This past week we have witnessed four separate phishing attacks on small businesses. These attacks are pervasive and scary, but you can fight back. The trick is to be prepared.
A phishing attack is a cyber attack that uses your email as a weapon against you. The goal is to trick you into believing that the email is something you want or need such as a request from your bank or a note from someone in your company, so that you will click a link or download an attachment.
We have outlined for you what you can do to prepare yourself and your business against these types of phishing attacks.
One Recent Phishing Attack
One attack we witnessed this week came in this format. You can see it looks like any other email. The person this email is from is known to us (we have changed the name for this example), and it reads like a normal email. The email address is from a legitimate email. The link included in this email is a genuine one-drive address. So how did we know it was a phishing attack??
There are clues. 1. We haven't heard from this person in several years, 2. We have no knowledge of the project they are talking about.
Phishing attacks such as this one, tricks you into opening multiple links, then you are asked to confirm your identity by entering your email address and password. These credentials are not being entered into a legitimate authorisation source, instead you are actually entering them into the phishers' website disguised to look like the real thing.
Once they are in possession of your credentials, malware is installed onto your machine, giving them full access to your contact list. Then your own email system (Outlook etc) is then used to send on emails to all your contacts, looking for new victims of this scheme.
What's The Worst that Could Happen?
So what if the phisher has my email address and password. I will just change it, then they don't have it anymore.
Sure you can change your password. But by the time you realise you have been scammed, your email address and password has already been a valuable tool for the phisher. The whole interaction has told the phisher many things about you that are handy later:
Additionally, if you are a global admin on your network, they will have spent a little time setting themselves up a back door into your network, so they can send you something even more nasty, like a cryptolocker, which disables your network entirely.
What Can We Do to Prevent This?
There are two things you need to do, Prevention and Training.
Ideally, your email should be guarded from the internet as best as possible by implementing a SPAM and phishing protections.
Office 365 users have several options:
These tools will limit the number of phishing emails arriving in your inbox,
If you don't yet have Office 365, then there are tools for your network too. Drop us a line or give us a call for details.
No tool is perfect, so for those emails that do sneak into your inbox, your last line of defense are your users. Encourage your users to understand what a phishing email is, and what one will typically look like. Top ways to spot a phishng email is:
IF YOU ARE UNSURE IF AN EMAIL IS LEGITIMATE, DON'T CLICK IT, CALL THE SENDER AND CONFIRM. DO NOT EMAIL THE SENDER, IF THE EMAIL IS PHISHING, THE EMAIL ACCOUNT MAY BE COMPROMISED, SO ANY RESPONSE YOU GET MAY BE FROM THE HACKER.
Additonally, there are tools that you can use to test your users knowledge and understanding, so that they can improve such as:
If security is not on your radar right now, it should be.
Cyber attacks have increased 300% since COVID-19 has taken hold of us. We are vulnerable right now while we are worried about other things, so hackers are taking advantage. We are seeing this in real terms in our ticket list. Get some protection now. Don't wait.
Further reading from Microsoft:
Protect Yourself From Phishing
Protect Yourself From Phishing Schemes and Other Forms of Online Fraud
Your firewall is a generally forgotten piece of your networking equipment, but we would like to remind you of the amazing things that it does for your network, and why you should LOVE your firewall.
As June is Firewall month (and so is November!) we wanted to tell you all about why we love your firewall, and why you should too!
COVID-19 and Your Firewall
The coronavirus pandemic of 2020 has sent us all reeling, but it has highlighted some surprising things, such as how our slowdown has positively impacted our environment. (How the Climate is benefiting from Covid-19) Similarly, your firewall was quietly working hard, making your work-from-home experience seamless.
What is a Firewall?
Your firewall is a small device that will likely be sitting under the stairs, or in the cupboard at the back of your office, with all the other equipment you are assured is important, but you are not really sure what it does. Your firewall is one of those light-flashing mystery appliances.
Your firewall is an internet traffic device. Every time you send something by email, or look at something on the internet, your firewall processes that request, and checks it before it sends the signal onto its destination. Your firewall also checks traffic coming in, such as received mail and remote access. Your firewall checks everything, including web browsing, email, music streaming and video conferencing.
Your firewall has the power to deny access, either in or out of your network, if it decides that the traffic doesn't adhere to its strict rules, or if it suspects that the traffic is not doing what it claims to be doing, such as malicious threats to the network.
Your firewall can also check the traffic for viruses, malicious content in emails and it can also check which websites you are travelling to, and deny you access. If you don't want users on your network to be scrolling through facebook or going to the TAB site, or any other non-work approved site, the firewall can stop them.
Thank Goodness for VPN's
Due to Covid-19 we have all been encouraged to work from home, and we have taken this onboard in our droves. However, this meant getting access to the information on the network at the office as quickly as possible. Luckily your firewall was at the ready with its VPN capabilities. Your firewall can create for you a Virtual Private Network (VPN) which allows a secure connection from your PC at home to the firewall at the office and then onto your work PC or to your server.
Your Firewall VPN secures this connection using encryption and tunneling (sorry, what!?). Let me explain. A VPN prevents your data from being intercepted, monitored, or altered by anyone. The tunnel hides your IP address, which can otherwise be used to identify you. Instead of your real location, the sites you visit will only see the location of the VPN server you are connected to. The encryption scrambles the data being transmitted, so only the intended destination can read the data. If your data gets intercepted, it can't be read.
Once connected via a VPN to the office, its just like being at the office. You can see your mapped drives, you can access network resources, you can clear your mail and print to your home printer, all while at home, in your pjamas (we wouldn't do that, would we?!).
There are other methods to remotely connect to the office but the connection from home using the Firewall VPN is the most secure and reliable way to go about this and the best part is that there is no additional cost, as it is built into your firewall.
Image courtesy of the Fortinet Cookbook: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/724772/ssl-vpn-multi-realm
Show Your Firewall Some Love
As with any technology, your firewall needs occasional updating to keep up to date with the latest threats and to get the benefit of the enhancements manufacturers create, so they can keep ahead of their competition.
If your firewall is under Managed Services, or Universal Support, these updates will happen without an intervention from you (we will let you know when they will happen).
For those not under contract, we have a firewall blitz every June and November, so if you have updates ready, we will let you know they are ready to be installed. If you haven't heard from us in a while, check in with us, just in case you have been missed from our list, and check out what updates you may need installed.
Updates, What Updates?
In June, we concentrate on firewall firmware, backing up your firewall rules and checking your open ports. Firmware should be updated to make sure there are no vulnerabilities on the firewall itself that can be exploited by malicious users. The firewall rules should be backed up regularly, so that if a problem happens on your firewall, we can easily restore you to a version of the rules we know worked well. The open ports on your firewall should be checked at least once per year, to make sure changes haven't happened over the year. This can happen when a temporary service requires a port to be opened, but the port is not closed once that service has stopped. These errant ports can be used as a stepping stone into your network, so its best to keep them closed if they are not being used.
In November, we concentrate on the firmware again, and also the Antivirus & AntiSpam definitions. If you are using them, the Antivirus and Antispam firewall technologies acts as an additional check (on top of your usual Antivirus & AntiSpam protections), and while these definitions don't require constant updates, updating them annually is good practice.
Do You Love Your Firewall as Much as We Do?
Ok, probably not. But hopefully you now have some idea why we love them, and why you should keep them up to date!
If you have any questions, as always, drop us a line at firstname.lastname@example.org.
Like most companies, we are rather quiet while we wait out the end of the COVID-19 level 4 lockdown. So, while we have unprecedented time on our hands, we have been busying ourselves with improving our services and service delivery. Our main focus is network security, and how the services we deliver can improve security strength. Its a complicated subject, so we are taking this time to improve our skills and knowledge.
Many of us have already had a brush with a security breach of some kind. There is increasing concern that New Zealand is no longer hidden from would-be international hackers, and that we are now an active soft target. This makes us vulnerable, so more than ever its important to secure our networks, and make ourselves a much harder target.
We worry about the worst case scenario, and in this case it is warranted. How would your business fare if your company data was destroyed? Would you recover? How long would your recovery take? These scenarios are becoming more and more likely, so we best try to prevent them.
Using security best practices is a must to ensure our networks are as protected as possible, which delivers a good level of confidence to us and you, that together we are doing everything we can to secure your network. But what are Best Practices? And who determine what makes a best practice? And what isn't a best practice?
Best practice is mostly a combination of observation, research, reading, skill building and experience. These combine to form a strong idea of what a best practice looks like, and what it delivers. But the disadvantage to this process, is that best practices are mostly the same across providers, but there can be marked differences in delivery. Given the large differences there can be in the skills and experience from one provider to another, debates are common. Often times leading technical figures can hold very different opinions on one approach vs another. The most public debate of this type is the Windows vs Mac vs Linux operating system debate. Each operating system has its pro's and con's, but who is right? And what implications do each of them have on network security?
These types of debates can cause providers to pick a "winner", and proclaim that their pick is the best option for x, y and z reason. But as in all debates, its just not that simple.
So what is the answer? How do you figure out what is the best path for your network? We don't have the answer, however, there are many national and international organisations that have given this great thought, and they can provide guidance on prevention and responses to cyber security events or cyber-security frameworks, on which to overlay your vulnerabilities, functions and services.
CertNZ is the New Zealand governments security resources and guides for businesses of all sizes.
We highly recommend reading through their resources, as they are an excellent resource.
National Cyber Security Centre
The NCSC helps public and private sector organisations to protect their information systems from advanced cyber-borne threats.
National Institute of Standards and and Technology (NIST)
The NIST framework is a guide, based on existing standards and practices for organisations to manage and reduce cyber-security risk.
If you were brave enough to click any of the links above, well done! These are daunting topics, and the security jargon hits you quickly and hard. However, you should read through CertNZ. Their resources are easily consumable, and are reliable sources of information.
How We Are Using this information
As part of our duty as a service provider, we have reviewed the links above and many more, with a view to helping us do a better job for you.
We currently complete an annual Security Assessment for our customers as part of Universal Support, which is a deep dive into a network looking at all the points where security vulnerabilities exist. We look at 92 individual areas, which allow us to give you an overall check of compliance, and a check list of recommendations to improve any vulnerabilities we find. We complete this assessment annually, and is the easiest way to get a clear overview of how secure your network is.
Up until now, our security assessments have been based on best practices. Soon, however, they will be based on the NIST framework. This framework uses Identify, Protect, Detect, Respond, and Recover tiers to guide organisations in managing and reducing their cybersecurity risks in a way that complements existing risk management processes. This framework is comprehensive, and is based on the functions and workflows of an organisation, making it applicable to all organisations, regardless of size, type or function.
However, unless you are fortunate enough to employ security specialists on your staff, you are unlikely to have the time to apply the framework yourselves in any meaningful manner. So, we have done this for you. By using this framework to overlay our Security Assessment, your network benefits from an internationally recognised security structure. If your business is under tight compliance, such as the FMA, you may already be subject to these requirements, who require your security policies to follow a recognised framework such as NIST.
The NIST framework includes in it:
IDENTIFY: Asks you to detail how you identify your assets, your business environment, the governance, your risk assessment and management.
PROTECT: Queries your control over access, the training of your personnel, your data security measures, your processes and procedures, your maintenance operations, and management of general protection.
DETECT: Asks you to detail your approach to understanding events and activities, what monitoring you employ and what is you process of detection.
RESPOND: Asks what your process is to respond to events, how this process is communicated, how the event is analysed, what steps are taken to mitigate the event, and what process you have for improvements.
RECOVER: Queries what your process is to recover from an event, what plans are made during a recovery for improvements, and how communications to staff, customers and other stakeholders are handled.
The Security Assessment outlines which part of your security policies covers each of the NIST tiers, and which part is covered by Universal Support. The Security Assessment also details your level of compliance, which areas need improvement, and recommendations for improvements.
Armed with this framework, we can help you understand not just how to protect, detect and respond to security breaches, but also how to identify what areas need the most protection, and how to plan a recovery.
With all this information at your fingertips, you are better placed to feel confident that you have done everything you could to protect your business interests, and that of your staff and customers. Maybe a Security Assessment will save your business.
Due to the COVID-19 Alert Level 4 lockdown, many of us are working from home, including us! Lately many of our client discussions have centered around security, and how we need to change the way we approach security, so that we can be better protected from the new threats we encounter daily.
Now that many of us are working from home, how has that impacted our security? Has our haste to get back up and running ignored our need to be secure? Now is the time to revisit the security for our work-from-home staff.
Connection Back to the Office
Your first consideration for security is the connection back to the office. If you have had a connection setup for a while, you should consider having that connection reviewed. If you have taken home your work machine and you are connecting back to your work server, the current standard is to use a VPN from your firewall. If you are connecting to your your business workstation from your home workstation the current standard is to use a third party tool, such as Teamviewer or Logmein, which creates a secure connection on your behalf.
If you are in doubt, please give us a call.
Staff Using Their Personal Machine?
Many staff are now working from their home pc's, and this can create a few challenges security wise.
Does their home machine have paid antivirus installed? Many home machines have a free antivirus installed. This is not enough protection when connecting back into a corporate network, (or corporate cloud resources) as key-loggers can be used to gather information on remote connections, VPN connections and cloud credentials.
Help is at hand though. We are offering a FREE 60-day installation for BitDefender Endpoint Security. Just send us an email at email@example.com, subject "Free Antivirus" and we will get you set up!
Many home computers aren't strict with their updating policies. Unpatched machines are easily breached, and pose an enormous risk to your network.
Because this risk is so high, we are offering FREE patching for your work-from-home users for the next 60 days. If you would like to take advantage of this offer contact us at firstname.lastname@example.org, subject "Free Patching".
Make sure MFA is enabled for all your cloud resources, especially bank accounts. This ensures that even if your credentials are breached, those details cannot be easily used to gain access.
If you are using Office365 for your mail, then you already have great SPAM protection, regardless of whether you are checking mail from home, or work. If you are not using this, and you are not sure what your Spam protection is, drop us a line or give us a call to work out if your protection is adequate for working-from-home.
Many home routers are rather insecure, so we recommend checking your router for firewall features and password security. Some routers have firewall features built in, but not all do and routers are often sent to homes with default manufacturer passwords loaded. These passwords should be updated to a non-default password. If you would like some help with this, please give us a call and we can check these items out for you.
Hackers Busier than Ever
Hackers are pretty good at sensing weak points in the security fabric of the world, and a global crisis is an ideal time to strike vulnerable and otherwise occupied minds. Hackers have ramped up their efforts to catch you with your guard down. Phishing Attacks have increased enormously, (667%!) as have COVID-19 themed scams. Be on the lookout as your technology can not always keep pace, so some of these scams will make it into your inbox.