Every business is at risk because of the continuous onslaught of spyware, hackers, and viruses. Data is valuable, and businesses have a duty to protect their customers. Maintaining an IT department with a security expert and keeping up with the latest cyberattacks is usually too big an expense for small and mid-sized businesses (SMBs). Thanks to the cloud and security from managed IT services, SMBs can afford to protect their clients.
As crime sprees go, cybercrime is the type that tends to be worth the risk and goes directly against the former truth of the words “crime doesn’t pay.” Due to the very low number of prosecutions in comparison to the number of cybercrimes, hackers are apparently encouraged to work tirelessly, per the following statistics:
There is a significant difference between the security a small IT department can provide and the level of cybersecurity managed IT services provide. In the simplest of terms, the personnel required to protect data is more than SMBs can typically afford.
Managed IT services provide teams of professionals, including experts in cybercrime, to protect customer details and other business data.
Contact Aperio IT to learn more about protecting your clients from cyber-threats.
Acquiring secure IT services to promote cybersecurity is a good step to ensure your company is protected from malicious forces. Professionals who provide secure IT services will be there to guide you and your workforce in keeping all endpoints and networks worry-free. However, the effort to make sure cybersecurity is maintained should not rest solely on secure IT services providers. It is the end-users who should be even more careful, as it is they who roam company networks and use online resources. Companies can lose a lot with employee negligence, but such errors can be avoided. Through well-planned cybersecurity training, awareness and vigilance does not rest solely on secure IT services providers.
Building a culture of cybersecurity is integral to make sure that the entire workforce is calibrated when it comes to cybersecurity knowledge. While training may include how to use company resources and provided secure IT services, it can also dig deep with cybersecurity basics like how employees can be safe at home as well, and how they can promote a secure lifestyle in and outside of work. Professionals who handle secure IT services can take the lead in these trainings, with some collaboration with company leaders.
What transpires in one training session can immediately be applied, as time goes by, these tidbits of cybersecurity knowledge may fade. Companies may fail in instilling a habit of cybersecurity mindedness within the workforce without adequate follow-up. Sessions that aim to remind the workforce of cybersecurity basics need not be actual sessions. These can be in the form of email newsletters, company-wide memos, even short instructions sent to team and department leaders to disseminate to their members. Efforts to follow-up need not come from your hired secure IT services providers. Strategic ways to look after the workforce can be effective, albeit simple.
A noteworthy way to make cybersecurity impactful is to bring it to a personal level, yet connect it to how it affects one’s professional matters. Negligence in keeping one’s personal gadgets secure may end up bringing viruses and malware to the office. This is a common occurrence for those who use company gadgets for personal affairs e.g. using the office computer to open social media accounts, or using company internet for personal affairs, like booking flights or online shopping. Chances are, these “bad habits” can ultimate affect one’s personal online life, and also their work-related online resources, such as cloud storage and company email accounts. This lack of awareness can be noticed in age gaps, as more senior employees seem to be less adept in practicing cybersecurity measures than younger professionals. Secure IT services providers can be tapped in approaching this age gap, and also in emphasizing in general that personal bad habits can bite one back when brought in the office. Your personal cybersecurity errors may come back as a company-wide problem, and there’s no greater shame in knowing you included many people in a singular error.
Through training, secure IT services professionals can emphasize the need to be proactive and vigilant. Slight cybersecurity threats can balloon into major threats, and the enterprise workforce must be pushed to speak up even at the slightest suspicion. There is a bit of shame when one has to admit that they may be the cause for a certain virus or malware to penetrate company networks, but rather than seeing the trouble snowball, nipping it in the bud through professional honesty is the better act. Incident report forms may also be created to promote anonymity when there are specific instances to be reported. Training must make sure that professional honesty and vigilance is part of the cybersecurity culture that is upheld. Company leaders and secure IT services providers must work together to put this habit front and center.
Now that an internal knowledge and awareness of cybersecurity has been instilled, external forces to encourage maintenance of a cyber-secure workforce, alongside reprimanding bad habits and negligence, are compulsory. Policies can be executed to keep cybersecurity as robust as possible. You may work with secure IT services providers to help you in coming up with policies, or in writing down details of suggested policies below:
Put a strict, discernible line between websites, apps, and other internet-related resources that allowed or not in the office. Some social media sites may appear more personal than professional in terms of use, or the office can agree on what browser to use so that configurations are uniform for all computers. Identifying which websites or apps to use limits gateways for hacker or malware to enter.
Ultimately identify what kind of information stays in the office, and nowhere else. Company secrets and industry processes that took years to perfect must not reach competitors in any way. This specific policy will make sure that company data are kept where they should be kept, and will not reach areas vulnerable to cybersecurity threats.
Controlling as well what kind of email service providers will help in maintaining company data. While not all businesses are able to come up with a private email domain, executing email laws will uphold cybersecurity standards.
There is merit in the Bring-Your-Own-Device (BYOD) scheme, as it promotes employees to use gadgets there are more accustomed to in promoting work efficiency and mobility. However, a policy to govern security measures for these gadgets will support this request to use one’s own laptop or tablet to meet workload deadlines. Secure IT services providers may come up with ways to give access to antivirus program installations or do routinary scanning of gadgets that aren’t company-owned.
Non-company personnel will come in once in a while, such as industry partners or potential clients. Assigning which internet connections they are limited to is a valid way of promoting the company’s cybersecurity. Another way would be to come up with temporary connections that only function during a specific period. Some companies opt for this when they host events within company premises.
Employees come and go, but your company’s human resources team must work with your IT team or your IT provider to cut a former employee’s “IT trail”, such as deactivating company email accounts and making sure personal gadgets are banned from connecting to company networks. These processes should be part of clearance whenever an individual severs their professional relationships with the company.
Protecting your enterprise’s cybersecurity sounds like a tall order, but the repercussions of being lax are massive. A proactive approach should be in place, and it should come from company leaders and administrators.
Hurricanes, floods, fires, tornadoes, earthquakes, even ransomware — these devastating events can strike almost without warning. Does your business have a plan to not only safeguard sensitive data but contingencies for recovery should a catastrophe occur?
Management should acknowledge their company’s potential exposure to disasters, natural and otherwise. These events can endanger the accessibility and support of an organization’s IT systems and networks.
It’s trite but true: an ounce of prevention is worth a pound of cure. So how does a business protect the integrity of its IT processes before cataclysm strikes? An effective option is to collaborate with a reputable data center, one with the resources to protect valuable data while keeping it secure and accessible.
Now that you recognize the utility of a data center, what should you look for? Below is a laundry list of essentials your DR service should provide.
An effective disaster recovery plan starts long before storm clouds gather. You want your IT partner to customize a comprehensive and ordered strategy that maintains and monitors network infrastructure and ongoing processes. Too, your employees should be trained and evaluated on how to reduce or avert system downtime.
Proactive planning also encompasses preventive maintenance. Your DR provider should regularly schedule tests of fire detection/extinguishing systems, power supplies/generators and HVAC systems.
How do fiber optic networks provide such outstanding redundancy and protection? In large part, due to bidirectional line-switched architecture. This means that in the event of network element failure, optical signals can be rerouted, either with “protection” spare fibers or by backhauling.
You want the same from your DR provider. Does it offer alternative facilities should its primary data center be offline? Are their data centers sited to prevent damage from floods, fires, winds or earthquakes?
Power failures and loss of environmental cooling can wreak havoc on vulnerable infrastructure elements. Look for facilities with redundant uninterruptible power supplies (UPS), supported by generators that switch seamlessly online if utility power fails. Seek the same redundancy within the data center’s HVAC configurations.
Redundancy also includes instantaneous access to multiple “core” or “Tier 1” long-haul networks should the primary carrier interrupt service.
Is the DR provider’s data center monitored at all times? Are employees required to wear visible ID whenever onsite? Nowadays, constant surveillance of network assets is a must to maintain network integrity and data security.
Your DR provider should have a cross-trained and experienced emergency ops team in place, ready at a moment’s notice to restore operational functionality to networks and systems in case of a disaster. They are the “cavalry” riding to the rescue, freeing local employees to see after their families and homes.
Now that you know, consider Aperio IT as your partner in disaster recovery planning. We provide cloud hosting and backup services to small and mid-sized businesses like yours. It’s never too early to prepare before catastrophe strikes.
Contact us to learn more about planning your Disaster Recovery Plan with Aperio IT.
U.S. hospitals have been faced with an alarming surge in ransomware attacks this year. In these attacks, hospitals find themselves without access to critical patient information. In addition to seriously threatening patient safety, hospitals themselves are also harmed. Necessary interruptions to services while recovering from the attacks damage organizations’ reputations, and financial costs can include ransoms along with costs associated with liability.
Ransomware attacks are a growing threat. Organizations need to focus on necessary steps to protect their data and to stay current on new security requirements arising to meet this threat.
In the first part of this two-part series, we’ll look at what ransomware is, and what makes hospitals and healthcare organizations particularly vulnerable to ransomware attacks. In the second part, we’ll take a look at solutions all organizations (not just hospitals) can employ to mitigate the risk from these attacks, and also discuss possible future changes to security requirements that may develop in response to the increase of ransomware related cybercrime.
What is ransomware?
In their January 2016 brief, “Hacking Healthcare IT in 2016,” the Institute for Critical Infrastructure Technology refers to ransomware as “the primary threat to organizations in 2016.” Ransomware is a specific type of malware that works by preventing or limiting users from accessing their systems or data, often by encrypting the data. This kind of malware requires payment of a ransom in order to regain access to systems or data. Of course, even after a ransom is paid, there is no guarantee that access will actually be returned or that data will be undamaged. Some examples of ransomware include Locky, CryptoLocker, and CTB Locker.
Why are healthcare organizations so vulnerable to ransomware attacks?
Within just the past few months, hospitals that have reported attacks include Hollywood Presbyterian Medical Center in Los Angeles, Methodist Hospital in Kentucky, and MedStar Health’s ten hospitals and over 250 outpatient clinics in Maryland and Washington D.C. Officials suspect that additional attacks may have gone unreported by organizations choosing to deal with such matters internally rather than risking the damage to their reputations that publicly acknowledging vulnerabilities can bring.
What makes hospitals such tempting targets for cyber criminals? One reason is that hospitals rely on having fast access to accurate and up-to-date information in order to provide care for patients. This means they are more likely to pay a ransom than other organizations might be, as they are trying to avoid harm to their patients (up to and including death) and of course, lawsuits.
Another less obvious reason is that hospitals have until present been focused primarily on educating their employees mainly in HIPAA compliance, and much less on cybersecurity. This leaves hospitals employees especially likely to fall victim to social engineering attacks such as phishing, which can give ransomware attackers the entry they need.
The older software used by some hospitals can also provide a tempting point of entry for ransomware attackers. For example, a recent alert from the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team warns that certain systems used to automate the tracking and dispensing of medical supplies contain numerous security vulnerabilities.
Additional Links: TrendMicro – History of ransomware. Wired.com – Why hospitals are the perfert target for ransomware. DataBreachToday.com – Security flaws in legacy medical supply systems.
The Internet is a gigantic collection of linked networks that span the globe. The networks are connected using routers.
A router is a specialized computer that directs traffic on the Internet. As the Internet consists of hundreds of thousands of smaller networks linked together, the use of routers is absolutely necessary for it to function.
When you want to visit a particular website, you type the address of the site into your web browser. The address goes to the nearest router and the router decides where the required site is on the Internet.
The router also determines the most efficient path through all the networks to reach a particular destination… based on the traffic in different parts of the Internet and the available connections.
Cisco Systems Inc is an American multinational technology company that designs, manufactures, and sells networking equipment including most of the routers used on the internet. In fact, 85 percent of Internet traffic travels through Cisco’s systems.
Hacked routers
Security firm FireEye announced recently that its researchers have discovered malware (dubbed SYNful) on 14 Cisco routers in the Ukraine, the Philippines, Mexico and India.
SYNful replaces the operating system used in Cisco’s network equipment and thus opens a back door that provides a permanent foothold inside a targeted network.
This enables the hackers to harvest vast amounts of data while going undetected by existing cyber security defenses, according to Mandiant, FireEye’s computer forensic arm.
Cisco have confirmed that it has alerted its customers to these hacking attacks and said that it was working with Mandiant to develop ways for customers to detect the attacks.
Indeed Cisco has published intrusion detection signatures that customers can use to look for attacks in progress which, if found, can then be blocked.
If successful attacks are detected, customers will have to re-image the software used to control their routers.
It is highly probable that many other instances of these hacks have not been discovered, according to FireEye. Indeed it is likely that the infected routers are being used to infect other parts of the Internet.
Because the implanted software duplicates the normal functions of routers it could also affect routers from makers other than Cisco.
How bad is the threat?
Routers operate outside the perimeter of firewalls, anti-virus and other security tools used by organizations to safeguard data traffic.
This means that the estimated US$80 billion spent every year on cyber security tools is money down the drain where this form of attack is concerned.
According to Cisco, SYNful does not take advantage of any vulnerability in its own software. Instead it steals valid network administration credentials from the organizations targeted by the hackers so that it can install itself or it can be installed when the hackers gain physical access to Cisco routers.
No matter how it is installed, if a hacker seizes control of a router then he has control over the data of all the companies and government organizations that flow through that router.
According to FireEye, the affected routers have been used to hit multiple industries and government agencies. The company also says that the router logs indicate that the hacks began well over a year ago.
So what does all this imply for the ordinary consumer, who does his or her shopping and banking online?
The answer depends on who the hackers are working for.
The USA’s global spy agency, the NSA (National Security Agency), has a habit of intercepting networking equipment and installing backdoors before the equipment reaches customers.
This came to light in May 2014. In 2015, Cisco began offering to deliver this kind of equipment directly to customers in order to avoid interception by the NSA or other miscreants.
The latest findings from FireEye suggest that the miscreants, whoever they are, are managing to implant malware on routers no matter how they are being delivered.
While it is likely that the NSA or some other state actor is the culprit, this is not at all certain, even though FireEye says that interception could only be done a handful of sovereign states. In this writer’s view, the miscreants could well be a criminal gang intent on commercial gain.
Perhaps it would be as well to check with you bank to see whether they have any reservations regarding online banking in the light of these revelations.
Sign up today for free & stay current with local IT news.
