How I Prepare for the Security Threats of Tomorrow

by Leave a Comment

There is little doubt that cybercrime is becoming more complex, and ransomware and data breach events are becoming more frequent. As a result, many small business owners have become concerned that they will soon be victims. Some have looked to IT solutions providers, like Heliotropic Systems, to help deal with these evolving threats. That is why it is vital for me to understand the current state and emerging trends of that threat landscape and what tools I can use to combat them.

Let’s look at the cybersecurity landscape and analyze the threats, trends, and opportunities.

Protecting Small Businesses from Ransomware Attacks

Cybercriminals are increasingly targeting small- to medium-sized businesses (SMBs). In 2021, more than 40% of all cyberattacks were against small businesses. Digging deeper into that statistic, researchers have found that of those attacked, approximately 60% will go out of business six months following an attack. The primary reason is that so many SMBs don’t have the resources to support an internal IT and data security operation.

In almost all of my security vendor recent annual reports, the most common threat was ransomware. The second tier threat was data breach. To combat these insidious hazards, I must be proficient in three areas.

Prevention

The primary goal is to eliminate the threat of an attack in the first place. While I fully acknowledge there is no “right” way to do this, there are measures I take to help keep my clients from becoming ransomware victims. I recently added Huntress (a threat detection tool) to my portfolio. You subscribe to SPF+ (for consumers) and SHADE (for small businesses), which enables automated patch management to fix potential vulnerabilities as soon as they are discovered.

Another significant measure is to constantly remind clients that rather than click on a link or respond to a suspicious email, you should call me for confirmation. The other day, someone said they received an invoice for three years of Norton Lifelock. No, they didn’t — they received a scam email. It was de-
signed to obtain sufficient information to make fraudulent charges on their credit card.

Detection

I’d be remiss if I didn’t acknowledge that ransomware can still get through the protection layer despite my best efforts. That’s why I have measures in place to identify when ransomware is present, rather than assuming an attack will never be successful. The earlier I can detect it, the sooner I can take action to eliminate it.

Response

When ransomware is detected, responding to the attack, and eliminating it must be done with the utmost efficiency. Some of the steps I must take include:

  • Scan the network for confirmation of an attack unfolding.
  • Identify the infected computers and isolate them from the rest of the network.
  • Secure all backup data or backup systems immediately.

I feel good knowing I have a significantly positive affect on my clients’ businesses by optimizing ransomware prevention and detecting and quickly responding to attacks. Ransomware attacks were estimated to cost roughly $20 billion in 2021. My aim is to save my clients from suffering any financial damages that would hurt their business.

Finding the Right Tools to Combat Ransomware

All my small business clients trust me with access to critical systems and data. They feel protected because they know I will act swiftly and effectively when a threat arises. To accomplish this, I have – over the years – sought to obtain the necessary tools that will facilitate quick and decisive action.

For example, remote monitoring and management (RMM) provides me with access to your computers so I can keep them secure, patched, and operational. I can proactively fix any vulnerabilities before you are attacked with automated patching, whether it is from Microsoft or third-party vendors, which helps optimize ransomware prevention efforts.

But, again, the idea is always to be prepared if ransomware attacks are successful. SentinelOne takes the next step of ransomware defense by including native ransomware detection. It constantly monitors for crypto-ransomware and attempts to kill the malicious software, thus reducing the impact of an attack. You (and I) get alerts at the first detection of crypto-ransomware, and I can automatically isolate any infected computer.

The ability to detect ransomware immediately enables me to execute an action plan sooner rather than later. And I know ransomware infections can cause extensive damage, which may prove too costly for many small businesses to overcome.

Of course, no ransomware response plan is complete without a system to protect the most vital company resource – its data. Regularly backing up data can reduce the risk of downtime when a ransomware attack is successful, but the backup system must be secure and reliable. The Datto Vaults I deploy at client sites are designed to protect physical, virtual, and cloud infrastructures and data. The data is well protected and easily accessible, so I can recover it rapidly when needed. The Vaults also have software that detects ransomware within backups, saving me (and my clients) time locating the last clean system restore point.

Leveraging Security Services to Help You Grow Your Business

Most of my colleagues will tell you that they are all focused on security on many levels, whether securing computers and networks, protecting data, or understanding how to be better against the threat of ransomware. Security threats will never go away – we can only keep them at bay. I believe I can effectively protect my clients and ensure their businesses thrive with the multi-layered security tools I have deployed.

Thanks, and safe computing!

Tell Me What I Need to Know, Not What You Want to Say

by Leave a Comment

So, if you are going to make a presentation about cybersecurity to a group of small business owners, what are some things you would do to prepare for the event? That question came to mind when I attended a webinar co-sponsored by the Chambers of Commerce of Fort Lee and Hackensack earlier in May.

A local IT company offered to have a speaker come in and talk about cybersecurity, but I do not know what kind of homework this speaker did before that session. The answer seemed “minimal” because when the speaker began, he spoke in a language I understand, but not one these attendees would know or use. He was talking about endpoints, EDR, SOC, and SIEM. In English, that means computers, Endpoint Detection and Response, Security Operations Center, and Security Information and Event Management. Those acronyms didn’t help because he had to stop and explain everything. He might have considered preparing a glossary to distribute before the presentation — that would have been helpful.

What else might he have done? As part of the preparation, he might have obtained the list of attendees. He might have looked up their businesses on the internet to focus on topics that may have been pertinent. If there was sufficient time, he might have even called the Chamber’s directors and asked to speak to some of those business owners to get a feel for what they were interested in understanding.

After a 45-minute talk, it was clear that this speaker’s presentation was geared toward much larger organizations than those he was addressing. And he was going to say what he came to say.

I don’t mean for this to become a rant, but it seems that by not preparing, he did a disservice to his audience and the topic of cybersecurity. His intent was to educate so that he could potentially sell his company’s services. But he couldn’t make it clear to the attendees the problems they potentially face.

One person asked: Why would anyone want to ransom my computer? He went off on a long discussion that never really answered the question. Instead, he should have asked probing questions of the person who asked it: What information in your computer is valuable? Do you have a list of all the Hackensack Chamber members? If so, is there contact info on that list? And does it have any other information that someone could use to find detailed data with additional searching and cross-referencing? The attendee would have learned more from those questions — and thinking about her responses — than the answer she got.

There might not be any need to put ransomware software on a computer if it was possible to copy the entire list and leave no trace of the intrusion behind. The data itself is valuable when correlated with other information. Now, if you were the bad actor, you could find some of the larger companies on the list, see if they bank at some of the Chamber’s member banks, and pretend that you’re an employee of one company and send an email like this:

BEC Example

This type of email is called BEC (business email compromise) and is extremely common. Sure, says Joe, and takes a copy of the invoice attached to Taylor’s email, contacts the appropriate individual, and sends the money. It takes training (or perhaps a keen eye) to realize the attachment is a fake invoice, this is a fake email account, and a fake Taylor. Usually there is no recourse to get the funds back.

That’s because it is relatively simple to spoof (pretend) the email address so it appears as if it is legitimately from within a company. Social engineering skills make it easy to convince one person in an organization to go out of their way to help out a co-worker or boss. However, it is only with proper training about the likelihood of this scam that bad actors can be shut down with a quick delete of the fake email.

What about the question one participant asked: What should I do if I see a ransom notice on my computer? The answer they received was not altogether too helpful: Call the police.

My response is: Call your IT support company and find out exactly what to do (at the very least disconnect the computer from the internet). The police department should not be your “go to” strategy when it comes to ransomware attacks. Yes, you’ll need to contact them eventually to file an insurance claim — if that is even possible under the circumstances — but it isn’t the first thing you should do. But what if you don’t have an IT support company? The presenter should have shared the web address or the name of an organization that has a list of steps for small business owners and their staff to take.

It doesn’t take much to cover the three or four critical aspects of cybersecurity for small business owners. It would be best to understand your audience, tailor your presentation by asking about their concerns, and then provide relatable and understandable answers. That approach doesn’t take a lot of effort, but it does give attendees much more information.

Thanks, and safe computing!

Lenovo Supply Chain Woes Continue

by Leave a Comment

By mid-February 2022, the line of container ships waiting to dock at the ports of Los Angeles and Long Beach was down to 78 vessels from a high of more than 110 at the start of the year. I’m writing this in late March, and the number has remained steady.

I was fortunate to obtain Lenovo monitors for a handful of clients a few weeks ago, but that was an exception. When I saw 140 monitors available in a Texas distribution center, I called my distributor and asked to have them shipped from there, rather than Pennsylvania. By the end of that 30-minute call, the number was down to 39.

I had hoped that by now things would improve, and computers and monitors would become more readily available. Then reality shifted. The Omicron wave that we experienced during the winter is now hitting China. Their approach to dealing with Covid-19 is to lock down entire cities. Many of those are industrial centers, which means factories are closing and manufacturing is stopping. So, even if there were slots available in the ports to handle cargo ships, there won’t be many ships to fill for a few more months.

As many of you know, I prefer that my clients have fully-warrantied computers because it is an insurance policy against something going wrong. Lenovo’s technicians will be there within a day or two with a replacement part. However, because of the scarcity of monitors, I will loosen my rules and allow everyone one extra year before I consider replacement. The caveat being, if something goes wrong off-warranty, a full replacement is required.

The primary advantage I now see in Lenovo’s Tiny-in-One approach to computing is that monitors usually will last twice as long as computers. This means I can slip a new computer into the cubbyhole at the back of the monitor, and you can avoid an added expense.

But it sure would be nice to have monitors available for home users and businesses who need them. I’m going to revise my estimate for availability to late summer. Another factor to consider is that Lenovo announced a slew of new products, which are supposed to become available starting in April. Well, we’ll see about that.

Thanks, and safe computing!

Stop Phishing Attacks from Giving You Agita

by Leave a Comment

If you look at the number of security alerts sent to my Inbox, cybercrime seems to always be on the rise. I certainly know it is here to stay, and near the top of the list of malicious activities are phishing scams. Most believe that only dumb people fall victim to these types of attacks. That is not true. Anyone can fall victim to a phishing scam, making it more critical than ever for me to protect you.

According to the Federal Bureau of Investigation’s (FBI) 2020 Internet Crime Report, phishing was among the top three cybercrimes reported in 2020. Phishing incidents more than doubled between 2019 and 2020. More frightening than that is 90% of incidents that end with a data breach started with a phishing attempt. That FBI report shows US businesses lost more than $1.8 billion last year because of business email compromise (BEC) or spear phishing.

Email is one of the primary vectors by which cyber criminals distribute ransomware. And they often depend on phishing and social engineering to infiltrate an unsuspecting company. Traditional anti-virus software products cannot protect you from these cyber-attacks. Too often, small business owners fail to properly secure their environments because they don’t know any better or because they don’t want to spend money on something they can’t “see.”

One way to mitigate this problem is to increase security awareness. Simply training staff to be alert to what constitutes phishing emails can reduce a business’ chances of having a cybersecurity incident by up to 70%.

Let me give you a theoretical example. Assume there is a dental practice with 15 employees. How many dental practices are willing to pay every three months to certify every employee on security awareness training (which they view as “don’t click on links”)? In real life, the most common response I hear is, “Ah, it’s a pain. I don’t want to do it. No one’s going to come after us. We’re a dental practice.” Well, again, that is not true.

The bad guys know the dental practice is the one that’s probably going to react if threatened, so they’ll ransom them for $10,000 or $20,000. And what makes it hard for someone like me to get that message through to this dentist? I mean, they are probably a wonderful dentist. They’re great at fixing teeth. But they’re like, “Why would these Russians, or these North Koreans, or these people in Silicon Valley who are bad – why would they want to get me?”

The reality is the bad actors are brilliant and relentless. They know if they ransom, or if they attack, a dentist in Fort Lee, New Jersey, for $10,000 or $20,000, no one – other than the local police – is going to investigate. So now, small businesses are being targeted at a much faster rate than large companies. If the bad guys try to ransom ExxonMobil, Walmart, or some other large company, the FBI and Homeland Security will get called in. And they have serious capabilities, and they’re going to get the bad guys. But there are not enough resources to protect small companies down the road who get hit. What I am finding is more small business owners are starting to say, “Oh, maybe I should listen to my IT guy because they’re on to something.” And that thinking helps safeguard their business.

Small business owners must be cautious because cybercriminals constantly adapt their techniques to find a way in. It is an unfortunate way of life in 2022, but maintaining a heightened level of security awareness while reading each email is a requirement of using email to communicate with staff and clients. There is no escaping the threats, so you must remain vigilant and stay alert. Security awareness training can go a long way to ensure your safety.

Thanks, and safe computing!

Internet Explorer 11 and the June 15, 2022 Deadline

by Leave a Comment

Microsoft will end support for Internet Explorer 11 (IE) on June 15, 2022, as announced in May 2021.

Starting with Windows 10 version 20H2, which Microsoft released in October 2020, if you attempt to use IE, Windows will prompt you to use the Microsoft Edge browser.  You must make an explicit choice to deny that to continue to use the Internet Explorer browser.

Note: If you want to know what version of Windows you have, type the word winver in the Windows Search box (next to the Start button in the lower left-hand corner). The resulting “About Windows” window contains the version and build information.

The critical point to all of this is that Microsoft will jettison some outdated, still risk-prone software in favor of its new Edge browser, built on the same base as Google’s Chrome.

What does that mean for you? If you have an Internet Explorer icon on your desktop, it is time to delete it. Similarly, if you use IE to browse the web, you should transfer your Favorites (bookmarked websites) and your saved user IDs and passwords over to Edge or Chrome.

While Microsoft will provide a hybrid form of IE under Edge’s covers, the rest of the world has moved on. According to W3Schools, the internet’s most extensive tutor of web-based material, Chrome held the lead in usage with a commanding 81% of the market. Edge came in second with 6.6%, and Firefox held on with 5.5%. I am, and probably always will be, a stalwart fan of Firefox (at least until Mozilla stops supporting it).

In the upcoming months, I am hopeful that companies whose websites contain code explicitly built for Internet Explorer will remove that code to strengthen the security of their website. However, if they don’t, your browser should automatically switch to IE mode in Edge. But I won’t be surprised if bad actors make multiple attempts to figure out how to take over those websites to try to introduce malware to the unsuspecting.

Thanks, and safe computing!

Windows 11 Is Here! A Preliminary Overview

by Leave a Comment

Redmond, Washington-based Microsoft officially released Windows 11 on October 5, 2021. In a blog post, the lead project manager expects the operating system successor to nearly seven-year-old Windows 10 to be widely available by the middle of 2022. I’ll admit, the “geek” in me couldn’t resist the siren call of a shiny new object. So, I spent less than half an hour downloading the 5.1 gigabyte file and an equivalent amount of time creating a virtual machine environment (running under Hyper-V) on a test Windows Server.

The installation was speedy compared to previous versions of Windows, even though the source file was on a USB drive. The initial phase after installation, commonly referred to as the “out-of-box experience” (OOBE, pronounced “oo-bee”), was pleasant and easy. No muss and no fuss getting to the initial Windows 11 desktop.

Here is a brief overview of some of the new features in the latest iteration of the Windows operating system.

First and foremost is that the Windows Taskbar is now in the center of the screen. I’ll call this blatant effect mimicry (or stealing) of Apple’s Dock, found in all Mac devices since 2001. This change may not be creative, but it is certainly different. This is especially apparent when for more than two dozen years, ever since Windows 95, Windows users have been accustomed to moving their cursor to the lower, left-hand corner to access the Start menu. Now it is in the “home” position – meaning the left-most spot – on the Taskbar. Now when you click it, the Start menu opens in an entire window in the center of your screen instead of sliding up an extensive menu. According to Microsoft, this sleeker, more straightforward screen gives you a better overview of the available features and programs to make it easier to accomplish your work (or play). Over time, the apps you use most frequently will take their place in the Recommended section.

New to Windows 11 is the confluence of several individual components that Microsoft thought would be useful to consumers. This item is Widgets, which includes news headlines, weather, stock information, and sports. Each item displays current information based on your location. You can change the size of each widget and customize it by clicking the three-dot menu icon in the upper right corner. You can add more widgets based on your preferences to the display. The privacy implications of all the Widget telemetry exchanged between you and Microsoft is a discussion for another newsletter. Also, I don’t know the corporate equivalent of this feature, nor if Group Policy can eliminate it.

Another change is what Microsoft is calling Snap Layouts and Snap Groups. In Windows 7, you could snap one window on each side of the screen by clicking on the window’s Title bar and rapidly moving it to the right or left. Windows 10 maintains this capability, and Microsoft expanded the concept with the Task View (described in the August 2019 edition). The purpose of this new functionality is to let you design how many open windows you want at one time, what they should contain, and where you want them to be positioned. For instance, you might wish to have an Excel spreadsheet open on the right-hand side of the screen, and your email client and an internet browser open, stacked one above the other, on the left-hand side. You can then save this layout to a named group and call it up when you want all three apps to open at once. Windows 11 gives you the ability to resume where you were working when you click on the link to the layout.

As you might have guessed, having all these apps open simultaneously (never mind saving their condition to restore them quickly) is going to require more memory than ever before. Most of you have been very comfortable working with 8 GB of RAM (memory). In some cases, I have given “power users” 16 GB of RAM. If you plan to use this feature extensively, I may have to double the amount of memory in your computer. Only time – and practical usage – will let me know if this will be a problem in search of a hardware solution.

The last element of this first peek at Windows 11 is Microsoft Teams integration. Teams is Microsoft’s equivalent of Zoom or WebEx. Working from home – or from anywhere, really – will continue to be part of our culture for the foreseeable future. Microsoft fully believes that a dispersed workforce is inevitable, so it placed this icon in a prominent position. After all, what could be easier than clicking on an icon to launch a discussion with co-workers or colleagues? I expect that as time goes by, probably with the first annual Feature Update, Microsoft will provide more integration with the corporate version of Microsoft 365 and Teams.

Over the next two years, I’ll be giving you more information about this new operating system. But, as I’m sure you realize, it is still Windows. Most of you use the operating system for probably opening a browser to get your mail and see what’s going on with your friends, family, and organizations on Facebook. All the bells and whistles don’t mean much to you – I get it. It’s just that Microsoft doesn’t feel the same way.