Universal Support
  • Product
  • Features
    • Service Portal
    • Support
    • Monitoring
    • Maintenance
    • Security
    • Reporting
    • Projects
  • Pricing
  • Contact
  • FREE TRIAL
  • Login

Phishing: Don't Be The Next Victim!

6/19/2020

0 Comments

 
Picture
This past week we have witnessed four separate phishing attacks on small businesses.  These attacks are pervasive and scary, but you can fight back.  The trick is to be prepared.
A phishing attack is a cyber attack that uses your email as a weapon against you. The goal is to trick you into believing that the email is something you want or need such as a request from your bank or a note from someone in your company, so that you will click a link or download an attachment.  
​
We have outlined for you what you can do to prepare yourself and your business against these types of phishing attacks.

One Recent Phishing Attack

Picture
One attack we witnessed this week came in this format.  You can see it looks like any other email.  The person this email is from is known to us (we have changed the name for this example), and it reads like a normal email.  The email address is from a legitimate email.   The link included in this email is a genuine one-drive address.  So how did we know it was a phishing attack??

There are clues.  1. We haven't heard from this person in several years,  2.  We have no knowledge of the project they are talking about.

Phishing attacks such as this one, tricks you into opening multiple links, then you are asked to confirm your identity by entering your email address and password.  These credentials are not being entered into a legitimate authorisation source, instead you are actually entering them into the phishers' website disguised to look like the real thing.

Once they are in possession of your credentials, malware is installed onto your machine, giving them full access to your contact list.  Then your own email system (Outlook etc) is then used to send on emails to all your contacts, looking for new victims of this scheme.  ​

What's The Worst that Could Happen?

So what if the phisher has my email address and password.  I will just change it, then they don't have it anymore.

Sure you can change your password.  But by the time you realise you have been scammed, your email address and password has already been a valuable tool for the phisher.  The whole interaction has told the phisher many things about you that are handy later:
  1. ​They now know that an actual person uses that email address (you won't change that will you?) so they can send you more phishing - you fell for the first one, so you will probably fall for it again.
  2. They know the patterns you typically use in your passwords, so they can use that to guess your next one.
  3. They know that you re-use passwords, so they can test other cloud services to see if these credentials work, and they probably will.
Even better for the phisher, you have given them plenty of time to get full access to your email account and to copy your emails to their local machine.  It doesn't matter if you change your password, they can sift through your emails at their leisure (once your email history is on their machine) for any juicy tidbits like that password you emailed to yourself, or those VISA details you sent off to that supplier in Australia.
Additionally, if you are a global admin on your network, they will have spent a little time setting themselves up a back door into your network, so they can send you something even more nasty, like a cryptolocker, which disables your network entirely. ​

What Can We Do to Prevent This?

There are two things you need to do, Prevention and Training.

Prevention
Ideally, your email should be guarded from the internet as best as possible by implementing a SPAM and phishing protections. 

Office 365 users have several options:
  • General Phishing Protection
    If your plan is Microsoft 365 Business Basic, Business Standard or Business Premium then you already have a default phishing setting.  If your tenant was installed over 12 months ago, then this is not likely to be setup, as this is a new feature.  We recommend that you have this setting turned on.
 
  • Advanced Threat Protection 
    Advanced Threat Protection is a security plan that is include in some plans () but can be added onto other plans.  ATP provides additional phishing protection, and impersonation settings that prevents emails from your own mailing system or web forms being recognised as spam/phishing.  In the event a phishing email does make it into your inbox, ATP will also check links and attachments and notify you if they appear to be unsafe.    If you are running Exchange Online, then we highly recommend adding this plan.

These tools will limit the number of phishing emails arriving in your inbox, 
If you don't yet have Office 365, then there are tools for your network too.  Drop us a line or give us a call for details.

User Training
No tool is perfect, so for those emails that do sneak into your inbox, your last line of defense are your users.   Encourage your users to understand what a phishing email is, and what one will typically look like.  Top ways to spot a phishng email is:
  • They request sensitive information.
    If a request for sensitive information (such a passwords or credit card information) in an email with a link or an attachment, chances are this is phishing.
  • They don't use your name
    Most companies use your name to address you, such as "Dear Jack,".  If your are addressed as "Dear Valued Customer" or Dear Account Holder", then be suspicious.
  • Their email doesn't use their domain name
    Most companies use their domain name in their emails as a way of proving the legitimacy of the mail sent, so if the email is from @hotmail.com or @gmail.com etc then be suspicious.
  • They can't spell or have poor grammar.
    Most companies will take the time to make sure their communications are spelt correctly, and have correct grammar.  If they miss the mark, then they may be suspect.
  • Forced to go to a website for the information
    If the entire email is one big link to a website, its phishing.  Legitimate companies don't do this.
  • Unexpected links or attachments
    If you are not expecting it, its suspect.  Legitimate companies don't send links or attachments unless they have informed you first.
  • Links don't match
    Hover over the links.  If the URL doesn't match the domain name of the company sending it, then it is suspect.  
  • Urgent Action Required
    Urgent emails are meant to make you panic and not think about your actions.  Legitimate companies give you plenty of time to action things.

IF YOU ARE UNSURE IF AN EMAIL IS LEGITIMATE, DON'T CLICK IT, CALL THE SENDER AND CONFIRM.  DO NOT EMAIL THE SENDER, IF THE EMAIL IS PHISHING, THE EMAIL ACCOUNT MAY BE COMPROMISED, SO ANY RESPONSE YOU GET MAY BE FROM THE HACKER.


Additonally, there are tools that you can use to test your users knowledge and understanding, so that they can improve such as:
  • KnowBe4   This site has free and paid tools that allow you to send test phishing emails to see if anyone is tricked by them.  This allows you to identify who may need additional training on how to spot a phishing email.
  • Advisera    Has a variety of security training tools for your users.
If security is not on your radar right now, it should be.  

Cyber attacks have increased 300% since COVID-19 has taken hold of us.  We are vulnerable right now while we are worried about other things, so hackers are taking advantage.  We are seeing this in real terms in our ticket list.  Get some protection now.  Don't wait.
​Further reading from Microsoft:
    Protect Yourself From Phishing
    Protect Yourself From Phishing Schemes and Other Forms of Online Fraud
0 Comments

June is Firewall Month

5/29/2020

0 Comments

 
Picture
Photo Credit: ​Photo by Guido Jansen on Unsplash
Your firewall is a generally forgotten piece of your networking equipment, but we would like to remind you of the amazing things that it does for your network, and why you should LOVE your firewall.
​As June is Firewall month (and so is November!) we wanted to tell you all about why we love your firewall, and why you should too!
Picture
COVID-19 and Your Firewall
The coronavirus pandemic of 2020 has sent us all reeling, but it has highlighted some surprising things, such as how our slowdown has positively impacted our environment.  (How the Climate is benefiting from Covid-19)  Similarly, your firewall was quietly working hard, making your work-from-home experience seamless.

What is a Firewall?
Your firewall is a small device that will likely be sitting under the stairs, or in the cupboard at the back of your office, with all the other equipment you are assured is important, but you are not really sure what it does.  Your firewall is one of those light-flashing mystery appliances.

​Your firewall is an internet traffic device.  Every time you send something by email, or look at something on the internet, your firewall processes that request, and checks it before it sends the signal onto its destination.  Your firewall also checks traffic coming in, such as received mail and remote access.   Your firewall checks everything, including web browsing, email, music streaming and video conferencing.

All-Powerful Firewall
Your firewall has the power to deny access, either in or out of your network, if it decides that the traffic doesn't adhere to its strict rules, or if it suspects that the traffic is not doing what it claims to be doing, such as malicious threats to the network.  
Your firewall can also check the traffic for viruses, malicious content in emails and it can also check which websites you are travelling to, and deny you access.  If you don't want users on your network to be scrolling through facebook or going to the TAB site, or any other non-work approved site, the firewall can stop them.

Thank Goodness for VPN's
Due to Covid-19 we have all been encouraged to work from home, and we have taken this onboard in our droves.  However, this meant getting access to the information on the network at the office as quickly as possible.   Luckily your firewall was at the ready with its VPN capabilities.  Your firewall can create for you a Virtual Private Network (VPN) which allows a secure connection from your PC at home to the firewall at the office and then onto your work PC or to your server.
Your Firewall VPN secures this connection using encryption and tunneling (sorry, what!?).  Let me explain.  A VPN prevents your data from being intercepted, monitored, or altered by anyone.  The tunnel hides your IP address, which can otherwise be used to identify you. Instead of your real location, the sites you visit will only see the location of the VPN server you are connected to.  The encryption scrambles the data being transmitted, so only the intended destination can read the data. If your data gets intercepted, it can't be read.
Once connected via a VPN to the office, its just like being at the office.  You can see your mapped drives, you can access network resources, you can clear your mail and print to your home printer, all while at home, in your pjamas (we wouldn't do that, would we?!).

There are other methods to remotely connect to the office but the connection from home using the Firewall VPN is the most secure and reliable way to go about this and the best part is that there is no additional cost, as it is built into your firewall.
Picture
Image courtesy of the Fortinet Cookbook:  https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/724772/ssl-vpn-multi-realm
Show Your Firewall Some Love
As with any technology, your firewall needs occasional updating to keep up to date with the latest threats and to get the benefit of the enhancements manufacturers create, so they can keep ahead of their competition.
If your firewall is under Managed Services, or Universal Support, these updates will happen without an intervention from you (we will let you know when they will happen). 
For those not under contract, we have a firewall blitz every June and November, so if you have updates ready, we will let you know they are ready to be installed.   If you haven't heard from us in a while, check in with us, just in case you have been missed from our list, and check out what updates you may need installed.

Updates, What Updates?
In June, we concentrate on firewall firmware, backing up your firewall rules and checking your open ports.  Firmware should be updated to make sure there are no vulnerabilities on the firewall itself that can be exploited by malicious users.  The firewall rules should be backed up regularly, so that if a problem happens on your firewall, we can easily restore you to a version of the rules we know worked well.  The open ports on your firewall should be checked at least once per year, to make sure changes haven't happened over the year.  This can happen when a temporary service requires a port to be opened, but the port is not closed once that service has stopped.  These errant ports can be used as a stepping stone into your network, so its best to keep them closed if they are not being used.  
In November, we concentrate on the firmware again, and also the Antivirus & AntiSpam definitions.  If you are using them, the Antivirus and Antispam firewall technologies acts as an additional check (on top of your usual Antivirus & AntiSpam protections), and while these definitions don't require constant updates, updating them annually is good practice.

Do You Love Your Firewall as Much as We Do?
Ok, probably not.  But hopefully you now have some idea why we love them, and why you should keep them up to date!  
If you have any questions, as always, drop us a line at sales@decision1.co.nz.
0 Comments

Could a Security Assessment save your business?

4/20/2020

0 Comments

 
Picture
Like most companies, we are rather quiet while we wait out the end of the COVID-19 level 4 lockdown.  So, while we have unprecedented time on our hands, we have been busying ourselves with improving our services and service delivery.  Our main focus is network security, and how the services we deliver can improve security strength.  Its a complicated subject, so we are taking this time to improve our skills and knowledge.

Many of us have already had a brush with a security breach of some kind.  There is increasing concern that New Zealand is no longer hidden from would-be international hackers, and that we are now an active soft target.  This makes us vulnerable, so more than ever its important to secure our networks, and make ourselves a much harder target.

We worry about the worst case scenario, and in this case it is warranted.  How would your business fare if your company data was destroyed?  Would you recover?  How long would your recovery take?  These scenarios are becoming more and more likely, so we best try to prevent them.

​Best Practice

Using security best practices is a must to ensure our networks are as protected as possible, which delivers a good level of confidence to us and you, that together we are doing everything we can to secure your network.  But what are Best Practices?  And who determine what makes a best practice?  And what isn't a best practice? 

Best practice is mostly a combination of observation, research, reading, skill building and experience.  These combine to form a strong idea of what a best practice looks like, and what it delivers.   But the disadvantage to this process, is that best practices are mostly the same across providers, but there can be marked differences in delivery.  Given the large differences there can be in the skills and experience from one provider to another,  debates are common.  Often times leading technical figures can hold very different opinions on one approach vs another.  The most public debate of this type is the Windows vs Mac vs Linux operating system debate.  Each operating system has its pro's and con's, but who is right?   And what implications do each of them have on network security? 

These types of debates can cause providers to pick a "winner", and proclaim that their pick is the best option for x, y and z reason.  But as in all debates, its just not that simple.

So what is the answer?   How do you figure out what is the best path for your network?  We don't have the answer, however, there are many national and international organisations that have given this great thought, and they can provide guidance on prevention and responses to cyber security events or  cyber-security frameworks, on which to overlay your vulnerabilities, functions and services. 

Cert NZ
CertNZ is the New Zealand governments security resources and guides for businesses of all sizes. 
We highly recommend reading through their resources, as they are an excellent resource.

National Cyber Security Centre
The NCSC helps public and private sector organisations to protect their information systems from advanced cyber-borne threats.  

National Institute of Standards and and Technology (NIST)
The NIST framework is a guide, based on existing standards and practices for organisations to manage and reduce cyber-security risk. 
​
If you were brave enough to click any of the links above, well done!  These are daunting topics, and the security jargon hits you quickly and hard.   However, you should read through CertNZ.  Their resources are easily consumable, and are reliable sources of information.

Security Assessments

How We Are Using this information
As part of our duty as a service provider, we have reviewed the links above and many more, with a view to helping us do a better job for you. 
We currently complete an annual Security Assessment for our customers as part of Universal Support, which is a deep dive into a network looking at all the points where security vulnerabilities exist.  We look at 92 individual areas, which allow us to give you an overall check of compliance, and a check list of recommendations to improve any vulnerabilities we find.   We complete this assessment annually, and is the easiest way to get a clear overview of how secure your network is.

Up until now, our security assessments have been based on best practices.  Soon, however, they will be based on the NIST framework.  This framework uses Identify, Protect, Detect, Respond, and Recover tiers to guide organisations in managing and reducing their cybersecurity risks in a way that complements existing risk management processes.  This framework is comprehensive, and is based on the functions and workflows of an organisation, making it applicable to all organisations, regardless of size, type or function.

However, unless you are fortunate enough to employ security specialists on your staff, you are unlikely to have the time to apply the framework yourselves in any meaningful manner.  So, we have done this for you.  By using this framework to overlay our Security Assessment, your network benefits from an internationally recognised security structure.  If your business is under tight compliance, such as the FMA, you may already be subject to these requirements, who require your security policies to follow a recognised framework such as NIST. 

​The NIST framework includes in it:
IDENTIFY:    Asks you to detail how you identify your assets, your business environment, the governance, your risk assessment and management.
PROTECT:    Queries your control over access, the training of your personnel, your data security measures, your processes and procedures, your maintenance operations, and management of general protection.
​DETECT:    Asks you to detail your approach to understanding events and activities, what monitoring you employ and what is you process of detection.
RESPOND:    Asks what your process is to respond to events, how this process is communicated, how the event is analysed, what steps are taken to mitigate the event, and what process you have for improvements.
RECOVER:   Queries what your process is to recover from an event, what plans are made during a recovery for improvements, and how communications to staff, customers and other stakeholders are handled.

The Security Assessment outlines which part of your security policies covers each of the NIST tiers, and which part is covered by Universal Support.  The Security Assessment also details your level of compliance, which areas need improvement, and recommendations for improvements.


Armed with this framework, we can help you understand not just how to protect, detect and respond to security breaches, but also how to identify what areas need the most protection, and how to plan a recovery.

​With all this information at your fingertips, you are better placed to feel confident that you have done everything you could to protect your business interests, and that of your staff and customers.  Maybe a Security Assessment will save your business.
​​
0 Comments

How secure is your network, now that your staff work from home?

3/30/2020

0 Comments

 
Picture
Due to the COVID-19 Alert Level 4 lockdown, many of us are working from home, including us!  Lately many of our client discussions have centered around security, and how we need to change the way we approach security, so that we can be better protected from the new threats we encounter daily.
Now that many of us are working from home, how has that impacted our security?  Has our haste to get back up and running ignored our need to be secure?  Now is the time to revisit the security for our work-from-home staff.

Connection Back to the Office

Your first consideration for security is the connection back to the office.  If you have had a connection setup for a while, you should consider having that connection reviewed.  If you have taken home your work machine and you are connecting back to your work server, the current standard is to use a VPN from your firewall.  If you are connecting to your your business workstation from your home workstation the current standard is to use a third party tool, such as Teamviewer or Logmein, which creates a secure connection on your behalf.
If you are in doubt, please give us a call.

Staff Using Their Personal Machine?

Many staff are now working from their home pc's, and this can create a few challenges security wise.
​
Antivirus
Does their home machine have paid antivirus installed?  Many home machines have a free antivirus installed.  This is not enough protection when connecting back into a corporate network, (or corporate cloud resources) as key-loggers can be used to gather information on remote connections, VPN connections and cloud credentials.  
Help is at hand though.  We
 are offering a FREE 60-day installation for BitDefender Endpoint Security.   Just send us an email at sales@decision1.co.nz, subject "Free Antivirus" and we will get you set up!

Patching
Many home computers aren't strict with their updating policies.  Unpatched machines are easily breached, and pose an enormous risk to your network.
Because this risk is so high, we are offering FREE patching for your work-from-home users for the next 60 days.  If you would like to take advantage of this offer contact us at 
sales@decision1.co.nz, subject "Free Patching". 

Multi-factor Authentication
Make sure MFA is enabled for all your cloud resources, especially bank accounts.  This ensures that even if your credentials are breached, those details cannot be easily used to gain access.

SPAM Protection
If you are using Office365 for your mail, then you already have great SPAM protection, regardless of whether you are checking mail from home, or work.  If you are not using this, and you are not sure what your Spam protection is, drop us a line or give us a call to work out if your protection is adequate for working-from-home.

Home Router
Many home routers are rather insecure, so we recommend checking your router for firewall features and password security.  Some routers have firewall features built in, but not all do and routers are often sent to homes with default manufacturer passwords loaded.  These passwords should be updated to a non-default password.  If you would like some help with this, please give us a call and we can check these items out for you.

Hackers Busier than Ever

Hackers are pretty good at sensing weak points in the security fabric of the world, and a global crisis is an ideal time to strike vulnerable and otherwise occupied minds.  Hackers have ramped up their efforts to catch you with your guard down.  Phishing Attacks have increased enormously, (667%!) as have COVID-19 themed scams. Be on the lookout as your technology can not always keep pace, so some of these scams will make it into your inbox.

​Sources:

https://www.cert.govt.nz/individuals/alerts/attackers-using-covid-19-themed-scams-updated-alert/
https://www.infosecurity-magazine.com/news/covid19-drive-phishing-emails-667/
https://www.netsafe.org.nz/phishing/?gclid=Cj0KCQjwjoH0BRD6ARIsAEWO9DvKpkuOFFgA9raWtFrRLP3qIyLb040fvSFBWjBaTPHR2J5gf0-z0woaAijBEALw_wcB
0 Comments

    Author

    Victoria Murgatroyd-McNoe has been working in the IT sector helping businesses achieve their technology goals for over 20 years.

    Archives

    February 2021
    December 2020
    September 2020
    June 2020
    May 2020
    April 2020
    March 2020

    Categories

    All
    Communication
    Security

    RSS Feed

Picture

Universal Support
Service Portal
Monitoring
Maintenance
Security
Support
Reporting
Discover
FAQ
Projects
BLOG
​Who is Decision1?
The Back Story
Policies
​​Privacy Policy
Contact
Full Details
0800 471 823
ask@universalsupport.co.nz​

​1 Bath Street, Dunedin
​New Zealand
FREE TRIAL
© ::Copyright Decision1 IT Solutions.
​All Rights Reserved ::
  • Product
  • Features
    • Service Portal
    • Support
    • Monitoring
    • Maintenance
    • Security
    • Reporting
    • Projects
  • Pricing
  • Contact
  • FREE TRIAL
  • Login