08 Dec

Cybersecurity Essentials: VPN

Installing powerful antivirus software and setting strong passwords are no longer considered the bare minimum in cybersecurity. With hackers, government agencies, and ISPs constantly monitoring networks and your online habits, hopping onto a Virtual Private Network (VPN) is crucial for keeping your surfing habits private. Here’s why.

 

What is VPN?

 

Simply put, a VPN is a group of servers you connect to via the internet. Once you’ve established a connection, your computer acts as if it’s on the same local connection as the VPN, making it seem like you moved to a different location.

When you surf the web through a VPN, all the data transmitted and received is also encrypted, preventing anyone — from hackers to government agencies — from monitoring your online activities.

 

Why should you have one?

 

Of course, security and privacy are major reasons why you would want a VPN. For example, if you’re connected to a public WiFi network — like the ones you typically see in local cafes and airports — using a VPN encrypts the information you’re sending or accessing online. This means things like credit card details, login credentials, private conversations, or other sensitive documents can’t be intercepted by a third party.

VPNs are also useful for accessing geo-restricted websites. If you’re traveling abroad and certain US websites are blocked in that region, you can simply connect to a VPN located in the US to access the sites you need.

 

Which VPN should you choose?

 

Given the increasing demand for secure online privacy, VPNs are surging in popularity. The following considerations can help you find the right one.

1. Cost
While free VPNs are available, we strongly suggest you avoid them. These keep logs of your internet activity, and in some cases sell them to the highest bidder. Maintaining a VPN service is also expensive, which means the free ones will likely plaster ads on your browser to make a quick buck.

Paid VPNs like SurfEasy and StrongVPN often come with more robust features and configurations that keep you secure. What’s more, they don’t keep a record of the sites you visit and hound you with pop-ups that lead to dangerous websites.

2. Location
The physical location of VPN servers is important if you want to access region-blocked websites. So if you’re planning on accessing a UK-based service, your VPN provider must at least have servers installed in London.

3. Capacity
Read through a VPN provider’s terms of service to determine how much data you’re allowed to use. If possible, find out how many servers a VPN provider has. If they have plenty of servers online, you can rest assured that they have the capacity to support your internet browsing.

4. Device compatibility
Another important factor to consider is whether the VPN can be used across multiple devices. Nowadays, employees work on laptops, tablets, and smartphones, so you’ll want a VPN that’s compatible with all these.

5. IP leaking
Finally, a great way to evaluate a VPN service is to sign up for their free trial service and visit https://ipleak.net/, which will allow you to check whether your real IP address is actually being leaked. If it manages to track your physical location, you need to opt for a more reliable VPN service.

 

VPNs are now a vital component of cybersecurity, and if you need help selecting the right one for your business, consult with our security experts today. We also offer comprehensive cybersecurity services so no hacker or third party can get their hands on your data. You can reach us at sales@eitnetworks.net or 1-866-BIT-WISE.

Share this
28 Apr

What is Virtual “Sandboxing?”

<Virtualization comes with several benefits for small- and medium-sized businesses. One of the most important is cybersecurity, but even within that subset are several strategies for protecting your organization. One of such strategy is referred to as sandboxing, and it’s worth learning about.

 

What is sandboxing?

 

Sandboxing is one of the rare concepts in virtualization that the average person can usually grasp in just a couple short sentences. Essentially, sandboxing is the practice of tricking an application or program into thinking it is running on a regular computer, and observing how it performs. This is especially useful for testing whether unknown applications are hiding malware.

Obviously, it gets far more complicated once you delve into the details of how you implement a sandboxing technique, but the short answer is that it almost always involves virtualized computers. The program you want to test thinks it’s been opened on a full-fledged workstation of server and can act normally, but it’s actually inside of a tightly controlled virtual space that forbids it from copying itself or deleting files outside of what is included in the sandbox.

 

An effective way to quarantine

 

Virtualization is no simple task, but the benefits of sandboxing definitely make the effort worth it. For example, virtualized workstations can essentially be created and destroyed with the flip of a switch. That means:

  1. You aren’t required to manage permanent resources to utilize a sandbox. Turn it on when you need it, and when you’re done the resources necessary to run it are reset and returned to your server’s available capacity.
  2. When malware is exposed inside a sandbox, removing it is as simple as destroying the virtual machine. Compare that to running a physical workstation dedicated solely to sandboxing. Formatting and reinstalling the machine would take several hours.
  3. Variables such as which operating system the sandbox runs, which permissions quarantined applications are granted, and minimum testing times can be employed and altered in extremely short periods of time.

This strategy has been around for nearly two decades, and some cybersecurity experts have spent their entire careers working toward the perfect virtual sandbox.
 

Containers: the next step in this evolution

 

Recently, the virtualization industry has been almost totally consumed by the topic of “containers.” Instead of creating entire virtual workstations to run suspicious applications in, containers are virtual spaces with exactly enough hardware and software resources to run whatever the container was designed to do.

Think of the metaphor literally: Older sandboxes came in a uniform size, which was almost always significantly larger than whatever you were placing into them. Containers let you design the size and shape of the sandbox based on your exact specifications.

 

Quarantined virtual spaces fit nicely into the sandbox metaphor, but actually implementing them is impossible without trained help. Whether you’re looking for enhanced security protocols or increased efficiency with your hardware resources, our virtualization services can help. Call us at 1-866-BIT-WISE or shoot us an email at sales@eitnetworks.net.

Share this
20 Feb

Understanding Cyber-Security

As technology consultants, we’re stuck between a rock and a hard place. We want to provide our clients with enterprise-level IT, but that requires that we specialize in overwhelmingly intricate technology. Explaining even the most foundational aspects of our cyber-security would most likely put you to sleep before convincing you of our expertise. But if you really want to know, here are a few summaries of how we focus on proactive strategies rather than reactive ones.

 

Understand the threats you’re facing

 

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

 

Reevaluate what it is you’re protecting

 

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

 

Create a baseline of protection

 

By reviewing current trends in the cyber-security field, alongside an audit of your current technology framework, you can begin to get a clearer picture of how you want to prioritize your preventative measure versus your reactive measures.

Before you can start improving your cyber-security approach, you need to know where the baseline is. Create a handful of real-life scenarios and simulate them on your network. Network penetration testing from trustworthy IT professionals will help pinpoint strengths and weaknesses in your current framework.

 

Finalize a plan

 

All these pieces will complete the puzzle of what your new strategies need to be. With an experienced technology consultant onboard for the entire process, you can easily parse the results of your simulation into a multi-pronged approach to becoming more proactive:

Security awareness seminars that coach everyone — from receptionists to CEOs — about password management and mobile device usage.
“Front-line” defenses like intrusion prevention systems and hardware firewalls that scrutinize everything trying to sneak its way in through the front door or your network.
Routine checkups for software updates, licenses, and patches to minimize the chance of leaving a backdoor to your network open.
Web-filtering services that blacklist dangerous and inappropriate sites for anyone on your network.
Antivirus software that specializes in the threats most common to your industry.

 

As soon as you focus on preventing downtime events instead of reacting to them, your technology will begin to increase your productivity and efficiency to levels you’ve never dreamed of. Start enhancing your cyber-security. Give us a call at 1-866-BIT-WISE or email us at sales@eitnetworks.net.

Share this
07 Nov

Download iOS 10.1 ASAP

If you want to make sure that your iPhone reliably works the way it should and that all the information in it is secure, you should always pay special attention to updates as soon as they become available. Although you may be hesitant to immediately download the latest iOS 10.1 update, you should get to know more about why you should download this update right away.

 

The latest update for iPhone and iOS users, referred to as the iOS 10.1 update, was launched on October 24, 2016. Its primary purpose is to address a serious security issue with the previous version of iOS. This security vulnerability should be of major concern to any iOS or iPhone user.

 

The security vulnerability addressed by the iOS 10.1 update was originally discovered by Tencent’s Keen Lab, specifically by a researcher named Marco Grassi. This vulnerability left a hole in the iOS programming that would allow a hacker or attacker to seize control of the phone, changing the code and performing commands after the iOS user opens a JPEG file (image file) that has been “maliciously crafted.”

 

Essentially, what this boils down to is that without the iOS 10.1 update, a corrupted image file could allow another person to control your device (iPad or iPhone). Even without downloading the file, this security hole could be taken advantage of by a hacker. If this is not enough reason to download the iOS 10.1 update, it also addresses other security issues and concerns that involve specific apps, the ability to see login password lengths through workaround hacks, and the like. Because of these specific issues and more, the iOS 10.1 update is a must-have for users of iPhones or iPads.

 

If keeping your phone and personal information secure are two of your biggest concerns, the iOS 10.1 update is a no-brainer. The sooner you update your device, the sooner you can feel safer using your iOS devices.

 

Installing security updates may be inconvenient, but they’re a necessity. If you need help managing software updates and keeping your business safe, contact us today at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
23 Sep

Cybersecurity Terms YOU Should Know

Everyone, from doctors to lawyers, needs to continue learning to stay ahead of the times. Business owners might have it worst of all, oftentimes needing to stay on top of several industries to keep their company running. Keep reading for a refresher on all the latest trends and buzzwords used in the cybersecurity sector.

 

Malware

 

For a long time, the phrase ‘computer virus’ was misappropriated as a term to define every type of attack that intended to harm or hurt your computers and networks. A virus is actually a specific type of attack or malware. Whereas a virus is designed to replicate itself, any software created for the purpose of destroying or unfairly accessing networks and data should be referred to as a type of malware.

 

Ransomware

 

Don’t let all the other words ending in ‘ware’ confuse you; they are all just subcategories of malware. Currently, one of the most popular of these is ‘ransomware,’ which encrypts valuable data until a ransom is paid for its return.

 

Intrusion Protection System

 

There are several ways to safeguard your network from malware, but intrusion protection systems (IPSs) are quickly becoming one of the non-negotiables. IPSs sit inside of your company’s firewall and look for suspicious and malicious activity that can be halted before it can deploy an exploit or take advantage of a known vulnerability.

 

Social Engineering

 

Not all types of malware rely solely on fancy computer programming. While the exact statistics are quite difficult to pin down, experts agree that the majority of attacks require some form of what is called ‘social engineering’ to be successful. Social engineering is the act of tricking people, rather than computers, into revealing sensitive or guarded information. Complicated software is totally unnecessary if you can just convince potential victims that you’re a security professional who needs their password to secure their account.

 

Phishing

 

Despite often relying on face-to-face interactions, social engineering does occasionally employ more technical methods. Phishing is the act of creating an application or website that impersonates a trustworthy, and often well-known, business in an attempt to elicit confidential information. Just because you received an email that says it’s from the IRS doesn’t mean it should be taken at face value — always verify the source of any service requesting your sensitive data.

 

Antivirus

 

Antivirus software is often misunderstood as a way to comprehensively secure your computers and workstations. These applications are just one piece of the cybersecurity puzzle and can only scan the drives on which they are installed for signs of well known malware variants.

 

Zero-day attacks

 

Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to amend the gap in security. However, if cyber attackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.

 

Patch

 

When software developers discover a security vulnerability in their programming, they usually release a small file to update and ‘patch’ this gap. Patches are essential to keeping your network secure from the vultures lurking on the internet. By checking for and installing patches as often as possible, you keep your software protected from the latest advances in malware.

 

Redundant data

 

When anti-virus software, patches, and intrusion detection fail to keep your information secure, there’s only one thing that will: quarantined off-site storage. Duplicating your data offline and storing it somewhere other than your business’s office ensures that if there is a malware infection, you’re equipped with backups.

 

We aren’t just creating a glossary of cyber security terms; every day, we’re writing a new chapter to the history of this ever-evolving industry. And no matter what you might think, we are available to impart that knowledge on anyone who comes knocking. Get in touch with us today and find out for yourself. Call 1-866-BIT-WISE or email sales@eitnetworks.net.

Share this
09 Sep

Fantom: A New Security Threat

The heart of a lady is not easily won; a man can’t rely on his looks or wallet to make a girl fall head over heels. He must charm his way into her heart. Let’s say that a computer user is the woman, and that ransomware, the man, is the dreamboat that has worked his way through all the woman’s defenses. How? He looked the part. This is how ransomware weasels its way into IT — because it doesn’t seem to pose a threat. Beware of Fantom, the most recently detected ransomware that is a master at deception.

 

AVG security researcher Jakub Kroustek recently spotted Fantom coded atop an EDA2, a ransomware-building kit that was open-sourced but eventually taken down. EDA2 contained certain flaws that allowed researchers to obtain decryption keys from its C&C server, yet these flaws have since disappeared, indicating that Fantom coders might have found and fixed them before anyone else had a chance to.

 

Very little is known as to how Fantom is distributed. As for the method of deployment, cybercriminals plant the file onto the target’s computer via spam email or exploit kits. Fantom-infected files are named criticalupdate01.exe; they utilize a “Windows Security Update” to prompt targets into running the file.

 

After activation, the ransomware starts by locking the user’s screen while displaying fake Windows Update graphics, complete with a fully-functioning percentage-based loading timer that mirrors the original Windows Update screen. However, beneath this pleasant facade, Fantom is encrypting your files right before your eyes. Luckily, the temporary lock screen is removable before it reaches 100% — simply press CTRL+F4. Unfortunately, the encryption process remains intact.

 

The MalwareHunterTeam states, “The ransomware uses classic ransomware encryption by locking files using an AES-128 key and then encrypting this key with a dual RSA key, with the private key stored on the crook’s server, and a public key left on the user’s PC.”

 

In order to retrieve the private key to unlock your files, you must contact the perpetrators by email. The email address is listed in the ransom note that appears after the process of encryption is complete. Fantom displays ransom notes in the form of HTML and TXT files, while changing the user’s desktop with a custom screenshot that lists the contact details. Lastly, after completing all its operations, Fantom cleans after itself by running two batch scripts wiping all the installation files clean.

 

Ransomware isn’t new, but the ways that cybercriminals utilize them are. Who would’ve thought that the ever so familiar Windows Update window has fallen prey to malicious intent? Pretend that you’re the Little Red Riding Hood and that the wolf is the ransomware that cybercriminals have disguised as your grandmother. They no longer wait to trap you, instead, they wait for you to walk straight into one instead.

 

The issue of ransomware is as extensive as it is meticulous. If you have any questions about Fantom or would like to request more information, feel free to get in touch with us! Give us a call or send us an email. Reach us at 1-866-BIT-WISE or sales@eitnetworks.net.

Share this
14 Jun

Ransomware Adopting Self-Replication

Although some may have hoped that the threat of ransomware was on the decline, the reality is that it’s quite the opposite. Until now, attacks seemed to be targeted directly at its victims, but Microsoft warns that may no longer be true. With their discovery of self-propagating ransomware it’s vital to fully understand the possible risk of infection.

 

Ransomware, the malware that locks up infected systems and demands payment to return access to users, has been steadily increasing its infection rate over the course of this year. Enigma Software reported that, “After staying steady for the last six months of 2015, ransomware detection has begun to climb; February saw a 19 percent increase over January, while March had almost a 10 percent increase over February. Then, in April, infections more than doubled.”

 

And as if that wasn’t frightening enough, Microsoft announced last week that a recently detected ransomware software was found copying itself onto USB and network drives. The ransomware, titled ZCryptor, disguises itself as either an Adobe Flash installer or a Microsoft Office file to trick users into opening it.

 

Once opened, it displays a prompt that says “There is no disk in the drive. Please insert a disk into drive D:”. If you see this after opening a suspicious file, it is most likely ZCryptor trying to distract you while it works in the background to add a registry key that buries itself deep in your system and begins to encrypt your files.

 

Although previous ransomware iterations like Alpha Ransomware had the ability to find and encrypt files on shared network drives, security experts believe this is the first time a ransomware variant has included self-replication via removable drives into its framework.

 

When it was first detected in May, Microsoft found ZCryptor singling out 88 different file types for encryption. However, later on a security expert analyzed the ransomware and found 121 targeted file types — inferring that creators of the malware were continuing to develop its source code.

 

It’s commonplace for ransomware to demand payment to be made in Bitcoins as they’re an almost totally untraceable online currency. ZCryptor is no different, demanding 1.2 Bitcoins (500 USD) unless payment is more than four days after infection — then it increases to five Bitcoins (2,700 USD).

 

Compared to other more complex security threats, ransomware is still relatively easy to avoid. Always verify the source of email attachments and website downloads before opening files, disable macros in Microsoft Office programs, maintain regular backups and update your security software.

 

Still concerned about security at your SMB? It doesn’t have to be as difficult and draining as you may think. Contact us today for advice on keeping your network protected around the clock. Reach us at 1-866-BIT-WISE or sales@eitnetworks.net

Share this
11 Mar

How to Securely Transition to Office 365

It’s easy to see why Office 365 is an attractive solution for small and medium-sized businesses already familiar with the Office interface. More and more companies are making the move to the cloud, but many have yet to complete their transition and still rely at least in part on on-site SharePoint systems. When you’re ready to migrate, the move from SharePoint to Office 365 presents numerous security challenges to prepare for – not least because breaches are far more likely to be caused by localized issues than insufficient protection on Microsoft’s part. Here’s what you need to do to ensure you’ve got security covered when you make the leap to migrating from SharePoint to Office 365.

 

Identify your company’s sensitive data…

 

It’s so easy to create sites within SharePoint that businesses often have far more than they realize, covering just about every aspect of their operations. And it’s natural, of course, for at least some of the files housed within those sites to contain sensitive commercial or personal data. The key is ensuring that sensitive information is adequately identified and protected. Do this by conducting a security audit before you undertake your migration.

Your audit should identify the types of data stored in the various parts of your SharePoint network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.

 

…and then restrict access to it

 

Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns; it’s far better to operate on a need-to-know basis, with a reasonable level of flexibility.

Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. When you make the switch to Office 365, you’ll find that it allows you to conveniently set these different levels of permissions, including for external partners with whom you collaborate.

 

Trust nobody and suspect everybody

 

We say that lightheartedly, of course – it would be counterproductive to become so security-paranoid as to suspect everyone is attempting foul play with your company’s data. Nonetheless, it’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who might be assumed to have master access to every element of your network infrastructure.

A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. Overcoming the danger of an all-too-powerful administrator admittedly becomes easier if you have more than one on staff, but even in smaller businesses you can mediate some of the risk by regularly checking on your administrator’s usage and ensuring that their top-level system permissions remain justifiable.

 

Use machine learning to foresee security breaches

 

Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can pull reports that allow you to analyze these. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to the proverbial needle and haystack. That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.

Thankfully, it’s possible to leverage the developing power of machine learning to identify potential breaches before they happen – without the need to wade through unmanageable swathes of perfectly normal data. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught out by hackers, by identifying system login attempts from locations that are out of the ordinary; you should bolster this protection by religiously removing inactive accounts and those of departing employees.

 

By covering these essential security considerations when it comes to your migration, you’ll be one step closer to ensuring you strike the right balance between the powerful collaborative features of Office 365 and the robust safeguards your business’s integrity demands. To find out more about how we can help your Office 365 migration run smoothly, or what other business benefits you can derive from cloud-powered technologies, just give us a call at 1-866-BIT-WISE or email sales@eitnetworks.net.

Share this

© 2016 EIT Networks, LLC. All rights reserved.