes well, then upgrade the rest.

It should go without saying -- but I’ll say it anyway -- that before you do something as drastic as upgrading your operating system, make sure you have a good, tested backup of the machine.

And you might recall that Microsoft used to offer a free upgrade to Windows 10. Well, it might still be possible for you to do that. Talk to us, and we’ll explain how.

Upgrading Windows Server 2008

Generally speaking, it’s not wise to upgrade a machine to a drastically newer server operating system. You run the risk of being out of business while the server is upgrading, and there is always a risk of something going wrong, leaving you unable to recover quickly and inexpensively.

We recommend installing new hardware that will last 5 years or more. Combine that with the latest software, and then migrate your resources, your data, your users, and other assets to the new server. A lot of the work can be done while your old server is up and running, making the move very quick with a minimum of downtime.

Upgrading Microsoft Exchange

Exchange Server 2010 has to be upgraded to keep up with modern security standards. There is limited security, no Multi-Factor Authentication, and other limitations that make leaving Exchange 2010 a wise choice. However, upgrading an in-house Exchange server is generally not advisable. Instead, upgrade your Exchange server to the cloud. It’s not economically viable for a small business to host its own email anymore. It takes too much skill and time to keep it running safely and securely.

So instead, we advise that you migrate to Exchange Online.

What To Do Next

Of course, now that Microsoft is ending support for your software, you likely have other software that needs to be upgraded as well. No matter what it is, we can help. Upgrading any software that is critical to your business takes care, patience and expertise. We’ve been successfully upgrading our users away from these programs for years, and can do the same for you. And we do it with a minimum of downtime or inconvenience to you and your business. Call us today at 213-398-8771 or contact us online, and let’s talk about keeping your business safe and running well.

Should You Use a Password Manager?

 Password managers are pieces of software that store and recall passwords so you don’t have to remember them yourself. They’ve been around a long time, and are becoming more common and popular than ever. But should you use a password manager?

It used to be that password managers were considered reckless toys for lazy people that made your passwords—and therefore your company’s cybersecurity—more vulnerable. But now, password managers are considered a valuable and important tool for personal and corporate cybersecurity.

How Password Managers Work

Password managers work by allowing you to set and store passwords in a digital version of a locked file cabinet. The “lock” is protected by a key—often referred to as a Master Password. When you boot up or wake your computer from sleep, your password manager will ask you to enter your Master Password to have access to all your other passwords.

Then, logging into a website is as simple as searching for or typing in the name you assigned to the Login info (such as “My Bank,” “Amazon,” or “Fantasy Football League”) and clicking “log in”. The password manager will navigate to the website’s login page and enter your username and password. If you are already at the login page, your password manager will usually find it for you, so all you need to do is click a button to log into the site.

Most password managers do even more, by storing common information you often enter into forms, such as your home address, work address, and so on. Some also store credit card information to make paying online easier.

And if you have lots of logins stored, you can usually create folders within the password manager (for specific projects, individual clients, personal vs. work passwords, etc.) and store your logins in them.

All good password managers encrypt your login files with strong encryption algorithms. Some password managers store your logins locally on your computer, while others also store them in the cloud so they can be accessed on a home computer, office computer, cell phone, tablet or via the web. Entering your Master Password on any of these devices will give you access to your logins anywhere you go.

Should You Use A Password Manager?

There are certainly arguments against using a password manager (see below), but say that you should use one for a number of reasons.

• Stronger Passwords -- Without a password manager, you tend to make your passwords too simple and easy to remember and type. Or if you use complex passwords that are too hard to remember, you might be storing them in an Excel or Word document. Worse yet, you might be writing down your complex passwords. But all of those approaches leave your passwords vulnerable to good guessing or discovery. Whether or not you decide to use a password manager, you should use strong passwords (see below) for all your logins. Password managers allow you to store and use strong passwords easily.
• Time Savings -- Among the biggest advantages of password managers is that they save you time, allowing you to log into a site in a couple of seconds. And if you find yourself logging into a couple of dozen sites in a day...or more...then a password manager can save you a LOT of time. Compared to looking up dozens of passwords a day in an Excel sheet, Word doc or a piece of paper, password managers are lightning fast.
• Easily Organize Thousands of Passwords -- A business associate of mine builds websites for clients and has dozens of passwords for each client’s sites and resources. In total, he has over 2000 passwords. If he didn’t use a password manager, all sorted and organized in folders, then managing and using them would be nearly impossible.
• Share Logins Without Sharing Passwords -- Many password managers allow you to share logins with other users without revealing the passwords. The passwords get entered but remain invisible to the user. This, combined with “temporary” or “revokable” rights to these logins, means that you can safely share logins to company resources on an as-needed basis. It also means that you don’t need to worry about changing dozens or hundreds of passwords when employees leave the company.
• Business-Level Password Management -- Many password managers have “Business” versions that allow you to share passwords with individuals, among teams, or across an entire organization. Your IT department can control who gets access to what, keeping all your passwords and company resources secure. Plus, since each person has a unique login to the Password Manager, your IT department can actually see who logs into which resources, run reports, and detect illicit activity.

Use Password Managers for Better Cyber Security

The primary reason for using a password manager in your company is better cybersecurity, which is our primary focus here at Digital Uppercut. When you can grant access to company resources only to those who need it, the risk of passwords falling into the hands of people who shouldn’t have them is lower. Should you use a password manager? We say "yes," but we often need to overcome one main fear about them.

The Main Argument Against Using a Password Manager

All of these features sound like great time-savers, but when we talk with some clients about using password managers, there is one argument against using them that we hear most often: “If all of the passwords are protected by a Master Password, then if someone gets this one password, they will have all of my passwords.”

While true to some degree, the biggest self-inflicted problem most people have with passwords in general is that they try to make them easy to remember. That means they make passwords that are too common and too simple, or simply use the same password over and over again. So if you choose a simple password like sequential numbers or letters, words with common number substitutions (“P@ssw0rd”), or any pattern on your keyboard (like “qwerty123”) as your Master Password, then you’re likely to have your passwords guessed or stolen.

All of your passwords should be strong, which means they should be…

• Long -- More than 8 characters. The longer the better.
• Complex -- Use numbers, lower case letters, upper case letters, and punctuation
• Random -- No repeating characters, no words or sequences or common substitutions.

If you follow those rules with your Master Password, hide your keystrokes from prying eyes, and don’t leave the master password written down or stored in some unsecured place, then all your passwords will be secure.

Which Password Manager Is Best?

After answering the question “Should you use a password manager?”, the next question is, “Which one?” While there are many high-quality password managers, here at Digital Uppercut, we use and recommend LastPass. It has all the features we described above, plus many more, that help us manage our clients' passwords for their resources, and allow our clients to safely store, manage, and control their own passwords.

As with any piece of software, proper implementation and adherence to best practices are key to success. That is why our clients ask us to install LastPass for them. Implementation includes discussions with management and IT about who needs access to which resources, so we can develop a strategy that best fits your company.

Improve Your Company’s Cyber Security With A Password Manager

Let us help you move past the question of whether to use a password manager. In short, if you’re not yet using a password manager for your business, consider doing that now. Contact us online or call us at 213-398-8771 to talk about how we can help you and your company improve your cybersecurity with a password manager and other strategies. Cyber attacks on businesses are increasing every week. Social engineering, brute force attacks, Trojans, ransomware, and malware are all on the rise. If your company isn’t already protecting itself -- and also planning for disaster in case one of these attacks is successful -- then you need to start now. Let’s talk.

Simplify and Separate Your Network

 

These days, more and more businesses are doing more and more things on the internet. Phones, video surveillance cameras, and other devices have become almost as popular as the computers sitting on every employee’s desk. But if you have all of these devices all sharing the same internal network, you might be endangering your ability to conduct business, your online security and the physical security of your entire facility.

Network Monitoring

There are many reasons for this, one of which concerns how we’ll be able to monitor the network effectively. Each additional device on the network generates its own traffic. Security cameras create a particularly large amount of data, given their need to always be on and send data for storage. Similarly, VOIP phone systems generate a tremendous amount of traffic because there are often many devices, each with phone calls that start and stop continually throughout the day. And the same is true for mobile devices and any other web-enabled devices on your network.

As a result, if there is an issue such as a breach, a virus, Trojans, or other behavior on the network that jeopardizes your business, finding and analyzing that traffic is even more difficult. Think “needles in very large haystacks.” Our tools will still help us to find the offending traffic, but the more traffic over a network, the smaller that needle seems to be.

Insecure Devices

An additional threat of network-enabled devices is that many of them “phone home,” looking for software or firmware updates, and then automatically install them. If that device installs software that is infected with malware, it could infect your whole network. Similarly, if the device was manufactured by a less-than-reputable manufacturer, it could be sharing information about your network or data with people who have no business knowing it.

Insecure Installations

When video cameras, phones, medical equipment and other devices are added to your network, often the vendor will do the installation. Unfortunately, most vendors are more concerned with making their equipment work as quickly and easily as possible than with your overall business welfare. As a result, they often change firewall and other security settings -- specifically by opening more ports and protocols than are truly necessary -- in order to allow their device’s traffic in and out of the network, without regard for leaving open ports and other opportunities for breaches.

If this new equipment is on the same network as your primary business workstations and servers, they have increased the chance you will be breached.

Wireless Users

The popularity of WiFi causes many companies to provide it as a service to both employees and visitors to their offices. As a result, many IT individuals, departments and outsourced providers will add WiFi access points to office computer networks, increasing traffic and decreasing the security on the network.

Employees ' WiFi devices are often allowed onto these networks without the same level of security that IT providers would install on desktops and laptops. As a result, WiFi users (including guests) may join the network after already having their devices infected by a virus or Trojan, essentially creating an open door for malware to infect your business.

The Solution: Separate Networks For Separate Tasks

Whenever we begin working with a new client, we analyze the network for exactly these issues and many others that can lead to security problems. Our primary goal is to isolate and protect the primary business computing resources -- workstations and servers -- from all of the other traffic that might be present on the network. Here is how we do that:

• Primary Business Network -- We start by creating separate virtual networks on the company’s firewalls, and then connect the primary business resources to this first virtual network. We lock down this network, only opening the necessary ports and protocols for this network.
• WiFi Networks -- We then separate out the WiFi networks -- one for employees and a separate one for guests -- in much the same way. Guests are denied access to the primary business resources, while employees may be granted access, limited to the role of the employee or device.
• Other Devices -- Similarly, we put VOIP phones and IP Cameras, as well as other specialized devices (such as medical equipment), on their own virtual networks as well. And because the needs of these devices are each unique and specific, we can lock down ports and protocols extremely tightly.

Increased Security

These Virtual Network configurations prevent a wide variety of hacks, such as a breach of a company laptop through ports opened up for the security cameras, or hacks of your VOIP phones through a virus brought in through a visiting wireless device.

And these configurations also greatly simplify the detection, analysis and prevention of hacks on any of the virtual networks because there will be far less traffic on any one of the networks. The haystacks become smaller, and the needles become far easier to find and remove.

Worried About Your Own Network Security?

If you do not know for certain that your own network is configured with separate virtual networks for all your devices, there’s a very good chance it wasn’t set up this way. And if that’s the case, your business may be exposed to more threats than you had imagined. It’s better to know than not know, so let’s find out for sure. Digital Uppercut’s team of Cyber Security Experts can visit your office, create a preliminary network security analysis, and give you the easy-to-understand results. Contact us online or call us today at 213-398-8771 to set a time to visit.

Should You Move to the Cloud?

Is your business growing? That’s great news! But often, business growth comes with its own set of challenges. You might need bigger offices, new desks and…new technology. But if you think back to when you last bought servers for your business (and everything that went with it), you might remember that it was a very expensive investment. Is it possible to delay...or better yet...totally avoid that big investment? In other words, should you move to “The Cloud?

That’s an excellent question to ask, but before we answer it, let’s talk about what “The Cloud” is and how it can help you.

What Is “The Cloud?”

The first thing to know about “The Cloud” is that there isn’t just one cloud. The term “cloud” is just a nickname for decentralized online storage of data and applications. Microsoft has clouds. Google has clouds. Amazon has clouds. These days, it seems everyone has clouds, and they all do different things with different advantages and disadvantages.

So when we talk about “The Cloud,” we’re really talking about the idea of using Internet-connected computers that are owned, serviced and maintained by someone else for your company’s software and data storage, instead of a machine in some air-conditioned back room in your own office.

The Old Days

Back in “The Old Days,” when you needed new servers, you had to decide how much power and storage you would need. You’d be buying CPUs, memory, RAID drives, backup systems, UPSs, monitors, server software, applications software, network monitoring software, security software...and the list goes on.

The tough part is that you aren’t just buying for today. You need to predict what you’ll need over the next 3 to 5 years or longer. And that’s a difficult guessing game to play.

And then you need to write a check to pay for it all...or write a lot of smaller checks on a lease.

Cloud Computing For Your Office

Today, you have the option of satisfying your server needs with a cloud-based solution. When you move to the cloud, you’re buying storage, bandwidth, and applications from your cloud vendor. But because it is all easily expandable, you’re not paying today for something you’ll only use several years from now. You’re just buying what you need today.

And you are also avoiding the up-front cost and lease obligation of on-premises servers (and all that comes with them).

Among the other advantages of cloud computing are:

• Because you aren’t installing hardware, you have no up-front hardware installation costs
• Similarly, you have no hardware-related maintenance fees
• You have no physical security requirements, rack space, wiring expense, or cooling requirements
• You can upgrade or downgrade at any time

But it’s not all good news. There are some disadvantages to cloud computing:

• Eventually, the monthly fees will overcome the cost of purchasing the equipment
• The speed and bandwidth of your internet connection can limit your server speed
• A loss of your internet connection separates you from your data
• You don’t have full control over your data

And whether you move to the cloud or not, you still need to think about and install rock-solid security to protect your data, and you still need to back up your data and plan your disaster recovery solutions. And if you store any personal health information, financial information or any kind of personally identifiable information, you also need to plan for regulatory compliance.

So Should You Move To The Cloud?

We have a more detailed article on our website about our cloud computing services here. The problem is that too many people think that “The Cloud” is a cure-all for whatever IT problems a company has, but that’s not the case. For us, each time a client of ours grows, shrinks or just needs to upgrade to newer technology, we talk to them about the cloud. We do a thorough analysis of their situation, their growth, their financial requirements, their computing needs, their use cases, the software they require, and much more. And then we discuss the advantages and the disadvantages, but much more specifically to their situation.

Sometimes the answer to “Should we move to the cloud?” is an emphatic YES. Sometimes it’s an emphatic NO, but usually it’s somewhere in between.

If you find that your company is facing some IT or business challenges and is considering moving some resources to the cloud, or if you have not considered the cloud at all, call us. Our team of cloud computing experts can conduct an analysis of your situation and help you make the right choice. Reach us by phone at 213-398-8771 or contact us online. Let’s talk today about what’s best for your business.

Is IT Maintenance Worth the Cost?

 "Is computer maintenance worth it? Can’t you just run over to Costco or call Dell every couple of years and get the latest/greatest new computer with all the newest bells and whistles?" I get this question now and then when I meet new people and tell them what I do for a living. It’s surprising to hear how many small businesses take this approach to their IT. They buy new computers and then never bother to maintain them properly. But is this a good strategy? Can it actually pay to NOT maintain your computers? Put another way: Is IT Maintenance Worth the Cost?

As you might expect, we’re a bit biased about our answer. But rather than just answering "Yes" and going on with servicing our other clients, we thought a more detailed answer would be helpful to you.

Your company relies on your computers and could not operate without them. If your work actually happens on a computer -- such as for CPAs, Attorneys, and graphic artists -- then that’s obvious. But even if your company digs ditches, you still need to invoice your clients, pay your bills, and file your taxes...and all of that happens on a computer.

Seven Reasons for Properly Maintaining Your IT

So, given that you couldn’t run your company without your computers, let’s answer the question, "Is IT maintenance worth the cost?" Here are the seven great reasons for properly maintaining your IT:

1. Software upgrades: Nothing stands still, least of all technology. Every day, the software that you use to run your business is being upgraded, either to add new features or to plug security holes that were created in prior versions. Microsoft updates Windows every month, and sometimes far more frequently, in response to bug reports and security threats. Apple updates its OS almost as often, and if you don’t keep all your software up to date -- whether it’s accounting, database, statistical, scientific, medical, or otherwise -- your software will become out of date very quickly.
2. Hackers and Viruses: Those security problems in your software are holes that grow larger by the day if they are not plugged. When a vulnerability in software is detected, hackers can roll out dozens, hundreds or thousands of viruses and Trojan programs to exploit the vulnerability. This malicious software travels from computer to computer, network to network, looking for new victims. The more victims there are, the more likely that your out-of-date software will be attacked, too. If you’re not regularly patching security holes, you are leaving your company open to disaster. It’s only a matter of time.
3. Productivity Decreases: Out-of-date software and virus attacks have a tendency to slow down computers and networks. Not only does the technology run slower, but the slowdowns and crashes actually suck the profit out of your company. A small slowdown in your computer network of just 10 percent can cause more than a 10 percent decrease in your employees’ productivity. Studies show that when someone at a computer has to wait for their computer -- especially for an unknown amount of time -- their attention wanders. Once the computer responds again, they need to remember what they were doing and regain their focus. The effects can be huge...potentially as bad as getting 30 minutes of productivity from your staff for every hour they work.
4. Requirements Changes: Your business changes over time, and if your technology doesn’t change with it, you could be needlessly creating workarounds for tasks that could be simpler and faster with new technology or software. For example, you might have installed your computer network when you had 4 people in your office, and it’s grown to 7 and you’re adding an 8th. Someone needs to set this up, but you also need to make sure that your network, routers, firewalls and other infrastructure can handle the increased load. Of course, you need someone to manage those changes when they are needed, and if you don’t have someone doing that for you -- someone whose other tasks don’t need to be set aside to get the IT tasks done -- they won’t get done.
5. Backups & Disaster Recovery: Yes, of course, you have a backup strategy for your network. (You do, don’t you?) But when was the last time you tested your backup strategy? Have you tried to restore data from your backups recently? Have you figured out what you’ll do in the event of a fire in your building or a natural disaster in your city? What about a regional power outage? If you’re not prepared for disaster, you’ll suffer even more -- potentially with the loss of your entire business. And if your part-time IT Guy/Shipping Clerk doesn’t have time to get all the packages out, he likely won’t have time to properly configure and test your backups, either.
6. Delaying New IT Investments: Good IT maintenance can extend the life of your computers, servers and other network equipment. Where an average desktop PC may last a year at peak performance, 2 years at reduced performance, and 3 years at poor performance, a properly maintained PC may last 3-5 years at peak performance, helping you delay upgrades and new equipment costs.
7. Smart Upgrades: Of course, sometimes upgrades are not only required but extremely helpful. When you need to upgrade, you need to upgrade wisely. We recently had a client with 6 servers, all of which he had under a maintenance contract with his former IT provider. We showed him how he could consolidate and eliminate two of his servers with a strategic new purchase. Not only did the new servers run faster than the old ones, but his IT maintenance costs were reduced substantially, too. Other clients of ours eliminate their servers altogether and instead move their server functions to the cloud.

Of course, there are far more than just these seven reasons to properly maintain your IT. And once you’ve realized how worthwhile proper IT maintenance is, the next question is who should do the maintenance.

Who Should Maintain Your Business IT?

Some of our clients come to us after having someone in their office do the work for them as an add-on to their current tasks. The problem there is that the IT tasks often get delayed or neglected because of the employees’ primary responsibilities.

Some of our clients have a full-time person or a small staff of people maintaining their equipment. What we find in these cases is that while these individuals are often well-intentioned, they usually do not keep up with the latest information, trends and techniques in our industry. And when you add on the cost of carrying an employee on your payroll -- including salary, benefits, office space, and all of the related costs of having employees -- the costs skyrocket.

Noted business expert, writer and lecturer Peter Drucker used to say, “Do what you do best and outsource the rest.” This is our perspective as well. If your company’s business is not IT maintenance, you are better off leaving those IT maintenance tasks to an outside company whose primary focus is on IT maintenance.

That is why so many small and medium-sized businesses like yours hire us to make sure that their business IT runs well all the time. Whether it’s standard IT, network security, disaster recovery, regulatory compliance, or anything related to all of this, our clients rely on us to handle the things that they just cannot do as well. They have asked themselves, "Is IT maintenance worth the cost?" and have answered with a loud YES.

We think you will do the same. If you would like to talk with us about outsourcing your IT to a company that is passionate about making sure your company can always do what it does best, call us now at 213-398-8771 or contact us here.

How to Properly Prepare Your Digital Equipment for Disposal

 

Equipment manufacturers are using technology more than ever to add functionality, flexibility, and reliability to their products. Today, nearly every piece of hardware in your offices has some form of non-volatile memory, whether a hard disk drive, solid-state drive, or flash memory. You must properly prepare your digital equipment for disposal to eliminate the chance of sensitive data ending up in the wrong hands.

Hazards of Multi-Function Printers Not Prepared For Disposal

Most organizations have one or more multi-function printers (MFPs) that allow staff to scan, print, copy, and fax documents. Connected to the company network, several workers can use the same machine, lowering equipment costs and improving efficiency and print quality. Some MFPs also act as collaboration tools,  streamlining workflows by digitizing and sharing documents. To provide all this capability, the MFP stores the digitized data.

One way organizations face the danger of an accidental data leak is by not preparing leased digital equipment for disposal. Many MFP manufacturers sell their products as a managed print service or lease the gear to a company. At the end of the contract, it’s common for the manufacturer to replace the MFPs with newer models. The manufacturer can then refurbish the older equipment and resell or re-lease it to another company.

Here’s where the danger comes into play: if the storage of the refurbished equipment isn’t cleared of data, the new user may be able to access it. However inadvertent the access is, your data is exposed to unauthorized people.

How to Properly Prepare Your Digital Equipment for Disposal

The moral of the MFP story is to prepare your digital equipment for disposal, principally by ensuring the memory of each piece of equipment is cleansed of your corporate data before turning it over to the manufacturer or leasing company. The same goes for PCs, servers, phone systems, and more. So, let’s look at ways to securely and permanently remove sensitive information.

Physical Destruction

Using a sledgehammer to physically destroy a hard drive is a pretty reliable way to make it impossible to retrieve data. Drilling holes in the drives or melting them are two additional ways to destroy the data. However, physical destruction is not viable when you have many devices or pieces of equipment to clean.

Full Drive Formatting

Simply deleting files from a drive isn’t very secure. There are many applications designed to recover accidentally deleted data. Full Formatting is better than deleting data, as it electronically erases and rebuilds the drive, providing a clean slate. However, if you lease the equipment, the manufacturer may not allow you to remove their proprietary software. While effective, full formatting is less secure than specialized data erasure tools.

Data Erasure Apps

These applications are the best at wholly and securely erasing data from both HDD and SSD devices. Following different government standards like NIST SP 800-88 Rev 1 or DoD 5220.22-M/ECE, these software tools overwrite your data with random patterns multiple times using either the 3-pass or 7-pass method, thus fully erasing the data on the device.

Let Us Properly Prepare Your Digital Equipment for Disposal

As much fun as it may be to take a sledgehammer to a hard drive, your time is better spent focused on your business. With that in mind, Digital Uppercut can lighten the load and help properly prepare your digital equipment for disposal. Call us at 213-398-8771 or contact us online today.

What is a Security Audit and How Do You Prepare for One?

 

Security audits have become increasingly important for businesses of all sizes. They can help protect your company from cyber threats, protect your data, and ensure compliance with industry regulations. But what is a security audit, and how do you prepare for one?

What is a Security Audit?

A security audit is an assessment of an information system's security posture to identify vulnerabilities and risks and make remediation recommendations. In the case of a security audit, this includes assessing what types of security technologies are in place and what weaknesses or risks exist. It also includes performing tests to identify potential areas of improvement and providing a summary report that outlines recommendations on how to improve security. The goal of a security audit is to ensure that an organization's systems are secure and conform to established security standards.

It typically involves analyzing the system's hardware, software, and networks, as well as its policies and procedures. A security audit is an essential component of any cybersecurity strategy, and its purpose is to identify weaknesses or areas of risk in the system. It is done through a combination of manual examination and the use of automated tools to inspect the system's configurations, code, and data flow. This helps to assess vulnerability levels and detect any malicious activity. By conducting a security audit, organizations can better understand what needs to be done to protect their assets from potential threats.

Security audits are an important part of maintaining a secure environment, as they help organizations remain compliant with regulations and industry standards. Thereafter, what is a marketable security audit risk? It is simply any potential vulnerabilities or threats that could be exploited by malicious actors. Security audits are an important tool to identify, assess, and remediate any risks present in an organization’s system. A successful security audit should include the assessment of policies, procedures and technical controls to ensure compliance with regulations and industry standards. Regular security audits further ensure that organizations can maintain reliable data security, protect their customers’ data, and remain secure against cyber threats.

Benefits of a Security Audit

A security audit helps identify potential vulnerabilities in your system’s security infrastructure before they can be exploited by malicious attackers. What is a security audit? A security audit is an in-depth analysis of the existing security state of an organization's infrastructure. It evaluates the security policies, infrastructure configuration, implementation, documentation, and effectiveness of an organization’s cyber defense. It also checks for compliance with applicable industry standards and regulations. The goal of a security audit is to identify areas where the organization’s security posture needs to be improved and what steps are needed to achieve this improvement.

Conducting regular security audits allows you to stay ahead of the latest threats, mitigating risks for your organization. A security audit log is a record of what has happened in your system and what was attempted to happen. It can help you detect malicious activities on your network, identify what compromises have occurred, and what access levels different users have on the network. By analyzing these audit logs, you can implement appropriate security measures that are tailored to your organization’s needs and address any security issues before they become a problem. Regular security audits are essential for keeping your system secure and protecting sensitive information.

Security audits can provide valuable insights into how your organization can better protect its critical data and systems from external threats. Also, what is a marketable security audit risk? Auditing is the process of assessing an organization's security posture, including what regulatory requirements must be met and what policy requirements should be implemented. It can help identify systemic risks that potentially put the organization's data at risk. A security audit can provide valuable insights into how your organization can better protect its critical data and systems from external threats by identifying what risks must be addressed and what steps must be taken to mitigate them.

Advice to Help You Plan for Your Security Audit

It is essential to have a clear understanding of your IT environment before starting the security audit process. A security audit looks at what is in place to protect your organization's IT systems, such as what protocols and tools are being used, what personnel have access to the system, what data is stored and processed on the system, and what other security measures are in place. By conducting a thorough audit of the environment, you can identify any vulnerabilities that could be targeted by malicious actors. This will help you take the necessary steps to protect your networks and data from future attacks.

You should also create a timeline for the audit and plan ahead for any potential security vulnerabilities. Knowing what cybersecurity measures to take can help protect your business and mitigate the risk of a data breach. Establishing a regular schedule for monitoring, auditing, and updating your system can be essential for a secure infrastructure. It's also important to train all employees on what constitutes safe online behavior and what malicious activity looks like. In addition, you should create an incident response plan that details what actions need to be taken if a security incident does occur. By implementing these cybersecurity measures, businesses can be better prepared for any potential cyber attack.

Lastly, make sure to have robust policies and procedures in place so that your team is prepared to respond quickly and effectively to any security threats. Moreover, what is a security audit log? This is a record of activity on a system or network that allows security administrators and auditors to quickly identify any suspicious activity. Having a robust and up-to-date security audit log is an important part of any cybersecurity strategy and can help in the event of a security breach. It's important to have reliable policies and procedures in place so that you and your team can respond quickly and effectively to address any security concerns or threats.

Implementing the Security Audit Results

Auditing the security systems and processes in place is important to ensure that any potential risks are identified and addressed. Cybersecurity is an ever-evolving field, so regularly assessing what is in place can help protect individuals and businesses against large-scale data breaches and cyberattacks. By understanding which systems and processes are in use, the threats they face and any gaps that might exist, organizations can work to ensure their cybersecurity is properly managed. Additionally, having a strategy in place to detect suspicious activity can be beneficial, as it allows organizations to take appropriate action quickly should issues arise.

Once the security audit is complete, it is essential to implement the recommendations made in order to strengthen the organization’s cybersecurity posture. A marketable security audit risk is a risk or vulnerability that could potentially be exploited by a malicious entity once they gain access to the organization's systems, networks, and data. It is crucial to identify what these security audit risks are and be able to accurately assess the organization’s current cybersecurity status in order to protect against cyber threats. The audit will help identify what cybersecurity measures should be implemented in order to mitigate and manage any potential risks.

This will involve implementing new technologies, training staff on security protocols, and regularly monitoring for any changes in the digital landscape. Also, a cybersecurity audit is essential for any organization that wants to ensure it has the most effective defenses against cyber threats. This will include evaluating what technologies are in place, training staff on best practices, and monitoring the system for any changes in the digital landscape. By carrying out such an audit, businesses can ensure they have a secure foundation in place to protect their confidential data.

Following Up on Results and Updates

It is important to regularly check the results of security audit tests in order to identify any potential vulnerabilities. A cybersecurity audit is a comprehensive review of the technologies, processes, and operations that an organization utilizes to protect its sensitive information from cyberattacks. This type of audit helps organizations identify any weak points in their security infrastructure and proactively address them before attackers can take advantage of them. By conducting regular cybersecurity audits, organizations can ensure that their systems are secure and up-to-date with the latest measures.

While it may seem tedious, updating systems and applications with the latest security patches is essential for keeping data safe. Security audits serve as a way of testing what is currently in place and what could be improved. In order to have an effective security audit, it is important to have the right measures, such as an assessment of the latest technology, applications, and system security. What is the purpose of a security audit? It helps detect any weaknesses that may exist within the system or applications and advises what can be done to fix them. It also helps identify existing threats that could pose risks to the system and provides solutions to prevent these potential attacks. By carrying out regular security audits, organizations can be sure their systems are kept safe from potential intrusions.

Additionally, following up with customers on any new safety protocols should be a priority in order to ensure maximum protection. Next, it is important for companies to conduct what is known as a security audit, which is a thorough examination of the security measures in place. This audit should be conducted regularly to make sure all customers are secure. Additionally, following up with customers on any new safety protocols should be a priority in order to ensure maximum protection.

Benefits of Ongoing Security Auditing

Regular security auditing helps organizations identify any potential weaknesses or vulnerabilities in their systems. A security audit is a thorough examination of an organization's network to identify any potential vulnerabilities or risks that could be exploited. It is important for organizations to regularly conduct security audits to ensure their networks are secure, reliable and compliant with industry standards. The audit assesses what technologies and tools are in place, what processes are currently in use and what access controls are being implemented. It is a necessary step in maintaining the security of an organization's cyber infrastructure and can help prevent cyber threats from becoming larger problems down the line.

It also allows organizations to stay ahead of the latest cyber threats and make sure their systems are up to date with the latest security measures. Cybersecurity is an important consideration in today's world, as more and more of our business and personal lives are becoming digitized. By investing in cybersecurity, companies can ensure their data is secure from malicious actors, including hackers, viruses, and other forms of attack. Furthermore, cybersecurity provides the necessary protection for organizations to remain compliant with laws and regulations concerning online data. With comprehensive cybersecurity measures in place, organizations can rest assured that their digital assets remain safe.

Ongoing auditing can also help organizations ensure their data is protected and that they are compliant with all applicable laws and regulations. In conclusion, organizations should develop and implement a comprehensive cybersecurity plan that includes frequent auditing. This ongoing auditing helps ensure that their data is secure and fully compliant with legal requirements. Regular auditing is the best way to stay informed of the latest cybersecurity threats and techniques to protect data from being compromised.

So, What is a Security Audit, and How Do You Prepare for One?

In conclusion, it is important to remember that security audits are key components to keeping your business safe from cyber threats and ensuring compliance with industry regulations. It is essential to have an understanding of what a security audit entails before undergoing one so that you know what to expect and can adequately prepare. Knowing the right questions to ask, having an understanding of the key components of a successful assessment, and working with a qualified auditor are all important steps in the auditing process. Call us at 213-398-8771, or use our online contact form to learn more. 

Cybersecurity Undone by Insider Threats

What does a dishonest FBI employee have to do with your company’s cybersecurity? More than you think. Kendra Kingsbury, a 48-year-old FBI intelligence analyst, was indicted on May 18, 2021, for “having unauthorized possession of documents relating to the national defense.” According to the FBI’s special agent in charge of this case, “Every FBI employee swears to support and defend the Constitution of the United States,” and Ms. Kingsbury allegedly violated that promise for reasons not yet publicly apparent.

Now, let’s think about all the people who work in and for your company, including employees, contractors, vendors and service providers. They may not have made a promise as important to national security as those made by FBI agents, but they could be just as likely (if not more likely) to be an insider threat, to betray your trust and do great harm to your business.

What are insider threats?

We often write about modern threats against organizations, including Ransomware, Data Exfiltration, Data Breaches, Zero-Day attacks, Hacks, Viruses, and other malware and cybercrimes. But the assumed context of all of those attacks is that they’re initiated by business outsiders, often Eastern European hackers, Rogue nation-states, or just plain old-fashioned individual cyber criminals writing viruses in their basements.

Over the last two years, we’ve reported on just one story about a potential insider threat, and that was to a company we’ve all heard about, Tesla. A cybercriminal attempted to bribe a Tesla employee with $1 million to insert a ransomware-filled thumb drive into his desktop PC. But the employee was trustworthy and reported the bribe to his supervisors, who, in turn, involved the FBI. The cybercriminal and one of his associates were caught because the honesty and integrity of a Tesla employee neutralized the threat before the attack could occur.

Would your employees and your third-party vendors do the same for you and your business? All business owners and managers hope the answer is yes, but most also know it’s unlikely.

So what are insider threats? Those are any of the incidents mentioned above (Ransomware, Data Exfiltration, Data Breaches, Zero-Day attacks, Hacks, Viruses and other malware and cyber crimes) perpetrated by someone who works in the company or a trusted vendor.

Are all insider threats malicious?

Interestingly, not all insider threats are malicious, where the actor intends to do harm to the company. According to Verizon’s Insider Threat Report, insiders are often motivated by these malicious motives:

• Financial Gain -- But not necessarily to do harm to the organization
• Espionage -- For the benefit of themselves or another organization
• Grudge -- Potentially against the business, but also potentially against specific employees
• Ideology -- The insider may be opposed to an action or philosophy of the organization

But insiders could also be motivated by these less-malicious reasons:

• Fun -- Can this be done?
• Convenience -- the desire to work around cumbersome security procedures.
• Fear -- perhaps fear of an impending financial catastrophe, or fear of being fired.

Supporting those statistics is Verizon’s assessment of who the insiders are. Three of their actor-types are malicious:

• The Inside Agent -- An employee motivated to act for the benefit of some other bad actor.
• Disgruntled Employees -- Potentially those passed over for raises and promotions, or who feel they were otherwise wronged by their employers, who are just out to harm the organization or other specific employees.
• Malicious Insider -- Those who steal data, usually for personal gain.

But two of them are not:

• The Careless Worker -- Employees who incorrectly address emails, install unpermitted software, inadvertently expose sensitive data, and work around security measures.
• The Feckless Third Party -- Business partners who do not support the same high security measures as the organizations they serve.

(Note: In the above list, the labels were from Verizon’s report, and the descriptions were our own.)

Reducing The Damage of Insider Threats

So your company has done all that it was supposed to do in order to protect itself from cyber attacks: you installed the latest firewalls and reinforced those with the best cybersecurity software. You’ve got endpoint protection, VPNs, multi-factor authentication, secure password policies, SIEM analysis of your device log files, a Security Operations Center monitoring your network 24/7...so you sleep well at night.

Despite doing all the right things, insider threats can undo several layers of cybersecurity in moments.

What can you do to help reduce the Damage of Insider Threats?

Cybersecurity Awareness Training

Cybersecurity Awareness Training helps to train your employees to look out for signs of Phishing, Business Email Compromise, and other signs of attempted attacks. But it can also train employees how to notice when other employees are doing things they shouldn’t be doing -- insider threats that may potentially harm your company.

Employee Background Checks

But Awareness Training depends on whether your employees actually want to protect the company. How can you ensure that they do? Trustworthy employees begin with the hiring process, and in particular, by running background checks on your employees.

Robert Glucroft, of BackgroundRunner.com, a Los Angeles-based background check company, says, “When you’re interviewing a prospective employee, they will often say whatever they need to say to get you to hire them...and not all of it is going to be true.” Glucroft continues, “You could be hiring people who have long histories of embezzling from their companies, or people who are in severe financial trouble or have substance abuse issues, all of which make them much more likely to betray your company for the right price or reason.”

But background checks are not only for potential new employees. Background checks should also be conducted on an annual basis on existing employees. “Situations change for employees just as they do for the general public. Sharp increases in debt, signs of substance abuse, and even a lengthening criminal record can indicate that an employee is under stress and may potentially harm the company,” says Glucroft.

Vendor Management and Review

We’ve been brought into companies with the goal of either reviewing or improving their current cybersecurity practices and those of their vendors and suppliers. We’ve discovered instances where our clients had the foundations and policies of a solid cybersecurity strategy, but all their efforts were undone by outside vendors.

• We’ve seen the aftermath of VOIP vendors and Video Security installers leave huge holes in previously-secured company firewalls in order to simplify the configuration of their own equipment.
• Software publishers have had their own software hacked and then installed their software onto the networks of other businesses, immediately adding backdoor access to your business and all its data.
• Even an improperly configured QuickBooks system can allow hackers to steal your data.
• Vendors for proprietary equipment, such as specialized medical equipment, have sometimes left security holes in their own products that will allow access to your office network in much the same way as smart light bulbs can give hackers access to your wifi network.
• Vendors can even install their own software via thumb drives without knowing that those drives contain malware.

Businesses often let vendors into their company without questioning their cybersecurity policies and procedures, it often leads to a disaster for the company. The only solution to this problem is to manage and review your vendors’ cybersecurity policies.

Conclusion

Business IT networks are getting more complex every day, and that means your cybersecurity strategy needs to adapt in order to be effective. But a huge, often overlooked part of your cybersecurity strategy includes the people who work in and with your organization. If you don’t know how to protect yourself from these dangers, let Digital Uppercut help. Use our online contact form or call us at 213-398-8771.

 

New cryptocurrency coins are created by solving complex mathematical problems, a process called “mining.” Those who mine cryptocurrency do so by building farms of extremely powerful computers designed specifically for these mining operations. Not only are the computers expensive, but so is the maintenance, networking and electrical power required to keep them running, sometimes making the effort unprofitable. But now cybercriminals have designed malware that seeks to avoid all of that expense by infecting millions of computers with code that will do the mining for them...on YOUR computers.

The malware, named Prometheus (after the Greek god of fire) and “Prometai” in Russian, exploits two vulnerabilities in Microsoft Exchange, collectively known as “ProxyLogon,” to help it spread to users of the Exchange server. But the threat doesn’t stop there.

How The Prometai Malware Works

According to a report on Cybereason.com, the attack begins with a hack of unpatched Microsoft Exchange servers that exploit the two ProxyLogon vulnerabilities. From there, it infects other PCs on the network.

Threatpost says that “ProxyLogon consists of four flaws that can be chained together to create a pre-authentication remote code execution (RCE) exploit – meaning that attackers can take over servers without knowing any valid account credentials.” That means that no matter how complex your passwords may be, your Exchange Servers may still be at risk.

The malware's main payload is to run a cryptocurrency-mining application. Miners do well when the costs of the machines, maintenance and network infrastructure are lower than the value of the coins generated by the application. And the venture becomes even more profitable when those costs are born by others.

Which Cryptocurrency is Mined by Prometai?

Most of us are familiar with Bitcoin, the most popular cryptocurrency, but this malware mines Monero, a lesser-known cryptocurrency. Why Monero? According to Genesis Mining, Bitcoin is optimized to run on specialized hardware that uses ASIC chips, and most office computers do not have high-performance ASIC chips. On the other hand, Monero is “designed in such a way that ASIC computers do not have much of an advantage over ordinary computers. As a result, ordinary people can use a simple CPU and start mining right away.”

That makes mining Monero ideal for the untargeted distribution of this malware, because any computer it infects can be used for mining the coins.

Why is the Prometai Malware Dangerous?

The damage to the owners of these computers occurs on many levels.

• The users of infected computers suffer from poor performance from their PCs, as processing power is diverted to the mining operation.
• Computers use additional electricity for the additional processor power required to run the mining software.
• The malware can affect the stability of the infected computers.
• It spreads to other workstations by using brute force techniques to guess user credentials, trying hundreds of common passwords
• It spreads to Microsoft SQL Servers and PostgreSQL servers

But the real danger of the malware is that it provides a backdoor for loading other software that could do even more damage to your computers and your company. The backdoor could be used for:

• Stealing Credentials
• Stealing Intellectual Property
• Installing Ransomware
• Allowing Remote Control and Takeover of the computers

How To Protect Your Company From Prometai

The first and best thing you and your company can do to protect yourselves from this and similar malware infections is to keep your software up to date. The entry point for Prometai is two vulnerabilities in Microsoft Exchange that Microsoft has already fixed. However, if your IT team has not installed the patches, your company remains vulnerable.

Systems that detect and prevent unauthorized installation of software on servers and workstations are another line of defense, as they could prevent the installation of the malware or detect its presence early enough to minimize the damage.

SIEM systems, which view and analyze your entire IT infrastructure as a whole (rather than as separate components), can help to detect unusual activity across your network.

If you run a business, from a single laptop up to large enterprises, your business is vulnerable to this or similar malware, and there is no way to protect your business except to take an active role in defending yourself. Digital Uppercut offers all of these services and more as part of our Business Protection Toolkit, which contains 10 separate business protection tools and is growing.

Call Digital Uppercut

The Business Protection Toolkit allows Digital Uppercut to provide big business protection on a small business budget. If your business isn’t protected, or you aren’t sure if your current IT team is protecting your business well enough, call Digital Uppercut for a free consultation and a discussion of your situation. Make an appointment using our online contact form, or call us at 213-398-8771.

How Much Should Good Cybersecurity Cost?

 

How Much Should Good Cybersecurity Cost? Business owners and CEOs are very familiar with the financial ratios they use to run and monitor their businesses. Good Inventory turnover often varies between 2 and 10, depending on the type of business. A 2-to-1 “Current Ratio” of assets over liabilities can indicate a healthy business.

Healthy Quick Ratios over 1.0 tell you how effectively the business can pay financial obligations...including emergency obligations, such as the hundreds of thousands or millions of dollars it takes to recover from a cybersecurity breach. So then what is the proper financial ratio for calculating how much you should spend on your company’s cybersecurity to prevent a breach? Like with other ratios, it depends on a number of factors.

How Much Should Good Cybersecurity Cost?

Good and bad assessments of the ratios mentioned above all depend on the type of business you’re running. Certainly, a wholesale business will have different ratios than a retail business. An online business will have different ratios than a brick-and-mortar business. And of course, service businesses will have different ratios than product businesses.

So how much should good cybersecurity cost? The problem with answering this question is that IT, in general, and cybersecurity, in particular, are generally considered cost centers rather than profit centers. So any number greater than Zero is going to be too much for some business managers.

Cybersecurity Economies of Scale

When asking what good cybersecurity costs, economies of scale hold part of the answer. As with most products and services, larger companies benefit from lower relative cost-per-user because their investment can be spread over more workstations and infrastructure. As a result, according to a report by InfoSecurity Magazine, which discussed the cost of cybersecurity as a percentage of revenue, large companies can often spend “anywhere from a fraction of a percent to a couple of percent on implementing and sustaining security.”

Larger companies enjoy lower per-user costs, such as software upgrades, security software, workstation purchases and upgrades, simply because they are buying larger quantities and can demand larger discounts. They can also spread high infrastructure costs, such as network servers, firewalls, backup systems, Security Information and Event Management (SIEM) and Security Operations Centers (SOC), among more users.

By contrast, small companies typically have fewer endpoints than larger companies, and cannot demand the same large discounts that their big brother companies can. And they need to spread their infrastructure costs over that smaller user count. The result is that, according to the same InfoSecurity Magazine article, small companies can spend 4% or more of their total revenue on Cybersecurity.

These percentages are not hard and fast rules. For both large and small companies, costs increase not only by the number of workstations and servers, but also by…

• The number of locations
• The number of remote workers has increased recently due to COVID-19
• The number and type of mobile devices
• The age of equipment and software
• The company’s efforts to update software and keep technology current
• The type of data being secured, especially as it relates to medical data
• The number and type of specialized devices, including medical devices, CAD/CAM equipment, manufacturing equipment and other diagnostic equipment

...and so much more. Whatever the circumstances, good security costs more for small businesses than for large companies.

How To Keep The Cost of Cybersecurity Down

Whatever size organization you have, there are ways to keep the cost of cybersecurity down.

Start when you’re small

It may sound counterintuitive, but starting your cybersecurity plan when you’re a small business allows you to grow cybersecurity incrementally, which can save the organization a lot of money.

Maintain The Cybersecurity You have

Creating a cybersecurity budget and maintaining your technology diligently costs far less, in both time and money, than letting your technology age without updates and then replacing everything a few years down the road. Plans like this not only cause you to incur huge costs all at once but also leave you vulnerable to attacks as your cybersecurity technology ages.

Don’t Wait For An Attack

We often gain new clients after they’ve been attacked. They often tell us that they were just about to upgrade their cybersecurity. By then, of course, it’s too late. The costs of upgrading your technology after a cyber attack are many times higher than before the attack.

Big Business Cybersecurity for Small Businesses

What if your small or medium-sized business could get the same cybersecurity economies of scale that large businesses get every day? Digital Uppercut’s Business Protection Toolkit is designed to provide big business cybersecurity to small and medium-sized businesses like yours. And the good news is that you can decide how much good cybersecurity should cost, and we can customize the Toolkit to fit not only your business, but your budget, too. Together, we can choose big business cybersecurity technologies such as SIEM, SOC, Cloud-based firewalls, Awareness Training, Advanced Endpoint protection, and more. Contact us online or call us today at 213-398-8771 to talk about how Digital Uppercut can help protect you and your business.

More Intelligent Phishing Attacks: Click Here To Claim Your Two Night Stay at Marriott Hotels

 

Imagine this email subject line: “Click Here To Claim Your Two-Night Stay at Marriott Hotels.” Would you read an email because of a subject line like this? It’s pretty attractive, and a similar message was sent to millions of people via email with a similar offer. The problem is that the offer was fake, and part of a more intelligent phishing attack designed to take advantage of a recent real Marriott International breach that affected approximately 5.2 million guests. This very sophisticated phishing campaign first referenced the January 2020 breach -- a true and widely publicized story -- and followed it up with the fake offer.

 Phishing Is Your Biggest Threat

Phishing, researchers say, is the number one “attack vector” affecting enterprises, mostly because it works. And while it’s no surprise that cyber criminals are coming up with new tactics for those phishing attacks, what is very surprising is the depth, intelligence and sophistication used in these new attacks, including advanced psychological techniques.

The Marriott 2018 Data Breach

According to an article in Security Boulevard, the Marriott 2018 data breach “may have taken personal details such as names, birthdates, and telephone numbers, along with language preferences and loyalty account numbers,” which gives the cyber criminals additional credible information for future cyber attacks. Imagine, for example, a subsequent Happy Birthday email offering you a free night’s stay to celebrate your birthday. Its authenticity could be very convincing.

But in this case, Marriott announced in its own press release that it “is sending emails to guests involved.” To Marriott customers who are aware of the original breach and this specific announcement, the phishing email looks very authentic.

We predict that there will be more phishing campaigns leveraging the news of other hacks and breaches to make their attacks look more legitimate as well. But the increasing sophistication of cybercriminals gets even more clever than this.

Making More Intelligent Phishing Attacks More Believable

Leveraging real breach news is one way that cybercriminals are making more intelligent phishing attacks, but there are others. If you’ve ever negotiated a deal on a new car in a buyer’s market, you know that your willingness to walk away from the deal puts you in control of the negotiations. The same holds true for the sales representative in a seller’s market: If the buyer is not willing to meet the price, all the seller has to do is threaten to take away the offer.

According to ThreatPost Magazine, there’s a new phishing technique that uses CAPTCHA challenges to actually prevent users from accessing a phishing site. This may seem as counterintuitive as leaving a negotiation that you’d like to win, but it’s actually quite clever.

The ThreatPost article describes how users are actually exposed to not one, but three separate CAPTCHA challenges, and quotes researchers at Menlo Security who gave two reasons for the effectiveness of this technique:

• CAPTCHA prevents security spiders from identifying these dangerous phishing sites
• CAPTCHA is used by legitimate “benign” websites, not fake sites. In other words, the user assumes the site must be legitimate if it’s using a CAPTCHA challenge.

But we recognize a third reason for this technique being effective:

• CAPTCHA...especially repeated CAPTCHA...may frustrate users, so that once they succeed at answering the challenge questions, they will be more eager to fill out the credential screen and less aware of the deception that is part of every phishing site.

Thinking back to the car sales analogy, it’s as though the seller has rescinded the offer twice, but finally agrees to your terms. You can imagine yourself eagerly filling out the contract terms.

So not only does this technique help the phishing site hide, but it also convinces the victim that the site is more legitimate AND makes the victim more eager to comply.

That’s a dangerous combination.

Could Your Users Resist These More Intelligent Phishing Techniques?

The first example above was a travel site, but it could just as easily resemble a recently hacked bank website, such as Bank of America (Hack reported in May 2020 related to PPP applications), CitiFinancial, Wells Fargo and others. It could also be a health-related organization, such as American Medical Collection Agency, lab sites like Quest Diagnostics, or other breaches involving health data records

Imagine having your best employee fall for one of these more intelligent phishing attacks, and the damage it could do to your own company (thousands or millions being wired to the criminals’ bank accounts) or to your medical practice (the breach of thousands of HIPAA-protected medical records).

Awareness Training Educates Your Staff

We have many techniques for protecting your business from breaches and hacks, including the more intelligent phishing techniques described here. Firewalls prevent direct attacks on your networks. Advanced Endpoint Protection protects individual workstations and devices from malware. Our Advanced Web Protection can even identify phishing sites. And we have a dozen other methods of protecting your organization from threats. But if your staff unknowingly cooperates and forfeits credentials to valuable resources -- especially on personal or unprotected devices -- the attack has a good chance of getting through.

It’s as though your staff has unwittingly joined the attacker’s team.

That’s why we recommend Awareness Training for all of our clients. Because C-Level executives are the most prime targets for phishing attacks, the training consists of a series of lessons that teach your staff at all levels, from clerical and maintenance staff up to the CEO. And not only do we offer the training, but we offer a console to help you organize and manage the enrollment of each of your employees, and the refresher training needed to keep your staff aware of the latest threats.

If you have cybersecurity insurance, and certainly if your company is required to follow HIPAA regulations, Awareness Training is required to be part of your cybersecurity plan.

Fight More Intelligent Phishing Attacks Today

Cybersecurity always feels like it’s too much until you discover that it’s not enough. Taking a few hours each week to keep your company safe may seem like too much, but you’ll know for sure that whatever you’re doing now is not enough once your company falls victim to a more intelligent phishing attack. As important as Awareness Training is, it’s not nearly as expensive as you might think, and is even added at no additional cost to some of our cybersecurity packages. Contact us online or call us today at 213-398-8771, and let’s talk about protecting your business from a phishing disaster.

Penalties for Uber Exec Who Covered Up Data Breach

 

Uber was hacked in 2016, revealing the personal information of 600,000 Uber drivers and 57 million Uber passengers. If you joined Uber in or prior to 2016, there’s a good chance your data was exposed in the Uber Data Breach. Why are you learning about this now? On August 20, 2020, the Federal Trade Commission filed a criminal complaint against Joseph Sullivan, Uber’s former Chief Security Officer, because he not only didn’t report the crime, but he also actively worked to “conceal, deflect, and mislead the Federal Trade Commission about the breach,” according to the FTC.

About the Uber Data Breach

This wasn’t even the first time that Uber had been hacked: Uber had been breached in 2014, and Sullivan was selected by Uber to respond to the FTC’s inquiries into that data breach. About ten days after Sullivan provided his testimony to the FTC, he was contacted by two hackers and told that they had accessed Uber’s data. According to Uber in its own blog post on the same day as the FTC and FBI’s announcement, the hackers accessed "data stored on a third-party cloud-based service that we use. The incident did not breach our corporate systems or infrastructure."

The Uber Driver data that was breached included names and driver's license numbers, but it was also among the 57 million Uber Rider Data records, whose names, email addresses, and mobile phone numbers were among the breached data.

Concealing the Uber Data Breach

Sullivan and his team took less than 24 hours to confirm the Uber Data Breach. However, he then worked with the hackers to pay them “hush money” in exchange for a promise not to reveal the hack to the public.

The payment was made to the hackers via Bitcoin under false names, which were also used on a written non-disclosure agreement, which included a “false representation” that no data was actually taken. In order to help conceal the breach, the payment was facilitated through a “bug bounty” program. Such programs are used to reward white-hat hackers when they discover, but do not exploit, data vulnerabilities.

The true identity of the hackers was later discovered to be Brandon Charles Glover of Florida and Vasile Mereacre of Toronto. Sullivan sought to have them re-sign their non-disclosure agreement under their true names. At least one other Uber employee was involved in the preparation of the agreement, but according to the FBI, "When an Uber employee asked Sullivan about this false promise, Sullivan insisted that the language stay in the non-disclosure agreements."

Sullivan Reveals the Breach to Uber Management

Uber Founder Travis Kalanick resigned as CEO in 2017, and new management, including a new CEO, Dara Khosrowshahi, was hired in August. Sullivan told the new CEO about the 2016 breach and then asked his team for a summary of the event to present to Khosrowshahi. Sullivan then edited the draft summary prepared by his team by removing details about the data that was taken, and then by adding false information that the payments were made only after the true identities of the hackers were known.

Uber’s new management ultimately discovered the truth and disclosed the Uber data breach publicly, and to the FTC, in November 2017.

Had Sullivan reported the breach rather than trying to cover it up, the FBI says that no charges would have been filed. But given the current facts, the criminal complaint filed on August 20 alleges that Sullivan deceived Uber’s new management team about the 2016 breach. The FBI is charging Sullivan with “obstruction of justice, in violation of 18 U.S.C. § 1505; and misprision of a felony, in violation of 18 U.S.C. § 4.” (The term “misprision” is the deliberate concealment of knowledge of a felony or treasonable act.)

What You Can Learn From The Uber Data Breach

There are several lessons to be learned from this story, not the least of which is that cloud-based services require the same or higher level of security as your in-house data. All cloud-based systems come with security by default, but they also come with security holes by default, and it’s your cybersecurity team’s responsibility to plug them. Not only are there optimizations that can be done within most cloud-based systems, but you can also increase and optimize your security around the cloud services with cloud-optimized firewalls, mandatory file and folder-based encryption, SIEM and Security Operations Center technologies, and other techniques.

The other lessons concern cover-ups. While data breach penalties that corporations can face can range into the tens or hundreds of millions of dollars, failing to report data breaches can result in even worse consequences, including criminal penalties.

What You Can Do

Some data security breaches have one level of penalties in the event of a breach, and a much higher level of penalties if there is no plan to deal with the breach, or if the plan is not followed. All of this serves as a warning to not only secure your business data but also to have procedures in place in the event of an incident like the Uber data breach. Digital Uppercut is here to help you with both your security and your plan. Call Digital Uppercut at 213-398-8771 or contact us online today.

How To Penetrate Your Network Security? Cash!

 

Sometimes, cyber-attacks enter your company network when an employee stumbles upon a virus-filled web page. Other times, the cyber-attack begins when an employee falls victim to a phishing attack or is tricked into downloading a virus-filled file. Other times, it’s a brute force attack on your network. Now here’s something else to worry about...a technique that might seem new but is as old as commerce itself: Dishonest employees willing to allow the bad guys to penetrate your network security for cash.

The FBI announced that on August 22, it arrested a man who bribed a Tesla company employee with a $1 million payment. What did they ask him to do? Plant one piece of malware -- Ransomware, actually -- onto his office computer. The story actually unfolds like a spy novel and holds a cautionary tale for any company’s cybersecurity team.

The Insider is Approached

Egor Igorevich Kriuchkov is a 23-year-old Russian citizen. According to an article on ClearanceJobs.com, Kriuchkov and his colleagues had inside information about which Tesla employees had access to the resources necessary to place the intended malware. They identified and contacted a non-U.S. citizen working at Tesla’s Sparks, NV facility who spoke Russian as their inside man.

Kriuchkov and the employee’s early contact, beginning mid-July, was through WhatsApp, a communications tool owned by Facebook that features end-to-end encryption for all communications. The two, along with other Tesla colleagues, met in Lake Tahoe between August 1 through 3. Initially, all contact was social, but on August 3, Kriuchkov asked the insider to participate in a "project."

Kriuchkov asked the insider if he would place some malware that Kriuchkov and his associates would customize and provide. In exchange, the insider would receive $500,000. After being contacted by Kriuchkov, the employee reported the contact to company officials, who then notified the FBI.

How the Malware Attack Would Work

According to the insider, he was told how the attack would work.

• The malware would be placed by the insider.
• Kriuchkov’s colleagues would initiate a Red Herring -- a Distributed Denial of Service (DDOS) attack, with the goal of keeping Tesla’s Cybersecurity team busy.
• While the Cybersecurity team was busy fighting the DDOS attack, Kriuchkov would spread the malware throughout the network.
• Sensitive corporate data would be exfiltrated, and the network files would be encrypted.

It’s at this point that a ransom demand would be made on the company, for many millions of dollars.

How The Cybercriminals Were Captured

For his fee, the insider was expected to provide additional inside information about Tesla so that its ransomware software could be customized. Communication happened via burner cell phones, WhatsApp, TOR and Bitcoin wallets.

Working with the FBI, the employee extracted additional information about the plans for the attack, and also demanded a higher payment, eventually settling on $1 million. During these conversations, Kriuchkov boasted that they had done this several other times, and that one of their previous insiders was still working at his company three and a half years later.

How To Defend Against Threats To Penetrate Your Network Security

You would want to believe that a company as large and sophisticated as Tesla would have network infrastructure strong enough to defend against such an attack. The cybercriminals seem to think otherwise, and fortunately, Tesla didn’t have to find out.

Would you be so lucky?

So what does this all mean to companies like yours? The first and most obvious question is whether your own employees would be honest enough to forego a huge payday in order to take down your company. Although this wasn’t mentioned in the research for this story, employees with large debts, gambling problems, and other serious issues and secrets would be most vulnerable to an approach like that received by Tesla’s insider. Background checks for current employees and new candidates could be helpful here.

It’s also possible that companies like yours might have already been targeted by cybercriminals, who may have already sent compatriots to apply for and take jobs in your company, with the express purpose of placing malware from the inside. These scenarios suggest it may be wise to add thorough candidate and employee background checks to your normal cybersecurity procedures.

The problem is that firewalls alone can’t protect against an inside job like this, and typical antivirus software isn’t strong enough to defend against more sophisticated malware. Most cybersecurity defenses exist in a silo and are designed to look at only a very narrow range of activities.

Only with a sophisticated SIEM (Security Information and Event Management) system can such threats be identified. That’s because SIEMs collect data from all parts of your organization -- every workstation, firewall, server, network appliance, access point, browser, and email program -- and view it all holistically, finding clues in one system that it can follow into another system in order to get a complete picture of the attacks you are facing.

Having a Security Operations Center (SOC) review the SIEM’s findings and other data makes the SIEM even more effective.

What Should You Do Now?

As you can see, attacks designed to penetrate your network security are getting more sophisticated every day. If your cybersecurity system isn’t designed to withstand these more modern, more sophisticated, and more elaborately planned and patient attacks, you might find that you’re on the losing side of a Ransomware attack...and that wouldn’t be good for you, your company, your employees, your vendors and your customers. Let Digital Uppercut help prevent that. Call us at 213-398-8771 or contact us online to set up an initial conversation and a preliminary risk assessment. Keeping your company safe is our business. Let’s talk.