Security Newsletter

Security Newsletter

As the sun stays out later and the snow melts away, people are breaking out of hibernation. We no longer act as shut-ins on the weekends, hiding from the blistering cold of winter. Instead, we celebrate by shutting down the laptops and TVs, and going outside! Since everyone can’t stay away from being connected and sharing their “Rosé all day” social media posts and pictures with friends at a BBQ, we take our phones with us; after all, they’re called mobile phones! The convenience of mobile phones is great, but, just like computers, they can be extremely dangerous to the integrity of your data. If you’re out of the house and you urgently need to connect to the internet (and maybe you’re running out of your monthly data), you are more likely to connect to a suspicious Wi-Fi network. Phones are still essentially computers, which means that they are also vulnerable to things such as network spoofing, spyware, and phishing. Fun fact: today’s smartphones have more computing power than the computers NASA used to send Neil Armstrong to the moon. Crazy!

Here are some tips to protect your mobile data:

  1. Encrypt your data.

Luckily, iPhones have encryption built into the operating system (OS) if the user takes advantage of the password feature (which we highly recommend). Other mobile devices have built-in encryption methods that are commonly demonstrated via YouTube videos1 if the user struggles to take advantage of the feature.

  1. UPDATE, UPDATE, UPDATE!

A lot of people don’t even know their smartphones can update. Apple’s updates are usually very upfront about update notifications, with a prompt asking you to update several times a day until you complete it. Other companies are a little more relaxed, which is not ideal for security. Look up the current software version for your mobile device and make sure your phone has that version to remain secure.

  1. Do not jail break, or download “sketchy” apps.

Would you download apps from a website that you have never heard of on your computer at work? We would hope not. So, would you do this on your personal, mobile computer, AKA your smartphone? We hope you wouldn’t. Think twice and do research before downloading applications to prevent downloading malicious software.

 

By: Matthew McCaffrey

1 BeeBom. “How to Secure Your Android Device.” https://youtu.be/QxEpued61OI

Security Newsletter

As the year moves on, cybercrime continues to grow as predicted. Last month, CNN reported that United States authorities revealed 36 cyber criminals who were responsible for more than $530 million dollars in cyber-related crimes cumulatively.1 Even though action is taken to deter this, the industry is projected to reach $2 trillion by 2019, according to Forbes.2 Not only is cybercrime demanding more dollars, cryptocurrency is continuing to grow as well.

Though the value of cryptocurrency has decreased in recent weeks, the potential for another upward burst in value is still looming. With that in mind, there has been a steady increase in the demand for cybercrime as a service. “Things like malware-as-a-service, ransomware-as-a-service, distributed denial of service-as-a-service and phishing-as-a-service are becoming commonplace items that can be purchased or rented online. Technology that steals passwords is just a couple of clicks away for a wannabe hacker. Not only are they available, they’re updated regularly and supported. There’s an entire ecosystem built around these products, much as you’d see around conventional software that you’d run on your laptop.” 3

As cybercrime-as-a-service is beginning to gain more traction, we notice that they are targeting small to mid-size business. The biggest reason for this is the inability to pay for proper cyber protection due to budget restrictions. Cybercriminals are aware of this and are always attempting to find innovative ways to obtain information. Therefore, having weak protective measures makes these businesses more vulnerable. If they can’t afford the protection, they are encouraged to find other ways to protect themselves to prevent an attack from cybercriminals. ITWeb provides some cost-effective suggestions to achieve this:

  1. Continually apply patches and security updates to software.
  2. Implement policies around passwords – Allow only strong passwords and change them regularly.
  3. Always be testing your security – Penetration testing your environment is a must.
  4. Educate and train employees around cyber security.

 

By: Matthew McCaffrey

1 https://www.cnn.com/2018/02/08/world/us-cyber-crime-ring-arrests-intl/index.html
2 https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#564793f53a91
3 https://www.itweb.co.za/content/mYZRX79JLBrMOgA8

Security Newsletter

An increased amount of research is being done on Artificial Intelligence (AI) algorithms, which are growing the rate of machine learning faster than ever before. With AI becoming more popular, it is possible that it might be able to give IT professionals the help it needs to compensate for understaffing. We can also hope that it can help with the rapid influx of cybercrime. Compared to other types of crime, cybercrime has changed and grown significantly over time, especially considering it’s relatively new. So can AI help?

Infosecurity Magazine references Simon Crosby, Co-founder and CTO at Bromium, who says that “ML [Machine Learning] makes it easier to respond to cybersecurity risks. New generations of malware and cyber-attacks can be difficult to detect with conventional cybersecurity protocols.”1

These machines will be able to use data from previous attacks to respond to newer and similar risks. This use of AI will decrease the need of cybersecurity professionals on staff, but it will not decrease the need for cybersecurity.

Joerg Sieber, Director of Product Marketing Performance at Palo Alto Networks, says in BizTech, “Staff members may also have an inherent ‘distrust in technology.’… The feeling that automated technology will overlook threats or overblock the employees in our organizations is another very powerful, yet emotional argument against automation.”2

So while there is still going to be skepticism surrounding AI, “automation can cut duplicative processes, bring cohesiveness and consistency to cybersecurity responses, compensate for fatigue among IT security staff members and harmonize cybersecurity data.”2 Our hope is that AI and human cooperation may finally be able to team up and find a way to slow down the $445 billion cybercrime industry.

 

By: Matthew McCaffrey

1https://www.infosecurity-magazine.com/next-gen-infosec/ai-future-cybersecurity/
2https://biztechmagazine.com/article/2017/07/pros-and-cons-automated-cybersecurity

Security Newsletter

It’s a new year and time for new resolutions! Whether you have a cliché, traditional resolution like deciding to cut out caffeine or something totally original like trying a new food each month, think of one that can not only improve your own life, but also the lives of everyone around you. We encourage you to come up with a work resolution in addition to your personal one!

One suggestion we have is to become informed and proactive about preventing ransomware attacks. Imagine this: You are working for what feels like months on a project. You are almost 90% done when you try to log on to your computer and you see a ransomware message. It’s one that commands you to pay $10,000 to get back onto your computer. Uh-oh! You did not back up your project! Now you are stuck, without all your hard work, and the deadline is approaching. Unfortunately, the situation occurred because one of your co-workers opened a malicious email. This is called “phishing” and it happens every day to people all over the world. This year, try to make your work-related resolution to get informed and help prevent your companies from being impacted by these types of attacks.

These three steps are common ways to prevent a ransomware attack, even if you don’t have much technical knowledge:
  1. Back up. In a perfect world, employees would back up their data once a day, but since this is not feasible in a lot of workspaces, try to back up your data once a week, or even once a month. Any backups are better than no backups.
  2. Avoid clicking on suspicious emails and links. Phishing attacks are one of the most common because it is easy to do, and they prey on the unaware user.
  3. Infected with malware already? Disconnect. This will prevent the malware from spreading. Also disconnect the WiFi and Bluetooth, as these can also spread malware.

 

By Matthew McCaffrey

Security Newsletter

The holiday season is packed with wonderful activities: Ice skating, snowboarding, gift shopping (although not always wonderful), and spending time with family and friends; just to name a few. And as the good times advance, so does technology, and using it to perform these activities has become more and more common. (Think buying your lift tickets online ahead of time and taking selfies as you traverse the mountain.)

One of the more common gift selections during the holiday season is electronics. Electronics are fantastic at making every day tasks much more efficient and make life easier. Roomba vacuums are a prime example of this. Who wouldn’t want to come home to a clean floor after being away for a weekend without lifting a finger?

However, technology has its down sides, too. The issue with security this holiday season may not be the user like it has been in years past. An issue may be the developer’s fault. Companies sometimes discover security flaws after they release their product and the buyer is unaware. Also, if a product is on the shelf in a warehouse for a few months before being purchased, it may have missed a critical update!

Companies will often release product updates in order to increase security. Have you ever gotten an update request on your computer, or your phone asked you to upgrade (but you click “Remind Me Later” because you just don’t got time for that!)? More times than not, security upgrades are embedded within these updates. Apple is a company that is rather famous for doing this after releases. So, to protect your information this holiday season: Update! Update! Update! If you get a gift that suggests you update the software, you should do it. The more you update, the more likely you are to be secure and to enjoy your experience with your new device!

 

By: Matthew McCaffrey

Security Newsletter

November is when many Americans are excited about an extra hour of sleep due to daylight savings, and look forward to the holidays and all the shopping! We have Black Friday and Cyber Monday, which from a shopping standpoint is great, but we need to be cautious from a cybersecurity standpoint. Many shoppers don’t realize how dangerous these holidays can be. They draw the attention of cyber criminals, so if you plan to partake in today’s Cyber Monday shopping, please be aware of your cybersecurity as you shop on your computer and on your phone.

You think, “What could spoil your Thanksgiving vacation?” Hackers. Cyber criminals are licking their lips at breaching companies during this ravenous shopping spree and are excited to see what they can gain from users. The user is always the weakest link in the world of cybersecurity.

In addition to shoppers, employers can also be effected. The Thanksgiving break is a time for employees to get out of the office and enjoy family, food, and football. They also often neglect their emails. But the employees who are checking their email and other business-related tasks can be hurting their employer if they’re not careful.

So, what are some ways to keep you and your company safe while shopping and checking emails?

The first way is to make sure all your devices have passcodes. If you are walking around without a passcode on an iPhoneX in 2017, you may be in for a rude awakening. You could forget your phone on a table at a coffee shop, and by the time you come back your phone is swiped and wiped, or even worse, confidential documents in your shared drive are now available to whoever was bold enough to take your phone.

The second way is to be aware of “shoulder surfing.” Have you ever taken a peak at a stranger’s phone while sitting on the subway or waiting in line for coffee and saw something you probably shouldn’t have? If so, then you are a Social Engineer. This is the easiest and most effective method cyber criminals use to obtain confidential data. Be aware of what you are using your phone for, as well as who you are around while entering your passcodes and credit card information.

The final security awareness tip is to steer clear of “Free WiFi,” especially with a device that holds your company’s information. “Free WiFi” is like seeing “Free Candy.” Is a free candy bar great? Sure, but is it safe? That should be a question that is asked in cyber space, too. Though free WiFi sounds great, is it worth a potential breach? Put the device down until you get home, and enjoy some face time with friends and family instead!

 

By Matthew McCaffrey